Inside NSA's Efforts To Hunt Sysadmins 147
An anonymous reader writes "The Snowden revelations continue, with The Intercept releasing an NSA document titled 'I hunt sys admins' (PDF on Cryptome). The document details NSA plans to break into systems administrators' computers in order to gain access to the networks they control. The Intercept has a detailed analysis of the leaked document. Quoting: 'The classified posts reveal how the NSA official aspired to create a database that would function as an international hit list of sys admins to potentially target. Yet the document makes clear that the admins are not suspected of any criminal activity – they are targeted only because they control access to networks the agency wants to infiltrate. "Who better to target than the person that already has the ‘keys to the kingdom’?" one of the posts says.'"
Hide in plain sight (Score:5, Funny)
Re:Hide in plain sight (Score:5, Funny)
If only you could pass those damned astro-navs....
Re: (Score:2)
If only you could pass those damned astro-navs....
Just write, "I am a fish," on the exam.
Re: (Score:1, Offtopic)
Sysadmins are also usually the easiest target to get in.
standard password: 1amgod
Being that they are required to fix problems 24/7 that means they have a "secret" back door on their network so they can get in.
Once they are in they have a lot of access to the companies systems.
We can go, well those guys are just dumb, however I am willing to bet most of you who are sysadmins have some little back door just in case.
Re:Hide in plain sight (Score:5, Insightful)
Re: (Score:2)
Small-time admins maybe. If one works as part of a larger team, automation and documentation is king - any such backdoors would get anyone into trouble, quick.
I guess you have a definition of "small time", but I am thinking of alleged Chinese theft of Google source code. The "backdoor" was IE and very clever phishing.
Re: (Score:2)
Sysadmins can work in a big company and still be 'Small Time'. We're fairly small but automation and documentation lets 5 admins manage 1,200 systems.
[John]
Re: (Score:1)
Re:Hide in plain sight (Score:5, Informative)
Small-time admins maybe. If one works as part of a larger team, automation and documentation is king - any such backdoors would get anyone into trouble, quick.
R
O
T
F
L
Worked in Fortune corporations. If I don't stop laughing soon, I'll pass out.
Re:Hide in plain sight (Score:4, Informative)
Re: (Score:3)
As ineloquently as RabidReindeer may have put it, he's 100% spot on here. I've done security audits for big companies with large teams -- admins insert backdoors al over the place, then their buddies figure out they did it, and instead of being reprimanded they start using it too for convenience. Just because they have a big, publically-traded company doesn't mean the CIO/CISO cares about anything more than compliance on paper.
Actually, in many cases, the backdoors were created on demand from management because doing things securely was too just inconvenient for them. The old "Git 'er Dun!" principle.
Or because the security administrator was in a bad mood the day something idiotic came in and didn't challenge it. I knew a lowly applications programmer who was keeping his own personal files in the product data set because of that.
Re: (Score:2)
are you crazy? that's exactly how they hacked the Gibson!
Re: (Score:3)
A typical NOT ME!! approach.
The funny part is how many sys-admins think they are so good, until there is an independent security audit done.
Now you shouldn't get insulted. There are a lot of good sysadmins... However many have gaps, and their ego gets in the way of making things more secure.
Re: (Score:1)
Small-time admins maybe. If one works as part of a larger team, automation and documentation is king - any such backdoors would get anyone into trouble, quick.
No.. The backdoors are simply more sophisticated, that's all..
Re: (Score:2)
true, all the admins I know are super-hot on locking down what you want to do, but always expect themselves to have full, uncontrolled, access to everything - including all the stuff that is 'not permitted' under some 'security' policy.
I think of the last place no-one had youtube or facebook (fair enough TBH) except.. guess who did.
Re: (Score:2)
In previous jobs, the closest thing to a "back door" is a SSH key. In fact, it has been also the front door too, because some machines have any remote access blocked unless it is via SSH public key authentication. This makes the auditors happy, and it also gets rid of having to change passwords every 15-30 days. It also gets around the fact that three wrong passwords would mean a permanent lockout until an admin reset the account by hand (and documented the reset in JIRA.)
In times past, a "secret" back d
Re: (Score:2)
Re:Hide in plain sight (Score:5, Funny)
A poem (Score:1)
Do not as I do, do as I say: I am the NSA!
It's alright for me to bust into others' systems all day.
What's that you say? I can do that too then, it's ok?
The NSA says nay!
Do not as I do, but as I say!
A limerick (Score:5, Funny)
Whose ________ was so _______ he could ________.
He said with a _________ as he wiped off his __________,
"If my __________ was a _________ I would __________ it."
This has gone beyond madness (Score:5, Insightful)
Re:Perhaps it is rather time..... (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
As the Boston bombing shows, the NSA is really not reading facebook. They're storing all this shit. but it's not used for any actual intelligence work. I can only speculate what it is used for, but chances are that's it's about money. So feel free to post on facebook, that's the last place they'll look.
More accurately, they're storing it so that once they decide you're the guilty one, they can easily backtrack through everything you've ever said or did to "prove" it. Six lines from an honest man, and all that.
Smert Shpionam! (Score:3)
Re: (Score:2)
Only during war time. Traditionally during peace time their fate is often to be traded for the other sides spy.
Re:Smert Shpionam! (Score:5, Insightful)
Re: (Score:1)
Re:This has gone beyond madness (Score:5, Insightful)
Re: (Score:1)
They're arresting Barney Frank finally? About fucking time!
Re: (Score:2, Interesting)
This is kinda their jobs. It's what they do. They're a SPY agency. They do spyish things.
Re: (Score:2)
Actually they're an Intelligence Agency - they're supposed to to Intelligent things :-)
Re:This has gone beyond madness (Score:4, Interesting)
Actually, they're a security agency. It's even in their name.
Not that hacking into every sysadmins computer would give anyone security, but that's another matter.
Re: (Score:2)
Think of it as unplanned pen testing. Kinda like how rape is unplanned sex.
Re: (Score:3)
Re:This has gone beyond madness (Score:5, Funny)
Since all the 'extraordinary rendition' bag, drag, and torture kids at the CIA are still running around in arrogant impunity, going so far as to just yoink inconvenient documents from the Senate Intelligence Committee(seriously, most of the members of that are appeasnik fuckwits who basically worship the clandestine services, so it must be really, really bad if the CIA is embarrassed in front of them. Also, if there are things the clandestine services do that even that part of the senate isn't allowed to know about, can we really maintain the pretense that civilian government is actually in anything resembling control?) how about pitting two problems against one another?
It'll be an exciting contest, like a reality TV show; but with higher stakes, rules as follows:
The NSA will be the intelligence-spooks team: their job is to dig up as much dirt on the CIA as possible, by whatever l33t haxx0ring necessary, and try to have the CIA neutralized by political and/or public outrage, at least to the point of organizational collapse, to the point of wholesale hangings-from-the-lampposts for bonus points.
The CIA will be the wet-ops creeps team: they will have to 'disappear' key NSA personnel to our worldwide network of extralegal torture dungeons fast enough to keep the lid on their dirty laundry, and try to drive the NSA to the point of institutional paralysis or collapse, with extra points awarded for any actually-true facts obtained during the 'enhanced interrogation' sessions.
Gentlemen, to the starting line, and may you both lose!
Re:This has gone beyond madness (Score:4, Insightful)
People need to be arrested for this.
Absolutely. It's astonishing that it hasn't happened already. Where's the line? What will it take to cross it? That is the scary part.
Re:This has gone beyond madness (Score:5, Insightful)
Where's the line? What will it take to cross it?
I think the issue is that there was a line, and it got crossed. Once you cross it once, it becomes easier to cross, because hey it wasn't so bad last time.
Then, if you are put in relative isolation (enough for "group think" to take over) then it becomes easier still because you are validated for crossing it (dude we just saved lives by crossing the line...besides the "bad" guys are crossing it)
And this continues until you really can't even remember why you crossed it the first time, but there is so much danger out there you don't have time to really contemplate it, either. Until one day you realize that you are looking in the mirror each morning at someone who has become a stranger.
But by then it is too late...to challenge it now would precipitate an identity crises that isn't nearly as much fun as seeing yourself as the hero of the world.
Re: (Score:3, Insightful)
But by then it is too late...to challenge it now would precipitate an identity crises that isn't nearly as much fun as seeing yourself as the hero of the world.
Congratulations, you just described the mode in which basically everyone operates. We all just tell ourselves we're being pragmatic as we sell out our futures. We don't live for today or tomorrow, but for an outcome that will never exist as long as we don't alter our behavior.
Re: (Score:1)
Re: (Score:2)
I love lines. I like the whooshing sound they make as they fly by.
- NSA operative
Re: (Score:3)
Intelligence agents trying to collect intelligence illegally ?
FTFY
Re: (Score:2)
You don't seem to understand what constitutional is then.
http://en.wikipedia.org/wiki/F... [wikipedia.org]
"A "search" occurs for purposes of the Fourth Amendment when the government violates a person's "reasonable expectation of privacy. Katz's reasonable expectation of privacy thus provided the basis to rule that the government's intrusion, though electronic rather than physical, was a search covered by the Fourth Amendment, and thus necessitated a warrant.[35][40] The Court said that it was not recognizing any general r
Re: (Score:1)
Ignore that moron. I suspect it's the same people posting the same thing over and over (though I can't confirm). No matter what arguments you use, these people will just move on to the next NSA article and claim that the NSA isn't doing anything illegal and that the Supreme Court's opinions are always correct (paradoxical authority worship). Something is unconstitutional when it violates the constitution. Fuck 'em.
Re:This has gone beyond madness (Score:4, Funny)
"OK, Private, you know the enemy uses US civilians as human shields, and that's when we use the .50 caliber to make sure the bullet goes through the US civilian in order to get the terrist hiding behind him!"
"But I don't see anyone hiding behind any of those civilians!"
"They can be tricky. Start shootin' anyway."
Re: (Score:1)
That's right kids! And now it's easier than ever with Mattel's My First IED!
Re: (Score:2)
I didn't know that every sysadmin was a US citizen
Where does the GP make anything even remotely resembling this claim?
Re: (Score:2)
This is more of a matter for the UN Security Council. The government of the USA has just declared war on all the sysadmins of the world. Note, I said the government of the US, and not the citizens.
. . . oh, I forgot . . . the US government has a veto vote on the UN Security Council, so good luck with that . . .
I wonder how that will affect business, like in, "I can't do business with you . . . we are in a state of war with you . . ."
Re:This has gone beyond madness (Score:4, Funny)
"I veto your voting us out!" "You can't do that, you've been voted out so you therefore have no veto." "But the vote is vetoed, so we weren't voted out!" "..." "..."
Re: (Score:2)
The vote has to pass before the US is out, and the vote doesn't pass if the US vetos it. So the US isn't voted out.
Re: (Score:2)
It turns out there may be a way...
http://en.wikipedia.org/wiki/U... [wikipedia.org]
Re: (Score:2)
A deadlocked security council can't block the general assembly's ability to issue "recommendations". The GA can't vote to do anything real under this provision.
Re: (Score:3)
Maybe you didn't click the link. Here's the salient part:
It has been argued that with the adoption of the 'Uniting for Peace' resolution by the General Assembly, and given the interpretations of the Assembly's powers that became customary international law as a result, that the Security Council 'power of veto' problem could be surmounted.[34] By adopting A/RES/377 A, on 3 November 1950, over two-thirds of UN Member states declared that, according to the UN Charter, the permanent members of the UNSC cannot and should not prevent the UNGA from taking any and all action necessary to restore international peace and security, in cases where the UNSC has failed to exercise its 'primary responsibility' for maintaining peace. Such an interpretation sees the UNGA as being awarded 'final responsibility' - rather than 'secondary responsibility' - for matters of international peace and security, by the UN Charter. Various official and semi-official UN reports make explicit reference to the Uniting for Peace resolution as providing a mechanism for the UNGA to overrule any UNSC vetoes;
So this is the approximate procedure:
1) Introduce to the Security Council a resolution to restore "security" to the internet by barring the United States from hacking everybody.
2) US vetoes.
3) Introduce to the Security Council a resolution removing the US from the Security Council and barring the United States from hacking everybody, in order to restore "security" to the internet.
4) US vetoes.
5) Bring resolution from '3' to the General Assembly.
6) Re
Re:This has gone beyond madness (Score:5, Interesting)
We are dealing with an extremely well funded, well staffed, and well equipped professional criminal organisation. Whatever it's actual mandate is, the NSA has taken it upon itself to be the worlds premiere cyber-crime hacking group, accountable to no state, code, man, or law, and who regard the Internet and all computers on it-- foreign or domestic-- as fair game for fraud, intrusion and seizure. The organisation is out of control; without moral compass, budgetary restraint, or regulatory oversight.
It is only a matter of time before individuals and managers within the NSA create actual links with the criminal fraternity and begin to engage in for-profit cyber-crime. Indeed, this has probably occured already.
And should the cyber-crime divisions inside the NSA ever make common cause with their criminal counterparts in the financial sector -- God help Western Civilisation. The closest parallel I can think of is the rise of the nobility-church-state alliance in the ancien regiem and the subsequent ruination of France prior to the revolution.
Re: (Score:2)
Of this I have no doubt, but where I disagree is on
a) The scale: I guess the NSA is acting on a scale of one if not two orders of magnitude higher than its counterpart agencies abroad. This no matter how you measure activity.
b) Discretion: At least if the Russians or the Chinese were monitoring us, we wouldn't be hearing about it as much
Re: (Score:2)
So you are saying that, even if such behavior is wrong, the fact that someone else does it makes it OK?
One of the NSA's duties was supposed to be ensuring the security of our networks from foreign spying. Doing so and exposing foreign exploits with the idea that they are wrong and disrupt global trade would have been the moral high ground. But we lost that position a long time ago. We can no longer argue that other nations should follow our example because our example is no better then theirs.
And if you t
Re: (Score:2)
Assuming the targets are not US citizens, and are outside the US, arrested for what?
Espionage. Most countries have applicable laws.
This is what intelligence agencies are supposed to do.
Apprehend the guilty parties, try them and shoot them for spying. This is what countries security services are supposed to do.
Hell, most countries don't exclude their own territory nor citizens from being targeted by their own intelligence agencies.
So China spies on its own citizens. I don't think anyone would be shocked if they arrest a foreign agent for doing the same.
Then I will hunt them first. (Score:1)
(police show up at house)
"Wait...what are you doing! I was just making a joke online...I didn't mean it...please!"
(shot in face, staged as suicide)
Once compromised, it's a two way street.. (Score:5, Interesting)
Once you break into a admin's computer, with his credentials, it's a two way street.. One can plant evidence just as well as detect it..
Now that this info is public knowledge, any accused should levy a defense that the NSA planted the evidence, since they have the ability and the court has no way of identifying planted information verses unapproved activity.
Advice to NSA admins, I know it is a cushy job, but find another job NOT in the government, the NSA is on a witch-hunt it's only a matter of time before they turn innocent bystanders into criminals.
Re: (Score:3)
I had to point this out to our security dept several years back. They were scanning everyone's computer and user drive and building cases to fire people for anything they considered inappropriate. I told them that just because something is on someone's computer doesn't mean they put it there.
They finally listened when I secretly buried an empty directory called "kiddie porn" on one of the security managers user profile. Root access is awesome. The witch hunts stopped soon after.
Re: (Score:2)
So where do you work now???
Re: (Score:2)
Same place. Head of security is gone, however.
Re: (Score:2)
They finally listened when I secretly buried an empty directory called "kiddie porn" on one of the security managers user profile. Root access is awesome. The witch hunts stopped soon after.
Which reminds me, how has your job hunt been going?
Re:Once compromised, it's a two way street.. (Score:4, Insightful)
Advice to NSA admins, I know it is a cushy job, but find another job NOT in the government, the NSA is on a witch-hunt it's only a matter of time before they turn innocent bystanders into criminals.
Why would that help? A "former NSA admin" makes a convenient scapegoat. Come up with some employees who will strongly suggest that he was pushed out the door due to possible illegal activity and it's goat stew time
Re: (Score:2)
...the court...
Who said anything about a court being involved?
yawn. (Score:3, Insightful)
I read through it. What I got was some full of himself mid-level network aware weenie who managed to get a job at NSA and get access to a vast trove of captured packet data trying to impress people with his vast knowledge of intarwebs protocols... I bet the smart people at NSA who are reading his lunatic ravings are wondering "who hired this asshole?"
I spy my spy (Score:1)
When a spy agency have to spy its own spy, it's not a spy agency anymore but a paranoiac employer.
And it's also the end of any mccarthyism in the USA
Turnabout is fair play, isn't it? (Score:4, Interesting)
I love the irony of this... (Score:4, Insightful)
While NSA was hunting sysadmins, they were being pwned by...a sysadmin!
Yet another example of how NSA is too focused on offensive network capabilities (breaking into target systems) and doesn't pay enough attention to defense (strong crypto, open security models, etc.)
Smartest guy in the room (Score:4, Insightful)
The apologists will darken the skies (Score:5, Insightful)
As bad as such revelations are, what drives me nuts is all the apologists who crawl out of the woodwork every time one of these stories breaks. They have no end of justification for whatever the NSA or CIA does, anything from "I have nothing to hide" to "privacy is dead, stop bitching because the Good Guys are working t protect you".
I predict the kind of practice in TFA is going to keep mushrooming until someone uses it as a political weapon and then gets caught. Only then will the jock-sniffing Congress do something substantive about this mess.
If I were advising Hillary Clinton, I'd tell her to never touch another computer until her political career is over.
Re: (Score:2)
CFAA (Score:2)
Comment removed (Score:5, Funny)
My take on it. (Score:4, Informative)
If you are a sysadmin, and you have a Facebook page, LinkedIn account, social-media-whatever thingmagajig or Slashdot account, the NSA may well come after you.
Remember: this is written in plain sight and the NSA created fake Slashdot account to get into Belgacom.
I am a sysadmin. I have a Slashdot account. Maybe it is time for me to say so long, and thanks for all the fish. What Beta was not able to do, the NSA did.
Re: (Score:3)
If you are a sysadmin, and you have a Facebook page, LinkedIn account, social-media-whatever thingmagajig or Slashdot account, the NSA may well come after you.
Remember: this is written in plain sight and the NSA created fake Slashdot account to get into Belgacom.
I am a sysadmin. I have a Slashdot account. Maybe it is time for me to say so long, and thanks for all the fish. What Beta was not able to do, the NSA did.
Ya, and admitting your a sysadmin probably doesn't help either.
Re: (Score:2)
If you are reading this on /. (Score:1)
LinkedIn... (Score:2)
So they're basically running through LinkedIn and targeting anyone who says they're a SysAdmin, a VP, or anyone else who looks like they might have elevated privileges?
NSA to Sysadmins ... (Score:2)
Do our bidding or we'll out your posts on /mlp/.
Really Stupid NSA... (Score:3)
Wow they are amateurs now.
Dear NSA, want to do your job right? then start watching top networking companies for job openings and have your Networking expert agents apply for the jobs there. Nothing better than having your agent working on the inside.
a "hit list" is stupid, you waste a LOT of time having to deal with them, but if Agent Davis is a network admin at VERIZON or AT&T then you make a single phone call to own the network.
This tip is free, otherwise I am $4500 an hour minimum of 10 hour charge for any more consulting, als you pay all travel costs and I only fly private or military jet. F16 trainer preferred.
Re: (Score:2)
Hush Comrade, they have no idea that we have infiltrated their systems.
Note to self: stop using the word Comrade, it seems to draw strange looks from NSA types.
I hope the list itself is leaked (Score:1)
So many attempted lawsuits against the USG over various spying revelations have been refused because the complainant has no "standing," i.e. legal proof that they have been damaged. I imagine that if the list of targets were to leak, that would give those individuals valid standing to sue. As someone who was the DBA at a US$6-7B/yr corporation for more than 7 years I sort of suspect my name is on their list. I will say one thing, there's no fucking way any NSA ratware got into systems under my control using
Where is the NSA recruiting? (Score:2)
> are ROFL-easy [...] And pointing out for the lulz [...]
bottom line (Score:2)
- seperate normal surfing from your admin job
- encrypt everything
- consider to bounce connections via another server. Bonus if the final connection is via an intranet
- consider using a vpn-service, which routes many people over one ip
- avoid facebook and webmail (are they talking about specific webmails?)
for the selector stuff: install a cookie-killer like self-destructing-cookies (firefox) or tab-cookies (chromium).
Re: (Score:1)
Suspicion (Score:2)
So now you, the company CIO, go back to work and wonder if your sysadmins might inadvertently infect your servers with a trojan. Or worse, they have already been turned by the NSA. So screw this running your own infrastructure in-house. Pull the plug and put everything in The Cloud. Where they promise you security. Its possible that this document was leaked purposefully, to sew some doubts into decision makers minds with regard to their in-house admins.
In reality, The Cloud makes things easier to crack. A