Hacker News new | ask | show | jobs
by xnull2guest 4275 days ago
Oh nobody thinks they are saints. I hope not.

> they use their technical abilities to suppress dissent in frightening ways

I'm just going to mention so called "Fusion Centers", which have been used to investigate and disrupt the organization of The Tea Party movement and Occupy Wall Street but spare my usual rant. No it does not compare to Russia or China.

Oh and I'm also going to link this: https://firstlook.org/theintercept/2014/07/14/manipulating-o...

And this: http://minerva.dtic.mil/

> NSA threatening domestic jobs, companies, individuals, and most of all innocents, that leads to an upset.

The NSA's view, and in fact several of the last presidential offices, is that these programs and capabilities are important for the country because they give American companies and domestic jobs a leg up.

"The National Security Agency/Central Security Service (NSA/CSS) leads the U.S. Government in cryptology that encompasses both Signals Intelligence (SIGINT) and Information Assurance (IA) products and services, and enables Computer Network Operations (CNO) in order to gain a decision advantage for the Nation and our allies under all circumstances." - NSA Mission Statement

A good example is the hacking of Brazilian PETROBOL (PETROBRAS?). Or actually, here's a firstlook link: https://firstlook.org/theintercept/2014/09/05/us-governments...

> While there's definitely a cyber war going on, you have to ask, why isn't the NSA actively disseminating knowledge to Americans on how to secure themselves?

Because it is essentially impossible to secure yourself on the internet. This isn't a fine point. It's a blanket fact.

> Why are they instead actively weakening encryption standards?

They have a concept called "NOBUS" which means that the weaknesses they introduce should only be exploitable by them. DUAL_EC_DRBG, the goto example of an NSA backdoor, is a perfect example of NOBUS.

> In summary, the NSA should participate in the global cyber intelligence war by educating the American public, instead of weakening them.

Oh I agree. Actually if you look back Clinton and first term Bush era they kept proclaiming that there was a cyber intelligence war but it never really caught on. So they made it about 'cyber terrorists'. Nobody caught on. They made it about actual terrorists. Now we listen. I do hope that investments are made in defensive capabilities rather than offensive. The Obama administration released a series of strategic documents funding longer term research into the protection of domestic computer networks, programs and technologies. But right now you can't play the game of cyber intelligence war without attacking. When it comes to hacking, the attacker always wins. Just playing defense is a losing game.

> The NSA's actions since 9/11 have been more consistent with a power grab than any authentic desire to empower & protect Americans.

This has been going on much longer than since 9/11. PREDATOR and MAINWAY are examples of programs that existed years before the 9/11 attacks.
2 comments
oceanstone 4275 days ago
Thanks for the response. Sorry for editing mine while you were writing yours.

> Oh I agree. Actually if you look back Clinton and first term Bush era they kept proclaiming that there was a cyber intelligence war but it never really caught on.

Interesting point. Now, in the 90s, wasn't the government trying to prevent encryption from being used by the public though?

> When it comes to hacking, the attacker always wins. Just playing defense is a losing game.

Still, there are a lot of defensive measures the public can take from hackers. For instance, using OTR, Tor/VPNs, and moving sites to HTTPS whenever possible.

Bruce Schneier has an interesting metaphor for this period in human evolution. He compares the information revolution to the industrial revolution. At first, people didn't realize how bad pollution could be, amongst other things like food safety. Books like "The Jungle" helped prompt people to stand up for themselves and demand better, and healthier ways of conduct. Overall, humanity evolved to handle the new technologies and their side effects. Snowden's revelations are like "The Jungle" of our time.

link
xnull2guest 4275 days ago
> Now, in the 90s, wasn't the government trying to prevent encryption from being used by the public though?

Oh yeah. They did before the 90s, during the 90s and are also doing it now. We won some serious ground in the 90s, allowing us to use stronger algorithms. But companies are still required to keep copies of all of your encryption keys at the ready if they want access to your data. If you haven't seen it the FOIA requested document from the CIA posted here a week or so ago has a pretty good history.

http://www.foia.cia.gov/sites/default/files/DOC_0006231614.p...

> Still, there are a lot of defensive measures the public can take from hackers. For instance, using OTR, Tor/VPNs, and moving sites to HTTPS whenever possible.

These things do help, but minimally. OTR is good if you want some privacy on your chats. Tor is good if you want a little anonymity. Some baseline level of encryption should be standard everywhere. If you look at the extensiveness of the backdoors though these don't really matter. For example take the FBI mass exploitation of Tor this year. In many instances (Apple iPhone/Microsoft Skydrive/etc with PRISM), copies of data are stored directy from a partner's product for inspection, whether it was originally encrypted during transit or no. And computer exploits that target operating systems are able to see everything on your computer that you see.

Re: Schneier:

I love his analogy to Digital Feudalism the most.

link
oceanstone 4275 days ago
Will check that out, thanks
link
hrjet 4275 days ago
> When it comes to hacking, the attacker always wins. Just playing defense is a losing game.

Firstly, why only hacking? What is true for a cyber-attack is true for a physical attack as well. Both sides lose resources in both types of attacks.

Secondly, the reason for defending something is because something is worth defending. If it has been defended in an unsuccessful attack, that is a win.

And thirdly, the thing being defended often includes a higher-moral-ground. Resorting to attack is a definite loss for the defending party.

link
xnull2guest 4275 days ago
> why only hacking? What is true for a cyber-attack is true for a physical attack as well.

A couple reasons. One is that 0day vulnerabilities have no defense. There is no way to defend against certain vulnerabilities.

The second is that there are no international rules of conduct that apply to cyber warfare. After the Georgia/Russia event there was an effort to pass agreements in NATO but AFAIK nothing came of it.

The third is that that a successful attack usually means the victim remains in a compromised state for months or years (look up advanced persistent threat).

Finally, it's also usually the case that cyber attacks go completely undetected.

> the reason for defending something is because something is worth defending

Right, well the NSA does engage in defense as well. There's just less that can be done. There are hundreds of millions of devices in America with an extremely long tail of software/update state and configuration, saying nothing of networks. There's a ton to protect and even protecting small amounts is costly. This is one of the main reasons companies (and governments) are looking to the cloud - you can consolidate your threat area if you concentrate operations and run broadly the same configuration/state across many systems.

> thing being defended often includes a higher-moral-ground

But this is espionage and sabotage. It's dirty business. I don't think it's a good thing. I don't really advocate for it. I'm just here explaining the broader context of the Snowden disclosures and this article. If you missed it there was a link containing 37 other countries that have cyberwar programs (the list is not exhaustive).

link