Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Government

Security Researchers Face Revenge of Spy Agencies (theregister.co.uk) 120

mask.of.sanity writes: Researchers tasked with revealing malware attack campaigns are being harassed, locked out of tenders, and in some cases deported. The retaliation by the unnamed spy agencies is in direct response to the popular published advanced-persistent threat campaigns that have coloured information security reporting over recent years. More details from researcher Juan Andrés Guerrero-Saade are available in a paper (pdf).
This discussion has been archived. No new comments can be posted.

Security Researchers Face Revenge of Spy Agencies

Comments Filter:
  • by Anonymous Coward on Thursday October 22, 2015 @02:21PM (#50783359)

    Can't you see that our good friends the government agencies are protecting us from those evil researchers?

    We wouldn't want freedom of speech and privacy now, would we?

  • by Anonymous Coward

    People of questionable morality don't like to be thwarted in their nefarious activities and retaliate.

    • by KGIII ( 973947 )

      My first response to this was, "Umm.. Duh? What the hell did you expect?" No right or wrong. Just, well, that's exactly what I'd expect to happen.

    • Are you talking about the "Security Researchers"?

  • by Anonymous Coward

    Security researcher Juan Andrés Guerrero-Saade was found dead in his apartment. Investigators found Guerrero-Saade laying next to various narcotics including heroin and suspect a drug overdose as the cause of death. His neighbors say he was a quiet man that mostly kept to himself.

  • by PRMan ( 959735 ) on Thursday October 22, 2015 @02:38PM (#50783501)

    "In many places intelligence services tend to be more civilised than in others -- you would be lucky to deal with them in the US versus wherever else, Latin America, Asia, or Eastern Europe where they take very different tactics, "

    The article is referencing other nations where freedom of speech is less guaranteed...for now.

    • The article did not mention Europe, so more precisely, U.S is better than Latin America, Asia or Eastern Europe.
      • by Anonymous Coward

        Is Eastern Europe no longer part of Europe? I know its been a while since I took geography, but I didn't think plate tectonics worked that quickly.

        • Normally, when saying Europe, it's meant EU states, vs Eastern Europe, which are former Soviet bloc states.
          • Normally, when saying Europe, it's meant EU states,

            So ... if (when? who knows?) the UK leaves the European Union, you'll no longer count it a European country?

            Wearing my "geologist" hard hat, I can assure you that plate tectonics does not operate that fast.

            And of course, Norway has never been part of Europe. Or at least, never part of the EU. It is part of the European Economic Area and of the Schengen "passport-less borders" arrangements, but they're not the same thing.

      • I love being precise. The article stated precisely this, "deal with them in the US versus wherever else". Unless you interpret wherever else to mean everywhere but Europe, you are precisely wrong.

        • Your quote is not complete, just read the GP's quote: "...wherever else, Latin America, Asia, or Eastern Europe..."
          The article "precisely" pointed out what "wherever else" is.

          That why, I said "the article *did not* mention Europe" (Western, Southern, Scandinavia).
          From this article, can you conclude about "Europe"!? Nope!
      • by _merlin ( 160982 )

        Is the resemblance between your nick "guestapoo" and "Gestapo" intentional or coincidental?

      • so more precisely, U.S is better than Latin America, Asia

        Considering the number of kleptocratic abusive fascistic governments which the US has installed and supported in Latin America and Asia over the years, then you can be sure that the US government knows exactly what it wants to bring about at home.

        Practice makes perfect!

    • by AHuxley ( 892839 )
      It depends on the location of the issues and who is reporting on another nations issues.
      Operation Socialist (Dec. 13 2014) https://theintercept.com/2014/... [theintercept.com]
      The fun of discovering issues, correctly reporting the matter and waiting ..... clean up and international expert code review is not always the expected result.
    • As for Latin America, it's worth asking where they learned those questionable tactics and from whom.
  • TFA Lacks Substance (Score:3, Interesting)

    by Anonymous Coward on Thursday October 22, 2015 @02:40PM (#50783517)

    While I have no reason doubt that harassment and revenge is happening quite frequently, the article doesn't provide any information to substantiate their statements.

  • by Anonymous Coward

    What does it mean to be "locked out of tenders"? My Google-fu fails me here.

    • The best guess I can think of that makes sense amounts to "locked out of financial accounts." This is assuming that "tenders" here is synonymous with "monies."
      • Nope. I'm quite sure they mean these [mcdonalds.com] bad boys. These NSA-types play mean and dirty.

      • This is assuming that "tenders" here is synonymous with "monies."

        I don't know what the word means in your country, but on this side of the Atlantic (Europe), a "tender" is a proposal that a company puts out to invite other companies to bid for a contract. EU law has some strict issues about how all contracts above a certain value should be put out to public tender, with specified levels of advertising, the amount of detail that needs to be made public in the advertising, etc. This is intended to damage mono

    • Re: (Score:2, Informative)

      by Anonymous Coward

      What does it mean to be "locked out of tenders"? My Google-fu fails me here.

      Companies regular respond to tender requests issued by government. In this context a tender is a contract open for bidding by organisations external to the government department or agency responsible for issuing the tender.

    • What does it mean to be "locked out of tenders"? My Google-fu fails me here.

      It means their grant application wasn't approved. That could be because their research is crap, or it could be, as the TFA claims, proof of a vast government conspiracy to silence them.

  • What the heck is a "tender"?
    • When I went on a cruise recently, a "tender" was the boat you took to the island. Perhaps they're tossing them onto desert islands and then locking them out of the boats to return home? Then again, considering the island I took the tender to, that wouldn't be a bad thing. (No Internet access but otherwise was incredible.*)

      * The no Internet access isn't a problem if you're visiting the island. If I was forced to live there, though, it would become a problem.

    • This explains it pretty concisely: https://www.youtube.com/watch?... [youtube.com]

    • As I noted with the AC above: What I presume makes the most sense in this context is tender = money. Using this context I think that "Locked out of tenders" could be better represented by saying "having their financial accounts frozen."
    • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Thursday October 22, 2015 @03:18PM (#50783755) Homepage Journal

      What the heck is a "tender"?

      Tender, noun. (commerce) a formal offer to supply specified goods or services at a stated cost or rate

      They're getting locked out of bidding on contracts. At least, that's what the sentence means. Not sure if it was used correctly.

    • A tender is an offer to provide a requested service for a government. Governments put out a request for a service (say, "we need somebody to help us ensure our computer systems are secure") and companies and individuals can tender an offer saying, "these are my qualifications, this is my price range". Government will then select one of those tenders to get the job.

      Presumably, people who speak out against governmental practices are having their offers tossed.

      At least, that's how I read it.

      • A tender is an offer to provide a requested service for a government. Governments put out a request for a service (say, "we need somebody to help us ensure our computer systems are secure") and companies and individuals can tender an offer saying, "these are my qualifications, this is my price range". Government will then select one of those tenders to get the job.

        Presumably, people who speak out against governmental practices are having their offers tossed.

        At least, that's how I read it.

        In previous jobs where I've worked that dealt with government contracts those were called RFPs (Request for Proposal), I've never heard them called "Tenders" before.

        • by Lakitu ( 136170 )

          It's a common word in common usage. Look no further than your nearest dollar bill to see it used this way!

        • It is something less than a contract as far as I understand. More temporary employment, or "hey, we need a dozen computers" not a years long contract to provide service or products.

    • What the heck is a "tender"?

      It's a deep-fried, breaded piece of meat product (usually chicken), best served with sweet and sour sauce. Proprietary synonyms include Chicken McNuggets

    • In naval terms a Tender is a supply ship, or a boat carried on a bigger ship capable of transferring personnel or goods between either ships or a ship and land (a live boat is not a tender, a tender has a 'Captain' and a role and potentially a crew, plus passengers)

      Tender is also used as a word for currency or money.

  • Security Clearance (Score:5, Interesting)

    by TechyImmigrant ( 175943 ) on Thursday October 22, 2015 @03:13PM (#50783711) Homepage Journal

    I find it interesting that not having security clearance is viewed as an impediment.

    I'm well employed in computer security and not having any clearance, not having signed any government secrets agreement has been an essential part of being able to do my job.

    While I work with people with clearances, I simply cannot trust them for specific things because it is not possible to know who they are really working for. Once you have signed up, you are clear for some government work, but tainted for work on the outside. Take your pick.

    • How does having a security clearance taint you? The only thing it indicates is that you either don't have much of anything to be blackmailed with, or that you have already disclosed such material to the government. There are other contracts you could have signed like NDA's, but that isn't part of having a clearance. Hell it's actually possible for a person to be granted a clearance without them having signed up for one at all.

      • by Anonymous Coward

        Assumptions that they are bound to withhold precious spook bugs instead of spotting or patching them because they were marked as classified by previous government jobs?

        • I suppose you could have a situation where someone knows some secret vulnerability and can't spill the beans to fix it because they knew about it previously through classified means. But I would imagine that the number of people who know that kind of information, and then seek out private employment specifically looking for and fixing those kinds of things, to be a very small number. You are probably more likely to have co-workers who find and keep vulnerabilities secret so that they can sell them than keep

      • by gweihir ( 88907 )

        You may not read secret material anymore unless specifically authorized to. Yes, that includes if it is printed in the NY Times. You also have to report certain types of conversations. I accidentally did that to somebody with a clearance a while back and had that explained to me afterwards. (I don't have a clearance, but have done research outside of the US that is at least "secret" there and may well be classified quite a bit higher.)

        So, yes, it taints you and significantly so.

        • A clearance is just a certified opinion of your trustworthiness from the issuing agency.

          Deliberately reading information that you know to be classified can cause you to lose that clearance depending on the following investigation. And yes, if you want to maintain a clearance you need to log specific types of conversations and contacts with foreign nationals. Mainly you do that though so you can provide it to the investigator whenever your clearance comes up for review. If you don't care to maintain the clea

          • by gweihir ( 88907 )

            I beg to disagree. When I talk to some fellow researcher about my work, and suddenly she gets an expression of fear in her face, clamps up and runs away, that is something that does impact me. My impression is you are sugar-coating to an extensive degree in your statement.

            • I can't imagine why they would be afraid, but I guess to each their own.

              • I suppose it could be a fear of stirring up a reportable incident. In some situations just an investigation could lead to suspension of clearance until the investigation is completed. If her job was dependent on having the clearance then she might have to take some leave until it's cleared up. But so long as she didn't disclose or acknowledge some classified information she shouldn't have anything more to report than that some other researcher independently discovered something that she knows or suspects is

                • by gweihir ( 88907 )

                  The problem might be that a simple nod at the wrong place can disclose classified information. And yes, this person was very much dependent on her clearance. The absolute requirement to report anything relevant, even things that are not really that hard to find out, effectively gags them and they cannot be part of a civilized conversation between adults anymore.

      • You can be granted access to a clearance, but as soon as you try to use the clearance, one of the first papers they have you sign is an NDA.

    • by AHuxley ( 892839 )
      The freedom to read, talk, understand, consider, create, discover, build, test, expand on existing systems is lost.
      It depends on the country, the decade, the boss and the endless tax payer no bid gov/mil contracts.
      The problem with a security clearance is that the person is then obligated to report on all material and people they come in contact with by default.
      If the material looks like it could be security related, the cleared staff will have to report the matter and all connected people back to the go
    • by gweihir ( 88907 )

      It is quite clear why that is. If, in the US, you have a clearance, you may not look at secret material anymore unless specifically authorized to. For example, reading the Snowden documents while you have a security clearance is a crime. For that reason, if you do security research, the only sane thing is to refuse a clearance even if offered.

  • by Jim Sadler ( 3430529 ) on Thursday October 22, 2015 @03:21PM (#50783783)
    This punishment without a trial nonsense needs to be hacked off at the knees and all who caused these punishments should be jailed.
  • It appears that government has used the Microsoft Word "search and replace" function to substitute the word "cybersecurity" for every instance of the word, "surveillance".

Beware the new TTY code!

Working...