Hacks Raise Fear Over NSA's Hold on Cyberweapons (nytimes.com) 103
Nicole Perlroth, and David Sanger, writing for The New York Times: Twice in the past month, National Security Agency cyberweapons stolen from its arsenal have been turned against two very different partners of the United States -- Britain and Ukraine. The N.S.A. has kept quiet, not acknowledging its role in developing the weapons (alternative source). White House officials have deflected many questions, and responded to others by arguing that the focus should be on the attackers themselves, not the manufacturer of their weapons. But the silence is wearing thin for victims of the assaults, as a series of escalating attacks using N.S.A. cyberweapons have hit hospitals, a nuclear site and American businesses. Now there is growing concern that United States intelligence agencies have rushed to create digital weapons that they cannot keep safe from adversaries or disable once they fall into the wrong hands. On Wednesday, the calls for the agency to address its role in the latest attacks grew louder, as victims and technology companies cried foul. Representative Ted Lieu, a California Democrat and a former Air Force officer who serves on the House Judiciary and Foreign Affairs Committees, urged the N.S.A. to help stop the attacks and to stop hoarding knowledge of the computer vulnerabilities upon which these weapons rely.
Re:just like gun control (Score:5, Insightful)
Unlike real weapons, these weapons can be multiplied easily. Try that with a tank.
That alone should mean that these "virtual guns" are under a tighter control. Even a nuke can only detonate once, but one such "weapon" can be used all over the globe billions of times.
Re: (Score:3, Insightful)
Exactly. The problem here is that people are trying to apply pre- information age thinking to post- information age constructs. This idea that you can build a cyber "weapon" that can only attack "bad" people and cannot be trivially altered to ignore whatever protections you put into place to keep it from being used against "good" people, is ludicrous.
Yes, exactly like guns. It's ludicrous to think you can proliferate millions of guns to "good" people, and they won't be also used by "bad" people.
Re: (Score:2)
Yes, exactly like guns. It's ludicrous to think you can proliferate millions of guns to "good" people, and they won't be also used by "bad" people.
Well, the horses have already left the barn on criminals having/using guns. They aren't going to turn them in if they were banned.
The question remaining is, do you allow people the ability to defend themselves, seeing as police rarely ever arrive in time to do anything other than write reports and gather evidence, or do you leave them defenseless?
Note that there are far more good people than bad people. That means that by allowing people to arm themselves there will be far more good people with guns vs bad
Re: (Score:2, Interesting)
And this is why, every day, so many shootings are interrupted or
Re: (Score:1)
Except for that nasty FBI demonstrating that those "Good Guy" claims are overinflated and often nonsensical
And many armed people can ADD to the death toll [harvardpolitics.com]
And this is why no one rushes to repeat these oft-exaggerated claims!
And even deeper is the great irony... (Score:2)
From my essay: http://www.pdfernhout.net/reco... [pdfernhout.net]
"Likewise, even United States three-letter agencies like the NSA and the CIA, as well as their foreign counterparts, are becoming ironic institutions in many ways. Despite probably having more computing power per square foot than any other place in the world, they seem not to have thought much about the implications of all that computer power and organized information to transform the world into a place of abundance for all. Cheap computing makes possible just
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
or should we just ban anything that can be used by "bad" people to commit crimes? or should we focus on the individual that commits the crimes instead of their chosen tools?
Re: (Score:2)
Or even Add to the carnage! [harvardpolitics.com]
Re:just like gun control (Score:5, Insightful)
The analogy is that these are very much like biological weapons. If you're going to use those, you have to be damn sure that the "good guys" all have vaccines, and that the weapon can't mutate.
There is a very good reason that biological weapons are NOT used.
not IDENTIFIABLY used... FTFY (Score:1)
There is plenty of speculation to be made over have many of the current 'epidemics' we've had in the recent world are simply mutations, versus being field testing of refined biological agents against captive populations.
Dump a slightly modified flu virus in your own, or a foreign nation's livestock, one intended to hop into humans, then wait and watch and document its effectiveness, issues, etc. Make individual changes across dozens of mild contagions, then use the resulting field data to help refine the 'm
Re: (Score:2)
The NSA _DID_ tell Microsoft and the other targeted software firms which vulnerabilities they were using months before the russians began releasing them (and pointing their finger at the NSA). It's the reason that patches were available on Win10 before the russian release and that Microsoft released patches for their unsupported OS's _the_day_ the russians leaked them.
Now there are better questions that need to be answered: Why are people blaming the NSA, and _ONLY_ the NSA? We know that the exploits were n
Re: (Score:2)
Because we don't expect the Russians to be the good guys. We do kinda expect that from an organization that is allegedly protecting us.
Re: (Score:2)
Were that true there would have to be _some_ condemnation of Russian hackers amongst the incessant blaming of the NSA. As that's not the case and people like shotgun keep repeating the same falsehoods, something else is happening & it's not innocent.
Cyber... (Score:4, Funny)
Only my opinion, but I really dislike this ter, "cyberweapon". Actually, anything with "cyber" other than "cybersex" sets me off a bit...
Re: (Score:1)
You should really try regular sex. Once you do, cybersex will seem just as distasteful and cyberweapons, cyberbullying, and cyberspace.
And they want masterdecryption keys, too. (Score:5, Insightful)
Even worse than that is they expect us to believe that they can securely escrow master keys to break all encryption. What a bunch of jokers.
Re: (Score:2)
https://en.wikipedia.org/wiki/Ukraine%E2%80%93United_States_relations
Re: (Score:1)
Yes, that's why NATO troops are there, and why Russia attacked them with cyberweapons which then spread to India, Pakistan, and other countries.
Russia is not our friend.
And the easiest way to defeat them is to triple or quadruple Renewable Energy usage, cutting off their supply lines at the knees.
Re: A weapon? (Score:1)
Eg, skin is vulnerable to penetration by small bits of high velocity metal, so guns aren't weapons?
Re: (Score:3, Insightful)
Your statement doesn't even make sense. So if I shoot a rocket at the cracked part of a wall the rocket ceases to be a weapon?
Re: (Score:1)
A crack in a wall would be the "vulnerability" so supposedly using something against it would mean it is not a weapon.
A word to the wise: (Score:5, Insightful)
Never create a weapon that you wouldn't want to fall into the hands of your worst enemy.
Re: (Score:2)
And these are weapons that the enemy can just stumble upon anywhere out in the world. A cyberweapon is really just a secret, but it's a decent (if tortured) analogy to think of them as camouflaged, remote-detonatable explosives that are hiding all over the place. The world is almost made of these bombs just waiting for someone to figure out how to set them off, and if we identify them we can neutralize them all without much trouble. But if we keep secret the fact that a certain kind of tree will go off like
Re: (Score:2)
Yes, tools that use secret vulnerabilities. If there were no vulnerabilities, or if they were not kept secret and subsequently patched, the tools would be useless and the payloads would never be put in place.
Re: (Score:2)
Never create a weapon that you wouldn't want to fall into the hands of your worst enemy.
That's nonsensical. What advantage or tool would you want your worst enemy to have?
Re:A word to the wise: (Score:4, Insightful)
Things that can only be used to defend and help their common man.
Re: (Score:2)
Re: (Score:2)
Perhaps you should make shields instead of knives.
Re: A word to the wise: (Score:2)
Re: (Score:2)
Re: (Score:2)
....or introduce security flaws (Score:2)
....or introduce security flaws that let the enemy use your own stock against you
Re: (Score:1)
So, like, no swords and no clubs either, huh?
So here it is (Score:5, Funny)
The NSA. It pooped it's pants right there in the public square. And rather than trying to clean up, it just stands there yelling "MY SHIT DON'T STINK!" while continuing to make squeaky farts..
This is probably go to a new school next year level public humiliation, but they apparently have no shame.
If you should see someone who works for the NSA, hand them a roll of toilet paper.
Re: (Score:2, Insightful)
The NRA. It pooped its pants right there in the public square. And rather than trying to clean up, it just stands there yelling "MY SHIT DON'T STINK!" while continuing to make squeaky farts..
This is probably go to a new school next year level public humiliation, but they apparently have no shame.
If you should see someone who works for the NRA, hand them a roll of toilet paper.
Re: (Score:1)
The NRA. It pooped its pants right there in the public square. And rather than trying to clean up, it just stands there yelling "MY SHIT DON'T STINK!" while continuing to make squeaky farts..
This is probably go to a new school next year level public humiliation, but they apparently have no shame.
If you should see someone who works for the NRA, hand them a roll of toilet paper.
The NRA protects your right to use weapons for legitimate and legal purpose.
The NSA creates weapons to be used any way they please, legal or otherwise.
Kindly fuck off with your senseless analogies.
Re: (Score:2)
Re: (Score:3)
The NSA. It pooped it's pants right there in the public square. And rather than trying to clean up, it just stands there yelling "MY SHIT DON'T STINK!" while continuing to make squeaky farts..
This is probably go to a new school next year level public humiliation, but they apparently have no shame.
If you should see someone who works for the NSA, hand them a roll of toilet paper.
OMG I wish this would become a thing!
Order toilet paper sent to NSA HQ! Bury them in literally tons and tons of shit-paper every single day! Photos of piles of rolls at their doors and trucks lined up to unload more making the rounds on social media, the news cycle, etc!
Let's make it possible for drivers to see a new sign along the highways in Virginia; "See The World's Largest Mountain Of Toilet Paper! Visit NSA HQ Alexandria Next Exit!"
Destroy them with laughter! Make them such a worldwide joke (I know, t
If the corporations weren't identical to the gov. (Score:1)
The market would be tanking.
How can anyone innovate, compete, and do business when everything they make can be destroyed 'with a click of a button'?
This situation is enforcing the status quo to a hideous degree. The time is long past for violent revolt.
This rollercoaster ride is just getting started. (Score:3)
But the silence is wearing thin for victims of the assaults, as a series of escalating attacks using N.S.A. cyberweapons have hit hospitals, a nuclear site and American businesses.
IMHO it's just getting started. The source code to a whole BUNCH of their tools has gotten out - a treasure trove for the bad guys. Now they don't have to design this stuff themselves - it's all there, ready to be customized. We're just seeing the leading edge from the early adopters.
Now there is growing concern that United States intelligence agencies have rushed to create digital weapons that they cannot keep safe from adversaries or disable once they fall into the wrong hands.
Well, DUH! If you've got the source it's anywhere from reasonably easy to trivial to disable or change any kill switch. Changing vulnerable mechanisms key to the operation are more difficult, but still doable. So even if they did spend extra engineer time to build in the equivalent of "gun smart chips" - and they worked - it would, at best, be initially mitigating but ultimately futile.
The other thing to remember (Score:4, Informative)
The bugs would still exist either way, but the government has been intentionally funding organized crime into developing these vulnerabilities, and making the situation much worse. Since they are the primary entity putting money into this marketplace, they are playing the key role to allow black hats to quit their day job and focus on writing exploits.
Re: (Score:3, Insightful)
[citation needed]
It's a game theory problem (Score:2)
Re: (Score:2)
Most other security services learned from that in the 1920-60's and now know to question why interesting things that just appear.
Re: (Score:2)
Visit a site get gov malware. Have wifi on at a location, get gov malware.
"A reachable known target can be implanted with a non-replicating tool."
That was seen with "The Inside Story of How British Spies Hacked Belgium’s Largest Telco"
https://theintercept.com/2014/... [theintercept.com]
"The hack would remain undetected for two years, until the spring of 2013."
Re "This is also a double edged sword as putting in limitations to spreading also g
So how many? (Score:2)
If a couple 0dayz (+ a month or two) can cause this kind of a mess. Then how many guys worldwide are actively writing exploits? I think the skill should have at least a few thousand practitioners, so where is the daily chaos?
I do see to some extent the frustration the NSA must have over this. If the abusers weren't dropping ransom ware everywhere this wouldn't have had such a huge impact.
Nasty 0days come out every week.
Remember Coventry (Score:1)
Wait it out (Score:2)
Soon enough these exploits will be patched.
The NSA would be insane to get involved.
Hacks Raise Fear Over NSA's Hold on Cyberweapons # (Score:1)
Re: (Score:1)
Truer words have never been spoken