All Hard Drives have trojans in their firmware? The hell? Is my Linus Machine safe?
The thinkpad T60/X60 supports coreboot so it's stallman approved. As for hard drives that don't have propriertary firmware- I'm not sure even stallman goes that far.
But old hard drives are likely to not have backdoors. Because back then the NSA didn't know that they could just get away with whatever the fuck they wanted.
Seriously, everything they are doing is being blown open and no-one gives a shit. No-one was jailed, no-one was fined, nothing.
30 or so years ago a president spied on 3 journalists in a hotel and there was a massive fucking outroar. He was impeached.
Nowadays the president is spying on every journalist in the world, all the time AND NO-ONE GIVES A SHIT
>The disclosure could hurt the NSA's surveillance abilities, already damaged by massive leaks by former contractor Edward Snowden. Snowden's revelations have upset some U.S. allies and slowed the sales of U.S. technology products abroad.
>The exposure of these new spying tools could lead to greater backlash against Western technology, particularly in countries such as China, which is already drafting regulations that would require most bank technology suppliers to proffer copies of their software code for inspection.
>USA literally shooting itself in the foot again and again
I like how the attitude is usually 'blame snowden for telling them that we can't be trusted' instead of 'we shouldn't have been so fucking untrustworthy'.
Keep the backdoors secret instead of not doing them is how you get people to trust you.
>The NSA declined to comment on any allegations in the Kaspersky report. Vines said the agency complies with the law and White House directives to protect the United States and its allies "from a wide array of serious threats."
tip top lel
It's always been at the hardware level, but it's easier at the software level so that's where the most of the focus is. This is a niche application.
These kind of things are fun to use but it's a real pain to manage. Mine only works for seagate drives since I'm not really bright enough to make something as complicated as this. For me it's just pointless project to waste my time on.
They sent a statement to Ars.
Anyone who actually tried it themselves knew but most of /g/ obviously can't.
North Koreans know their govt is fucking them over and they care.
Americans just carry the fuck on as per usual.
I don't think anybody disagreed with you, anon. It's just that everybody thought the hardware backdoors were limited to CPUs. Turns out literally everything in your computer is communicating with the botnet independently.
And then nixon got let off the hook by the next president.
Same shit happened to W Bush. Lied about WMD in iraq (I know, old story, but he straight up lied), and obama came into power and did fucking nothing. No investigations, nothing.
He's from the opposite party, but he's motivated to not damage the other party?
Sounds like something is a little fishy.
It's like everything is one big circlejerk funded by corporations.
>Turns out literally everything in your computer is communicating with the botnet independently.
>North Koreans know their govt is fucking them over and they care.
actually, I think the whole point of a personality cult is to distract the people from how dire other more pressing issues actually are. that and NK badmouthing the rest of the world through their press and press releases makes me think you're pulling this out of your ass.
>POELTIKS RIGG GUBMEN IS EH SHAM
just turning 13, huh?
>researchers lay claim to finding this info about these so-called hardware backdoors
>profess almost immediately "we can't even tell which hard drives are infected with this malware because it's so cleverly hidden"
>says they found something, then immediately says "we can't find it..."
>this smacks of some fucked up logic
>reminds me of Jesse Helms: "I may not be able to define porn, but I know it when I see it..."
>"we can't find this malware, but we know it's there..."
I smell some pretty serious bullshit going on, folks.
>NK portrays other countries as being hellholes so their cesspool of starvation and cruelty doesn't seem so bad
something the matter, officer?>>46601042
no shit. reuters is clickbait.
>implying shoes haven't been part of the botnet since the 70's
>also for your conspiracy hording pleasure
>the floods in Thailand a few years ago did not hurt the hard drive industry as everyone was led to believe
>the NSA needed a few hundred million hard drives to get that new data center in Utah up and running - yes, I'm serious, several HUNDRED million hard drives
>they depleted the world's supply of hard drives in the process for several months
>think I'm fucking crazy to say this
>do your research on shipping from Thailand to the ports of Los Angeles, San Francisco, and San Diego during that several months long period of time
>you'll find a pattern of container ships coming from Thailand with no declared purpose
>the purpose was fulfilling the secretly ordered manifests for a few hundred million hard drives
>all the info is out there, people
I stopped reading there
Oh sorry, I said 'he' but I was talking about obama.
My thought process skipped a step.
I'm not even american, so there's my excuse for being slow.
But american foriegn policy is incredibly influential in global politics. When America collapses under the weight of its own military spending, it's going to take the rest of the world down with it.
Do you not remember the whole hullabaloo? Bush was recorded to say, in speeches, that WMDs were in iraq.
Then they couldn't even find enough evidence to fake that there were WMDs there. They said "whoops sorry guys" and nothing happened.
Man, APTs are fast becoming a daily threat. We really are getting the cyberpunk future Gibson promised us.
A year ago Stuxnet stood out as the only major (discovered) targeted attack of it's caliber. Now Kaspersky have published details of both this and the Carbanak bank attack within days of each other.
The stunning thing is the tools that they're using now have nice C&C interfaces too, like something you'd build for any old client.
Then he should get punished for being wrong. Do you have any feel for how many billions of dollars of your money, how many american lives he pissed away on being wrong?
You think there should be some sort of mechanism so that he'd actually double check if there were WMDs there, before killing thousands of americans and running up a tab of hundreds of billions of dollars, and stirring up the hornets nest that is the middle east.
Something just to act as a disincentive to not be wrong again.
"It's not murder your honor, it's manslaughter"
If the backdoor is disclosed how do they stop malware using it now?
Or was the detection method something like "if we put blank machines at targeted locations any with these hard drive models are infected by an unknown exploit"
Presumably if you could place test machines at russian and iranian networks that are targeted you could slowly replace 1 part at a time to determine which hardware allows the malware to propegate but still not know how the exploit works.
Yes, don't trust those filthy reds. Trust us, the US government, who just wants to protect you from terrorists/gays/communists/chinese/japs/spics! We're spying on you for your freedom, to keep you safe! So you can go to bed at night, with that lovely wife of yours, without a care in the world.
So humanity, it appears that Horus has defected and is trying to portray the Imperial administration as malevolent and overbearing.
How can you not trust us? Have we not protected you? Have we not kept the Orkish hordes at bay long enough for you to live out your pathetic little lives? Do we not give you the freedom to fornicate as you please and choose what style of pigpen you live in?
Our power must be expanded in order for you to maintain the standard of living that you are accustomed to. Our systems of administration will become increasingly complex. Those of you who are not software engineers are already unable to understand how we watch you and what we are going to do with the information.
Quis custodiet ipsos custodes?
No one. We are above the law and we are above you. We are the Illuminati. Most of you have become fat and soft. Your testosterone levels are at an all time low. You are the most docile subjects that any Imperator has ruled.
You know you will go quietly. You know that when the key is turned on this tyrrany you will not protest. You will be too busy enjoying the thousands of simple and complex pleasures we have made for you in this wasteland. You will amuse yourselves to death as we shackle you.
Those of you young enough to read this will not be that alarmed by the changes to come in your lifetimes. Public institutions have been run as tyrannies for generations and a substantial minority of you come from countries that already have despotism. You have already been conditioned to accept what is coming.
But is there any one thus intended by nature to be a slave, and for whom such a condition is expedient and right, or rather is not all slavery a violation of nature?
There is no difficulty in answering this question, on grounds both of reason and of fact. For that some should rule and others be ruled is a thing not only necessary, but expedient; from the hour of their birth, some are marked out for subjection, others for rule.
but that's more or less impossible
the WHOLE POINT of the OS is that it provides an unified interface (within its environment) between different devices
you can't just write a section of binary code that says "send this chunk of data to the output memory section of the device connected to the internet", for a variety of reasons:
- which of the 10 usb/PCI slots is the internet service device connected to?
- If we know device X is connected to the internet, what are the opcodes and formats for the device? Interrupts? How do you "interpret the device"?
- Running a program from the hard drive without using RAM space is impossible - even page files eventually need to be loaded into the RAM to be accessed by the CPU, how does this program avoid its memory section being viewable in the OS, or worse yet - come into concurrency problems with it?
I mean I know I only have a bachelors but this shit stinks. It's possible that the hard drive itself has a pre-loaded OS that behaves as a middle-man between the OS you install and your computer, which would also happen to explain some of the weird shit that everyone complains about (for starters we might have a reason for "why is my terabyte hard drive not really 1024GB" beyond costcutting assholes), but then you would have to somehow conceal boot sector data and that's a whole other can of worms.
Anyhow I'm just excited because of the implications for this. If America had concrete evidence for chinese corporate espionage and have done nothing to stop it while holding full monitoring capabilities (i,e. they could've stopped it but they chose not to), it could only mean that America WANTS china to steal its technological advances and become a rivaling superpower.
That would be HUGE.
It would probably still target windows even if it is a hardware level exploit. Realistically every government is run by people too old and computer illiterate to understand how the potential issues with windows might impact security. I can't think of a single country that has managed to remove windows from all sensitive government networks.
As for China using the exploits it's probably the same, the NSA would know they can't convince every US department and contractor to dump windows for secured systems all they can do is limit the damage on the few sensitive things they can't let China know.
Daily reminder that USA and Obama is the biggest threat to mankind at the moment.
Boycott McBurger Country and the left-wing Obama government.
>instead of the bird
Obama is just doing what bush did
Bush is just doing what clinton did
clinton is just doing what Bush Sr did
Bush Sr was just doing whatever the guy before him did
And whoever comes after obama will just keep on doing what obama was doing.
Obama platformed on 'change'. But the change that most people had in mind wasn't 'More of the same, but accelerated'
suddenly feel awesome for using my ancient 12gb IDE drives
Good job reuters for putting "Russian" at the very beginning of an article dealing with the most advanced cyber-terrorism (this word has a completely new meaning now) devices known to man.
Privacy concerns my ass.
This is the nuke of this century. The way it is put it can deal with a large part of worldwide industrial automation.
All sorts of factories and plants worldwide at the mercy of an organization.
Pollute entire areas, poison water supplies and the likes. All from an armchair anywhere on the globe.
If They Would want to make China a rivaling superpower it Would be fucking 1984 which is totally ridiculous because America cares about freedom and is totally against everything communist
This makes me nervous /g/. All I have on my hdds is my Chinese cartoons and legally purchased vidya games.
What do I do /g/?
Flash memories can also be infected and used to carry the virus to the offline computer, where it installs and gathers information which is sent back to the flash, so that when you later use it with an online computer, they can get all they want to know about your offline machine. Read up, it's in the article.
Nowhere to run, nowhere to hide.
Time to go full Amish.
Most all of the tools that have been found are passive tools that either gather intelligence or steal money etc.
Malware that creates effects are relatively rare, and the ones that do are incredibly purpose built. We aren't quite ready yet for the "sky is falling" rhetoric when it comes to kinetic cyber effects. That isn't to say that those in charge of ICS systems and other critical infrastructure shouldn't be taking a very hard look at their security.
I really have no idea how people didn't realize that this was going on before these discoveries. There is a ubiquity of work out there around firmware-embedded malware; DMA allows firmware to do basically anything to the exposed system.
>come on /g/
So the question on everyone's mind is:
Is there someway around this?
Then all this talk about free software, linux and freedums on this board is pure horseshit, since all hard drives already have firmware backdoors.
You guys are like arguing over which HTML preprocessors are best and respect your freedums, when you're getting backdoored with stuff written in assembly.
guys, does this mean NASA knows i have music files on my computer that i don't hold a copyright license to? am i going to die?
>like /g/ is one person
In some cases specialist software can detect (but may not be able to remove) this type of malicious software.
The firmware can, in most cases, block any further updates to itself coming from the host system.
I read a book on Stuxnet the other week. It described a test in the US. They (NSA I think it said, but FBI and CIA also did this stuff) did a demonstration in front of Whitehouse officials where they caused a massive generator the size of a shipping container to wrench itself apart. Over the internet.
I think Stuxnet is the only live example of physical harm being done to hardware, and that was so targeted that it's almost easy to ignore the implications. But it's not just physical harm, look at Carbanak, news that broke just this past week of a billion dollars being stolen. Simply by RDPing into bank teller's work stations and pressing the "dispense ATM money" button. No exploit, just debug functions, which were gained access to by an old Outlook vulnerability and email phishing.
2 years ago I didn't take cyber warfare seriously, it sounded like a dumb Hollywood term. I thought it would be limited to information gathering. With the growing "Internet of Things" (just look at https://www.shodan.io/), it's not hard to envisage a dystopian cyberpunk future where this stuff can affect us directly.
Government entities hoard zero days, and create easy to use Command & Control software. With zero days acting like homing missiles, and patched vulnerabilities acting like cheap ammo for scattershot untargeted attacks on unpatched machines, you add your fancy payload and you have a weaponised, easily deployable cyber attack that you can control and change on the fly.
>I think Stuxnet is the only live example of physical harm being done to hardware, and that was so targeted that it's almost easy to ignore the implications.
Is this what you tell yourself at night?
On the other hand... Kaspersky is a Russian company. Do you really think this disclosure is not part of an intelligence warfare between the Russian agency FSB and the USA?
Because lately Russia has been hit hard by economic sanctions initiated by the EU and USA, so this could very well be Russia's way of retorting by using a "private" Russian company to disclose how the US is spying on the rest of the world. It' can't be a coincidence that they are disclosing this just now.
Also, Snowden can't be a stranger from this disclosure. A former NSA employee which took refuge in Russia, where Kaspersky's headquarters are... Everything fits together more than nicely.
>not detectable by that tool
I can tell you have little understanding of how malware analysis actually works, so I'll make this simple.
Just because a piece of malware is not known to security researchers does not make it undetectable. Work is constantly being done by organizations like Kaspersky to continue to detect threats like these.
It looks like the Kaspersky chief is linked with the FSB, the former KGB:
>“A longtime ally of Russia's secret security services, Kaspersky supplies technical expertise to the FSB, the successor to the KGB. His researchers train their agents in computer forensics.”
>The blog alleges that the alliance sent FSB agents “to the rescue” when the mogul’s son was abducted in April 2011.
>The magazine also claims Kaspersky sponsored Russia’s bill which banned a wide range of websites and “introduced new surveillance techniques for Russian telecom firms.”
That's the one yeah. I'm interested to learn how zero day trading really happens though, if that was inaccurate. It _sounded_ plausible enough, to a layman anyway.
I'm only coming from a web background so desktop security is all new to me. Besides from reading kaspersky et al's reports occasionally, my security experience starts at XSS and ends at CSRF. I find this all fascinating but a lot of it goes above my head.
i fully understand how it works.
you just ignoring the fact that it has been FUD for quite some time.
they can just change the malware to make it undetecable again.
heck maybe your pc is already infected, maybe mine is.
by using methods like a running custom tcp/ip stack, so the traffic is not detected.
granted i do not have much knowledge about networking.
anyways this is wat kaspersky had to say for them selfs;
"The discovery of the Equation Group is significant because this omnipotent cyber espionage entity managed to stay under the radar for almost 15 years, if not more," Raiu said. "Their incredible skills and high tech abilities, such as infecting hard drive firmware on a dozen different brands, are unique across all the actors we have seen and second to none. As we discover more and more advanced threat actors, we understand just how little we know. It also makes us reflect about how many other things remain hidden or unknown."
now read the last line again and again and again.
maybe you'll understand, this does not mean EVERYTHING is detectable just yet.
<==== the guy who runs Kaspersky.
This pic shows him when he was in the KGB cryptography program.
Do you trust this guy is telling you the truth? Or do you think his main interest is to say 20% of the truth in such a way that USA looks bad and you don't really know what's going on. Maybe the Russians have their own backdoor software which is installed on your computer, and this is just the tip of the iceberg, just one stage in a stealthy war between intelligence agencies in USA and Russia. This is just speculation right now, but really you can't believe a Russian private company wants your good, especially when it's run by a former (?) KGB trainee.
Going by the article, they were only targeting high-priority targets in foreign governments, which I imagine violates quite a few international laws.
They had to be careful not to get too reckless since, if someone found out it, would cause hell for the US electronics economy. Now that the news is public, they're only going to be using it more aggressively.
Under the cover of "protecting the country", anyone is a target.
No, I'm from Europe, I don't even pick sides here. I'm saying we're caught between 2 intelligence agencies from USA and Russia waging an informational war. Both sides are bad, that's what I'm saying, and we're losing to both, instead of having any way to escape their shit.
>China spies on it's citizens via software and hardware....
Well it is China so it is fine.
>Russia and China hack information from every business you use. They most likely have all of your information name, address, DOB, SSN, etc...
Oh, that is fine because they are just hackers what could they do with it?
Why is anyone surprised or bothered by this anymore?
There is no such thing as true privacy anymore. If it isn't the NSA it will be the FSB or the MSS.
Damn, sucks to be a yuro, getting fucked by the NSA and paying 19% ProblematicWhiteMaleShitlordValueAdded taxes on top of already high prices on top of already low wages
That dead look on his face
>implying he had any choice in communist russia
refusing communism got you thrown into gulag and killed
hundreds of million people died because of communism, so people had to "go with the flow" and live, even if they hated communism
The whole point of the hard drive firmware backdoors is that they let you conceal data on hard drives and rewrite data as you please. Hackers have published papers on doing this, so it's not absurd to think that the NSA can do it as well.
Use that technique to conceal a hypervisor rootkit and you're fucking invisible with full control over ever finger and toe of the system. There are techniques to discover bluepills like that but IIRC they all have countermeasures.
Intelligence agencies didn't really force you to recruit you. Not even in communism. Most likely he wanted to go up on the social scale, so he joined the KGB.
But the point is, once you're KGB you're part of the community. I don't think you ever cease being one of them. I really think Kaspersky is working in the interests of the Russian intelligence now. Why did they disclose this now, right after the Minsk summit on the Ukraine shit? Maybe they're trying to keep the public opinion focused on this while something else is happening? Idk, intelligence agencies work with stuff like this.
to beter understand here a picture
i cant into russian :(
it's been rumored that it can also infect MACs
and if that is the case (seeming as MAC's are unix based) linux/unix should be possible too.
>Redirects that sent iPhone users to unique exploit Web pages. In addition, infected machines reporting to Equation Group command servers identified themselves as Macs, an indication that the group successfully compromised both iOS and OS X devices.
Kaspersky is going to side with Russia and their intelligence community, yes, but they provided objective information and didn't make any unfounded speculations in this report.
Plus, it would permanently harm their credibility if they actually made up facts just to appease their nation's propaganda machine.
I work in the malware analysis field and I can affirm the report looks totally legit.
As long as you don't use windows, osx or are a Muslim, you're probably not even a target.
Don't be one of the few high profile targets of the US that were being spied on. Pretty simple. And no, chinese cartoons, supporting libertarian ideals, owning guns, looking at loli, and/or browsing 4chan don't make you a high profile enemy.
You seem to be forgetting about the reports Kaspersky did outing the Russian government.
No, this is not part of intelligence warfare between the US and Russia. That warfare is occuring, but its not ever going public. Kaspersky is a company trying to make money. If they prove they can catch people like the FSB and the NSA, and they also stoke the fear that the NSA is out there hacking everybody, the more products they sell.
How would the Russians even benefit in the long term from something like this? The Russians are smart as hell when it comes to intelligence. They wouldn't tip their hand and let us know what they know about NSA techniques. This has literally zero benefit for the Russians.
Not everything is a conspiracy or needs to be read into. Some things are just exactly like they appear.
>You seem to be forgetting about the reports Kaspersky did outing the Russian government.
They're not going to do anything that's too exposing of the government, if only for their own security.
Eugene Kaspersky has heavy historical Russian intelligence ties.
>How would the Russians even benefit in the long term from something like this? The Russians are smart as hell when it comes to intelligence. They wouldn't tip their hand and let us know what they know about NSA techniques. This has literally zero benefit for the Russians.
I agree this release probably wasn't influenced by FSB, but I disagree with your assessment. DoD has pushed private US companies to release information about Chinese APTs, probably as a strategy to humiliate them and give tons of options to put political pressure on them.
Now, Russia can cite specific NSA operations and actors during negotiations and press releases.
There are pros and cons to exposing info about foreign intelligence and militaries; in this case, NSA obviously knows large parts of their operations were compromised by Snowden, so FSB would know their tactics are going to change whether they release this or not, so might as well release it.
So you're saying a "former" KGB trainee just "happens" to disclose NSA spying, it has nothing to do with any Russian intelligence interests.
Such as saying negative stuff about the USA as part of a campaign to discredit one of the countries which deployed economic sanctions against Russia, sanctions which will affect private companies too.
So much coincidence. Kaspersky is such an altruistic company working for the greater good, telling it how it is to the global media, so that.. who looks bad in this story? Russia? The USA obviously, which has the potential again to turn its own citizens and companies against the US govt. Cmon.. I mean the CEOs from Google, Yahoo and Facebook refuse to meet Obama exactly because they got blamed for disclosing private data of their users, and you think this Kaspersky disclosure is not going to make things worse between the US govt and the American public?
You're the one who's naive.
No they're a fucking corporation working to make money. So they want Russian/Chinese/Whateverfuckistan to hire them to check their shit, not for some neckbeards all over the world to be paranoid about.
So basically this is the KGB/FSB company advertising their services to the rest of the world. They want you to clean up your NSA shit by letting them install their own backdoors in your systems.
Yep, completely trust Russians to do that.
They're not going to be so brazen as to backdoor their AV product, if only because their company would essentially go bankrupt as soon as the backdoor is discovered.
They are a capitalist company above all else, and they employ some of the top security researchers in the world.
That said, you should definitely take things they say with a grain of salt and examine only objective claims, not speculations.
Look you're speculating that they can actually counter this stuff. At this point, they just disclosed firmware backdooring, that's all. It's just a media event, they're not offering anything, so nope, the purpose of this disclosure is not them making a buck, since they don't have anything to counter it at the moment.
In fact, they admit that there is probably a lot more they don't know. Meaning, the main purpose of this media disclosure was to freak out the civilians about how the USA govt is spying on them. It just fits Putin's interests so well...
I never said Kaspersky was an altruistic company. I just don't think that they are doing this on behalf of the Russian government. They are doing this to make money and win more contracts. They have outed many major governments around the world. I agree that Russia tries to discredit the US in many ways, but this is not the way they typically go about it. They don't usually expose their understanding of our intelligence gathering apparatus, because as soon as they do, we change it, which makes it harder for them. In fact, this is pretty standard procedure for most countries.
China and the US is a bit of a different story. The Chinese don't use many sophisticated methods for their industrial espionage campaign, which is the campaign being outed in the media by the US government. You will notice though that barely any of the public statements focus on normal government on government spying. Outing the threat that the Chinese pose is likely the only tactic that will work because of the way they target non government related entities. Getting companies like Mandiant to write reports on them is intended to raise awareness within corporate security offices so they can stem the progression of the Chinese industrial espionage malware.
Comparing the US/Chinese relationship with the US/Russia relationship is not a good comparison. The US relationship with both countries is quite different, as are their intelligence priorities and their level of sophistication.
> Now, Russia can cite specific NSA operations and actors during negotiations and press releases.
I doubt we will see very much from the Russians on this front. It is possible they will try to take advantage of it now that its out though, but that doesn't prove any motivation or support for the release of this information.
NSA deployed the firmware malware in very, very limited cases against specific targets. The malware still is not undetectable though, just extremely persistent and difficult to remove.
It's just nonsense to think an AV company is actually going to backdoor their product.
And yes, obviously it fits Russia's interests. Mandiant, FireEye, and Crowdstrike are US security companies that frequently reveal information about Chinese and Russian intelligence agency groups. That doesn't mean they're on the government's payroll or are backdooring their products to help foreign surveillance. It does mean they probably got permission from the government to publish the info though, which is probably what Kaspersky did too.
>I doubt we will see very much from the Russians on this front. It is possible they will try to take advantage of it now that its out though, but that doesn't prove any motivation or support for the release of this information.
They've referenced NSA surveillance before, and there's no reason why they wouldn't in the future.
You're right that Chinese are much more brazen and do way more economic espionage, but NSA does their fair share of economic espionage too.
Intelligence is a very very complex field, and there are plenty of valid reasons why FSB would want this info published. They may have had no involvement, but the fact the info was published does not preclude their involvement whatsoever.
Probably something along the lines of:
Hard drive with cuhrayzee backdoor code in it sees a file with an elf header. (or just using filesystem executable flags)
hard drive then inserts a very small bit of code into that file. code is executed when the OS runs the file.
OS doesnt even notice. its just a standard executable file. so what if it opens some ports, many things do that.
> They've referenced NSA surveillance before, and there's no reason why they wouldn't in the future.
They have but it is typically after the fact. They know how to take advantage of a situation, and they have a top notch information operations department.
I'm more than aware of the complexity involved in intelligence, and I'm extremely familiar with the way in which the Russians conduct themselves. If Russia were pushing for this information to be published, it would wildly uncharacteristic. Taking advantage of leaked information after the fact, however, would not be.
China steals information and gives it directly to companies, the US does not do that.
>China steals information and gives it directly to companies, the US does not do that.
It's a gray area. NSA was caught red handed spying on oil companies, and presumably that information would only be useful if given to energy sector executives. It's possible they were only interested in it for geopolitical purposes and did not give it to anyone in the private sector, but it's impossible to know that, especially when ethical lines are crossed every day by thousands of people.
I'm not quite sure how you can definitively say what FSB's plans are unless you actually work there. Even if you're going by history, tactics are being changed rapidly due to the growth of real cyberwarfare, so it very well could be a new strategy for them. I know they are usually very silent and secretive on these matters, but they could have a good reason for wanting this released; perhaps they want to tip off specific NSA surveillance targets with plausible deniability, for example.
You're forgetting one thing:
Everyone who made big bucks in Russia after 1990 (oligarchs) came or was linked with the former KGB. Big business in Russia became big for one reason: they had relations in power they could use to grab big contracts with the state. I don't know any big company in Russia which really made it on their own. It's just how business works in Russia, it's not really capitalism, it's state-linked capitalism.
So, don't use your Western mentality to think about how capitalism works in Russia, because there's no such clear separation between big private interests and state interests in Russia.
> I'm not quite sure how you can definitively say what FSB's plans are
I'm not, I'm saying it is very unlikely and would be highly uncharacteristic. I don't think the FSB is behind it, but that doesn't mean it isn't possible. It certainly is one of the less likely explanations for this even though. I think it is much more likely that Kaspersky is doing this with the intention of making more money.
I didn't read what you were responding to, but I just wanted to say that is how it works in America too. Actual businesses are fucked over, while state favored ones are given priority.
I work in infosec and do "threat intelligence" myself, but that's just a very watered down version of nation-state intelligence.
I've always been interested in a real intelligence career, but I have too many ethical holdups to ever work for CIA or NSA.
I doubt it. For example:
Check how a US presidency candidate begs for money from private companies.
I don't think in Russia political candidates beg for money to organise a proper campaign and have better chances at being elected. It's the other way around: the current president decides who will take the power next, and companies are asked to pay for the campaign... or bust.
Also, as you can see big capital in the US can criticise the US president and can even refuse to meet him. In Russia, things will end up badly for you if you do this. At best you get into prison (see the Khodorkovsky case).
Look at the military contracts that are given out, the bail out of the auto companies and banks during the 2008 crisis (banks count as a business). Beyond that, many politicians give priority to family owned (their family) to get contracts that could be better done by someone else, or wouldn't be done at all without their interference.
The US is very very far from a free market, or a free society. Princeton argues the US is an oligarchy.
We may be arguing the same thing honestly.
> I have too many ethical holdups to ever work for CIA or NSA
You should give it a shot. I think you'll find that the public view of the military/CIA/NSA and other intelligence agencies is less than accurate. I worked in the private sector for a long time and I found most large companies to be the ones without ethics. Following the laws set forth is a very big deal in intelligence agencies, and everyone is very serious about it. Don't believe me though, believe the media, leakers, the occasional politician and the internet, they've never been known to misrepresent anything, ever.
If you really want to know, you should find out for yourself, instead of believe me, the internet, the news or whoever. That's what I did, and I was surprised. Now when I watch the news everyday, I see how wrong all of it is on most all subjects, and it saddens me.
It is very interesting and exciting (not in the movie way though). It is extremely challenging which is exciting. It can be exciting in other ways too, but it depends on the job. I don't know where you are, but if you really want to do it, why not try? Limited options are still options.
All in all, working for the government I've found that I was wrong about a lot of things, and the groups of people I've worked with have been some of the smartest, most thoughtful, most dedicated, and most truly patriotic people I've ever dealt with.
Okay nerds so this is horrifying and all so how are you going to make my computer safe from the NSA finding out about my pirated anime soundtracks? Please don't tell me I have to use Linux.
>If you really want to know, you should find out for yourself, instead of believe me, the internet, the news or whoever. That's what I did, and I was surprised. Now when I watch the news everyday, I see how wrong all of it is on most all subjects, and it saddens me.
I definitely don't trust the news, but I also definitely don't trust the US intelligence community.
I am not a conspiracy theorist and I am not necessarily against the US government. I also have several friends who work in the intelligence community. I fundamentally agree with NSA's goals and mission, and I have no issue with many of their operations, but I disagree with many of their tactics.
Bad things happen when any one organization or person becomes too powerful. Even if you go into something with the best intentions in mind, you will inevitably grow more corrupted as you gain more power. And I think that's where NSA is headed.
And I also know private companies are no better, but most private companies (thankfully) do not have access to the kind of information the government does. If they want to grow in power or collect information, they have to stay within the law, which limits them greatly.
There's also the issue of doing important work but not knowing how that work will be used or what it's really for. Blind obedience to a job while knowing nothing about the end goal or intentions of that job doesn't sit well with me.
If I am building a weapon, I want to have full knowledge and control over it. That's why I find, write, and utilize 0-days alone and on my own terms, and use them in a manner that I think is ethical and beneficial to others. I could not say the same if I was doing exploit dev or CNA/CNE work for NSA.
So I keep hearing about all this "power" the NSA has, but strangely I never ever see it. Sure, I see incredibly advanced capabilities, but I also see pretty tight regulation and limited resources. The power lies within the political bodies of the US government, and people think they are misusing the power via the capabilities offered by intelligence services, they should vote for someone that more closely represents their principles.
> If they want to grow in power or collect information, they have to stay within the law, which limits them greatly
This is true for companies and for intelligence organizations. I realize that there is a lot being said to the contrary, but most of it is being misrepresented.
> Blind obedience to a job while knowing nothing about the end goal or intentions of that job doesn't sit well with me.
I don't know where you got that idea, but it isn't true. I am not blindly obedient, and I've never met anyone else that was either. I may not know every single scenario, but I'm okay with that, not because I'm blindly obedient, but because I have faith in my leadership's demonstrated competence.
> That's why I find, write, and utilize 0-days alone and on my own terms, and use them in a manner that I think is ethical and beneficial to others
That being the case, it is understandable why you don't want to work for anyone, and that's fine. I used to think the same way until I realized that what is or isn't ethical varies from one person to the next, and that unilaterally effecting others based solely upon my own ethical viewpoints was just as bad, if not worse, than a government or corporation forcing its will on others.
"In Soviet Russia the virus makes you". He said.
>So basically this is the KGB/FSB company
So the Internet working with TCP/IP must be the CIA botnet in this way. Putin, what are you doing on my 4chan, you must to raise the Russia from knees!
Yeah, because the floods didn't actually happen.
Fucking conspiracy nuts tell you to do the research or that the info is out there. Didn't actually read anything themselves.
Show us the papers for all these undeclared shipping containers from Thailand. What train took them to Utah?
I've pretty much accepted the botnet.
My phone knows where I'm driving to and tells me that I'm 14 minutes from work and it's right. My computer knows what I'm going to search before I search it. My TV knows what programs I watch and gives me ideas for new shows that I usually enjoy. My grocery store knows to print out coupons upon checking out of the self service checkout line for products that they know I like, and I end up using the coupons to save a few bucks. My life is a big fucking botnet and I wouldn't even know where to begin to unplug myself, so I just roll with it.
>That being the case, it is understandable why you don't want to work for anyone, and that's fine. I used to think the same way until I realized that what is or isn't ethical varies from one person to the next, and that unilaterally effecting others based solely upon my own ethical viewpoints was just as bad, if not worse, than a government or corporation forcing its will on others.
I mean, I could probably debate that point for hours. In some senses it can be a lot better, some a lot worse. If I'm acting 100% alone then I get no checks or balances or second opinions, but if my checks and balances are improper or lacking in severity then you create a potential "Lawful Evil" situation where you are nominally obeying a code of conduct and convince yourself you are following regulations and laws, but in practice you may be committing great ethical offenses. I will say I do personally defer to other people before ever making a decision to infringe on someone's privacy, and I trust my own ethical code over a vague unknown ethical code that may or may not be followed by those whom I am helping weaponize.
I do not think the NSA's current checks and balances are sufficient. Yes, sure, they technically (try to) stay within the law, but those laws are only enforced in secret courts with secret rulings, and FISA judges will almost always side with the government. Yes, an analyst needs to go through a special process to see information on a US citizen, but that information is already in storage and technically accessible by many people, with only a bureaucratic barrier to its access.
If you look through all of the Snowden-leaked documents (the documents and presentations themselves, not the reporting about them) it's absolutely undeniable that there is dragnet surveillance, that there is deep infiltration into private companies in allied countries (the breach into Belgium's Belgacom, for example), that there is in general an attitude of "scoop up everything, search for what you need on demand". That "scoop up everything" part sets a very bad precedent.
I think you also may be letting your own personal experiences color your entire perception of intelligence agencies. Even if we assume that 99% of employees are ethical and that 100% of people you've met there are ethical, there are still massive swaths of the organization you have no personal encounters with and may never know about.
I obviously do not think NSA employees are bad people, I just think the internal culture they're promoting (Keith Alexander's "Let's collect the whole haystack") is a precedent which needs to die before it spirals out of control.
There's always this option if you'd like to go off the grid and be truly free. However, you'd wanna do a little more planning than this guy did.
Long read but abso-fucking-lutely worth it.