
How to appear technically sophisticated
Would putting Linux in a VM with some disassembly tools do the trick. A bit like a honeypot?
The NSA operates like a state-sponsored cybercrime gang using much the same tools and techniques as miscreants slinging banking trojans, one cynic has suggested. Anyone following the Snowden revelations knows by now that the NSA uses exploits and malware to spy on the online activities of targets, but ponytailed infosec expert …
You're correct, but like most any agency that's flush with cash, they overpay for even the simplest things. Not having a practical budget spells doom for financial and operational efficiencies in any organization.
If Google, for example, wants to overspend because it is easier, that's fine. It is their money and the money of investors who trust them with dispersing it. For a government agency to do it really sucks because they aren't spending their own money and generally don't have a lot of trust from stakeholders.
"The NSA operates like a state-sponsored cybercrime gang using much the same tools and techniques as miscreants slinging banking trojans, one cynic has suggested."
Most likely a terrist which has some important secrets to hide.
Still, it amazes me that some people are still surprised over this NSA intruding bullshit. Not too long ago you could get your whole career ruined (if not worse) if the government slightly -suspected- that you might be having some communist ideals. Doing what's best for the nation, sure.
This is no different. The only thing which upsets me is that other governments actually let the US get away with all this. Even though the US is nearly bankrupt and becomes more and more depending on the same countries they constantly harass with their spying bullshit.
The only thing which upsets me is that other governments actually let the US get away with all this
Ever heard of blackmail? If I were running such an outfit, the first thing I'd do is find a way to compromise the people that could give me problems and use that to keep them quiet. If that fails, start some false rumours and amplify them via more than just SEO and they'll be too busy rescuing their reputation to pose any further trouble.
From a practical perspective there is zero difference between a gang of criminals and a clandestine government operation, or one that may act within its local law but damn well breaks the law where it is operating. Defend accordingly.
Right, Im a massive NSA / USA skeptic. But please, the whole point of these secret service TLA's is that they act like the enemy. The CIA murders with impunity, the NSA slurps data with impunity, and so on. Same here with GCHQ, MI6 etc.
The point now is that we used to have some sense they were under reasonable control, that some how with in the democratic process they were kept from excess, and that if the ordinary man was privy to details, we'd probably, perhaps reluctantly, agree with most of what they got up to. Its not what they do that has gone wrong, its the excessive scope of that they are doing, and that it now seems they view us, the people, on mass, as the enemy.
Im all for specific, targeted, court approved stepping over normal decency. If they have a real suspect, and can prove genuine concern, and a court says, OK, you may do such and such, then OK, I can live with that. But now we have this on an automatic, industrial level. That has to be the problem, no?
But surely we always new they used dirty, criminal methods. That's kinda the point of having them.
I mean, Im not comfortable with any of it to be honest. But there is a reality here that has to be addressed and frankly accepted even by the most liberal of us. Which BTW, I am.
Bottom line: I dont like it, however, I accept it, but demand it is reasonably controlled by a process I trust.
"I dont like it, however, I accept it, but demand it is reasonably controlled by a process I trust."
I'm with you on that, however I realise that I can "demand" (or request, ask, beg and plead) for "reasonably controlled by a process I trust" until I'm blue in the face, but reality is that this is not the case now, and it will not be the case in the future unless there are major changes in the governance systems of major powers.
The phrase "if you have nothing to hide you have nothing to fear" should be applied to government agencies not to ordinary citizens. The whole theory of democracy is built on the principle of accountability of the elected representatives and the executive branch to the electorate, and accountability implies knowledge of what is going on. Current trend is going the other way - governments fighting tooth and nail to restrict information, and it's not just spook-related either
"It doesn't matter who it's applied to, it's still a fascist statement whichever way you slice it."
Not sure how it's "fascist", actually the idea seems rather more "communist" in the sense that all your life and data should be "public", big-brother style (ie public to the government, which is representing the people). Of course when it comes to extremes, I often find, the "fascist" and "communist" sides go right round and join up on the other side.
My point, however was based on this thought: Individual people should have right to privacy in their private lives. People who are representing the electorate in a public position should also have privacy in their private lives, but their actions in a public role (ie as civil servants) should be "public" in the sense of being accountable to the electorate.
I don't give a damn if the director of the NSA is a cross-dressing alcoholic with a fetish for late-20th century rubberized kitchen utensils, but the actions of his agency SHOULD be scrutinisable / accountable, especially given that it's slurping a disproportionate amount of budget that could be MUCH more profitably utilised elsewhere.
I've had a good old search around, and you're right - I can't find a single legitimate reference to Goebbels actually having said this, it appears I am repeating oft quoted propoganda. Shame on me.
In my search I came across a lot of stuff he _did_ say, it's worth a read..
http://en.wikiquote.org/wiki/Joseph_Goebbels
All totalitarian regimes act much the same way; the ideology, whether Communist, Fascist, or Islamist, mainly provides a framework for deciding which activities to monitor and suppress.
There is no reasonable basis to classify as totalitarian the regimes in the US, Great Britain (and the other EU countries), Canada, Australia, and New Zealand, among others.
The NSA and its Five Eyes associates are military intelligence agencies, generally doing what such organizations do. The US NSA (and CIA and DIA), at least, are foreign intelligence agencies. Like such agencies in all countries they operate mostly in secret and must do so to be effective. We should not be surprised that their methods sometimes are unsavory and would be criminal if used domestically; many are criminal in foreign jurisdictions where US law permits their use. Oversight by agency management, courts, and congressional committees may have been inadequate, and need to be reviewed and probably improved. But individual actions of civilian and military employees of the agencies are not "public" any more than those of employees in any other government agency. It is the elected officials, in both the executive and legislative branches who are accountable to the electorate, not the individual agency employees or even the appointed government officers.
All of the examples I know of where they caught a terrorist in the act have been dubious at best. Find someone spouting off, give them a fake bomb, tell them where to put it and talk them into pushing the button.
Where they make there own bomb, buy an AR15 and 10,000 rounds, get a bomb from a real terrorist, then the TLAs do an OK job of finding them after the fact. Even when they know about them in advance like the Boston marathon they stink at stopping them before they act. Then they spend fortunes on liquid bans, and perv scanners and continue to not catch anyone (100% effective just like my Elephant proof pyjamas).
"whine that something bad happened that could have been prevented if only they had been doing the thing that they should not be doing."
Say what?
That's the whole point. They ARE doing what they should not be doing, and still NOT preventing something bad. Only reacting after the fact even when warned in advance.
They only seem to be able to catch people with fake bombs that were supplied to them by the people "catching" them. Actions that could easily be considered entrapment.
"Even when they know about them in advance like the Boston marathon they stink at stopping them before they act."
"It is a bit hypocritical to attack a government agency for doing something it should not be doing, and then whine that something bad happened that could have been prevented if only they had been doing the thing that they should not be doing."
How on earth did you work that out?
By missing the point when you are pointing?
Well, sorta kinda.
"They" (several TLAs) were given information which could have been pursued by standard criminal investigation procedures including specific warrants by a regular judge.
I'd venture to say that apart from some specifics of sources and methods, there is nothing in real anti-terrorist efforts that could not, and in my opinion should not, be handled by normal police investigation.
As someone pointed out a while ago (I read it elsewhere but I wouldn't be surprised if someone here made the same point) a lot of what the national intel shops are getting up to is a consequence of their main mission gone missing with the fall of the Soviets - all that wonderful assemblage of skills and tools searching for a new purpose in life. Politicos for whatever grab-bag of reasons agreed, so that rather than re-apportion funds they approved unnecessary re-focus of the agencies. So now we have the wars on drugs and terror and copyright infringement and online gambling; oh, and throw in a big helping of snooping on businesses in other countries.
So do we know whether the commercial AV company products detect the exploits delivered by Foxacid?
Presumably victims are uploading Foxacid detritus into VirusTotal, unaware of the provenance?
Would a US-based AV company add a Foxacid spyware to their patten files, or are they under obligation to the NSA to let it remain unseen?
Should discerning customers be looking to non-US AV vendors?
As the article suggests, the Foxacid operations are more targetted, partially by NSA analysts and partially by automated means (browser user agent, etc.) and so what's delivered will vary: anything from known exploits up to 0-days for premium targets. Therefore these may or may not be detected by regular security software.
Inevitably the "tools" the NSA use will become public (in the sense that they will become known vulnerabilities, not that we will necessarily know that the NSA were using them) and fixed sooner or later. However given the size of the NSA's bugdet you can be sure that the "tools" they are using are constantly evolving and new ones coming on stream regularly.
As such I doubt the NSA would have much interest in forcing US-based AV vendors to compromise their products - whatever one thinks of the NSA (and I tend to with "nasty dangerous bastards") they have a remit in protecting US business and infrastructure and would be unlikely to compromise that role so generally by specifically weakening US commercial security products.
I appreciate the efforts of the EFF and Bruce Schneier to describe how they believe the intercepts, etc, are being effected. I use 'are' because no-one says they've stopped.
Worse now, on the government's part here in the UK, the propoganda backlash seems to be moving into play. This week we've had the great and the good, including the Liberal Democrat coalition lackeys, making statements/seeding stories to the media that Snowden's material is worse than the 'great' spy leaks of the Cold War and all the material is greatly aiding Moscow and Bejing's cause.
But we don't have the great axis of evil communism anymore, pivoted between Bejing and Moscow, we have two large nations with whom the world trades freely and, certainly in the case of China, without whom the rest of the world would have near empty shops. High tech companies frequently have R&D and manufacturing outposts there too.
So I don't see who these governments are 'fighting' with this mass surveillance. The terrorists don't need the Internet, they're not real-time; more traditional crooks, maybe; snooping on the competition, likely; but I can only conclude that they spending the citizens taxes on wealth generation scheme for the corner of big business that sell these services.
Maybe it's simply the fact that that Snowden was a little too smart, saw through the scripts he had to follow and the fallacy of the whole thing.
"This week we've had the great and the good, including the Liberal Democrat coalition lackeys, making statements/seeding stories to the media that Snowden's material is worse than the 'great' spy leaks of the Cold War."
Worse than Jonathan Pollard spying incident. You know, the guy who spied on Americans and handed the data to Israel? Maybe I got the names mixed up. It was Keith Alexander or Jonathan Pollard who did that, I'm not sure which.
" all the material is greatly aiding Moscow and Bejing's cause."
Sadly, I had to switch from hotmail to yandex (Russian), Moscow are less of a threat to freedom than the NSA these days. What a turnaround that is.
"Moscow are less of a threat to freedom than the NSA these days."
That is naive, gullible, dreaming; it is no more (or less) true now than it was six months or a year ago. You are, of course, entitled to choose who you must assume to be reading your mail, but you have no guarantee that the NSA or GCHQ are not also doing so.
What?
That a man flees to Russia from the USA in order to preserve his freedom to speak?
And in order to permit the average US citizen to take back the freedom of speech his government has stolen?
Really?
Hasn't it always been illegal to be a communist, an original inhabitant or a negro in the USA?
Or would it be OK if they were dumb communists, original inhabitants or negroes in the USA?
IMP 2009 *never* made it into law. Your legal basis for mass surveillance was NOT passed by Parliament. Snoopers charter, the latest version *never* had enough support and was NEVER made law.
Here's the Queens speech from May this year:
"The government is committed to ensuring that law enforcement and INTELLIGENCE AGENCIES have the powers they need to protect the public and ensure national security."
"These agencies use communications data – the who, when, where and how of a communication, BUT NOT ITS CONTENT – to investigate and prosecute serious crimes."
So at best Snoopers Charter was the be resurrected and you would get meta-data but not content IF Parliament passed it.
The current claim to legality is a fraud, that even Cameron doesn't believe, hence the need to resurrect the snoopers charter.
This is the law of the land as it stands today. So what the f*** are you doing spying on Brits? not just meta-data but also content? Britain is ruled by Parliament not the MI5 Chief and his American astroturfer support. You are outside British law and you are undermining the democracy.
So NSA feeds you some tidbits and in exchange you spy on Brits for them. Do you lot in GCHQ realize that the 'national' in 'national security' means Britain? You are supposed to protect us from NSA spying too FFS, not help them. We don't have a vote in the USA. No surveillance without representation!
Are we still pretending that the early-August "torploit" injection attack on Freedom Hosting hidden services visitors was somehow enabled by the FBI, rather than being an NSA-driven expansion of cyber-military offensive tech against a massively increased target population? I know that's the lame-ass story the U.S. Feds are churlishly peddling to the unwashed masses, but since now we have confirming documents (courtesy Snowden) that it's all NSA tech, can we stop acting like it's an open question now?
http://torsploit.cryptostorm.org
Oh, and when are all those journos who printed the "FBI behind torsploit" disinfo as "fact" going to put out formal corrections (not the Reg, just to be clear, who characteristically never entirely swallowed the whole fantasy FBI story nor printed it as "fact")? That'd be nice to see, since spreading police state disinformation really doesn't help create a better future... unless you're the police state, I suppose.
Waiting expectantly...
"The NSA's Tailored Access Operations (TAO) unit, which runs Foxacid, has detailed rules of engagement and a well-thought-out procedure that allows relatively unskilled operators to act with subtlety and sophistication, Schneier adds."
This line made me think of script kiddies. It seems more plausible to me now that most of them are in zombie mode until someone like Snowden gave more thought about what is occurring. The whole situation just keeps getting worse. Will no one think of the children?
"The NSA's Tailored Access Operations (TAO) unit, which runs Foxacid, has detailed rules of engagement and a well-thought-out procedure that allows relatively unskilled operators to act with subtlety and sophistication, Schneier adds."
This line made me think of that Kurdish squadron with the embedded BBC reporter that was bombed just after pointing out the Iraqi military target and telling us to hold our breath as we watched his film, early in the illegal invasion of Iraq.
Come friendly bombs from NSA
And cause our peace to go away
Your web's not fit where spiders graze
Suffer severed servers to surf your ways
Microsoft and Google too and bent your base
GCHQ and all the world belong US -you!
knowing more about these approaches might help browser makers – and others – develop more secure technologies
The Browser makers - Google Chrome excepted - are deliberately stuck in the 1990s via their industry body the CA/BForum - the Certificate Authorities and Browser manufacturers forum. They haven't responded at all to the broken SSL/TLS trust system (that the NSA abuse at will, in real-time) The Certificate Authorities should implement a serious strategy to avoid cybercrime outfits following in the footsteps of the national Agencies. The Browser manufacturers should look at authentication systems which haven't been poisoned by the black-hats at NIST, instead of polishing their buttons & tabs.
GlobalSign or one of their trusted SubCA's have only issued 4 real GlobalSign certificates to (CA subscriber) malware authors in the last 2.5 years, as far as we know! (signed malware online from: Ability Software Consultants Ltd & A&B Software LLC & Beijing Junjingtong Technology Co., Ltd & JiangXi YouMa ChuangDa Software Technology Co.,Ltd)
That's crime already abusing the NSA/NIST deliberately weakened internet Public Key Infrastructure (PKI) certificate marketplace supporting Secure Socket Layer(SSL) and Transfer Layer Security (TLS)
which 'others' volunteer to help us?
Time to hit the library! There are lots of books now on hacking computers. There are lots of books on the internals of Windows and Linux. Of course all of that requires "expert" knowledge. But ya know what? Expert knowledge comes from just getting up and doing it! It doesn't come from outer space, dispersed by aliens and angels to the chosen few. It comes from getting up and reading the manual!!
Foxacid only sends exploits to idiots who aren't running scanners! Why? Because it doesn't want to be found in the first place. Also, a lot of rootkits won't install if the OS is running in a VM, or if a disassembler is installed. So if you want to catch this stuff, you have to run on bare metal and look at it using a kernel debugger.
>Also, a lot of rootkits won't install if the OS is running in a VM, or if a disassembler is installed
It is reasonably easy to fake the appearance of a VM or not. It's also trivial to fake the user agent of a browser or pass it through a proxy for full logging and analysis.
Now what on earth will you be doing with your dissembler? The output from your kernel debugger will also be a little tricky to capture, store and process over extended periods of time. I have to deal with rather a lot of live network traffic analysis (I'm a sysadmin) and I'd really have trouble dealing with the meaning of the instructions from a slack handful of modern processors/cores running many 100s of threads at full tilt.
There are few people who can do that sort of analysis and they tend to be called kernel developers and I doubt they do it for routine system monitoring. OK you might trap n log calls to say your RNGs or other important sub systems but you are going to need some infrastructure.
You clearly have access to far more tin foil than me 8)
Cheers
Jon
It isn't as if any rational person still believes the USA is a free country. Think about it. No-warrant wire taps, indefinite detention of citizens without charges, approval of rendition of prisoners and torture, stop and frisk without probable cause, search and seizure without a warrant, no-knock entry, confiscation and destruction of cameras that might have been used to film police acting illegally, police brutality, police shootings that go without investigation, managed news, and the civil-rights destroying "Patriot" Act.
Acts of police behaving illegally, with shootings, Tasers, and unwarranted violence now appear almost daily. Rarely are these offenses punished. Most often "an investigation" is claimed, but soon forgotten.
In addition, the USA, with 5% of the world population, has 25% of all of the prisoners in the world. That means the USA has the most people in prison of any nation in history. Even by percentage of residents incarcerated, not just sheer numbers. USA is # 1! Does any of that sound like a free country?
As Dwight D. Eisenhower said about communism, "It's like slicing sausage. First they out off a small slice. That isn't worth fighting over. Then they take another small slice that isn't worth fighting over. Then another and another. Finally, all you have left is the string and that isn't worth fighting over, either.
Don't overlook the racism factor. The USA is becoming a nation of ghettos, while the wealthy one percent wall themselves apart in gated and guarded enclaves. Police enforce the boundaries; a grotesquely large percentage of the prison population in the USA are from the ghetto class, predominately nonwhite. As for civil rights ... yeh, we honor our rights in the breach, but few outside the one percent can access the legal defense against local, state, or federal violations of those rights. But then again, if our rights are violated in secret, then what is there to get upset about? Ignorance is bliss ... !
Don't venture outside the boundaries. The enforcers are watching.
not just that there are a ridiculous number of prisoners, but the conditions with the rape culture and the violence and the solitary confinement and the slave labour.
the no mans land of the usa - mexico border where hundreds of people die every year.
the mercenary drug war fought all around the world.
the secret no fly lists and the border crossing rejections for any minor criminal record like marijuana possession or being involved in a protest, or even for just having spoken your opinion online or writing the wrong book or saying the wrong thing at the wrong conference.
the censorship. the compliant media. the crushing of unions. the privatization of government services into corporate hands. the tent cities and squats and renting a parking space to live in your car and the foreclosed neighbourhoods. the rising protests and the rising repression of them. the desperate rush to exploit every last resource.
get all that sorted already eh ;-)
Oh, don't be so harsh on NSA and GCHQ... They're only a lad...
http://www.youtube.com/watch?v=PFzBCbxKiaI&feature=youtube_gdata_player
If I had to pin a theme song on the pair, and fuse them, and all the others, into one body, this song might be apt, or mostly apt....
"Only a lad, you really can't BLAME HIM
Only a lad, SOCIETY MADE HIM...
It's NOT his fault THAT he CAN'T BEhave
SoCIEty MADE him GO asTRAY...
PERhaps in TIME he'll GO aWAY"
Hehehehe....
http://www.sing365.com/music/lyric.nsf/Only-a-Lad-lyrics-Oingo-Boingo/DAF82B713B73012748256A2B002F79A4
Were I the writer of TFA, I would have used Bruce Schneier's name rather than introducing him as "a cynic". That looks like a little bit of poisoning the well, right in the very first sentence (although in the world of The Reg you could argue it's high praise to be called a cynic). I'm not much impressed with the headline, either - "Schneier" is shorter than "infosec'er" and conveys MUCH more information to anyone with the slightest interest in security or computers.