Many people saw it coming. I was warning about the possibility of dragnet surveillance, the existence of ECHELON, the use of the American security apparatus to steal trade secrets, the surveillance of non-American politicians, et al... For many, many years before Snowden. And I'm just some rando on the internet who follows the mainstream news!
We were called _Conspiracy Theorists_; but when the action is _probably_ fact[0][1][2][3], why is it still ridiculed to say it might be happening?
What snowden did was provide independently verifiable content and details of their activities. His leaks were outdates by half a decade by the time they were public too. Everyone sort of accepted the IC will do shady stuff to stop terrorists after 9/11 because "american lives" so it was a solid conspiracy theory backed (not proven) by facts at the time. We sort of hoped they didn't care enough to snoop into our boring lives.
Puzzle Palace is from 1982. Everyone knew overseas cables were tapped and many peers joked about big brother listening on their long distance domestic calls.
Like life, technology always finds a way. Much of the talk back in the day was not based on reality because it was not based on what tech could practically do. The compute and storage weren’t there.
But it was pretty obvious by the late aughts that all the pieces for panopticon were coming together nicely. Tech finds a way.
> If the tools are there, they will be used for evil.
I use a stronger (more specific) form of that heuristic that seems to hold up well in practice:
If something evil is within technological possibility, and there is economic gain to be had from doing it, someone will end up doing it.
(Note, by "within technological possibility" I don't mean "there are COTS tools available for doing that", but closer to "physics doesn't prohibit it, and we have a good grasp on how it could be done in theory".)
I actually first figured out this phrasing of my intuition during Snowden revelations, to explain to myself why my initial reaction was a complete lack of surprise.
That sounds like conspiracy NWO kinds of things, but then again maybe there was a kernel of truth to that. It seems since Kennedy intelligence apparatuses have taken preeminence, perhaps somewhat necessarily though the results seem worse than the alternative of them not being there (Gulf II).
This article is asking how the NSA managed a hacking empire leaving practically no evidence. Many people correctly assumed it was happening, they just couldn't prove much.
"Why did we never see it coming?" Is a poor way of phrasing their premise, but it's not false.
Exactly. The other emphasized question, while less sexy and less quotable, is a much more accurate representation of the question TFA tries to answer:
> If the NSA was owning everything in sight (and by all accounts they have) then how is it that nobody ever spotted them?
It’s sad that people routinely find the first disagreeable thing in any submission then derail the whole discussion based on an out-of-context misrepresentation of that.
> If the NSA was owning everything in sight (and by all accounts they have) then how is it that nobody ever spotted them
I think this should rather say "nobody ever came forward". I'm sure there always were enough pieces of evidence even if scattered and nobody had the whole picture. But the ones who were close enough to put together some of it and get an idea had no incentive to open their mouths.
Coming forward with enough evidence was likely close to impossible until a decade or two ago. The ones who have such comprehensive evidence also have some "incentive" to keep quiet. Up to the proverbial "terminated with extreme prejudice" option, which I'm sure must have been employed given the sensitivity of the topic. Or perhaps risking being labelled a terrorist which would likely lead to even worse outcomes. When the efforts were escalated after 9/11 so were the security measures and the "incentives".
And coming forward with just shreds of evidence of something like this will only get you labelled a nut, enemy of the state, shill, etc.
Snowden and a few others did it at great personal cost and I'm sure they now serve as an example for others to not do it. Look around even today, people see the world in black and white and if you're not with them, you're against them, and they will treat you as such.
> It’s sad that people routinely find the first disagreeable thing in any submission then derail the whole discussion based on an out-of-context misrepresentation of that.
It reminds me of that "CIA manual" that floats around about how to derail conversations and sew doubt when infuriating an organization (can't find link). About doing things like bringing up irrelevant information, highlighting less meaningful things, revisiting already solved problems, etc. I mean what did the GGP do besides say "_I_ knew about this, but you all called me a conspiracy theorist! Who's laughing now?" What good does such a statement do? Clearly they are following the CIA handbook and derailing the conversation! (I'm joking)
But I think it comes down to not wanting to read the entire article _AND_ process the information contained within. I think a lot of people read things for the words written and not for the meaning, and I find this odd.
I think you're talking about "The Gentleman's Guide to Forum Spies[0]" Which for some reason people seem to believe is actually a CIA/Fed document leaked to pastebin (and somehow left there) despite having clearly being written for and within the imageboard community.
Most of what's listed as "disinfo agent" tactics there are the general fallacious and bad faith tactics that go on in almost any forum under heated discourse.
This is pretty similar, though the specific one I am thinking of is an image of a "scanned document" and seems to be more focused around workplace. But this is similar enough that it gave me better search terms to find what I was thinking of[0]. I'm not really convinced that this is a legitimate CIA or FBI document but the post I found it under claims it is a "1940s CIA memo on how to sow dysfunction in an infiltrated organization" and I've seen it many times floating around with similar titles.
But yeah, I fully agree that this is essentially about bad faith tactics. My new strategy to dealing with this is to call these people out on their bad faith rather than engaging in the misdirection that they are creating. At least in my experience it seems to push these conversations down from the top spot (but that may be a selection bias).
It was a great article, but that particular phrase is so often used with the "a mile away" idiom to refer to things that are obvious. Using it to refer to how people didn't spot any evidence was a bit confusing.
While that practice is common, this article does say
>The purpose of this post isn’t to discuss the legality of the NSA's actions or the morality of the leaks, what we are trying to answer is: "Why did we never see it coming?"
They clearly made it the central theme. With enough context what they are saying makes sense, but that phrase is so often used to describe how people predicted something without evidence. I'm sure I've read several articles talking about how some health organization "saw the cornavirus pandemic coming in 200x"
Honestly, no matter how you interpret the sentence, the article is so blatantly not about whether you thought the NSA was hacking companies, it was why the security community failed to concretely detect it.
All of the talk of how some people on HN totally for real knew the NSA was hacking people is irrelevant and a total distraction from the far more interesting question of why we needed a leaker to confirm it.
What they (we) are talking about, is that nobody caught the attacks.
The article then goes on to explain why, even with hundreds of thousands of ppl doing incident response investigations, nobody caught / correctly attributed these attacks.
Hi, I downvoted you. Normally I don't bother explaining why a low content post was downvoted, but whatever, I'm here.
1. Even if you were right it doesn't matter. Coming to the comments to split semantics while obviously missing the point of the entire article is adding incredible noise. There was more than one sentence in the article and more than enough context to forgive an ambiguous or even incorrect sentence.
2. I don't agree that you're right. You state there's only one interpretation. I could just as easily interpret it as "Why didn't we see the NSA coming for our network?" or "Given all of these NSA attacks, how did no one detect them entering the network?".
> Even if you were right it doesn't matter. Coming to the comments to split semantics while obviously missing the point of the entire article is adding incredible noise.
I didn't 'come to the comments to split semantics', nor did I say anything at all about the rest of the article. I simply replied to an already existing discussion about the meaning of a phrase.
Describing that one short post as "incredible noise" is frankly beyond absurd, particularly when you have no problem making noisy, unnecessary complaints in two separate posts here.
> I don't agree that you're right. You state there's only one interpretation. I could just as easily interpret it as "Why didn't we see the NSA coming for our network?" or "Given all of these NSA attacks, how did no one detect them entering the network?".
I didn't say there's only one interpretation, I said there's only one meaning, with the point being that if a phrase is used that has one specific meaning then obviously some people are going to assume that is what is meant by it and comment accordingly.
Being right/accurate does matter, precisely to avoid incredible noise like this.
> I didn't 'come to the comments to split semantics', nor did I say anything at all about the rest of the article. I simply replied to an already existing discussion about the meaning of a phrase.
Yeah, only one person needs to start the semantics-splitting topic and the rest of the lazy uninformative pseudo-discussion just flows from there, with every other guy adding one short harmless post. That’s how we get completely-derailed garbage threads like this. (Did I participate in the thread? Yes. Though in my defense I was trying to impress on people that this kind of thing should not happen.)
“Nor did I say anything at all about the rest of the article” — that should probably have tipped you off in a small way about the value of your addition.
> Yeah, only one person needs to start the semantics-splitting topic and the rest of the lazy uninformative pseudo-discussion just flows from there, with every other guy adding one short harmless post.
Maybe you should learn how to scroll instead of reveling in the very thing you're complaining about, otherwise people might take you for a hypocrite who is only making matters worse.
> garbage threads like this. Did I participate in the thread? Yes.
And how was your cake?
> “Nor did I say anything at all about the rest of the article” — that should probably have tipped you off in a small way about the value of your addition.
Do you think all comments are required to address every word of an article? Maybe someone should tip you off that not everything posted here is going to be written with your personal satisfaction in mind.
Depends who "we" is. If "we" is people on HN, who are tuned in and more closely associated with this stuff, then yeah. _You are not_ just some rando on the internet who follows the mainstream news, you are tech literate and actively participating in a niche technology forum.
But if "we" is more a general term then the premise isn't false and I'd argue is still relatively true today. The general public is only starting to turn away from ideas like "I don't care if Google reads my emails, what are they going to do?" And that's only because ad suggestions have gotten too good, enough that they believe that Facebook is turning on their microphones. Obviously didn't learn from Target[0]. You're clearly aware of this because of your last sentence!
You can sit with your pride telling everyone that you were right all along and not crazy, or you can further the reach to the more generalized "we." The two options are not really inclusive.
It was a theory that there was a conspiracy. The issue is that people dismiss conspiracy theories out of hand - even when the theory is backed by means, motive and incentives.
"This power is being used to influence the political process in the US" is still a conspiracy theory and will likely turn out to be true as well one day - because again the people involved have means, motive and incentives. But incentives based predictions are a bit subjective and most people don't seem to believe that incentives overrule character.
I've long wondered how to side step the "conspiracy theorist" pejorative. Personal interest. A local newspaper called me a "sweaty paranoid kook". All true. But also a distraction from the lede.
There must be a Luntzian phrase for believing in proven conspiracies.
As other poster jitteriest noted already, "conspiracy theorist" labeling is used to stop having any discussion with those who are labelled as "conspiracy theorists".
The whole dialogue is skewed in the favor of those who call others "conspiracy theorists". Once labeled, no more dialogue. This is one of the dialogical moves, and conflicts with the cooperation principle to resolve disputes.
It's not that nobody saw them coming it's that nobody cared enough to produce better technology.
When a few key entities are central points of information distribution it is very simple to monitor everything. End-to-end encryption is helpful, but it isn't enough, becaues no effort is required to know where to find everything. If you really want to lower the probability of state monitoring you need end-to-end encryption and point-to-point communication without a central service provider.
Major information providers and social media have no motivation to solve that problem. Removing them from the communication channel between you and your grandma instantly renders them irrelevant.
Very much this. Anyone who has tried to sell better defensive products to the market knows that the issue is not with the difficulty of doing things better, it's the interest and will of the market.
Fact is all intelligence services are heavily into their science and control. Its not just computer hacking they are into, they use psychology, medicine and finance to control the population. They have evolved the techniques first used and developed by successive religions since at least as far back as the ancient Sumerians.
Solomon Asch and his conformity experiments https://www.youtube.com/watch?v=TYIh4MkcfJA which continue to evolve to this day, is a useful tool for keeping people out of trouble, otherwise to quote an ancient religious expression "The devil makes work for idle hands to do" and who wants to go backwards in the Maslow's Hierarchy of needs?
So just like some people do not want to believe that God doesnt exist, some people do not want to believe their country's security services are spying on them 24/7 since the day they were born, hence why the hierarchical structure of society, currently called democracy, but included Royal governance and religious governance in the past, is still the leading way to operate in plain sight after more than 10,000 years of society.
Maybe I should be called Mustapha Mond ;-)
I first heard about this as a kid in 1999. I didn't even have internet back then (only got it in year 2000), and my country had just been bombed by NATO (your regular bombing campaign sprinkled with bombing civilians, as is tradition) and was lead by Slobodan fucking Milošević (a colossal piece of shit), so all kinds of conspiracies were flying around, everything was disinformation, and I didn't put much weight on this story even though my parents discussed it with friends several times during the next decade, which is why I remember it.
My parents' friend who had lived in New Zealand for a decade at that point came to the country to bury his father and was over at our house for dinner. He's an electrical engineer and used to work for a telco in New Zealand. He had heard about this ECHELON thing from multiple colleagues and found it plausible enough to talk about. He was told that all internet and phone traffic was being recorded realtime. Mind you, this was pre-9/11, so no 'terrorist threats'. The world ran on shitty computers and expensive storage and voice in any form (even compressed telephony) was considered bulky at the time. And this is 15 years prior to the machine learning boom, voice transcription was really bad, I still doubt it was used at that point, even though he mentioned it.
But he had witnessed an expansion of fiber and datacenter capacity sometime in 1997-99 and it seemed plausible to him (a real serious and professional guy).
Imagine my surprise when it turned out to be true. I mean, the story slowly became less and less far fetched over the following decade, but was still a total surprise when Snowden blew the whistle.
Not sure if this helps, but Thinkst is a South African company that provides "security services".
Maybe they mean that most security providers didn't see it coming. Some people would think that the NSA are part of the set of security providers and hence, in a way, it's not that you don't see something coming, it's simply that you don't see them as the aggressor.
If you change from the topic of "computer security" to "nuclear weapons" then perhaps you can see how intelligence gathering, obfuscation and subterfuge is perhaps not an inherently offensive thing. For nuclear weapons, I think the only objective is to prevent nuclear explosions. Some people think the US's role is to stop nuclear war; some people think the US is part of the problem.
My personal take on the topic is that Snowden's main role was to challenge the idea that the NSA is keeping the peace.
Indeed and consequently "your experts failed you" is also ahistorical. Maybe some talking heads did but not experts in general.
The better questions then would be "why didn't people listen? and "why didn't the general public see it coming?" It would be useful to understand these well to prevent future occurrences and even possibly to escape the current situation and future unfolding.
>why is it still ridiculed to say it might be happening?
This thread is full of opportunities for me to contribute, but this is the comment that is the most important.
I've spent a long time sifting through conspiracy theories, and I came to a conclusion at one point that the most important thing in the world the oligarchs and TPTB have at their disposal is control and influence of various degrees on the mass media in all it's forms. Therefor, the most important task is to inform people. Problem one is that the propaganda mass conciousness influence has been almost perfected, and it's very numbers based. So for example, lets say I showed you some of the more crazy conspiracies that have been at play in the US. If you are someone who wants an ugly truth over a beautiful lie, you might see the merit to my arguments. I can take the time to do that, but my numbers will never reach the MSM numbers... and so they keep doing what they are doing, because we are far away from the critical mass needed to actually push back against that power with power. The few movements that do start with that intention are quickly infiltrated and taken over, etc. Essentially, as long as the media can fool X percentage of people, it doesn't matter how many people want to fight the system, the fooled masses in their herd mentality will quash any dissent, and the perpetual cycle of abuse continues.
Second, is that I have discovered that most people simple don't want to know the truth, and in particular the ugly truth over the beautiful lie. I've "woken" (sorry it's cliche but appropos) people up who at a later point said "I don't want to know, that's too dark..." etc, but a lot of people really would rather hang on to any lie that makes them feel better than to hear about how borked the US is (and the world).
Combined, these two principles work in tandem to make sure even those who might still have a spark of dissent in their bones tend to be extra dismissive of any "conspiracy theory", either for self-preservation whether concious or not, because of herd mentality, and/or because they've been propagandized too heavily.
Also, there was a definite leap in sockpuppetry tech about ~2010, and I think there are a lot more "digital dissociative disorder people" on the web than anyone is willing to admit. (largely working to create the illusion of that herd mentality which then becomes reality)
The problem I'm running into now isn't yesterdays NSA conspiracy, it's trying to tell people about what TPTB are doing now! So maybe some people were forced to eat their words about NSA (not that many admitted that), but if you bring up the scandal of today or of tomorrow, you go right back to being considered a "wackjob crazy conspiracy nut" or some such nonsense. I don't know how you could possibly break through the control of mass conciousness to change this...
These reasons are also why the oligarchs are after control of the internet. As a withering but still standing bastion of anarchistic freedom of speech, it is their primary threat right now.
Anyway, the bottom line is that the truth, the real world, is chock full of actual conspiracies that are so much stranger than fiction.
You'll notice I kept it meta to avoid digressing into a debate about a particular conspiracy, but the number one issue is that people seem to have completely forgotten what inductive logic is, and how powerful it can be. Of course evidence (deductive logic) is preferred wherever possible, but in the arena of intelligence agencies and billionares who spend a lot of time covering up their tracks (especially by degrees of seperations), you aren't going to get that evidence except in the most rare cases. Even in the cases where the evidence does show up, it is often covered up, destroyed, lost, inadmissable, gag ordered, blackbagged, etc.
> These reasons are also why the oligarchs are after control of the internet. As a withering but still standing bastion of anarchistic freedom of speech, it is their primary threat right now.
"As the Americans learned so painfully in Earth's final century, free flow of information is the only safeguard against tyranny. The once-chained people whose leaders at last lose their grip on information flow will soon burst with freedom and vitality, but the free nation gradually constricting its grip on public discourse has begun its rapid slide into despotism. Beware of he who would deny you access to information, for in his heart he dreams himself your master."
> people up who at a later point said "I don't want to know, that's too dark..."
Just a point about this part. That sentence is a nearly universal symptom of helplessness.
Those people are not denying the problem, will not fight you, but are tired of hearing about problems they can't do anything about. That is bad if the helplessness is false (propaganda does make people believe they can't do anything while they can), and you'll get a much better response by fighting the helplessness itself than in trying to push your original message.
I'm increasingly close to doing an AMA where I just let HN ask me any conspiracy related question right before I burn this account... I figure it would get lost in the sauce though...
How dire: This is very subjective. I have moments of deep dispair, and then I see glimmers of hope. I don't know what to tell you other than it seems like the ratchet is turning against freedom more than for it.
Where to look: I suggest starting with one term, though often overly applied to just terrorsts, and that is "threat finance".
Sebastian Haffner warned of it as early as 1940. Not of the internet itself of course, but still. Note the bit about a microphone in every house.
> Yet another circumstance must be mentioned which proves favorable for the Nazis and their immensely powerful apparatus of oppression: the development of modern technology gives the rulers, as has long been insufficiently understood, an advantage over the ruled. The more effective the weapons become and the less you can protect yourself against them, the more the armed is superior to the unarmed. The Bastille could not be successfully stormed in the age of airplanes and tear gas. Rifles equipped with rifles have no chance against motorized police forces; it makes no sense to build barricades against a government that has tanks. And in the event of a revolution, it is not only weapons development that favors those in power, the state over the individual: modern technical development and the associated sophisticated organization work in the same direction. Traffic has led to the countries becoming small and easy to monitor. How many hiding places there were in a country a hundred years ago! At that time, every power hit natural barriers! Today there is no loophole and no hideout for the rebel anymore. Even the thoughts that are able to penetrate the walls have become "controllable" because they are tied to the mass distribution of news, to radio, film and the press. How long will it take before every house has its own microphone and every private word, like every telephone call today, can be heard? The ant state is at hand. It may not be a coincidence that states like Germany and Russia have elevated technology to the status of a religion. Conversely, this development of modern technology makes the preservation of freedom a human task that is more urgent than ever.
-- Sebastian Haffner "Germany: Jekyll & Hyde (1939 - Deutschland von innen betrachtet)"
The above is my crappy translation because I don't have the English original (!). Apologies to Haffner as author and anyone who enjoys reading good English, but I think the content speaks for itself.
It's not just so-called conspiracy theorists who warned us, but also people in the midst of our society, near the zenith of human achievement. Our best and brightest. And we paid a LOT of lip service to respecting a LOT of people who warned us, while trampling what they held up as most important underfoot. We just wanted their gimmicks, their clever oneliners, the stuff we could kill time with.
> Now the police dreams that one look at the gigantic map on the office wall should suffice at any given moment to establish who is related to whom and in what degree of intimacy; and, theoretically, this dream is not unrealizable although its technical execution is bound to be somewhat difficult. If this map really did exist, not even memory would stand in the way of the totalitarian claim to domination; such a map might make it possible to obliterate people without any traces, as if they had never existed at all.
-- Hannah Arendt, "The Origins of Totalitarianism"
She wasn't the type to get excited and pushy, about anything. And maybe she wasn't aware of how she hit bulls eye when she wrote that. But here we are, and we know she did.
> If both the past and the external world exist only in the mind, and if the mind itself is controllable – what then?
-- George Orwell
What if society became completely digital? What if people completely loose the ability to remember things, and look up their own lifes and history in the data stores? I've seen dozens, countless comments on HN that seem to be longing for something like that, of course while completely ignoring the implications, the destruction of humans and human society that would entail.
> Meanwhile, in the course of this "Terrorist Generation" campaign, for Obama to claim, "you know, I'm really worried about terrorists, so I have to to read -- well, they claim they don't read it -- I have to get information about your email, where you are, who you're talking to, what you have on Facebook; I've gotta put that on my big database"... actually, we're moving into a world which was described, pretty accurately I think, by one of the founders of Google... I don't know if you followed the stories about Google Glass? Well, Google has some new, ridiculous thing, they're marketing glasses which have a small computer on them. So you can be on the internet 24 hours a day, just what you want. It's a way of destroying people, but quite apart from that, this little device has a camera, and presumably, if it doesn't already it will soon have a recorder, which means that everything that's going on around you, goes up on the internet. Some reporter asked Erich Schmidt, didn't he think this was an invasion of privacy, and his answer was exactly right, comes right out of the Obama administration, he said: "If you're doing anything that you don't want to be on the internet, you shouldn't be doing it." This is a dream that Orwell couldn't have concocted. We're moving into it, and it's not the only case. if you read the technical journals, there's more stuff coming along. So, for example, right now there are corporations that are concerned about using computers with components made in China, because it's technically possible to build into the hardware devices which will record what the computer is doing and send it to those bad guys. well, the articles don't point out that if the Chinese can do it, we can do it better, and probably are, so it may end up in Obama's database the next time you hit the computer.
-- Noam Chomsky
That was located at http://grittv.org/?video=noam-chomsky-on-secret-trade-deals-... but that site is dead and directs somewhere else. Don't click. I transcribed it 7 years ago, I can't prove that, but if seriously challenged I would go try looking for another source.
My point is, that's not some old man who doesn't understand technology. He understands it better than the people who are used to make it. And did you catch what he called Google Glass? "a way of destroying people" That's not exaggeration, that's cutting right to the heart of the matter.
Although I will shamefully admit that I was one of the naysayers. I might have even called someone a Conspiracy Nut in a prior conversation, with my perception of the person being obsessed with potential NSA spying / collection.
Oh, how wrong I was.
Side note: I find it interesting that a period of time developed where any type of deep curiosity into government activity was enough to get oneself stamped as a Conspiracy Nut. If I were the person pumping these narratives and troupes out, I'd be very happy with my result, in retrospect.
The difference between a theory, a conspiracy theory and the truth are best described by varying levels of evidence. A theory is not currently accepted as the truth, but it might be the truth. A conspiracy theory is something that has been proven to be untrue, but people still believe it and pass it on. The truth is the internally consistent and fact supported state of the world as it was and as it is.
There were many people who were going out on a limb with the assertion that the NSA was probably vacuuming it all up, they had means, motive and opportunity handed to them on a golden platter, on top of that it corresponded with what we would expect to do ourselves when in that position (not that there was any such temptation). The hacker community was well capable of seeing this as a theory, rather than as a conspiracy simply for absence of proof. That didn't stop others from labeling the hacker community as a bunch of conspiracy theorists simply because they could not imagine it to be the truth, but a lack of imagination is not the same as proof and the output of such a process is better described as wishful thinking than rational thought.
Snowden changed all that. All it took was one person willing to burn their career to provide the proof. But beyond that nothing much has changed.
>All it took was one person willing to burn their career to provide the proof.
This is wrong. It took a LOT more than that. It took one man forgoing his life and liberty, and a group of people endangering theirs to assist him. Snowdon is not going to get his life nor his liberty back, ever.
It took multiple institutions dedicated to publishing the truth to actually bring the news to a wide audience, and it didn't end without a degree of betrayal.
I think he understated it, and your "wrong" is too strong. The main point is people had to actually step up, and when Snowden did this, we had some truth for a bit.
I disagree. The statement 'all it took was...' addresses one part of his life which many people change with some regularity. A career.
Snowden is currently in political exile and probably closely monitored, likely for the rest of his life. US congressmen have openly called for his assassination. If he were to return to this country it's highly likely he would spend the rest of his life in a federal prison, at best.
Please explain how 'all it took was for someone to burn their career' isn't utterly misconstruing the cost being addressed?
> willing to burn their career to provide the proof.
This should have been the case as in normal whistleblower cases. Seems it was not. I also suspect that Russia will eventually try and call the favor to coerce him to do something for them
EDIT: had no idea this would be so negatively viewed. If you're going to down vote please indicate what you're against...
how does giving asylum to a defector from an adversary make russia look tolerant? don't you think the US would happily do the same thing if the tables were turned?
The US routinely does the same, and they generally receive some amount of praise from the population as a result. The same thing would happen in Russia.
At this point is there a compelling heuristic we can use to determine if Snowden is an idealistic whistleblower or simply a Russian intelligence asset? The facts seem to support both interpretations.
They revoked his passport because he's a fugitive, formally charged with two counts of violating the Espionage Act. I think the reason he's Russia is that they don't have an extradition treaty with the United States.
I'm not certain at this point. His skills? His voice/platform? for example if he were to come forth and say something plausible but false many would just believe him.
He has a fairly small number of supporters, very few of which hold any power, and are some of the most aware of government interference. Russia will be fine with what they (presumably) already coerce him to do, pay taxes.
And as for why your post was down voted, you stated that a whistleblower should lose their career for their uncovering the truth.
A conspiracy theory is just a theory that a conspiracy has happened. In popular usage there's an assumption that it's incorrect, but that's not part of the definition of conspiracy theory.
If you're going to pick nits at least use the full definition. For a shorthand it was accurate enough, and in popular usage the assumption is not that it is incorrect but that the facts as known do not support the outrageous claims made by the believers in these theories.
Examples such as the Climate Change hoax, Moon Landing hoax, COVID-19 hoax, New World Order and so on abound and I probably should not even give them the courtesy of repeating them here because they are like little bits of actively infectious DNA that will sooner or later encounter a fertile medium for reproduction.
The problem is that the term is a combination of name calling and appeal to authority used to quickly discredit a theory, and has been applied to significant minority theories that have turned out to be true. It’s more work but better form to avoid the term and confront fringe theories with solid argumentation.
"fringe theories" are bullet proof against solid argumentation. The counter argument is: you are a paid shill of - insert boogeyman shorthand here.
If fringe theories would be susceptible to reason then the bulk of them wouldn't exist and the remainder would not be classified as a belief system but just another theory waiting for confirmation or rebuttal.
This sounds like frustration at the inability to change the beliefs of people. People will often behave irrationally, and yes there is nothing we can do about that. They have done this forever, and likely will continue to do that forever. You can only have a rational argument with them if they care to find the truth, and most people most of the time do not. On the other hand, many people come to Hacker News explicitly to participate in rational discussion, and seeing this kind of low value dismissal is disappointing. I would have ignored it out of hand if it didn’t have your name on it.
I think there are two forms popularly used. One is to refer to what might be thought of paranoid, irrational beliefs. Another is that there is a theory about a conspiracy.
The issue is that by not acknowledging that there are two separate uses, people end up lumping any theory about a conspiracy into "conspiracy theory".
For example, I remember reading a comment on HN around 2010 from someone who worked at an internet backbone. They said that there was some secret fiber cables, nobody knew what they were for, but they were not allowed to touch them. However they were the same size/caliber as the other cables that went to the next backbone, so the reasonable conclusion was that basically all traffic that went out of one pipe went out the other one too. And it was some kind of US government thing.
That, plus other things I've seen over the years, convinced me that the US had a massive domestic spying operation, like the NSA. There were news articles about the NSA building massive new facilities post 9/11 -- what would the point be of them? Turns out I was right, thanks to the Snoweden revelations, and honestly I didn't understand why they were such a big deal. OK, it was hard evidence, but it blew my mind that people were sooo surprised that it existed. Sometimes, occam's razor suggests a conspiracy.
This is a far-cry from the theory that the world is ruled by lizard people.
Does not include anything even remotely like 'The NSA is listening in on all of us'. At present it is not even a theory, it is established fact but at no point in the past would I have put that on the same level of the items on that list.
The paranoid irrational beliefs one is the one that I think best covers the payload. The second one is only interesting from a pedantic/academic point of view.
Or, for example, https://en.wikipedia.org/wiki/List_of_conspiracy_theories#MK... which we actually know as having been real (though not necessarily all of the related theories are true, as I don't know what they are. But I am pretty sure that if you said "the goverment is kidnapping Americans and doing chemical mind control experiments on them" before all the facts abotu MKUltra came out, people would have labeled you a conspiracy theory nut.
I've yet to see proof of Epstein's suicide. It may be true, it may not be true, likely we will never know. A proper conspiracy about it does not just state that there is a possibility that Epstein committed suicide, it will also include who did it and why.
As for the MKUltra stuff: the whole crux of a good conspiracy theory is that it is rooted in some real world event and then puts a crazy spin on it. People probably don't even realize when they step off the cliff of reason into the world of the nut cases.
The phrase "conspiracy theory" is, top-to-bottom, a word to get you to stop thinking. It's not a conspiracy theory, it's just the history of the phrase. It's the outgroup concept applied directly to the concept of new or disagreeing information. A pre-emptive propaganda strike on anyone who might ask questions.
This is 100% true. Not only is it true of NSA, it's true of the Epstein case, of the P2 Masonic Lodge (https://en.wikipedia.org/wiki/Propaganda_Due), the CIA distributing cocaine and others. There are lots of crazy theories that are BS, but the idea that powerful people might get together to try to get their way is not crazy at all.
You are missing the point. The theory that the NSA was hovering up everything in sight was just a theory. We did not have proof one way or the other, and quite a bit of circumstantial evidence to conclude that it was in fact happening.
At that stage it was 'just a theory', with little support.
That some people then went a step further and mislabeled it is mostly their problem, they should have realized that the standard of proof required to shift it one way or the other wasn't available. Snowden gave us that proof.
Your average conspiracy theory is trying to make claims that go against available evidence to try to come up with some kind of alternate history of what must be true. Typically these involve privileged knowledge, powerful people and internally inconsistent claims.
The NSA could be listening in on a lot more than they are letting on theory never had any of those problems.
I think you're the one missing the point, which is that you're misusing the term 'conspiracy theory'.
The NSA engaged in a conspiracy, which was to "hoover up everything in sight". There was a theory (which was largely dismissed) that the NSA was in fact doing this.
It was therefore a conspiracy theory that the NSA was doing what it was doing. That is the point: please use the phrase correctly.
If I combine apples and sauce I don't necessarily get applesauce. It is a clever linguistic trick but you are not helping by making such a disingenuous argument. Juxtaposition of terms in frequently used combinations can have a different meaning than terms used separately.
I'm not making a disingenuous argument, I'm saying exactly the same thing that most of the people replying to your original post are saying.
You've taken the phrase and made up a new definition for it. I'm saying that the phrase already has a definite meaning. Feel free to make up your own phrase though...so long as it's unique.
While your usage is common, it is completely wrong. A "conspiracy theory" is simply a "theory" that posits a "conspiracy". What you describe is the opposite - when the evidence is so overwhelming, that the secrecy of the conspiracy can no longer be maintained. Room 641A was discovered in 2006 FFS. The reluctance of the press to acknowledge it has much more to do with propaganda, confused nationalism, concentrated press ownership, social/financial/legal influence from the military, and willful blindness.
The idea that "conspiracy theory"===false comes right out of COINTELPRO. You know, the big secret (at the time) conspiracy to subvert domestic US movements. In fact, much of the 20th C was defined by secret conspiracies - the Bolshevik revolution, the rise of the Nazis, every post-colonial coup, etc. Project Echelon was well understood in the 80s. What is the USS Jimmy Carter even for?
the idea that conspiracy theories are spurious is a result of mentally ill people irrationally latching onto them and far predates cointelpro. that said, it is trivially true that the world is run by conspiracies -- conspiracy is simply a label for private agreement for coordinated action, which carries negative emotional valence as a result of that association.
Snowden was even willing to burn his future career, as he took a job with Booz Allen Hamilton with the sole purpose of leaking as much information as he could get his hands on.
As an admin at BAH he was using his colleagues' passwords for discovery. He was willing to burn their careers to hack access to more leaks.
So much leaks that he could not vet these all. This was no Ellsberg tasked with copying some confidential papers and reading lies in them. It was wholesale collection of all Snowden could get his hands on.
Then, instead of making his point with his own whistleblower findings, he went to journalists and handed them over all the documents, instantly making them available to intelligence agencies all over the world, burning all NSA/CIA analysts with records in the dump (for instance, everyone who contributed to Intellipedia, which had zero reason to be in a dump meant for whistleblower purposes).
Then instead of facing justice (and there are whistleblower protections for doing the right thing), he cooperated with Wikileaks and fled to China and Russia, causing a permanent PR disaster for US intelligence with his new public speakings, book deals, and social media influencing career.
The reason Snowden's leaks got a lot of attention is that they "proved" (we never got confirmation that they were real) that data on Americans is being collected. We already knew, by law, that the Americans are allowed to fully spy on European civilians. That's how they are able to warn on impending terrorist attacks and improve their buy-in with European countries leadership (or how they are able to perfectly copy Germany-invented motors or Belgium-invented speech-to-text technology before these countries are even building it, because a strong US economy is a matter of national security).
the media was already filled with stories about the obama administration's record number of whistleblower prosecutions in 2013. there was nothing to 'expose'.
> This is literally part of what whistleblowers do.
No, this is outsourcing your whistleblowing activities to journalists. It is leaking unvetted data in the hope that there is something of public note/damaging to your employer in there (of course there is, top secret and noforn classifications are there for a reason)
> Whistleblower protections that didn’t really exist?
They existed. Just because Snowden did not like his chances with American justice does not mean whistleblower protections do not exist. Obama even pardoned Chelsea Manning (I believe that leak was part of a suicidal life style).
> One which they got for callously breaking the law?
I am not saying the PR disaster is not warranted. I am noting the extend of the PR disaster. I am also adding the soft-ball questions from journalists, and Snowden's meticilously prepared talking points.
> What kind of confirmation do you want? You can’t just put things in quotes and hope to weaken them.
The NSA coming out and saying these documents are real. Thread OP was talking about proof, but proof requires a better standard. Of course, it is highly likely these were real documents, and the Chinese or Russians did not add false documents to muddy it, like they do with their own leaks. I actually added the quotes, not to be pedantic, but to ward against pedantic replies.
How close is difference between theory and conspiracy, if the main actor does not want you to know something?
One of the strategies can be to completely poison information, as you said "label". In that way it would be hard to distinguish between "true" and "untrue", and in that way basically force researchers to even approaching subject. In that way only person from inside could uncover truth... I guess ...
And this is same problem like with corrupt government, if they hold all the keys it is very hard to overthrow dictator, as it is very hard for truth to surface out.
I think others have a similar issue with the differentiators you are talking about when moving out of black and white. For example, a theory seems to become a conspiracy theory if many people in a subset group comes out believing it. Or what happens when a portion of the theory is debunked, but the overall truth still follows the 'conspiracy theorists' proposition?
This is likely why people just combined theory, conspiracy theory all together, because the moment you look at the grey area, it becomes nuanced.
> All it took was one person willing to burn their career to provide the proof.
Snowden proved that the NSA does not vacuum everything up in the US and only vacuums everything in a few countries. You seem to be reading different documents from the ones that Snowden released.
Since there isn't any evidence that it did happen, the fact that it is illegal is a pretty good reason to believe that it didn't happen. When you consider that Snowden released a trove of internal documents not vetted by the secret keepers, and none of them show that it did happen (while many of those documents cite the law for why it should not happen), that provides further circumstantial evidence that it didn't happen.
> And yet I believe crime exists regardless of its legality.
Well over 99% of the time, the government does not go out of their way to break laws. I didn't claim that the fact that it is illegal proves they didn't do it. I simply said that the fact that it is illegal makes it more likely that they didn't do it. Do you disagree?
> Why on earth should the secret keepers be the ones to vet documents about themselves when they are being whistleblown on?
Who said they should? My point was that despite the fact that they weren't combed through by the secret keepers, the documents did not say that the NSA did the illegal things that GGP claimed. Instead, these documents supported the opposite conclusion — that the NSA didn't do those things — by repeatedly citing the laws that they follow that don't allow them to do those things.
I do not agree with the idea that individualism is overall more of a negative for the American people than a positive. There is a long history of American's doing things differently or ignoring their detractors to go on to invent and build radically great things. For example, the long history of inventions from America; powered flight, internet, transistor, electrical light, etc.
Corruption can be the result of individualism, but it only takes a small number of individualistic and immoral people to leverage all the selfless people into giving up their freedom and material assets (i.e. dictators around the world). I don't know how to solve that, but it seems far too simple to say "America has corruption because of individualism" when America appears to be pretty mid-grade or slightly better than average in terms of corruption (https://www.transparency.org/en/cpi#)
The UK is massively corrupt. Guess what? They made it legal. Problem solved, let the money laundering and arms sales flow.
Using their measures is the opposite of individualism. This is the USA, a thin cloak of individualism that directs unthinking behaviour. Individuals seeking their own gain without really understanding the currents they swim in, which allows them to believe they are acting within a reasonable framework. Doubtless I'll be told there is no absolute truth and that it's not for me to say, which is also part of the same framework that allows clearly immoral behaviour to proceed.
> Your individualism leads not to "freedom" but to accountants who help companies dodge (not avoid) tax, to politicians who don't speak up because it will damage their career, to bankers who extend credit when they know it's unsustainable in pursuit of their bonus, to news anchors who hold their tongue to avoid upsetting sponsors, on and on.
Every one of your complaints is a criticism of institutional incentives and publicly traded corporations rather than individualism.
There is no journalist alive who prefers, as an individual, to hold their tongue to avoid antagonizing sponsors. The possibility of doing otherwise was only ever enabled by the members of the local community who had enough resources to not have to care about losing sponsors by doing the right thing, and who were then willing to stand behind the journalists as the owners of the media company.
Today the companies are publicly traded, and doing that costs the shareholders money (or the parties votes, for political institutions), so anybody who does it is replaced by someone who doesn't. That is what's wrong. But that, ironically, is the consequence of a form of collective ownership. It's the principal-agent problem, where the shareholders as people don't actually want that but the institution is configured to prioritize making more money and you, as the owner of a retirement account which is the owner of an index fund which is the owner of a corporation, are not actually consulted on the decisions being made in your name.
Much of this would be solved if we had fewer layers of indirection between the principals and the agents, i.e. more smaller companies rather than fewer larger ones, or government which is more local and less central, so that the stakeholders who never wanted any of this to begin with are closer to the decisions that are being made in ways they don't prefer and have a better chance of causing them to be made in a different way. That's more of an increase in individualism than anything, though.
You seem to be in a violent agreement with parent.
What parent calls "[flawed] culture", you call "layers of indirection between the principals and the agents". The number of these layers is a vital characteristic of the business culture, and you cannot just wish them away and claim victory.
Have an idea for a system that will work with as many people but less layers - please do tell about it (and about its relation to individualism, if there is any). But my guess it'd be radically different from the current one.
One of the biggest reasons that the economy has transitioned to such enormous corporations is that regulatory compliance burdens are a ratchet. Every year new laws are passed but the old laws are not repealed, so every year the minimum size of an entity that can comply with all of the rules increases. We've also seen, on the other side, lax antitrust enforcement as large corporations regularly buy out their competitors and use vertical integration and vendor lock-in to constrain upstarts.
That isn't a cultural problem at all, it's a regulatory problem. We need the rules to be easier on smaller entities and harder on larger ones. So that more of the decisions actually are in the hands of individuals rather than large institutions, and individuals are once again given the authority to choose to do the right thing instead of being constrained by perverse institutional incentives.
More to the point, the parent's complaint was about the culture of individualism in particular, not some generic cultural problems that you can shoehorn any arbitrary failing into just because it's possible to describe anything systemic as cultural.
I happen to be reading a biography of Alexander Hamilton right now and I think Washington was pretty disappointed in the people of his own time too. And the members of each faction thought the members of the other factions were "un-American" (though I don't think they had that term). The founding era was not a golden age, there's always been a battle for control of our culture.
I would agree that he had high standards, but he was mostly unhappy with some rank-and-file who were coerced into joining up, so I can hardly blame them. Other factions were not part of the whole at that point, so there was no back-stabbing there, to begin with.
Would he have been happy if he found out one of his immediate reports had been helping the French to get gunpowder in for a cut? Analogous to the wholesale tax dodging today.
Seems today "it's just business", back then he'd have been hung. Yes life back then wasn't all knights in shining armor, but now, good god.
Even if people didn't always comply to the code, there was a code and that code wasn't "every man for himself". They would have regarded that as insanity.
BTW I might read the Hamilton one next, I imagine it's Chernow you are reading, he has an engaging writing style.
Not really many relevant comments in this thread. Everyone seems to have read the first sentence (if even), interpreted it as 'why did no one think the NSA was hacking?', and responded. It's a shame, this is a great piece, I think.
The question is, with all of these companies performing IR, why didn't they see mass exfiltration and C2?
I think the article lays out largely correct claims.
I personally would imagine (2) and (5) to be the most significant.
Regarding (2), it is so hard during an incident to know exactly what is attacker behavior and what isn't, to know that it's all the same attacker, etc. It isn't so uncommon to go digging into an incident only to find some unrelated malware - and in fact many companies find out they're owned from their pentesters.
With regards to (5), defenders have frankly been to slow to evolve. The people investigating these attacks likely only have a rudimentary understanding of TCP/IP, have virtually no ability to read or write code, and mostly are trained to build and enforce policy. The idea that they can catch even basic attackers in realtime is a joke, that they are to also be tasked with catching the NSA is just a depressing, hard to swallow reality.
Attackers are out here building up toolchains from scratch - anyone who isn't doing that is called a script kiddy. And yet defenders who can't build a single thing, who can only throw tools at a problem, are the standard. Attackers are flat out better than defenders - they work smarter, they have better capabilities, and defenders don't even seen to care en masse.
As Alex Stamos said (paraphrasing), most companies aren't even "playing the game", and it's a select few that even know what game to play - not even that they're playing well, but at least they showed up to the right ballpark (I'm butchering his statement). The vast majority of companies employee outdated models of security and incident response is probably the least mature, with devops pushing more and more infrastructure and product security engineers over IT admins.
No doubt that NSA's scale allowing novel forms of exfil like passive collection also played a major part.
What a sad state.
Having taken VC money to try to improve the situation I do always laugh when thinkst talks about that :) but much respect!
> The question is, with all of these companies performing IR, why didn't they see mass exfiltration and C2?
1. Good tradecraft means that, except for skilled IR folk, they wouldn't see mass exfil/C2.
2. American IR companies know what side of their bread is buttered on. From both employees' personal allegiances to their former employers and the company's active government contracts, there's not a lot of incentive to report on their own government's actions.
How would they know it’s their own government? If the NSA were in the habit of leaving calling cards, then sure some info-sec people might keep quiet out of patriotism, but others would be screaming from the rooftops about proof of conspiracy.
More likely, as the author mentions, the NSA disguises its attacks as less sophisticated than they really are.
I remember how the public was shocked in Germany in 2013 about the revelations. What we learned was way beyond what everybody thought possible. One of the most important figures discussing the implications for our democracy and the impact on our behaviour in light of the knowledge that we have no privacy at all was the editor of the German newspaper FAZ: Frank Schirrmacher. Unfortunately he died in 2014, very young, aged fiftysomething. After 2014/2015 these topics were discussed less and less here in Germany. Currently nobody talks about these things anymore.
Then, if you explain that there is reason to believe the term conspiracy theories was created and popularized specifically to indoctrinate them into responding exactly the way they are responding (like programmable robots).. then they just call ``conspiracyTheories(yourTheory)`` again to "validate" it and you lose 20% of your remaining credibility.
I just go with a bit of ridicule. Something like: It is not that sophisticated, educated, wealthy and influential people in power could get together and have some kind of plan. If they did it couldn't possibly escape your attention but if it did it wouldn't be interesting enough for you to talk about.
Or maybe it isn't that. Maybe the quality of government depends entirely on the citizens? If you think drag net spying is a good idea is a yes/no question. If you don't care means yes which in turn means they should be doing it. Same goes for enriching themselves at your expense. I mean if you approve of it?? Or is not caring and approving not the same thing?
The Snowden stuff was the event that shook me to my core. I was a happy technologist till then, thinking that such was the nature of life and progress simply was unfolding in front of me.
However, the way the event was covered by the media - told a different story. The media focussed on the man rather than the info he provided, so the conversation was 'where was he?', 'where was his girlfriend?', etc - that told me everything. They hardly touched on what was provided and what that meant (that we were being spied on 24/7). And what was provided took years to come out...... So, the media are complicit - just another arm of the governance structure we find. The intercept, the MSM, all are just playing a role in mis-informing the people.
Since then, I have even come to change my views on the Snowden event itself. I think this was an intentional release of data, an orchestrated event. Snowden is probably a character created by some agency. He may not be a real person - things like bits of his glasses disappearing indicate that he could be CGI. Perhaps this sounds crazy - but if you are in the business of governance, you want to manage everything, even the opposition. (Think 1984 and the way that the opposition is created and controlled in that book).
Why would "they" create Snowden and the release of apparently top secret files?
Well, if you know what is coming you do not respond with shock, you do not reject it out of hand. You acclimatise to the new reality. There was little we could do with the Snowden event, except watch it play out. We were put on notice and informed of what was/is coming. And what's coming is a technocratic system with very fine grained control in the hands of the technocrats.
> things like bits of his glasses disappearing indicate that he could be CGI
So you're essentially saying the revelations were a false flag operation? I considered that possibility, but Snowden's background is well researched and the first thing media outlets look at before publishing their findings. The Guardian probably thoroughly doxed him before publishing anything. And in interviews he comes across as sincere and genuinely politically passionate. There's no way someone could fake all that. Snowden is the real deal.
If the NSA wanted to showcase their 'box of tricks' then they would have other ways of doing that like fake leaks that have a bunch of decoy material to confuse their enemies; not the real/actual tooling that is used to surveil (as that would be stupid). They would release plausible-looking material that advertises their capability, but be scant on the details and mechanics of the tooling itself.
I'm saying that media outlets are an arm of the governance structure that are there to corroborate and promote the story. The only one that researches anything you can trust is you - and that doesn't mean reading the Guardian.
I found this comment so shocking I went and read your post history and I'm really interested how this view arises. Can I ask your background that made you think this way?
My background is a technologist who observed the Snowden story. I followed some of the details and was genuinely shocked at the revelations therein. I was looking at HN for more info at the time. But I also followed main stream media. The gulf between the technical details that were reported on HN and mainstream news sites was so large, it was clear to me that a damage limitation exercise was being undertaken. That in itself raised loads more questions for me.
Cutting to the chase, if it is as I suggest it is - that most media is there as part of the governance structure to beam a particular type of messaging to us - you then have a few options.
You can refuse what I say, and accept the media as is presented. This is surely the path of least resistance.
If you care about the truth, you can look more deeply and research all ideas before accepting them as true. Just because you see something on TV does not make it true. My thesis is that news media is just production of a show, like a film or cartoon. You don't trust films or cartoons - so don't trust the news. Here's a fun example:
https://www.youtube.com/watch?v=5cDYKXMkSRs
- check the folder change colour live on the news! Is it fair enough to manipulate what we see on account of a "green" budget?
My bottom line nowadays, philosophically speaking, is that I am only prepared to accept as true that which I can confirm for myself via my own experience. This may sound a weak position, and it is perhaps. But I stand on solid ground as I am personally able to verify whatever I claim.
With regards to events that are presented in the media, I take an aggressive deconstructive position, and ask questions such as: have I been provided evidence, am I being emotionally manipulated, is the story coherent, etc. I find my questioning frequently provides evidence that the story is not coherent, and can be dismissed. That again may sound weak, but the thing with truth is that it is resilient and not incoherent - when you are presented with an incoherent story then you can dismiss and ignore _all_ of it.
So, my default position with media stories is to autohoax them and to lend far greater weight to personal experience.
I 'follow' these theories. Most are junk. Most have a hinge-pin of a idea that if pulled out the whole thing collapses. The supporting evidence is usually designed to make that idea stronger. I use the a modified mythbusters classification of them. 'busted', 'unlikely', 'plausible', 'confirmed'. I have never heard the snoweden is a totally made up generated person before. Other than he is a CIA actor theory. That just means I am not an expert on this. But it could be 'sorta plausible'. NSA is probably a good generation ahead of most of the world tech wise. They have the compute power for it and the brain power for it. So a deepfake from them is 'plausible'. But I lean towards unlikely in that case. As what we see from deepfakes is kind of weird and strange. Some bit of him 'popping' is probably a camera roll shutter thing. He seems like he is a guy who did something, because what he saw was bad. When something jumps from 'busted' over to the 'confirmed' category that is when you can raise an eyebrow. That happens very rarely. The 2016 email dumps of Hillary did that in a few cases. Which was surprising.
As to how you can end up 'there'. Well it mostly depends on what news feeds you let into your life, and do not go into them with a health dose of deep skepticism. Youtube can get a bit stuck on particular things as its alg feeds on engagement. Watch 1 video from someone and you have kind of exhausted your other threads of thought in their system and it will go hog wild and show you a different class of stuff if it is not on their 'do not show this to people list'. Remember ML/AI is basically very fancy cubic spline fitting across many nodes with some calculus thrown in and N stages. But if you end up between two points you can get strange results. But a computer does not know a garbage result from a good one. So it gives it to you with a 90% confidence.
If something jumps categories some people like that idea. They like the idea they can say 'Ive know about that for years'. I think it also gives comfort to them if they can not make sense of an idea. But my jedi mind skills are weak so I can not read minds :)
> I think this was an intentional release of data, an orchestrated event.
Maybe maybe not, but it can also be that you are a "opinion magnet" ;) See that's the fun in politics, agencies, diplomats and game of thrones, you can play mind/war-games. But often Secret services work much leaner and cleaner than you probably think, first you don't need complicated stuff to find a 'secret' and second, the more complicated the more errors can happen.
I don't even see the geo-political situation in terms of US or non-US. Or rather, its not a meaningful distinction to make. They are really just administrative regions for a One World Order administered by supra-national bodies such as the UN, WHO. Ie a bunch or organisations that no one voted for yet seem to have the hands on the levers of power. And it seems that "they" are shifting focus to the Chinese autocratic-technocratic model. And that it is planned for the US to take on that model too, at least the technocratic part. Hence we see things such as the roll out of UBI v1 as part of the current drama.
In terms of your experts being wrong, reality is, you likely didn't want your experts to tell you about this stuff at all. If you added state actors to a threat model even after Snowden, there were corporate managers in random companies who would shut down the conversation, end the conference call, or leave the room and you'd find out indirectly that someone somewhere had found problem with your contract and it was being ended.
If you knew, what would you really do? There are insiders and outsiders, and if you talk about this stuff, you are an outsider. Life strategy-wise, which one are you going to be?
It sounds jaded, but really, having been one of those experts playing in this invisible sandbox, I used the tools I had and worked with integrity. That I didn't defeat a multi-trillion dollar conspiracy of hundreds of thousands of people doesn't bother me much, and where I scored a few points on them, I feel pretty good about it.
i have seen this. in interviews for infosec dev roles, i would mention that i have read the entirety of the Snowden leaks, every page, as well as the TAO EQGRP source code leaked by the Shadowbrokers. I had thought mentioning this would demonstrate i am really interested in the subject of exploitation and defense and what is really going on in the invisible world of cyberwar.
but what i found out is most people conducting interviews don't want to know and they don't want to hire nor work with anyone who does want to know the big T Truth. I have been able to tell the interview conversation tone just shut down after I mention Snowden or the Shadowbrokers. All of the interviewers were ex-DoD and/or ex-Intelligence. I could tell they would not be proceeding to hire me because they got very quiet and quickly transitioned to the "let's wrap this up" phase of the conversation.
it greatly puzzled me for a long time why would the class of civillian infosec workers be affraid of the knowledge of how NSA had ran circles around them in the dark and why would these workers on the front lines of security want to NOT know how to defend themselves and their customers?
maybe ex-DoD folks are scared of Snowden, because they were always forbidden from reading Snowden leaks, since they would be violating their classification authority by learning about top secrets for which they were not cleared to know. i find that funny and scary in an Emperor's New Clothes sense, that us unwashed civillians on the streets can know more about cyberwar than DoD's own cyberwarriors, because we can study public information, while DoD indoctrinated workers have to pretend the Snowden leaks and Shadowbrokers never happened.
there is probably also a factor of shame and face saving that makes DoD infosec types choose to be willingly ignorant. Snowden and the Shadowbrokers were the biggest embarassments to NSA.
imagine you are NSA. you are untouchable, you have as good as an infinite black budget and you are above all laws. you have pulled off the biggest victory in intelligence history--for 12 years after the Patriot Act, you have been hacking everyone and spying on everyone and nobody has figured it out and nobody can prove a thing. then along comes Snowden and the Shadowbrokers and your whole cover is blown. that's gotta make anyone who drink the Pentagon's kool-aid pretty personally mad. so anyone else who comes along and is blabbing about things they read in Snowden leaks will be treated like an outcast and shunned for adding insult to injury.
> I just sometimes ask myself if people in previous centuries thought and lived as superficially as today. Or if, piece by piece, as times fade, their bad aspects retreat to the background and their goodness shines especially bright? At any rate I think that the individual, regardless of outcome, has to be vigilant, and especially when it is made hard for them. You also believe that this can never be levelled upwards, as desirable as that seems. When there is levelling, it always happens downwards. But here, too, there is a brilliant opportunity offered by fate to prove ourselves. Maybe one should not underestimate that, either.
Great quote and great person. And how her life ended is a good indicator that what I wrote isn't nonsense. But I actually meant it in a more present day technical and less all-out fascism way. Still, the principles remain the same.
She was arguably a bit careless in the moment that lead to them getting caught, and since pushing that stack of fliers wasn't really useful for their greater aims, that kinda proves your point as well. The idea of the White Rose not getting caught, so rather shortly before the end of the Nazi regime, and Sophie Scholl writing more letters, or even books, is fit to make me cry with homesickness. It's an unspeakable loss.
But otherwise, if you read the interrogation transcripts, I don't think she regretted anything. She knew what she was doing and why she did it, and she knew she did well. IMO her life ended so much better than that of people who just give in to pressure against their conscience. It's not like those are immortal, and then they have to spend the rest of their time with who they became, too. Some find a way back, most don't. As Shakespeare wrote, the coward dies a thousand deaths -- Sophie Scholl died but one, and it was rather majestic, if you squint just right.
I still wish she would never had a chance to prove her greatness in this particular manner and had survived instead, so don't take this as me negating your point.
All fair. And I feel much the same way. Pick your battles, know when to expose and when to stay anonymous. Evaluate everything in a situation like that from a risk perspective and make sure that you indeed engage those risks that will allow you to look back and say you don't regret any of it.
nice catch. that date of 1998 is a Big Fucking Deal. the Patriot Act was passed in October 2001. the narrative we have all be lead to believe is that NSA only ramped up domestic mass surveillance in 2001. but why would NSA have a protocol for exfil across passive sensor hops in 1998? passive exfil only works if you have sensors mirroring backbone traffic at all the biggest upstream meetme rooms. but NSA supposedly wasnt legally allowed to install Boeing Narus mirror routers at ISPs until 2001.
what this 1998 date means is that NSA TURMOIL--passive sensor ingest, had to exist PRIOR TO 2001.
this even screws Bill Binney's narrative that the system he designed--THINTHREAD, which he says would spy on all traffic without violating our privacy laws, was built in 1999-2000. THINTHREAD was ultimately canceled and Hayden chose STELLARWIND instead.
but this screencap show FASHIONCLEFT already existed in 1998. therefore NSA has been spying on the whole Internet for waaaay longer than the official narrative says.
i was one of those conspiracy theorists ranting on USENET about ECHELON back in 1998. turns out, we were RIGHT.
>passive exfil only works if you have sensors mirroring backbone traffic at all the biggest upstream meetme rooms. but NSA supposedly wasnt legally allowed to install Boeing Narus mirror routers at ISPs until 2001.
you're assuming this is intended for american infrastructure. they were probably violating the civil rights of americans before 9/11, but this is an inconclusive piece of evidence.
I think the intelligence community made a bit of a joke of themselves honestly. Especially on the topic of electoral manipulation. They deserve it.
Although there was large political influence, it really doesn't shine a good light on them and their capabilities or more probable what they make of them.
That said, I think restricting their abilities is the way forward, otherwise you just get a new form of a cold war, which in hindsight was just stupid. Their current capabilities cannot be justified with security concerns and if so, they should at least be able to fix the IT of prominent political actors.
They scared the right people to get privileges to data that is formally protected in most western countries. So not only do they do a bad job, they are also criminals.
Attribution in the cyberspace is still pretty shaky, even though there have been some high profile accusations flying around lately. Sometimes you see links being drawn to GRU on the basis of things like some executable having a compile time matching to a Russian time zone or a file being last modified by a user called "Dmitry."
Seeing as the IC cyber business is already murky as hell, who knows which party is actually doing what. I think only the PLA plays with slightly more open cards, mostly because they just don't give a damn about being caught.
> I think only the PLA plays with slightly more open cards, mostly because they just don't give a damn about being caught.
This tactic was invented by the KGB. It's not that they don't care, it's that if it looks like you did it, and there was no apparent attempt to conceal that it was you, then it actually seems more like you were framed by someone else and you didn't do it. In other words, the truth acts like its own disinformation campaign because people often assume the real criminal would try to conceal themselves.
I'm not sure your average Joe with no tech knowledge thinks that far. I'd say that most people that this sort of information at face value and don't bother to delve into it.
I think that the most severe vulnerabilities that are found have been known about for a long time by our intelligence community and likely others.
I doubt much of anything off the shelf for companies even if they open their wallets a lot can be realistically expected to defeat against advanced well funded nation state intrusions.
I would not add North Korea or Iran to that list. I think they are far behind. Maybe North Korea gets some scarps from China
The US has without a doubt the most powerful position. All major operating systems are made here. GitHub is for the most part here. A lot of equipment comes from there or at least in warehouses or just pass through.
Given ample opportunities for modification. We have the FAANG. Twitter and lots of other worldwide platforms that have millions of users. All slurped Up by the NSA (at least if they want to).
The US has a very coveted position.
Presumably China possibly is next. So much manufacturing happens there on whole equipment or parts for it. Should give them rich opportunity to modify products they are interested inn.
The US has a very coveted position in the West, but the reach of this is getting smaller every year. Having root access to FAANG for instance is pretty useless in China, Apple is the only one of those five with any presence to speak of. And anything supply chain related China would be in the more powerful position.
One thing I'm curious is what's the source of energy behind all this. NSA failed to stop many important accidents (9/11, covid) .. Is it a survival bias and they're still keeping people safe without saying it or is it some finance/intelligence blackhole spinning due to some political quicksand ?
Both 9/11 and covid are a case of human error (the latter more incompetence and inaction though); at 9/11 they HAD all the information they needed, where the terrorists had been, their communications, etc (see https://en.wikipedia.org/wiki/September_11_attacks#FBI), but they apparently didn't connect the dots, failed to act, failed to not grant them entry into the country, etc.
Mind you, a lot of these projects are post-9/11 so I'm confident a lot of it has been a result of it and the massive financial injections that the US government put into counter-terrorism since then.
Finally, I like to think that the NSA and co don't want to advertise how much attempts they thwart; if they, for example, stop an attack every day, the people will become afraid of terrorists because incidents happen so often. But I'm not sure if they are being kept silent.
Also in the 9/11 commission report the one hijacker, Zacarias Moussaoui was under investigation by the FBI in Minnesota and their FISA warrant was denied. The dispute was supposedly also over a "lack of communication/cooperation" between the FBI and CIA in active investigations.
Coleen Rowley was the whistle-blower on this event, and testified to congress. Everything on the laptop had the evidence of the 9/11 attacks, but was blocked by the FISA court.
Ironically great investigators with 2001 tech could have prevented the 9/11 attacks. Appallingly then the FISA court approved the whole sale surveillance of any Verizon customer. The wholesale Verizon order was the 1st and one of the biggest important information leaks from the Snowden documents.
A court that was set up to protect the civil liberties of Americans during the abuses of the 1960's-1970's failed in the protection of the largest terrorist attack in US history, but was then used to circumvent the civil liberties and privacy rights of a massive numbers of American citizens.
Then the government used the pretext of 9/11 to create these technologies by for the NSA to surveil the large majority of its own citizens, when all that was needed was 1 FISA warrant approval.
It's appalling, with the loss of our rights and the digital world now being used to further deteriorate these rights when it can be used in such better and positive ways.
Also a 20+ year war, Trillions of dollars, and millions of deaths could have prevented from not blocking this warrant. While right now, with COVID, we could use Trillions of dollars to help keep US citizens safe and use it for small business support during these tough times.
In a society governed through secrets, we can never know what the sovereign is really doing in our name. This is the case with the USA today - it is not truly an open society, but one of layers .. and those with the 'special privilege' of having security clearances are desperate to maintain that socially high-class standing among themselves, so they wrap more and more secret agency around the issue so that the general public can never know, truly, what their sovereign is doing.
This allows immense corruption and profiteering. However, its not all just "ma' capitalism" - there are very strong indicators that a socialist superstate is being constructed within this society, which is parasitically feeding on the corpse of America today. Many consider the US military industrial complex the largest socialist organization that ever existed - it certainly crosses a lot of the boxes.
Socialism is when the Government does stuff. Rich capitalists lobbying and corrupting the Government to give their private organizations more money is Socialism.
Socialism is destroying America!! Can't you see??!
Specifically, the American Military-Industrial complex is a socialist welfare state hell-bent on owning all means of production in America, yes. It produces nothing of any value to society, and demands that it be fed from the coffers before anything else.
And yes, it is the American government doing this.
From my reading of the history of these kind of organisations, I think what’s happening is twofold - firstly, that they’re often looking at the wrong people/groups, and secondly, just so much intelligence they have just ends up being wrong or misleading.
Their mission has become “collect it all”, but I think they (and a lot of commentators and even everyday people) can’t really imagine what a large percentage of intelligence is useless noise, deliberately wrong (such as counterintelligence but they don’t realise), just plain wrong (like most intel gathered from torture - people will say literally anything they think you want to hear), correct but misinterpreted, etc.. And it’s extremely hard to meaningfully sort through that much information. I expect they do expend a lot of effort trying to combat this, but historically I don’t believe they’re very good at it, and I’m sceptical machine learning and things like that is really going to help that much.
And then just watching the wrong people. Take the Boston bombing, for instance. There are reports that the key focus of groups like the DHS at the time in that area were the Occupy Boston protests, so the bombing happened even though the FBI had been tipped off about one of the bombers from Russian intelligence services. Then things like the NZ mosque attack, where this far-right wing white supremacist came from Australia and murdered a bunch of people. At the time, the media where I am in Australia was reporting FUD campaigns from Australian security agencies about ISIS and Islamic terrorism, radicalisation etc., so I imagine that’s where the focus was and he slipped through.
This goes way back throughout history. Just think of the massive amount of wasted resources surveilling suspected “communists and homosexuals” back in the day. Here they had agents actually infiltrating university communist groups. The groups got up to extremely dangerous things like going to protests - great use of millions of dollars of surveillance...
Well... if you can hear every convo on the planet (allegedly) you surely can detect an increase cough / sick / emergency related calls in the same area.
1) If the NSA interacts with you, you are a victim. It's possible there are no meaningful exceptions to that.
2) The NSA interacts with Americans (not suspected of a crime) as if we were a hostile foreign actor.
3) It is both sound and safe to presume that the IC community has lost it's way. This is true during every administration. It may be somewhat less true, for a time, after a bit of IC wrongdoing is outed.
4) IC chiefs lie to the public to the point where it's unclear if they ever tell a meaningful truth.
5) The National Security portion of NSA's title implies that the interests served by the agency are US Gov's but not the public's.
6) The NSA does not even pretend to defend the Constitution of the United States against all enemies [to the Constitution], foreign and domestic; or to bear true faith and allegiance to the same [Constitution].
I’m really interested in how low level the hacking is, specifically network card and hard disk firmware. Does anyone have breakdowns of how these work or copies seen in the wild?
I particularly liked the bit in the article about hiding data in packets intended for other hosts and harvesting them through passive relays. Is there a way to detect this sort of thing?
Given the documents and budgets which have leaked so far - it seems more sensible to assume that all hardware & software is compromised until proven otherwise. From the limited information provided so far we can see that if you use any Intel CPU, any Seagate/Hitachi/Fujitsu/Samsung hard drive, any version of windows, most commercially available routers, notepad++, or VLC - the NSA has access. Their scope is ridiculous.
If only it were so easy. With the backdoors in all our hands, we could find them.
Rather, the NSA has the capability to subvert these things. Sometimes before they reach you, sometimes remotely. But you’d be “lucky” to come across one where they’ve actually done it.
consider what info NSA has access to with it's stunning global passive adversary infrastructure. to you or me, developing exploit implants on a systematic scale targetting the firmwarw of every model of every harddrive of every vendor seems technically impossible to us outsiders.
but NSA has access to the emails, internal bug trackers and source code repos of the entire dev teams at all of those vendors. think how easy it would be to hack all firmware on an indistrial scale when you can cheat and read the blueprints?
NSA is the biggest cheater. i no longer consider them as being gods of cyberwar. rather, they merely tricked us all to believe NSA was not mass surveilling everyone, then we were blinded to the scale of what was really possible behind the curtain.
if we had the source code to the firmware of every hard drive, we could do exactly the same thing NSA did.
also, yes, do not ever trust a computer. remember the photo of David Miranda's macbook motherboard after his laptop was siezed when he was connecting to a flight in London and acting as the courier between Laura Poitras in Berlin and Greenwald in Brazil? the photo showed GCHQ melted like a dozen chip on his motherboards. when that photo came out, it was puzzling, because the Snowden leaks about NSA hacking firmwares had not yet leaked. in hindsight, now we know. NSA and FVEYs physically destroyed every chip that they could implant, out of fear that someone else could BADBIOS attack David's macbook and steal the Snowden cache.
Yet somehow Russian / China are hacking the US left and right. If the NSA is so good, then at some point dont they have the responsibility to actively defend?
You are hearing those hacking news essentially from the same mouths calling Snowden a traitor and denying that we are under massive surveillance net, which only get worse over time. I do believe that scale of those hacks and their impact is greatly exaggerated to justify further power creep.
Could well be a threat there but I want actual evidence when the threat bogeyman is invoked in the name of more power. I believed the WMD lie. I hope I have learned from that.
If we believe the NSA then your question is exactly the right one to ask and has some obvious implications.
I think you mean US, UK, Spain, Australia, Poland war's. Also, the war would have happened with or without her testimony so I'm not sure your point holds.
From the article, attacking is much cheaper than defense. If they were splitting their budget evenly between the two you wouldnl still hear about the US being hacked constantly.
That is not left and right, and look at that interesting detail from you article:
Why is China accused of supporting them?
Prosecutors said the men at times acted in their own self-interest - including one occasion when they demanded a ransom from a company in exchange for not releasing its private information - but at other times "were stealing information of obvious interest" to the Chinese government.
According to the indictment, the hackers "worked with, were assisted by, and operated with the acquiescence of" the MSS.
One potential example is the seeded Supermicro chipsets that bloomberg ran a big piece on, though that's still somewhat up in the air as far as I know. Generally though it's quite hard to tell what's real.
Sadly yes, Wikipedia is not good source on information like this anymore. It always was criticized that info on there wasn't sufficient evidence and that you had to get secondary sources. I think Wikipedia is a good source on most issues, but this topic is certainly not part of that.
Didn't the Senate, House Committees, nearly every US intelligence agency, and independent researchers all say Russia actively interfered and wanted Trump to win?
Where are you still finding the one source espousing this nonsense?
There is actually evidence that Putin wanted Hillary because she is a "softer" partner, and in contrast to the conspiracy this is evidenced in written words. That is actually an argument to vote for her, but don't let that stop you.
edit: In case you actually do try to research it, that info was kept hidden by Brennan to the objection of CIA analysts.
We knew about mass surveillance via Echelon in Romania in the early 2000s... Mobile phones were just ramping up, best internet we had was PPPOE neighborhood networks.
It's still amazing to me that the mainstream media is insisting that incumbent politicians and power players weren't spying on their rivals using the full strength and force of the American intelligence community.
This isn't a red vs blue issue here. It's about whether or not we're going to allow the powerful to pick and choose election winners.
"Skilled adversaries operating under cover of a rioting mob is hardly a new tactic".
It's also hardly an old tactic.
All I will say is that when I was forced by personal experience to inexorably learn the scope of what can be covered up is at least two orders of magnitude beyond what I'd thought possible... it gave me and still gives me waking nightmares and sleep deprivation.
It doesn’t matter whether you use encryption or not. State got backdoors at cpu level. So long as you are connected to Internet you have to assume that data is not secure against state surveillance.
Encryption is against lower level non-state actors.
State-level surveillance can be eliminated through physical data diodes but it is would be very capital intensive.
There are some dialogical strategies people use to avoid any discussion. One such is "conspiracy theory". Next time, when TPTB don't want to have a discussion, they will have their media buddies call their opponents conspiracy theorists. That way, there will never have any dialogue, thereby preventing any accountability of TPTB.
The hiding of the malicious code in arm processors of ssds and in the BIOS seem like this is mainly targeted at people running their own hardware.
Does this mean running in a public cloud might actually be more secure?
Or do we just have to assume that the NSA has their hardware in place in any cloud provider and that there actually is no security possible in the cloud?
Why on Earth would public cloud be more secure? If the NSA has dedicated rack space in AT&T switching facilities, what makes you think they don't have offices at Microsoft, Amazon, Cloudflare, etc?
> Does this mean running in a public cloud might actually be more secure?
No, because cloud providers are one subpeona, court order or warrant away from surveillance and exfiltration of your data without your knowledge.
If the DHS deems you a threat, then all proceedings can happen through secret courts and you'll be none the wiser to it happening, and you'll get a gag order on top of it.
> Does this mean running in a public cloud might actually be more secure?
If that public Cloud is from an American company: obviously no. And whether you prefer some Chinese intelligence service having access to your data probably depends on what you want to do.
> Does this mean running in a public cloud might actually be more secure?
Yes with two conditions:
1. your public cloud is run by an Amazon, Google, Microsoft-type company (FANMAG)
2. You trust the company to lean on rule of law.
1. Very few providers have the capability and desire to put the work into supply chain security, things like OpenTitan, etc.
2. They might hand over your data in response to warrant, but their systems are designed to prevent covert extraction of data. The company should have a track-record of pushing back against overly broad warrants.
In practical terms this is wrong in my opinion. You want the small provider that flies under the radar. If there are ambitions to compromise the hardware supply chain, it is a bit late to act. But it is logistically impossible or at least very unlikely to compromise every provider.
But you actually can run software on compromised hardware that can provide end to end encryption irrelevant on how thoroughly the system spies on you if you can control its network traffic and construct crypt generation from basic arithmetic functions of the system in question.
Small providers often don't have the resources or skills to properly cover their bases and get hit by random BS. They may not be targeted today, but they will get hit by random badness.
Example of shared hosting providers not patching postfix fast enough or having a support person that chmodded the wrong thing on shared hosting server, customer with old wordpress install that was exploited to drop a webshell, etc.
> But you actually can run software on compromised hardware that can provide end to end encryption irrelevant on how thoroughly the system spies on you
Do you have any references? I'd like to read more.
If this were generally true, attempts to make trusted enclaves like Intel SGX (though flawed) would not need to exist.
The tools and techniques to defend against such attacks are constantly under attack themselves. The latest round of mozilla layoffs targeting large swaths of rust team is one such example. The way these attacks are orchestrated, it is difficult to pinpoint their origin or even to establish if these are indeed attacks.
Within my hacking community it was well know. We used to do that thing were you send out massive amounts of email with trigger words to cause problems. I think it created 0 problems.
It was an open secret.
Well I guess at the time a conspiracy theory. One that has been proven true and it was much worse than we thought
More scary is how people in tech circles still call you paranoid when you call Intel ME/AMD PSP a backdoor.
>We are also always open for ideas but our focus is on firmware, BIOS, BUS or driver level attacks.
Anyone on WiFi AC or up are backdoored right now by NSA. All of them are compromised, no doubt in my mind. All the LTE. All the x86 hardware on the market. All of it.
If you aren't running fully free software, you're affected. And if you are a rare case running fully free software, you're an easy target for interdictions, since there's so few of you.
That's not correct, Libreboot does not work on those systems that require any part of the ME to boot.
You might be thinking of me_cleaner[1], which removes most but not all of the ME blobs. This is unrelated to Libreboot though, it works on newer systems and is not needed when using Libreboot because the latter gets rid of the (very early versions of) the ME completely.
SoCs will also have "pre-boot" code that runs before that:
> However, even one of their most ardent open-source advocates pushed back quite hard when I suggested they should share their pre-boot code. By pre-boot code, I’m not talking about the little ROM blob that gets run after reset to set up your peripherals so you can pull your bootloader from SD card or SSD. That part was a no-brainer to share. I’m talking about the code that gets run before the architecturally guaranteed “reset vector”. A number of software developers (and alarmingly, some security experts) believe that the life of a CPU begins at the reset vector. In fact, there’s often a significant body of code that gets executed on a CPU to set things up to meet the architectural guarantees of a hard reset – bringing all the registers to their reset state, tuning clock generators, gating peripherals, and so forth. Critically, chip makers heavily rely upon this pre-boot code to also patch all kinds of embarrassing silicon bugs, and to enforce binning rules.
"The BIOS was impossible to replace because it was stored in ROM: the only way to to put in a different BIOS was by replacing part of the hardware. In effect, the BIOS was itself hardware--and therefore didn't really count as software. It was like the program that (we can suppose) exists in the computer that (we can suppose) runs your watch or your microwave oven: since you can't install software on it, it may as well be circuits, not a computer at all."
Edit: >ROMs can still be backdoored, which is the point of this discussion.
You said it wasn't free, and when proven wrong, you moved the goalpost. Since I'm a wrongthinker who can only post once every hour or two on this site, I'm done discussing this with you. If you want to try to convince people that a 32K ROM is the same as IntelME, then you're not worth my time anyway.
ROMs can still be backdoored, which is the point of this discussion.
Since we're editing: Free has many definitions. The FSF's on that one page doesn't take into account backdoored software; they would absolutely agree that backdoored ROMs aren't free. It removes user ownership over their computation. It's not "moving the goalposts" to point this out, especially when the entire point of the discussion is around backdoored software.
Wrap with LibreBoot, replace all the non-free firmware, check your hardware on a microscope against embedded backdoors, oh, and don't forget to verify your stack's source and your building environment.
But, well, you can stop at your CPU's manufacturer website, where you will find ME/PSP, well documented as a backdoor. It will save you the trouble of verifying the hardware and firmware.
Snowden docs have been available for years. ShadowBrokers. Just this week a 20GB dump of private Intel source was dumped with backdoors included. It is beyond a reasonable doubt that x86 hardware has NSA backdoors in it. You're now sitting on a time bomb.
Remember when the NSA tools were dumped with their secret Windows exploits? WannaCry? North Korea picked that up and launched ransomware attacks. That's the sort of thing that's going to happen again with the newly published Intel backdoors. Just wait and see. Tim Cook is 100% vindicated this week about not adding intentional iPhone backdoors.
I don't remember WiFi or CPU backdoors in Snowden, ShadowBrokers, or Intel 2020. Unless by "backdoor" you just mean NSA holds zero days on various important technologies, which is reasonably likely given EternalBlue. Is that what you mean?
They don't need 0days when they can just easily corrupt the standards process. They've been doing it everywhere.
The Wifi Alliance has made some heinously bad choices that if you attributed to incompetence simply make no sense, they treat anyone who questions them with disdain and shoots down attempts to fix the mess they make. WPA3 was hilariously broken a month after getting rolled out.
> Just this week a 20GB dump of private Intel source was dumped with backdoors included.
> That's the sort of thing that's going to happen again with the newly published Intel backdoors.
This is not even remotely true. You have to read more than just the headlines.
> Anyone on WiFi AC or up are backdoored right now by NSA. All of them are compromised, no doubt in my mind. All the LTE. All the x86 hardware on the market. All of it.
Extraordinary claims require extraordinary evidence. Please provide some.
there is proof that NSA has been mass hacking WiFi since at least 2005. that batch of Snowden leaks came out one week after the Shadowbroker's first leak.
NSA programs SECONDDATE and BADDECISION were used to mass hack into WiFi routers in Iraq in 2005-2007. note the slides say NSA breached the WiFi routers of EVERY INTERNET CAFE IN IRAQ. that is the Collect-It-All scale we expect from NSA.
also note, NSA did this FROM THE SKY! SECONDDATE is a sensor installed in Cessna and low flying planes. NSA flew over every WiFi hotspot of every Internet cafe in Iraq and deployed the BADDECISION exploit to install implants on the WiFi routers to then mass surveil everyone.
no futher leaks about BADDECISION have come out. we dont know if it is a protocol attack or crypto exploit. we dont know if WiFi is still vulnerable to BADDECISION.
how much do you want to bet that NSA only used SECONDDATE and BADDECISION in Iraq and NOT back here at home in America?
how much would you bet that NSA is NOT bulk hacking WiFi routers of ENTIRE US CITIES FROM THE AIR?
consider how much cheaper and easier that would be now in 2020 compared to 2005?
Interesting article, but I think you're way over drawing your conclusions.
> how much would you bet that NSA is NOT bulk hacking WiFi routers of ENTIRE US CITIES FROM THE AIR?
I would bet very good money that they are not doing this. If SECONDDATE has been around since 2005, and they are bulk installing it on millions of routers in the US, where are the people coming out saying "I found some NSA shit on my router"? Is there a _single_ example to support this?
those FBI planes are equipped with DRTBOX's--cell site simulators and wifi interception sensors.
in the TAO ANT Catalogue leaked by Snowden, it shows NSA SECONDDATE is manufactured by Harris.
Harris also makes DRTBOX, and Stingray.
wanna bet FBI is using DRTBOX in exactly the same way NSA used it in Iraq? wanna bet NSA is actually helping FBI run this little domestic program?
why would NSA and FBI surveill all US cities from the sky? because you dont need a warrant or even a subpoena. "reading the air" is free--it's public space with no expectation of privacy. and radio signals you emit through your phone or wifi router are also public space.
but what is FBI and NSA's endgame to run a real-time monitoring program over US cities?
back in 2004-2008 in Iraq, the Pentagon deployed something called GORGON STARE. it stiched together the video feeds from all drones and jets and satellites into a composite video watching entire cities.
> Anyone on WiFi AC or up are backdoored right now by NSA. All of them are compromised, no doubt in my mind. All the LTE. All the x86 hardware on the market. All of it.
Still _zero_ evidence of any of this. Why not post some?
You also ignore questions like..
> If SECONDDATE has been around since 2005, and they are bulk installing it on millions of routers in the US, where are the people coming out saying "I found some NSA shit on my router"? Is there a _single_ example to support this?
> Just this week a 20GB dump of private Intel source was dumped with backdoors included.
> That's the sort of thing that's going to happen again with the newly published Intel backdoors.
>> This is not even remotely true. You have to read more than just the headlines.
> If SECONDDATE has been around since 2005, and they are bulk installing it on millions of routers in the US, where are the people coming out saying "I found some NSA shit on my router"? Is there a _single_ example to support this?
I can’t wait for those ME/PSP program to become declassified, because I have zero doubt it’s an op and someone’s going to do it. It’ll be exciting just as A-12/SR-71 docs!
Hey, does anybody have that documents from Spiegel?
I clicked the link but it says not found. Probably it is from 5 years ago so they take down the pdf documents.
that sucks that link rot is slowly erasing the news reports of Snowden's leaks. how are younger people supposed to defend themselves if the past is erased?
there are 2 sites which archive the complete Snowden leaks:
> "Why did we never see it coming?"
Many people saw it coming. I was warning about the possibility of dragnet surveillance, the existence of ECHELON, the use of the American security apparatus to steal trade secrets, the surveillance of non-American politicians, et al... For many, many years before Snowden. And I'm just some rando on the internet who follows the mainstream news!
We were called _Conspiracy Theorists_; but when the action is _probably_ fact[0][1][2][3], why is it still ridiculed to say it might be happening?
0: https://www.theguardian.com/us-news/2015/jul/08/nsa-tapped-g...
1: https://en.wikipedia.org/wiki/ECHELON
2: https://fas.org/irp/program/process/991101-echelon-mj.htm
3: https://cryptome.org/echelon-cia2.htm