Friday Squid Blogging: Being a Jumbo Squid

Fictional imaginings of a jumbo squid that was caught and killed in 1957.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on March 7, 2014 at 4:05 PM • 192 Comments

Comments

BuckMarch 7, 2014 5:14 PM

@Stephen

The Linux fanboys wouldn't have it, and your average Mac/Microsoft users probably don't understand it.

Move along, nothing to see here...

AndrewMarch 7, 2014 5:29 PM

There was a checkpoint security advisory around it March 2nd, when was it first discovered/reported?

bemusedMarch 7, 2014 6:34 PM

interesting to hear you on npr today, mr schneier- that segment could have lasted longer than it did. you didn't sound as nuts as you sometimes do in your online postings.8-)

Nick PMarch 7, 2014 8:37 PM

Patents: the other legal vulnerability for truly secure systems

One concern about my efforts at clean slate redesign is patents. There seem to be two ways to avoid patent trouble: make sure there's prior art for their development; wait for a patent to expire. We've often said here that the US patent system is so broken that you could probably get sued for about anything that is useful. So, I've been thinking on how to do the clean slate redesign without creating a "legal vulnerability" in the process.

Well, there's something else we've often said here: most "new" stuff is old stuff repackaged. I've also noted that many older projects solved many security problems. So, what do you people think about building a computer architecture out of entirely 20+ year old ideas to avoid a patent loss? Different products, maybe little SOC's or boards, could be used on the front and back end to interface with modern stuff. They'd push the patent problem onto whoever developed them. The trusted part of the system, though, would be essentially old tech put together in a safe way with an old paper or product that could be cited for each decision.

Example from my old system research:

The basis of my NUMA/MPP security concept is a distributed shared memory bus, physical isolation of mutually suspicious tasks on different nodes, an IOMMU to allow only certain segments to be shared, and enough nodes to separate most critical subsystems. Well, I found some prior art for my design in the ICL VME system Series 39 of 1985. Section on Series 39 says:

"Memory segments that are marked as shared (public or global segments) are replicated to each node, with updates being broadcast over the inter-node network. Processes which use unshared memory segments (nodal or local) run in complete isolation from other nodes and processes."

I've been going through Wikipedia's excellent timeline of operating systems to identify when each feature was created. A useful, secure, system only needs a subset of modern stack's features. I've found most or all of that subset in the old systems. Depending on application, the main system might not even need any tech from past 20 years. Heck, even a pre-90's desktop can be visually appealing and useful online: NEXTSTEP. Add non-software-writable firmware, tagged/segmented memory, protected procedures, IOMMU, and a few other 1960's-1980's techs you have quite a hardened system.

yesmeMarch 8, 2014 12:36 AM

@Nick P

If you talk about security, why not do it well and forget about C. Use a language such as Oberon 2, Zonnon or Go.

Here is a quote from Wikipedia:

Oberon is designed with the Einstein's motto in mind: Make it as simple as possible, but not simpler. The principal guideline was to concentrate on features that are basic and essential and to omit ephemeral issues and it was also driven by the recognition of the growth of complexity in languages such as C++ and Ada, on the contrary Oberon emphasizes the use of the library concept to extending the language. As opposed to Modula-2, in Oberon enumeration types and subrange types are removed, set types are limited to small set of integers and the number of low-level facilities was sharply reduced, in particular type transfer functions were eliminated. By eliminating all potentially unsafe facilities, the most essential step was finally made to obtain a truly high-level language. Watertight type checking, also across modules, strict index checking at run-time, nil-pointer checking, and the safe type extension concept let the programmer rely on the language rules alone.

The simplicity resulted in a language which is easy to learn, simple to implement, and also very efficient. Oberon compilers are known to be compacts and to compile blazingly fast while providing adequate code quality compared to commercial compilers.

It makes sense, doesn't it?

Wirth created also the Oberon operating system, which has a GUI/TUI that inspired Rio from Plan-9.

Scott "SFITCS" FergusonMarch 8, 2014 1:20 AM

@yesme


If you talk about security, why not do it well and forget about C. Use a language such as Oberon 2, Zonnon or Go.

Oberon, (07 not 2?), is not designed for security. Likewise Zonnon and Go. And design simplicity doesn't determine security. If anything it only increases the number of bad programmers who use it (no need to understand the stack or architecture, just whip up some code - when in doubt refer to the user). The general argument is that clarity in code equals ease of audit - which may be true (though I doubt it), until it hits the compiler.

No programming language is secure - and none are more secure than others. Every programming language is secure enough if used with security in mind by experienced programmers.

Joule and E were designed with security in mind (but the above paragraph still applies).

It's possible that one of the biggest mistakes in secure programming it to buy into the illusion that choice of language is the panacea for insecurity. But that won't change people's emotional bias.

Clive RobinsonMarch 8, 2014 2:09 AM

OFF Topic :

There is some "fun" to be seen over at Hacker News over this article,

http://www.2uo.de/myths-about-urandom/

I think many here would have one or two things to say on it. However to save you the effort a little cat fight has turned into a bit of a prize fight.

To see where the "fur fly" have a look at,

https://news.ycombinator.com/item?id=7359992

It helps the hot brown stuff slide down your gullet on a somewhat damp and grey --in London-- morning.

MounaimMarch 8, 2014 2:20 AM

Uroburos - highly complex espionage software with Russian roots

G Data discovers alleged intelligence agency software

http://blog.gdatasoftware.com/blog/article/uroburos-highly-complex-espionage-software-with-russian-roots.html

-

But what makes the Uroburos rootkit stand out from the crowd is that G Data’s detailed report into the malware reveals that their researchers believe it to have been created by a country’s intelligence agency, and drops some heavy hints that Russia are to blame.

The Uroburos rootkit takes its name from a mythical serpent or dragon that ate its own tail, and a sequence of characters concealed deep within the malware’s code: Ur0bUr()sGotyOu#

http://grahamcluley.com/2014/03/russian-spyware/

Clive RobinsonMarch 8, 2014 2:20 AM

@ Stephan,

    I'm surprised I haven't heard more outcry regarding the GnuTLS bug

That could be for a couple of reasons,

1, Media fatigue
2, No "evil corp with iritating sicho/nars fanbois to bash"

If you think back the little crypto problem that caused certain Bitcoin apps to be vulnerable and thus lose the users their "wealth" did not make much news. So I'm working on 2 being the reason (but then I'm biased I still think the last good product Apple made was the Apple ][ ;)

yesmeMarch 8, 2014 2:23 AM

@Scott "SFITCS" Ferguson

I am not convinced about that. C (and the tools surrounding C) has quite a few pitfalls and it takes an experienced programmer to recognise them. And even then it is easy to make mistakes.

To me, minimalism (as long as it is sane) makes sense. Garbage collection too. What doesn't make sense is cruft.

For instance, the Plan-9 C makes way more sense than the C we see in Linux. And that's because it doesn't have the cruft.

Clive RobinsonMarch 8, 2014 2:31 AM

@ Captain Obvious,

    I think Bruce has been lying about his new job

No No no, it's more important than that, it's evidence of a secret Russian Plot to back up the NSA by implanting a double at confrences to sow doubt and confusion as to Bruce's loyalty to "Security Theater and The Great American way"...

Either that or Bruce has found a new "musical" hat to wear ;-)

yesmeMarch 8, 2014 2:31 AM

Recently the EU Committee asked some questions to Edward Snowden and this are his answers.

Here is an interesting quote:

The NSA granted me the authority to monitor communications world-wide using its mass surveillance systems, including within the United States. I have personally targeted individuals using these systems under both the President of the United States' Executive Order 12333 and the US Congress' FAA 702. I know the good and the bad of these systems, and what they can and cannot do, and I am telling you that without getting out of my chair, I could have read the private communications of any member of this committee, as well as any ordinary citizen. I swear under penalty of perjury that this is true.

And here about the whistleblowing:

Do you feel you had exhausted all avenues before taking the decision to go public?
Yes. I had reported these clearly problematic programs to more than ten distinct officials, none of whom took any action to address them. As an employee of a private company rather than a direct employee of the US government, I was not protected by US whistleblower laws, and I would not have been protected from retaliation and legal sanction for revealing classified information about lawbreaking in accordance with the recommended process.
It is important to remember that this is legal dilemma did not occur by mistake. US whistleblower reform laws were passed as recently as 2012, with the US Whistleblower Protection Enhancement Act, but they specifically chose to exclude Intelligence Agencies from being covered by the statute. President Obama also reformed a key executive Whistleblower regulation with his 2012 Presidential Policy Directive 19, but it exempted Intelligence Community contractors such as myself. The result was that individuals like me were left with no proper channels.
Do you think procedures for whistleblowing have been improved now?
No. There has not yet been any substantive whistleblower reform in the US, and unfortunately my government has taken a number of disproportionate and persecutory actions against me. US government officials have declared me guilty of crimes in advance of any trial, they've called for me to be executed or assassinated in private and openly in the press, they revoked my passport and left me stranded in a foreign transit zone for six weeks, and even used NATO to ground the presidential plane of Evo Morales - the leader of Bolivia - on hearing that I might attempt to seek and enjoy a sylum in Latin America.


So, who is lying? Obama said that Snowden should have talked to his superiors about this. Snowden says here that he did exactly that.

I would put my money on Obama.

In defence Obama could say: "Ich habe es nicht gewusst". But I don't buy that. Obama is to clever and tacky for that. He knows what's going on. We are not talking about G.W.Bush.

Which brings me to my question: Why?

Why lie about this? Do they believe that Snowden would keep quite about this?
Why not, for once, admit that they made a mistake and move on. Why didn't we heard from Obama that Snowden DID ring the bell the ordinary way?

That's what's bothering me. The lying in public. The arrogance. And that they are getting away with it.

Fiona GlenanneMarch 8, 2014 2:37 AM

"I'm surprised I haven't heard more outcry regarding the GnuTLS bug."

Then you probably don't follow the more important news sites. If you look in the right places, there is a lot of discussion. For someone participating on this blog, I'm surprised you haven't found these areas on the net where it's widely discussed. Patches have also been issued.

Scott "SFITCS" FergusonMarch 8, 2014 3:25 AM

@yesme

I am not convinced about that.

That's an opinion without reference.


C (and the tools surrounding C) has quite a few pitfalls and it takes an experienced programmer to recognise them. And even then it is easy to make mistakes.

Yes. But, as I pointed out (pun intended) any language is just as secure, provided it is written by an experienced programmer. Go, or Pascal-whatever-version-you-wish-to-call-Oberon is subject to the same problem. The choice of language does not determine it's security - the skill and knowledge of the programmer does. You also miss the point that Oberon is not designed to be a secure programming language.


To me, minimalism (as long as it is sane) makes sense.

That's not unique to any of Wirth's languages.


Garbage collection too. What doesn't make sense is cruft.

Any language can have cruft. It's unclear whether you mean cruft in the source, or cruft in the compiled code. Often what inexperienced programmers call cruft is what they believe is removed with high optimisation.


For instance, the Plan-9 C makes way more sense than the C we see in Linux.

Perhaps in theory - show me it in practice, until then it's just a debate about gravity (has no relation to reality).


And that's because it doesn't have the cruft.

Huh? Please expand and provide real life examples.

And what do you mean by "Linux"? Linux userland and kernel are completely different standards of programming in the same language (and not all userland is C). You wouldn't conflate colloquial slang and legalese would you?
Try comparing the same program written Plan-9 C and C and you have some grounds for measurement. Though different programmers will write same program differently.

Neither C has "cruft". No programming language does - only bad code written in languages do. You use what you use from any language - if what you write is superfluous to the purpose it's cruft. Cruft is a legacy of the writer - not the language.
Claiming some language is clearer to code (and shifting from "more secure" to "cruft-free") shows a lack of understanding of code writing and compilers. Only post compiling analysis will show what's really cruft (IMO).

Elegant design, simplified syntax, structure, and other such nomenclature are elements that have no effect on security.

Security is something that comes from design, implementation, and testing - so my opinion, for what it's worth, C has a testing advantage over more modern languages. Only time will tell - until then it's sheer speculation, often based on the most unreliable of indicators "gut instinct".

Clive RobinsonMarch 8, 2014 4:21 AM

@ Nick P,

With regards patents you have the disadvantage of being in the US which has some of the most bizzar patent legislation and processes there are. So much so that it has driven some inovation out of the US to other more accomodating places @RobertT has had some things to say on it in the past, and I know Bruce regards patents as a "touchy subject".

The four areas to watch out for are,

1, "submarine patents"
2, Secondary or derived "evergreening" patents
3, The "knowing infringment" problem
4, The idiocy of the US IP justice system.

The last point is where even the US judiciary are looking at themselves and in effect saying IP litigation is making a mockery of the US justice system. Hence the recent inquires and reports on changing the system. However I suspect any attempt at reform will be stymid by the usuall "vested interests" lobbying. Not just of the IP holders but the lawyers and patent organisations that do so well out of it.

Whilst using expired patents can be adventageous the disadvantage is the salami slicing derived patents which can keep them effectivly in place for a lot longer which is just one of several "evergreening" tactics to extend income or market control beyond the original expiry date.

Unfortunaly finding and checking these is where the "knowing infringment" problem raises it's ugly head. It's difficult to argue that you have not seen a secondary patent when you've seen the patent it's derived from. And the legal brethren will force you to run up huge bills just to put you out of business for their clients. And as you might have seen these clients are busy setting up secondary legal entities/vehicles to stop you getting back at them as well as to stop antitrust legislation and to deny patent misuse defence to those they chose to attack.

Thus there are various hoops of fire you have to jump through in the US to protect yourself, whilst a clever lawyer could set up a system that might make you fire resistant the big boys are going to come after you with flame throwers etc. And the old advice about "The safest way to deal with danger is to be somewhere else" has been taken by many especialy --or so it's said-- in the chip business.

And of course there is outright cheating of the so called "submarine" patents, who ever thought the idea up must have had a perticularly warpped sense of humor. They arose from the fact of using filing date not grant date, the secrecy of filingd prior to granting and the fact that you could keep filing amendments to the original filing. Thankfully these are now receading into the past but there may still be some lurking from pre 1995, but they have been known to surface as long as 40years after first filing. However there is still a hole in the system that can be exploited, which means "being out of juresdiction" is still a good idea.

This does not of course mean you yourself would have to be out of juresdiction but the developing entity/vehical would. Many "tax havens" have suitable secrecy laws and these can be run through other entities in other places.

However whilst it's not the patent issues that should make you consider being out of the US juresdiction the misuse of legislation by Federal organisations should give you more than pause for thought. Afterall do you realy want a SWAT team pointing their guns etc at you and family etc as has already happened to one US software developer who refused to put in and run backdoors for an LEO that wanted to get at US citizens who gamble on line...

Clive RobinsonMarch 8, 2014 4:52 AM

@ yesme,

    So, who is lying? Obama said that Snowden should have talked to his superiors about this. Snowden says here that he did exactly that.

Never underestimate the power of "plausable deniability" Obama has no "direct knowledge" of Ed Snowden or the events leading upto his revelations. So Obama has a whole chain of "fall guys" to alow him to lie to his hearts content to preserve his self made image, and as the voters have showed they are happy to buy into faux personna of the representatives thy select.

The problem Ed Snowden has --and you can be sure the DOJ are just waiting/planing on-- is that of proving he made the claimed attempts (which I have no reason to either doubt or beleive). Basicaly if he names names then he is guilty of revealing a name which is "protected" or can be argued as "protected" under US legislation, and unlike Scooter Libby Ed Snowden does not have friends who can pardon him.

For someone at the very thin edge of the wedge of power Ed Snowden does appear to be keeping the "thick end" in check. However this game is not yet past the opening gambits and those "thick end" types don't have to play by the rules or conventions we might mistakenly think they do.

Oddly perhaps the longer the revelations keep happening the safer Ed Snowden is, because it makes him a political playing piece, who's value has gone up in recent days.

Scott "SFITCS" FergusonMarch 8, 2014 5:15 AM

@yesme


Recently the EU Committee asked some questions to Edward Snowden and this are his answers.

Thanks for the link.
Of particular interest to me was the following succinct and concise assessment:-

The good news is that there are solutions. The weakness of mass surveillance is that it can
very easily be made much more expensive through changes in technical standards: pervasive,
end-to-end encryption can quickly make indiscriminate surveillance impossible on a cost-
effective basis. The result is that governments are likely to fall back to traditional, targeted
surveillance founded upon an individualized suspicion. Governments cannot risk the discovery
of their exploits by simply throwing attacks at every "endpoint," or computer processor on the
end of a network connection, in the world. Mass surveillance, passive surveillance, relies upon
unencrypted or weakly encrypted communications at the global network level.

Emphasis mine.

So, who is lying? Obama said that Snowden should have talked to his superiors about this. Snowden says here that he did exactly that.

NSA sophisms, Obama didn't say Snowden hadn't talked to his superiors. There's a difference.
The devil is in the detail. He's a politician, only to be expected he'd leave himself wriggle room.

FigureitoutMarch 8, 2014 7:58 AM

Scott "SFITCS" Ferguson
Elegant design, simplified syntax, structure, and other such nomenclature are elements that have no effect on security.
--Wut? Do you really stand by that statement or are you getting too antsy to make a point? A simple fact is a secure system has a known amount of states that are visible to the user. Therefore attacks are visible, and the attackers must know their attacks are potentially being watched. All the attacks happening everywhere, quick one-offs, get away b/c of the deluge of attacks everywhere.

You then went on to call out "an opinion", then at least made clear your unsubstantiated opinion at the end. Calm down, friendly fire. Some opinions are way worth more than others; and they can also be called processed observations stored in neurons.

FigureitoutMarch 8, 2014 8:32 AM

yesme
--Nick P's talked about Go (called it "brilliant" IIRC) and Oberon as both good languages for a secure system. Any mention of "type-checking" makes him wet in the pants I believe. :p

Nick P
--Smaller companies will obviously be less likely to go after patent violations (always the little guy gets picked on). I would say another threat moreso on my mind is legal sabotage of the project from "our friends" who want everyone's endpoint mangled w/ backdoors. Don't underestimate the vindictiveness.

Other than that, build it. The longer we wait the more older components become obsolete and we all become more reliant on backdoored components too tiny to analyze trivially. I would really like a more functional computer that's been engineered properly. I've got my eyes on "Xobs" laptop as the best put together functional computer for now.

BenniMarch 8, 2014 9:42 AM

By the way, the most interesting thing of this snowden document is this:

Edward Snowden to european parliament: We have seen FAD "legal guidance" operations occur. Germany was pressured to modify its G-10 law to appease the NSA, and it eroded the rights of German citizens under their constitution. Each of these countries received instruction from the NSA. Once the NSA has successfully subverted or helped repeal legal restrictions against unconstitutional mass surveillance in partner states, it encourages partners to perform “access operations.” Access operations are efforts to gain access to the bulk communications of all major telecommunications providers in their jurisdictions, normally beginning with those that handle the greatest volume of communications. Sometimes the NSA provides consultation, technology, or even the physical hardware itself for partners to "ingest" these massive amounts of data in a manner that allows processing, and it does not take long to access everything. Even in a country the size of the United States, gaining access to the circuits of as few as three companies can provide access to the majority of citizens' communications. In the UK, Verizon, British Telecommunications, Vodafone, Global Crossing, Level 3, Viatel, and Interoute all cooperate with the GCHQ, to include cooperation beyond what is legally required. The result is a European bazaar, where an EU member state like Denmark may give the NSA access to a tapping center on the (unenforceable) condition that NSA doesn't search it for Danes, and Germany may give the NSA access to another on the condition that it doesn't search for Germans. Yet the two tapping sites may be two points on the same cable, so the NSA simply captures the communications of the German citizens as they transit Denmark, and the Danish citizens as they transit Germany, all the while considering it entirely in accordance with their agreements. Ultimately, each EU national government's spy services are independently hawking domestic accesses to the NSA, GCHQ, FRA, and the like without having any awareness of how their individual contribution is enabling the greater patchwork of mass surveillance against ordinary citizens as a whole.


Der Spiegel has published in November an article what "access" they have in germany. this article, which is about the wishlist of a former german minister, http://www.spiegel.de/netzwelt/netzpolitik/friedrichs-wunschliste-der-innenminister-und-das-nsa-prinzip-a-932147.html

ends with the following passage:

Im Mai 2012 fragte die Fraktion der Linken im Bundestag nach Details der "strategischen Fernmeldeaufklärung durch die Geheimdienste des Bundes". In der Antwort aus dem Bundeskanzleramt (PDF), unterzeichnet von Ronald Pofalla (CDU), steht unter anderem Folgendes: Höchstens 20 Prozent der "auf den angeordneten Übertragungswegen insgesamt zur Verfügung stehenden Übertragungskapazität" würde überwacht. Dann folgt dieser Satz:

"Hierzu fordert der BND gemäß § 2 Abs. 1 S. 3 G10 in Frage kommende Telekommunikationsdienstleister auf, an Übergabepunkten gemäß § 27 TKÜV eine vollständige Kopie der Telekommunikationen bereitzustellen."

It basically says that, ironically a member of the party "die Linke", which is the renamed SED that ruled the communist DDR with its stasi, as asked the government how the german secret service does surveillance.

The answer of was that the secret service tapps 20% of all communication outgoing and ingoing to germany is tapped. But then comes the surprise, how the german secret service gets that data. In the reply of the government, it is said that the BND asks the telecommunication companies for a !!!complete!!! copy of all communication.

So they have a similar wordgame than the nsa employs. They say the BND only tapps 20% of the communication. But actually, BND asks the telecommunication firms for a complete copy.

It maybe that the 20% that they mention actually bears some truth. I do not believe that the BND is interested in communications for online games, or webcams. I also believe they are not interested in filesharers.

In germany there are very strong privately funded copyright groups that seem to be obsessed to overthrow illegal filesharers in bittorrent with lawsuits. These copyright groups are strong enough that they recently sent a letter to the chairmans of google, apple and microsoft, writing that smartphones could theoretically be used for sharing files, and therefore they want 15 euros for every sold smartphone.

Given that, the BND has absolutely no business to go after filesharers. But the rest of all the traffic is perhaps 20%.
So BND collects the entire communication entering and leaving germany. It shares all that with the nsa of course. BND has access to xkeyscore, altough it is questionable whether the americans let the germans access their entire database from that tool.

yesmeMarch 8, 2014 10:16 AM

Today is a good day here in the Netherlands for not using the PC. It's sunny and warm ;-)

@Scott "SFITCS" Ferguson

For instance, the Plan-9 C makes way more sense than the C we see in Linux.
Perhaps in theory - show me it in practice, until then it's just a debate about gravity (has no relation to reality).

Just download plan9port and look at the code.

And what do you mean by "Linux"? Linux userland and kernel are completely different standards of programming in the same language (and not all userland is C). You wouldn't conflate colloquial slang and legalese would you?

Sorry, I meant the GNU userland (and lots of the external libs). It's a bunch of #ifdefs, m4, tons of preprocessor crap and the autotools. When you compare this with the Plan-9 C code, it is totally different.

And it looks like they even like it. If you look at for instance LibreDWG (part of the GNU project), in decode.c there is a comment that says:
"Welcome to the house of evil code!" and "Welcome to the dark side of the moon... MACROS". Come on, grow up.

Well, maybe I am a purist, but I prefer the "proper" Plan-9 C.


@Figureitout

Nick P's talked about Go (called it "brilliant" IIRC)

I agree.


@Clive Robinson

Oddly perhaps the longer the revelations keep happening the safer Ed Snowden is, because it makes him a political playing piece, who's value has gone up in recent days.

Are you saying that Snowden could be running for president in a couple of years?

Nick PMarch 8, 2014 10:25 AM

@ yesme

It's funny you say that because...

https://www.schneier.com/blog/archives/2012/12/nasty_samsung_p.html#c1052836

I agree with Scott, though, that none of these are silver bullets for security. Ada, for instance, is a nice contender with a balance of safety and runtimes simple enough for embedded apps. Yet, a language analysis of Ada will show certain security issues are still possible. If anything, the safety features only reduced the worries. Also at the hardware interface level, there will be no safety at all. That part can be at least minimized and wrapped behind interfaces, though.

The other trick to high level languages is the abstract can hurt security. Hackers attack what your machine actually does, typically the binary. Binary on most ISA's is inherently unsafe. The "safe" language gets transformed by the compiler, hooked with a runtime coded in unsafe language, and turned into hopefully safe object code. There's plenty room for problems there. That's why in safety-critical work one must certify both the runtime and the translation to object code. Security would be requirements on top of that.

So, what to do? The best bet would be to write a secure runtime and compiler for a language like Oberon. Build in the necessary protections. Write a carefully audited core for interfacing with MMU, IO, etc. Then put SPIN OS or A2 Oberon on top of it. The same kind of thing could be done with Java and a JavaOS. In either case, custom processors that microcode the interpreter can eliminate the abstraction gap between VM and hardware. Lilith Workstation did this for Modula and JOP processor does for Java, respectively.

So, there's your start.

@ Scott SFITCS Ferguson

The one thing I disagree with about your post is the effect of language design on security. There definitely *is* an effect. The main effects of language on security are:

1. Does it make it easy or hard to shoot yourself in the foot?

2. Does the abstraction of the language map fairly clearly to what hardware is doing?

3. Can the compiler automatically include security protection for common vulnerabilities (eg stack attacks)?

4. Is the language spec clear enough that one can argue correctness of their compiler and lack of undefined behavior?

5. Is there a relatively safe or clean way to link in native code?

6. What underlying runtime is necessary and can it be made secure?

Early on in INFOSEC, people asked these questions. MULTICS avoided C to reduce risks in buffer overflows, string handling and some others. Turned out to be huge numbers of vulnerabilities in those areas which PL/0 programmers didn't have to think about. IBM's experience writing their system code in PL/S/X has been effective enough that they only let certain partners use the language/compiler. Empirical studies by military and defense contractors showed Ada use resulted in vastly fewer defects, even when C/C++ programmers were using it in one case. Coverity's analysis of Python apps, a concise safe language, showed they had the lowest defect rate of all code they saw. And you know that's not because Python programmers are elite. ;)

Modern examples are largely the C# and Java platforms. Vast majority of attacks on system apps written in these are hitting the runtime and libraries written in unsafe code. That they usually don't bother trying to find code injection attacks in managed code says plenty. The attacker focus on those complicated portions that were written in unsafe code using low assurance development processes. A mix that's a recipe for plenty of vulnerabilities. Yet, there's examples of runtimes and native languages done in *much* safer ways so this doesn't detract from 'language benefits security' argument.

I've always said that just making code injection impossible through a language would by itself make it worth writing about everything in. The worst attackers could do would be leak information or crash system. I think modifying hardware to enforce certain basic properties is a better direction to go in, though. Hence, my advocating techology such as SAFE, CHERI, and jHISC.

@ figureitout

"I would say another threat moreso on my mind is legal sabotage of the project from "our friends" who want everyone's endpoint mangled w/ backdoors. "

Did you notice how the article was titled "the other legal vulnerability?" Backdoors remain on my mind. ;)

pianissimoMarch 8, 2014 2:25 PM

Nick P:

Multics was designed starting in 1965. C didn't exist until 1973.

SkepticalMarch 8, 2014 2:36 PM


An interesting article from MIT Technology Review on Russian cyber and information operations being conducted in connection with the crisis in Crimea.

@Clive: The problem Ed Snowden has --and you can be sure the DOJ are just waiting/planing on-- is that of proving he made the claimed attempts (which I have no reason to either doubt or beleive). Basicaly if he names names then he is guilty of revealing a name which is "protected" or can be argued as "protected" under US legislation, and unlike Scooter Libby Ed Snowden does not have friends who can pardon him.

I agree that he can't name names, but that's not his problem (Libby was never pardoned, incidentally, though part of his sentence was commuted). Look again at the question and answer a commenter quoted in the posts above:

Question: Do you feel you had exhausted all avenues before taking the decision to go public?

Snowden: Yes. I had reported these clearly problematic programs to more than ten distinct officials, none of whom took any action to address them.

The question is artfully worded (do you feel... and not did you...) and Snowden's response equally artful.

The problem is that these are more word games. "Ten distinct officials" could mean NSA employees he chats with during breaks. Did he make a formal complaint to anyone? Ask to speak to the Office of the Inspector General? He didn't exhaust all avenues; indeed it doesn't seem he really tried, given the evasiveness of his answers.

The deeper problem is that there is no answer that Snowden could have received which would have satisfied him, short of altering policy to conform with his opinions.

Let's say that Snowden sat down with the NSA's General Counsel, the Attorney General, and every judge who sits on the FISC, and had a discussion of unlimited duration with them about matters which concerned him. There is no doubt that all of these individuals would have explained, at length and in detail, why the programs about which he is concerned are in fact legal.

Would he have been satisfied? It appears not. Ultimately his view is that these programs are wrong, and regardless of the law, should not exist.

And it's fine for him to have such a view, but the law doesn't grant veto power over government policy to every single employee with classified access.

The deepest problem of all legally and ethically is the one that defenders of Snowden never want to talk about: he took and exposed large amounts of classified information that do not reveal any wrongdoing at all. All the talk about whistleblower protection, or lack thereof, aside, this fact is the ballgame.

BenniMarch 8, 2014 3:08 PM

Skeptical wrote:
"he took and exposed large amounts of classified information that do not reveal any wrongdoing at all."

Well skep, if thats your opinion, then you can start a private webcam chat on yahoo. You seem to live in a world where this here:

http://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo

is lawful. Or should I say

Please don't feed the troll

___________________________
/| /| | |
||__|| | Please don't |
/ O O\__ feed |
/ \ the trolls |
/ \ \ |
/ _ \ \ ----------------------
/ |\____\ \ ||
/ | | | |\____/ ||
/ \|_|_|/ | __||
/ / \ |____| ||
/ | | /| | --|
| | |// |____ --|
* _ | |_|_|_| | \-/
*-- _--\ _ \ // |
/ _ \\ _ // | /
* / \_ /- | - | |
* ___ c_c_c_C/ \C_c_c_c____________


+-------------------+ .:\:\:/:/:.
| PLEASE DO NOT | :.:\:\:/:/:.:
| FEED THE TROLLS| :=.' - - '.=:
| | =(\ 9 9 /)='
| Thank you, | ( (_) )
| Management | /`-vvv-'\
+-------------------+ / \
| | @@@ / /|,,,,,|\ \
| | @ /_// /^\ \\_\
@x@@x@ | | / WW( ( ) )WW
\||||/ | | \| __\,,\ /,,/__
\||/ | | | (______Y______)
/\/\/\/\/\/\/\/\//\/\\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
=================================================================

\|||/
(o o)
,----ooO--(_)-------.
| Please |
| don't feed the |
| TROLL's ! |
'--------------Ooo--'
|__|__|
|| ||
ooO Ooo


BenniMarch 8, 2014 3:14 PM

\|||/
(o o)
,----ooO--(_)-----.
| Please |
| don't feed the |
| TROLL's ! |
'--------------Ooo-'
|__|__|
|| ||
ooO Ooo

SkepticalMarch 8, 2014 3:47 PM

@Benni: Perhaps my last paragraph was unclear. My point is that even if one were to assume for the sake of argument that some of the programs Snowden leaked are in fact illegal, this would not excuse the taking and exposure of a vast amount of information about other programs and activities, such as eavesdropping on Putin, or the TAO catalog, that are definitely not illegal.

All of that, of course, is a separate subject from the question of we should now from a policy vantage now that such programs have been revealed.

And expression of a different viewpoint, without being rude or insulting to anyone, hardly constitutes trolling. It's an open thread, and Snowden arose as a subject before I made any comments at all. You and I may disagree on the subject of Snowden, but I don't see why disagreement should be problematic for anyone.

BenniMarch 8, 2014 3:51 PM

@Skep:
The tao devices are used by the taliban for swatting. The taliban make the us drones attack civilians by selling their phones. The tao devices are used to spy on political allies of the us who fight with the us together in afghanistan. the tao devices are used to spy on the german company sap who delivers office software.

And of course the troll here declares the tao devices a completely legitimate thing that never should have been published.....

BenniMarch 8, 2014 3:56 PM

As these tao devices are used to locate a phone and have find/fix/finish capabilities, i think it is absolutely required, that every afghan civillian knows that a phone can lead him to be killed.

I think afghan children should be taught at school never to buy a used mobile phone, and never to accept a used mobile phone as a present or anything else.

As long as the tao devices are used as swatting tools, and as long as they are used for industrial espionage, they must all be made open.

the software and engineering companies in germany also have a right to know what to search for, when they shield themselves against nsa bugs.

BenniMarch 8, 2014 4:14 PM

This here is an interesting view on that drone strikes:

And what is described makes only sense if you think of the taliban selling their phones quickly to kids of families in local villages, after some real talking:

http://www.washingtonpost.com/world/interview-karzai-says-12-year-afghanistan-war-has-left-him-angry-at-us-government/2014/03/02/b831671c-a21a-11e3-b865-38b254d92063_story.html

Hamid Karzai was in the midst of negotiating a security agreement with the United States when he met a 4-year-old girl who had lost half her face in an American airstrike.Five months later, the Afghan president’s eyes welled with tears as he described visiting the disfigured little girl at a hospital. He took long pauses between words. Sitting behind his desk Saturday night, the man who has projected a defiant image toward the West suddenly looked frail.

That day, I wished she were dead, so she could be buried with her parents and brothers and sisters” — 14 of whom had been killed in the attack — he said.

In an unusually emotional interview, the departing Afghan president sought to explain why he has been such a harsh critic of the 12-year-old U.S. war effort here. He said he’s deeply troubled by all the casualties he has seen, including those in U.S. military operations. He feels betrayed by what he calls an insufficient U.S. focus on targeting Taliban sanctuaries in Pakistan. And he insists that public criticism was the only way to guarantee an American response to his concerns.


Karzai describes the Taliban. He describes them to be top experts in advanced drone swatting. these bastards sell their phones to families:

http://www.washingtonpost.com/world/hamid-karzai-says-us-afghan-relationship-has-been-at-a-low-point-for-a-long-time/2014/03/02/945dbc18-a1da-11e3-b8d8-94577ff66b28_story.html

"Of course, there other issues as well, secondary to civilian casualties. The private security firms, the parallel government structures, the contracts given to people, to individuals, causing corruption. And, of course, in a deeper way, reflecting a deeper lack of agreement between us, the way the so-called war on terror was fought. The sanctuaries were left alone outside Afghanistan and Pakistan, but the civilian villages were attacked. So when I say civilian casualties and when I say the incorrect strategy, the attack on the Afghan villages, that is exactly the crux of the difficulties.’’

This complaints of Karzai were starting, when the us enforced their attacking with remotely controlled drones.

It is natural that the Taliban would quickly figure that, when they sell their phones after several days of real talking, the drones leave their taliban camps alone but fire their rockets on civillian villages.

That way, the us drones do the fight for the taliban, by attacking the villages where the taliban would have to put up difficult fights .

And it gives the taliban their prefect recruiting argument. After a drone strike, the taliban can come and say:

"All people in this village, join us in our fight against the us, they are foreign invaders who fire rockets on our children".

That is what these TAO devices are for. They make the us fight for the taliban, not against them.

SkepticalMarch 8, 2014 4:29 PM

@Benni: Just so I'm clear. Your argument is that:

1 - The Taliban know that their cell phones are used to target them. They give them to hostile villagers, who are then mistakenly bombed by the US.

2 - By leaking the TAO catalog, Snowden has helped inform those villagers of this Taliban tactic.

3 - Therefore leaking the TAO catalog was justified.

Is that the argument?

BenniMarch 8, 2014 4:29 PM

Not only do these surveillance drones attack afghan civillian villages.

No, the drones also mistakenly attack and kill ISAF nato soldiers:

http://www.spiegel.de/politik/ausland/afghanistan-fuenf-soldaten-bei-nato-luftangriff-getoetet-a-957193.html

It would not wonder me, if this attack had to do with some hacking or swatting. Simply bring a compromised phone near an isaf controll point. Then call the phone, or put on it some apparatus, that makes a call. A phone in some bush near a checkpoint certainly does not get noticed by ISAF soldiers looking for taliban. After some time, then the hellfire rocket come...

Doubleplus untroll ingsocMarch 8, 2014 4:32 PM

"this would not excuse the taking and exposure of a vast amount of information about other programs...

"Hardly constitutes trolling" - strictly speaking, it's profound and by now wilful ignorance of the law in exact correspondence with criminal government propaganda - government lies swallowed whole and regurgitated in an online forum that NSA uses as a combination Glavlit and honeypot.

What the quoted statement lies about is Article 19 of both the Universal Declaration of Human Rights, federal and state common law, and of the Covenant on Civil and Political Rights, supreme law of the land as interpreted by Human Rights Committee General Comment 34 paragraphs 21 et seq., http://www2.ohchr.org/english/bodies/hrc/docs/gc34.pdf

The law - NSA's best kept secret, more sensitive than sources and methods or RD or national technical means - makes it clear that US national security restrictions are not regulations but mafiya omerta for torturers and hitmen.

BenniMarch 8, 2014 4:40 PM

@Skep:
- The Taliban know that their cell phones are used to target them. They give them to hostile villagers, who are then mistakenly bombed by the US.

Yes, the taliban know that. Even the drone operators are aware of that, this is also mentioned by the intercept: https://firstlook.org/theintercept/article/2014/02/10/the-nsas-secret-role/

the intercept article describes that the taliban would share the phones among themselves. Putting them in a bag, shuffle them, so that each taliban gets another the phone.

But if you consider that, this seems too dumb. Why share the phones among themselves, when the taliban know, that the phones make you a target?

And now you have the afghan president, complaining increased accidential attacks of drones on civillian villages. Now you have several drone victims, who say they have nothing to do with terrorism.

And you have even ISAF soldiers, attacked by drones.

It would be quite stupid, not to believe that the taliban are selling their phones to places that they want to be attacked by a drone strike..

@Skep:
2 - By leaking the TAO catalog, Snowden has helped inform those villagers of this Taliban tactic.

Unfortunately, i think that you can not inform afghan kids in some village by publishing some slides.

But this is certainly something, the afghan government should put on its agenda. To teach all civillians, especially in remote villages, that they should never accept a used phone either sold or as gift.

SkepticalMarch 8, 2014 4:46 PM

@Benni: Okay, but I'm still having some trouble pinpointing what you think the justification for the leak of the TAO catalog to be.

Based on your last comment, is your argument that the leaking of the TAO cataog justified because it helps inform the Afghan government that they should teach Afghans never to accept used phones, thereby helping innocent villagers avoid erroneous air strikes?

BenniMarch 8, 2014 4:48 PM

Another problem is of course, that you could simply hide the phones in some location, maybe together with a strong battery and some device, that makes calls.

Talibans are good at making bombs. They certainly can also put a phone next to a casette recorder, or some small computer that lets the phone make some calls, using words like "bomb, attack,al quaida". In the wild, nobody will perhaps take note for such a device. Just the drone that will appear firing its rocket into the phone.

BenniMarch 8, 2014 4:53 PM

@Skeptical:
Based on your last comment, is your argument that the leaking of the TAO cataog justified because it helps inform the Afghan government that they should teach Afghans never to accept used phones, thereby helping innocent villagers avoid erroneous air strikes?

Yes. And Given that the drones erroneously attack ISAF soldiers, they as well should look around, whether somebody has not put a phone next to their outposts.


And of course, given that the other TAO devices are used for spying on german politicians, who are allies of the us, and given that the tao devices are used to spy on the german software company sap, which makes office software, the publishing of the TAO list is entirely justified.

SAP has a right to know what to search for, when securing their networks. Office software is of no security threat of the us.

++triplethinkMarch 8, 2014 5:04 PM

Note the inept attempt at indoctrination: the government apparatchik demanding 'justification' for your legal right to impart information and ideas of all kinds.

BuckMarch 8, 2014 5:10 PM

Here's an interesting idea...

Why should drone operators and their support staffs even bother carefully targeting Taliban members? They're likely to receive the same compensation/reimbursement, regardless of civilian casualties... At the bureaucratic level, I'd imagine it's all about the man hours and number of missiles launched.

There may be a slight disincentive due to the possibility of public outrage... But since Pakistan and Afghanistan are so far removed from the perception of ordinary US citizens, it seems like those killings could provide more 'bang for their buck' if they instead targeted only nosey journalists and any others asking too many questions about the strikes!

BuckMarch 8, 2014 5:20 PM

And with the money saved on expensive surveillance technologies, we could start providing more tech for sustainable crops (the food-kind, not opium ;-), shelter, and water desalination plants for those damn disenfranchised terrorists!

Perhaps eventually, the ungrateful masses would learn to love their new flying metal overlords and cease to desire their total destruction...

Scott "SFITCS" FergusonMarch 8, 2014 7:09 PM

@Figureitout

--Wut? Do you really stand by that statement

Yes.

Elegant design, simplified syntax, structure, and other such nomenclature are elements that have no effect on security.

What you read into to that is your problem. Pick cherries get pips.


A simple fact is a secure system has a known amount of states that are visible to the user. Therefore attacks are visible, and the attackers must know their attacks are potentially being watched. All the attacks happening everywhere, quick one-offs, get away b/c of the deluge of attacks everywhere.

Relevance? What does that have to do with language design features?


You then went on to call out "an opinion", then at least made clear your unsubstantiated opinion at the end

"make clear it's your unsubstantiated opinion"?? If it's unreferenced you can safely presume it's an opinion.

Nick PMarch 8, 2014 7:40 PM

@ pianissimo

"Multics was designed starting in 1965. C didn't exist until 1973."

Thanks for the correction! A re-read of Karger's [1] paper shows their options at the time were BCPL (a C ancestor), AED, and PL/I. Supporting my original point, they chose PL/I partly because its language features reduced defects. They specifically mention PL/I features that reduce odds of buffer overflows, less need for pointer arithmetic, and better argument checks for function calls (MULTICS-specific, not vanilla PL/I). They mostly compare PL/I to C in the paper which is is probably why my memory got mixed up.

Another C-related memory error... ;)

[1] Thirty Years Later: Lessons learned from the MULTICS security evaluation 2002 Karger and Schell

Scott "SFITCS" FergusonMarch 8, 2014 8:05 PM

@Nick P
Also at the hardware interface level, there will be no safety at all. That part can be at least minimized and wrapped behind interfaces, though.

The other trick to high level languages is the abstract can hurt security. Hackers attack what your machine actually does, typically the binary.

Very important points. (programmers and testers don't tend to use SoftIce)

The best bet would be to write a secure runtime and compiler for a language...

... and specific, thoroughly understood and documented hardware, with excellent specifications, substantial testing and auditing, and a release date determined by production standards?
That's the initial software - it's sometimes the case it becomes employed in manners that weren't planned for, and extended in unintended ways (though good documentation can help there).


The one thing I disagree with about your post is the effect of language design on security. There definitely *is* an effect.

It was a somewhat deliberately provacatory post meant to highlight the major factors. ;)
i.e. too often I see problems occuring because someone declared "x is more secure", whether it's a development style, or choice of language etc - it's a comprehensive set of processes and resources of which language choice is a very minor effect.
My experience is that most of the crap commercial code is not the result of the choice of language - and that if language x had been used instead, the end result would have simply been a different dog with the same leg action.

Language choice is part of designing for secure code production. It's a complex process and any simple solution will invariably be wrong - no matter how attractive it seems. Clearly you understand this, but don't make the mistake of believing it's a universal understanding ('cause I've got a scrum of projects that'll fix the problems of their previous project for you!)

I'd argue that the main "effect" of language design is that it teaches critical thinking, and the main factor in security (when we talk about writing the code) is the programmer. When I think of bad code I don't see the chosen language as the cause - nor do I soley blame the programmer (it's only part of the production and release environment).

As for shooting yourself in the foot... there are some gun analogies I could think of :)

Empirical studies by military and defense contractors showed Ada use resulted in vastly fewer defects, even when C/C++ programmers were using it in one case.

I'd believe that. The reasons are complex - and that's a major limitation with this subject. Trying to reduce it to the sort of simplicity that would satisfy this particular forum would only demonstrate that simple is a synonym of dumb. Suffice to say that Ada is used where it's a requirement - and the specs are different to other development projects.
The language itself (Ada) includes the libraries. Time, space, and lack of recent (or extensive) experience in Ada prevent me going into extensive detail - but Ada, and Python, libraries are so much easier to understand than C, Java, and C#.

I think modifying hardware to enforce certain basic properties is a better direction to go in, though.

Agreed. So would targeting specific hardware instead of trying to write code that caters for a large range of unknown factors.

FigureitoutMarch 8, 2014 8:07 PM

Scott "SFITCS" Ferguson
--Alright well I guess I just highly disagree w/ that statement. How do you prove assurance of a complex tool, most likely using another complex tool?

Relevance?
--What all can you do w/ a particular language is the relevance. I'm not going to be interrogating a HDD or RAM card w/ XHTML, no?

What are cherry pips BTW? I like to pick at things lightly to improve something, well maybe. I don't mind getting smacked if I'm wrong, but I'll still try.

Benni
you could simply hide the phones in some location
--Yep, a little of the paranoid security mind leaks out. If you have a known targeted cell, then you potentially have a missile strike in your pocket. It would take zero tech/radio skills to just plug in a charger somewhere you want to blow up, only where the calls originate from; I take it power outlets are hard to come by in Afghanistan though...

Nick P
Backdoors remain on my mind. ;)
--Oh so Wael's buttcheeks?--Joke chill out. I see more ways around that threat than the other, that's all.

Another C-related memory error... ;)
--I thought it was the programmer not the language that mattered?--Joke again easy.

Nick PMarch 8, 2014 9:17 PM

@ Scott Ferguson

"... and specific, thoroughly understood and documented hardware, with excellent specifications, substantial testing and auditing, and a release date determined by production standards? "

Unfortunately yes lol. Nicely put. Efforts that put a comparable amount of rigor into this type of problem are the EAL7 JavaCard work, the VLISP Scheme48 system, and DO-178B certified runtimes/translations. Each required essentially what you stated.

"too often I see problems occuring because someone declared "x is more secure", whether it's a development style, or choice of language etc - it's a comprehensive set of processes and resources of which language choice is a very minor effect.
My experience is that most of the crap commercial code is not the result of the choice of language - and that if language x had been used instead, the end result would have simply been a different dog with the same leg action."

I see where you're coming from. We definitely agree there. That the processes and people have the greatest effect is undeniable. So is the fact that things like "managed code" can provide a false sense of security.

"Suffice to say that Ada is used where it's a requirement - and the specs are different to other development projects."

Not really. That's a sizeable portion of Ada users. Another portion are specifically using it because it reduces odds of coding defects while being easy to maintain over time. Ada developers have jokingly described it as a straight-jacket that forces you to do things in a safer way just to get a compile. Past that, it's design makes tracking problems down easier and can entirely eliminate some of them.

Any safer language does some of this. C and asm certainly don't. So there's benefit although as we agreed it's minor compared to process/people.

"So would targeting specific hardware instead of trying to write code that caters for a large range of unknown factors."

Absolutely. One thing to Apple's credit is they realized this. That they tried to support a small amount of hardware very well instead of all arbitrary stuff paid off in reliability. They're not great coders, but their developers had fewer opportunities to show it. ;) So, as open and/or more secure processors/architectures become available, people trying to build secure systems will benefit from focusing on them. Hell, people trying to build reliable or future-proof systems could probably benefit too.

Examples of this in commercial products are Sentinel's Hydra firewall and Secure64's SourceT OS. In Hydra's case, they combined a PowerPC embedded board, INTEGRITY RTOS, and carefully layered software isolated into protection domains to reduce risk. I think avoiding x86 and its mainstream OS's helped reduce complexity, too. For SourceT, its owners built on Itanium's cleaner design and security features. They also designed networking and application systems with assumption they'd be constantly hit with combo's of malicious input. Pentesters at NSA and Matasano, respectively, couldn't figure out how to inject code into these systems or even crash them remotely.

Although I'm sure they contain vulnerabilities, such systems are exemplarly in that they show that rigorous processes working from hardware up can achieve high security in a useful system. And that it was affordable enough for two startups to do it. That big companies can't even implement basic apps without hundreds of easily preventable vulnerabilities speaks more of apathy than their language choice. Switching languages would only reduce defects from "our customers apps can crash, burn and die" to "our customers apps can crash, burn, hit a hospital, and maybe die."

@ figureitout

"I thought it was the programmer not the language that mattered?"

It was. His memory handling sucked too. :)

8March 8, 2014 10:25 PM

NSA's in its death spiral. You see the tip of the iceberg here, online personas in infinite loops. You don't see the lawyered-up executives or hear the damage-limitation mantras that get drilled into the arms and legs.

NSA now has a binding constraint on recruitment. They're limited to a Keith Alexander threshold of mediocrity: non-selective school, paying his way not with merit aid but with ROTC hup-two-three-four; dim-witted alacrity and asskissing. The stakes are high. Make a mistake, take on someone with too much intellect or too-rigorous habits of mind - a Russ Tice, a Bill Binney, a Drake, a Klein, a Tamm, a Loomis, a Wiebe, a Snowden, a Fellwock - and they'll catch on. They'll tie you in knots. They'll make fools of you. They will invoke the law.

But the Служба Внешней Разведки, 中华人民共和国国家安全部, the anons, they're not afraid of brains. They're not afraid of integrity. They're not afraid of the law. They will eat you alive.

Now every time you venture outside your fetid SCIF you will get your ass kicked. In Syria. In Ukraine. And, next week, in Geneva, where you will try to explain your panty-sniffing and your torture and your murder.

By the way, if anybody wants probative evidence of NSA criminality with the stamps on and the metadata intact, contact us you-know-where at 039X--RLbI2jEnJr8cnhXr~~jDzC0-5Y3YmCleo4s0jin3krft~8gaIrlNlCVTkLMzkvmzEKW~PCLgmD8d30FJZSUBh2~po-62sDmaj8f9tGH8GUkpjd843Y7ZtCAATbUlopdk4ZpGIvro3O8phrk8~lXiQ5j~VEiL0iyE3847-SNyLipl!

Nick PMarch 9, 2014 12:00 AM

@ Clive Robinson

"And of course there is outright cheating of the so called "submarine" patents, who ever thought the idea up must have had a perticularly warpped sense of humor. They arose from the fact of using filing date not grant date, the secrecy of filingd prior to granting and the fact that you could keep filing amendments to the original filing. "

I didn't know about this. I appreciate the tip.

BenniMarch 9, 2014 5:59 AM

@Figuretout:
"--Yep, a little of the paranoid security mind leaks out. If you have a known targeted cell, then you potentially have a missile strike in your pocket. It would take zero tech/radio skills to just plug in a charger somewhere you want to blow up, only where the calls originate from; I take it power outlets are hard to come by in Afghanistan though..."


Apparently not. When even talibans can charge their phones, even talibans have the necessary power cables. Now when they have that in the mountains, there are certainly more of them in the villages.

The taliban simply have to climb on some rooftop at night, deposit a bag on the roof of some house, the bag comes with a laptop that can make the phone calls, and the power may come from some cable that provides power for the house. If there is no power, simply charge the phone from the laptop and put a large battery in the bag. This may last for a day.


Thats the perfect bomb. It does not cost much.
You do not even need a suicide bomber for this.


Given that the talibans usually make suicide attacks, where they have to loos one man of themselves, it would be naive not to assume that they are not thankfully using such smartphone bombs for calling the us drones.


Clive RobinsonMarch 9, 2014 6:46 AM

@ Scott, Nick P, figureitout,

    I thought it was the programmer not the language that mattered?

All jokes asside, that is part of the underlying problem.

The old trueisms of "A good workman will do a good job even with the worst of tools, whilst even the best of tools won't help a bad workman" and "A bad workman blaims his tools" are a reflection on human skill or lack thereof and appply to all fields of endevor including software.

There is a kind of Macho Man attitude in some areas of software development where people take pride in doing a bad job quickly. Sometimes the reasons are easy to spot such as with MS Win Foundation Class and it's poor documentation and others less so. Such as the "I did it the hard way so can you" attitude of many cursed by MFC, rather than co-operativly sharing hard won knowledge, a lesson many would hope was behind us (but sadly appears not).

Unfortunatly the problems are very often encoraged by poor managment. With managment issued metrics based on the likes of "number of lines of code a day" --as though writing software were filling shelves in a shop with infinately strong shelves-- there is little or no reason for "the measured" to improve their game, in fact quite the opposit as it can be seen as a way to protect your job.

The sad thing about this is the nature of software development is it suffer's from the "can't see it can't complain" problem excused with "Even the knarliest of trees bare fruit". That is even the worst of writen code once through the tool chain and out the door does not see the light of day again --unless it get's Open Sourced-- which untill recently means it's buried, and with luck the writer will have moved on "before the chickens come home to roost". Thus the "invisability of past performance" enabales people to "advance by interview skill" not the abilities they are supposadly being hired for, thus re-enforcing the problem.

Whilst there are traditional ways of stopping this job hopping renumeration not skill advancement, the fast pace of technology change tends to lead to the problem of those doing the hiring having to do it blind because they don't have the inhouse skills to tell the differance between a "bodger" and a "craftsman".

But there are other factors in the issue that need to be considered.

We've recently seen two security issues with regards the testing of certificates. They both result from code that to put it politely was a mess. Whilst much has been said about the poor programing of the GOTO less has been said about the other, and almost nothing about the underlying issues.

In both cases the problem appears to have arisen out of refactoring code for the very problematic issue of dealing with problems arising from the complex issue of certificates.

Much of the problem is people have not understod the complexities of verifing certificates in all failure modes. Part of this is not knowing that certain types of attack are possible and thus improperly viewing the problem initialy and developing an incorrect mental map of the problem. The mental map then has to evolve with time as and when it gets broken, frequently in another persons head.Generaly the new person only has a short time and insufficient documentation to gain both a clear understanding of the problem and of how their predecesor viewed the problem when they wrote their code. To use an old trueism "They are going off half cocked", which just adds to future problems...

BenniMarch 9, 2014 8:07 AM

Interesting is this here:
http://www.aljazeera.com/news/asia/2014/01/afghanistan-bagram-prisoners-201412772416740458.html

"Afghanistan set to free 37 Bagram prisoners. Though Washington maintains it provided sufficient evidence of the dangers posed by a total of 88 disputed detainees, the Afghan Review Board, led by Abdul Shakoor Dadras, said there was insufficient evidence to support any claims that these inmates would return to the armed opposition."


Apparently, the afghans are now believing nothing that the americans present as "evidence", if this "evidence" comes from the nsa surveillance tools.


SkepticalMarch 9, 2014 9:10 AM

@Benni: leaking of the TAO cataog justified because it helps inform the Afghan government that they should teach Afghans never to accept used phones, thereby helping innocent villagers avoid erroneous air strikes?

Yes. And Given that the drones erroneously attack ISAF soldiers, they as well should look around, whether somebody has not put a phone next to their outposts.

Accepting all the premises of your claims for the sake of argument, it's not necessary to leak the TAO catalog in order to provide such a warning, though. So even if one were to accept all your premises, the leak of the TAO catalog would still not be justified, at least not on this ground.

And of course, given that the other TAO devices are used for spying on german politicians, who are allies of the us,

Snowden is free to disagree with the decision of the US to do so, but there's nothing illegal under US law about this. Nor is there anything unethical, for that matter. This doesn't justify the leak.

and given that the tao devices are used to spy on the german software company sap, which makes office software, the publishing of the TAO list is entirely justified.

Who has reported that any of the devices in the TAO catalog are used to spy on SAP? And why would this justify the leak even if true?

BenniMarch 9, 2014 9:28 AM

@Skep: The german tabloid newspaper Bild lists SAP as spy target by taylored access operations.

Skep wrote:
Snowden is free to disagree with the decision of the US to do so, but there's nothing illegal under US law about this. Nor is there anything unethical, for that matter. This doesn't justify the leak.
end quote

Yes of course. It is not illegal under us law. But us law is completely irrelevant here, since that spying happens on german ground, its german law that matters here.

US embassy personel must abide the law of the country where they are stationed.

If us personal does a murder on german ground, us law is irrelevant as well. By your argument, if us law would legalize murder, us persons would be allowed to murder everyone in foreign nations, and if you witness that, it would be illegal to make this public. That is not how it works. If you get somewhere, the law of that somewhere is what counts.

Skep wrote:
Accepting all the premises of your claims for the sake of argument, it's not necessary to leak the TAO catalog in order to provide such a warning, though. So even if one were to accept all your premises, the leak of the TAO catalog would still not be justified, at least not on this ground.
end quote

No one would believe you without the tao catalogue, where it is written in that technique to locate a mobile phone is used for assassinations.
In fact, even with the tao catalogue, the articles on intercept, the stories of the drone operators themselves. the german government and the german secret service still believe that it is impossible to assassinate persons if you know their mobile phone number: http://www.spiegel.de/netzwelt/netzpolitik/bundesregierung-will-weiter-handydaten-an-die-usa-uebermitteln-a-955255.html

As the german government, does not believe that a mobile number can lead to a person to be killed, it continues to give mobile phone numbers of terrorism suspects to the nsa.

If snowden would not have made the tao catalogue public, no one would believe him. Not even the afghan government.


BenniMarch 9, 2014 9:38 AM

Skep wrote:
Snowden is free to disagree with the decision of the US to do so, but there's nothing illegal under US law about this. Nor is there anything unethical, for that matter.
end quote.

Spying on allied politicians is illegal when it happens on foreign ground where there is a law that forbids this, and since they are allied politicians, it is illegal as well.

How do you come to believe, spying on allied politicians would be ethical?

Gerard Schroeder has connected his own politica future with the sending of troops to afghanistan. He asked the parliament, wheter he should send troops, and in case the parliament would have said no, he said that he would back down from his chair as a german chancellor.

How should it be "ethical" to spy on an ally who connects his own political future to an operation together with the us?


BenniMarch 9, 2014 9:41 AM

sorry the sentence

Spying on allied politicians is illegal when it happens on foreign ground where there is a law that forbids this, and since they are allied politicians, it is illegal as well."

should read

Spying on allied politicians is illegal when it happens on foreign ground where there is a law that forbids this, and since they are allied politicians, it is unethical as well."

and the german law that makes the us spying on sap and german politicians illegal is this here
http://dejure.org/gesetze/StGB/99.html

the persons who are doing this get, if their name is known by the police, a prison sentence between 1 to 10 years.


yesmeMarch 9, 2014 10:02 AM

@Benni

I can't figure you out. You write 3 posts about "don't feed the trolls", but then... you are doing exactly that.

YeahSureMarch 9, 2014 10:23 AM

Really! A computer program could write Skeptical's posts. And maybe it is. Their content is: "Split a hair. Split another hair." Really who cares if he agrees with you or not? Yawn.

Nick PMarch 9, 2014 12:10 PM

@ yesme re Benni

You beat me to it. I was going to point out that his pointless debates have taken up more of the Squid thread than many of Skeptical's controversial posts. And their charged, all-over-the-place nature is making Skeptical's side look more rational. Definitely feeding the trolls.

BenniMarch 9, 2014 12:16 PM

@Yesme, yes, I made a mistake.

However, I think I ve also boiled the disagreement down to the important question:

"How do you come to believe, spying on allied politicians would be ethical?"

Since if skeptical are someone who believes that it is ethical to do illegal activities to your allies, then, this could explain most of skepticals views.

It would explain that his views actually steam from an arrogant perspective, where others, non-americans, have no rights at all, even if they are allies of the us.

When you think it that way, most of what the nsa does, would be justified indeed. When you look at all this from the perspective

"these are non americans, we can do what we want with them. we can spy on them as we want, and mistakenly murder them by our drones as we want, all this is not un ethical".

Well, if you look on others from that perspective, then the nsa's actions are all justified.

Now the nsa does the things they do, certainly not because they think what they do would be wrong. So one must worry that the majority of the people at nsa have such a viewpoint as "skeptical" shows:

"these are non americans, we can do what we want with them. we can spy on them as we want, this is purely ethical, and we even can mistakenly murder them by our drones as we want, this is also not un ethical".

Historically, white american settlers had such views regarding to the native inhabitants in america, whom they slaughtered. Similar views were held by a majority of white americans regarding black slaves.

It could be that in the american government, such views are now adopted with regrards to non american people.

I fear that this kind of spirit has something to do with the actions of the nsa.

If german politicians are regarded in a way that they do not have any rights, since they are not americans, well, then it is completely ethical to spy on them.
Similarly, it is ethical to spy on SAP if you consider them to be germans who have no rights.

This is the point, where one can say, someone with such views is a so called "exclusive nationalist" http://de.wikipedia.org/wiki/Nationalismus who aggressively discriminates others depending on their nationality.

This is quite different from patriotism. It is dangerous.


Nick PMarch 9, 2014 12:40 PM

@ Wael

Not posting much so must be working or chilling by implication. Btw, while you're chilling, tell me what you think about my patent defense strategy for my secure system designs.

@ Clive Robinson

Yeah, it's interesting. I'm dismissing the Freescale people as being a coincidence for now. The real question is how the plane failed. Here's an interesting set of statistics I found:

http://www.planecrashinfo.com/cause.htm

I remember watching many plane accident investigations on TV. Even fairly well-maintained planes often went down due to things like cabin fires caused by electrical issues. In one case, a single drop of condensation landed on an exposed wire inside the wall. Knowing that's how little it takes to drop a plane would make me nervous about flying if I wasn't better at risk assessment.

In this case, weather and pilot error are unlikely. Pilot didn't radio in a hijacking or anything. I figure they have a covert way to do that. The various mechanical/electrical/digital explanations are most likely. I noticed Boeing 777 has already been in 10 accidents. I also notice that they're considered "safer" because of all their extra electronics and technology. *I* am not so certain all that added in there makes them safer.

These planes are simply getting too complicated. They have so many wires, chips, sensors, controllers, etc. These are often sub-contracted out to different people. Even if they interface correctly and pass validation, there could be failure-inducing interactions that pop up later. So, my initial guess is the complexity of the plane led to a problem that crashed it.

My initial solution is to use only proven techniques and design strategies for planes' electrical/electronic systems. We know market forces won't let that happen. More planeloads of people will have to die. :(

Note: A guy I knew from somewhere worked for Boeing on plane systems. He said one of their approaches for reliability/security was to run the software on a Windows and Linux box simultaneously checking that they agree. I told him both faulty and insecure software could still happen in that "fail safe" setup. I gave examples. He disagreed it was a practical concern and believed in the effectiveness of their setup. I really stopped trusting Boeing planes at that point. I also started worrying about others, too.

WaelMarch 9, 2014 12:55 PM

@Nick P,
Yea... Been in a sour mood lately. I have chosen to adopt a humorous character on this blog, so it's not good to post when I'm in the opposite mood. Anyways... Regarding your patent defense strategy... Seems ok to build your system based on expired patents. I think that would be the passive approach. You need to invent instead, and that would be the offensive (with all the meanings that word implies) approach. Think of something disruptive -- you can do it;)

SkepticalMarch 9, 2014 1:06 PM

@Benni: Yes of course. It is not illegal under us law. But us law is completely irrelevant here, since that spying happens on german ground, its german law that matters here.

Almost all espionage operations will be illegal in a foreign country. The question for a whistleblower is whether he has knowledge of acts that violate his own law. So far as Snowden is concerned, it is US law that is relevant, not German law.

and since they are allied politicians, it is unethical as well.

Germany and the US are obviously close friends, for many good and deep reasons. And they will continue to be. Perhaps in time they will even grow closer.

But they are also separate, sovereign countries. Each government is tasked with safeguarding the well-being and rights of its own people. And each government collects intelligence on the other to that end. Do you really suppose that the BND does not conduct any espionage against the United States?

I didn't want to get bogged down in a discussion about Taliban tactics, so for the sake of argument I've been accepting many of the things you've said. However, let me register disagreement with a few of them:

As to the necessity of leaking the TAO catalog, the Afghan government, the Taliban, the Pakistani government, and I'd imagine anyone who reads the papers have known for many years that the US uses mobile phone signals, among other things, to determine target location. This is a fact long since reported. The TAO catalog didn't reveal this.

Thats the perfect bomb. It does not cost much.
You do not even need a suicide bomber for this. Given that the talibans usually make suicide attacks, where they have to loos one man of themselves, it would be naive not to assume that they are not thankfully using such smartphone bombs for calling the us drones.

All good military forces are focused on how their adversaries adapt to tactics and technology. The possibility of the target handing off a dirty mobile to an unsuspecting and innocent party is something that would have been on the radar screens of the US, and every other military, from the moment they acquired the means to track mobile phones. You can probably infer from this that the US does not rely only on mobile phone signals to conduct strikes.

WaelMarch 9, 2014 2:12 PM

@Nick P, Clive Robinson,

RE plane:

Maybe the Bermuda Triangle migrated to Asia... Maybe the Freescale guys were carrying equipment that interfered with the navigation systems, but they were managers, so probably not. Seems we need a system of satellites that cover the earth realtime, or at least cover the charted air travel routes. Then again the question I have is: Why in this day and age, when airlines have the capability to give customers internet access, can't blackbox data be transmitted realtime to terrestrial stations? I am sure it's not a privacy issue! Then again, it could be a different form of privacy, or rather, "privilege".

BenniMarch 9, 2014 2:30 PM

@Skeptical:
"Do you really suppose that the BND does not conduct any espionage against the United States?"

Yes. Absolutely. The BND only collects information either on warzones (germany has a spyship befor the syrian coast) and communistic or formerly communistic states like china russia or north korea or afghanistan. In the words of the BND boss "from the german embassies in the us, no espionage operations are carried out". The information collection of the bnd usually focuses on questioning refugees, or on
For anything else, they do not have the budget.

@Skep:
"As to the necessity of leaking the TAO catalog, the Afghan government, the Taliban, the Pakistani government, and I'd imagine anyone who reads the papers have known for many years that the US uses mobile phone signals, among other things, to determine target location. This is a fact long since reported. The TAO catalog didn't reveal this."


Well, here you say something, that the german government does not believe:

http://www.spiegel.de/netzwelt/netzpolitik/bundesregierung-will-weiter-handydaten-an-die-usa-uebermitteln-a-955255.html

germanys secret service bnd says "we give mobile phone numbers to the nsa"

http://www.spiegel.de/politik/deutschland/spd-will-von-pofalla-aufklaerung-ueber-bnd-daten-fuer-nsa-a-915947.html

and

"we still do not believe that any government agency of germany gives information to the NSA that can be used to precisely localize people in Pakistan/Afghanistan."

""weiterhin der Ansicht, dass die Sicherheitsbehörden des Bundes keine Informationen weitergeben, die eine unmittelbare zielgenaue Lokalisierung zu mutmaßlichen in der Region Pakistan/Afghanistan befindlichen Personen zulassen""

A shorter answer of the BND is:

"Mobilfunkdaten seien für eine zielgenaue Lokalisierung eines Menschen nicht geeignet."

"Data from mobile phones can not be used for precise localization of somebody"

That you can use a mobile phone to locate somebody is for the german government, still an unknown and unproven thing.

@Skep:
" You can probably infer from this that the US does not rely only on mobile phone signals to conduct strikes."

Do they relie on other information? Can you say on which information they are relying?

Nick PMarch 9, 2014 4:02 PM

@ Wael

"Been in a sour mood lately. I have chosen to adopt a humorous character on this blog, so it's not good to post when I'm in the opposite mood. "

I'd be more popular on blogs or mailing lists if I was as wise as you. ;)

"Seems ok to build your system based on expired patents. I think that would be the passive approach. "

Appreciate it. Now, I have all the inspiration I need to string some TTL's and dumb terminals together to create the system that will reinvent how businesses use computers. Or something only paranoids would buy while muttering about having to deal with problems not seen since people owned 8-tracks. Whichever...

"You need to invent instead, and that would be the offensive (with all the meanings that word implies) approach. Think of something disruptive -- you can do it;)"

Probably a good idea. I wonder if I can circumvent the part on me inventing by partnering with a organization with big pockets and patents. Not the main software companies, obviously, as they would be opponents. The company's portfolio, assets, or influence would need to be leveragable against software companies.

"Maybe the Bermuda Triangle migrated to Asia"

"Why in this day and age, when airlines have the capability to give customers internet access, can't blackbox data be transmitted realtime to terrestrial stations?"

Lol we thought alike: Bermuda Triangle was first thing that popped into mind. I also found myself asking, "why isn't there a comms link that sends periodic data (incl location) to airline?" I figured if you're spending $200+ mil on a high tech plane you can afford a wireless link. I mean, drones already do a lot more than that, don't they?

Not to mention, a steady stream of important data can be fed to analysis systems on the ground. There might be potential benefits to that which I can't think of right now. I bet at least one airline is doing that sort of thing. On other hand, I know at least one airline that didn't.

BenniMarch 9, 2014 4:09 PM

Well, in order precise, the sentence:
"Mobilfunkdaten seien für eine zielgenaue Lokalisierung eines Menschen nicht geeignet."

"Data of mobile phone communications are useless for the precise localization of a human".

Well, they also say with this, that they think, usage of mobile phone data for localization would be completely irresponsible.
Perhaps for the reason that you can sell your phone, or abuse it as a targeting device.

The BND merely says with this statement that it does not believe, the americans would be that stupid to use mobile phone data for localizing.

Well, I think that here the BND is utterly wrong. The americans ARE that stupid, and they do not even wonder whats wrong when their drones suddenly attack civillian villages.

SkepticalMarch 9, 2014 4:27 PM


Re: data feeds from commercial passenger aircraft: I believe that, to a limited extent, this does occur in certain aircraft. Documents released from an investigation of Air France Flight 447, for example, included data transmissions sent from on board systems to an Air France control center.

Hopefully the mystery surrounding the more recent disaster will be cleared up more quickly. The B777 has been in service since 1995, and with the exception of the Asiana crash in San Francisco last summer (caused by pilot error), it has never been involved in a fatal accident.

@Benni: In the words of the BND boss "from the german embassies in the us, no espionage operations are carried out".

So the BND has denied that one particular building in Washington DC is used for German espionage. Awfully narrow for a denial, wouldn't you say?

That does not amount to a claim that the BND conducts no espionage operations against the US.

What does a search for Project Rahab +BND show you?

Do they relie on other information? Can you say on which information they are relying?

I have no idea. If I had any connection to these things, I wouldn't be talking about it at all and I'd probably have an unfortunate predilection to substituting various alphanumeric abbreviations for my nouns.

But since this seems to be something that the US has put a fair amount of thought into, and has a fair amount of experience with, it's unlikely that they'd slavishly rely on one point of intelligence subject to easy, obvious, and highly costly (for the US, if successfully misdirected) counters.

ZaphodMarch 9, 2014 4:30 PM

@Nick P / Wael

Re. flight / cockpit data transmission.

I believe it's something to do with the pilots not wishing to be monitored

Z.

h2ohMarch 9, 2014 4:36 PM

@Nick P: "Now, I have all the inspiration I need to string some TTL's and dumb terminals together to create the system that will reinvent how businesses use computers."

Why not throw some fluidic logic functions into the mix?

Sure it would be slow, but hard to tap into without leaving a puddle on the floor. ;-)

Nick PMarch 9, 2014 4:43 PM

@ h2oh

"Sure it would be slow, but hard to tap into without leaving a puddle on the floor. ;-)"

Haha. I did brainstorm a bit on combining microfluidics with something that reacts violently to air or an outer layer. Tamper evidence or even zeroization might be easier in such a design. Too bad I lack the hardware or microfluidic skill to try to build it. I'd like to see guys in that field look into applying their tech to security, though. Could be some interesting stuff come out of that.

The Babic Suite March 9, 2014 4:58 PM

Things Brennan and Alexander and the TAWDRYYARD PM have put a fair amount of thought into:

1. 18 U.S. Code § 2441 d.1.D: 'The act of a person who intentionally kills, or conspires or attempts to kill, or kills whether intentionally or unintentionally in the course of committing any other offense under this subsection, one or more persons taking no active part in the hostilities.' War crime in US jurisdiction; capital offense.

2.

http://justsecurity.org/wp-content/uploads/2013/10/UN-Special-Rapporteur-Extrajudicial-Christof-Heyns-Report-Drones.pdf?utm_source=Press+mailing+list&utm_campaign=6de0426c90-2013_10_17_Heyns_drones_report_UN&utm_medium=email&utm_term=0_022da08134-6de0426c90-286021377

Equivalent crime in universal jurisdiction; sharing a humane Dutch prison cell with African genocidaires.

3. Eating a gun.

Clive RobinsonMarch 9, 2014 5:09 PM

@ Wael,

Nice to know you're still with us :-)

I've been wondering why you and @RobertT had "dropped of the radar" recently. I hope the cause for your "sour mood" is mearly tempory not long term.

As for aircraft feeding data back in real time, it's already done with RR engines, however the sat data links are both expensive and narrow band.

As for "black box" data there are actually privacy rules in place over them due to pilot voice recordings as well as comercial "in confidence" rules. However that's not the only issue, unlike the black boxes of old with their "wire recorders" of limited capacity, modern black boxes contain vast amounts of flash memory and very many more inputs of higher bandwidth than they used to so there is a limit on what could be sent. Then there is the reliability issue, to be honest if an aircraft does develop any kind of fault the chances are a sat telemetery link is going to be one of the first things to stop working and thus any data sent is very likely to be incompleate.

What would be handy though is the extension to the ADS-B system such that ATC has tracking info where ever the aircraft goes (not just the usual paths with radar coverage).

BenniMarch 9, 2014 5:40 PM

Thats good news;
http://www.spiegel.de/politik/deutschland/nsa-ueberwachung-bundestag-soll-abhoersicher-werden-a-957680.html

the german parliament apparently is now getting a decent faraday cage.


@Skep:
"I have no idea. If I had any connection to these things, I wouldn't be talking about it at all and I'd probably have an unfortunate predilection to substituting various alphanumeric abbreviations for my nouns."

so you have no idea but are just trolling, right.

And well, it is the US that refuse to sign a no spy treaty with germany. This alone should show that there is close to zero espionage of the us done by germans. And if it is tried, well BND actually has a history, that most of its operations become ultimately published by DER SPIEGEL.

It was DER SPIEGEL which published, that the Bundeswer can not defend itself against the sowjets in 1962: http://de.wikipedia.org/wiki/Spiegel-Aff%C3%A4re This lead to the imprisonment of the Spiegel editor in chief by defense minister Strauss Strauss said that he saw an abyss of treason in the country ("einen Abgrund von Landesverrat im Lande" ). Eventually, the spiegel editor was set free, and Strauss, together with five ministers had to back from their chair.

The germans trying to get into swift? I think i remember having read something like this twenty years ago in DER SPIEGEL.
Here is a BND official, http://www.spiegel.de/spiegel/print/d-9278001.html complaining DER SPIEGEL should stop calling the BND employees spooks...

DER SPIEGEL published even details of NSAs capabilities already in 1989: http://www.spiegel.de/spiegel/print/d-13494509.html

Besonders gern, berichten Verfassungsschützer, sammeln US-Dienste "Zahlen und Daten aus der Wirtschaft". Mitunter verblüffen amerikanische Kollegen, zu denen sie engen Kontakt halten, sogar mit "hübschen Details aus dem Privatleben" deutscher Prominenter: "Die heben alles auf, was sie hören."

"US services most likely collect numbers and facts of the economy. Often american colleagues surprise with details of the private lives of celebrities. They collect everything they hear. the electronic expert david waters can imagine, that there are people, who have an interest what Petra Kelly tells Gert Bastian. You can bet that there are people who have heard this."

This is DER SPIEGEL in 1989.


Nick PMarch 9, 2014 5:48 PM

@ Zaphod

"I believe it's something to do with the pilots not wishing to be monitored"

Could be. Of course, I'm only talking about sending sensor data about location and status of the plane itself. I'm not sure why pilots would be worried about such data.

(Pauses)

Well, the data might say that the cockpit door opens, stewardess area is empty longer than usual, and a restroom experiences a 20 degree temperature rise all in same 20 minutes. I could see how a pilot would worry about analysts connecting dots.

WaelMarch 9, 2014 5:51 PM

@Clive Robinson,

Nice to know you're still with us :-)
Thanks. Was always with you -- reading...
I've been wondering why you and @RobertT had "dropped of the radar" recently. I hope the cause for your "sour mood" is mearly tempory not long term.
Everything that has a beginning must have an end. I was wondering about RobertT myself, perhaps the little birdie that used to whisper to him turned into a vulture? Same for Dirk Praet, haven't heard from him in quite sometime... As for the Block-box, how about just sending non-private information, say engine statistics, altitude, speed, fuel levels, sensor readings? Compress and send every 10 seconds or so? If some failure happens and the link is lost, investigators can trace back to the last 10 seconds collected. I think that's very doable. What does RR collect anyways? I take it RR stands for Rolls Royce, the engine manufacturer?

And what makes planes so special? Busses, taxis, and trains do have cameras!

BenniMarch 9, 2014 6:22 PM

By the way, my sentence:
"US services most likely collect numbers and facts of the economy"

is not true, it reads: "Us services like it most, to collect numbers and facts of the economy."

SkepticalMarch 9, 2014 6:46 PM

@Benni: Well, I think that here the BND is utterly wrong. The americans ARE that stupid, and they do not even wonder whats wrong when their drones suddenly attack civillian villages.

Someday I hope you learn enough about US practices and policies to understand why such a belief is quite ignorant even if one assumes that the US is without any ethical compunction. Start with the concept of population-centric counterinsurgency and read FM 3-24. Then ask yourself again, given US views on counterinsurgency, whether the US would care if its air strikes were missing intended Taliban targets and killing civilians.

In the meantime, I think we'll just have to agree to disagree on all of this. Thanks for your views, and for the conversation.

BenniMarch 9, 2014 7:01 PM

@Skep:
Under obama, the US violate indeed what you call "population-centric counterinsurgency".

I think wars are won by going after the enemy.

The afghan president Karzay wants the US to attack taliban camps in Pakistan. He wants the us to follow the taliban deeper into the mountains. FM 3-24 Counterinsurgency would imply that the us have to stay another 20 Years in Afghanistan and Iraq,

But what Obama does is, he leaves the people there alone, and he tries to combat the terrorists by remotely controlled drones. the FM 3-24 that you cite is exactly the opposite of sending a remotely controlled vehicle into combat missions and targeting people with almost no human intelligence. The intercept article says drone kills are made in yemen where human intelligence is absent.

A similar situation is in the mountains of afghanistan-pakistan. What happens there is this:

http://en.wikipedia.org/wiki/Pakistan%E2%80%93United_States_skirmishes

"They have also caused an uproar among Pakistan's civilian population and politicians and have fueled anti-American sentiments. Since June 2004,[2] the United States military has launched dozens of unmanned aerial vehicle strikes against presumed Taliban targets, killing hundreds[2] of militants and civilians.[3] These drone strikes have been subject to heavy criticism from Pakistan, which maintains that they are not the best way to fight terror and that they will have the inevitable result of uniting the tribesmen along the border with Taliban and against the U.S. Pakistan has previously coordinated with the U.S. on missile strikes but the U.S. has since conducted strikes without informing Pakistani authorities.[4] Pakistani troops were then ordered to counter act. "

Bush jr was a stupid idiot, but in some sense he did better things than obama, who thinks he can fight terrorism with no human intelligence and no human groundforces.

That tactics of Obama will not work.

BenniMarch 9, 2014 7:04 PM

and of course, as the tao devices are used for such a tactics that is doomed to failure, they must be all published in the open.

BenniMarch 9, 2014 7:34 PM

Interesting is the finishing line of that soiegel article from 1996, where BND and NSA deliberately weakened cryptoboxes made in switzerland that were used by the vatikan, but also by Iran, Lybia and Iraq:

http://www.spiegel.de/spiegel/print/d-9088423.html

"In der Branche weiß doch jeder, wie das läuft", meint Bühlers Ex-Kollege Polzer. "Natürlich schützen solche Geräte davor, daß unbefugte Dritte mithören, wie es im Prospekt steht. Die interessante Frage ist aber doch: Wer ist der befugte Vierte?"

"In that business, everybody knows how this works, says Bühlers ex-colleague Polzer. Of course such devices protect you from an unauthorized third person hearing your call, as it is described in the advertisement. The question is just: Who is the authorized fourth person"

This is how project BULLRUN looked in 1996.

Nick PMarch 9, 2014 7:42 PM

re Dirk, RobertT absence

Dirk's last post was in Nov 2013. He posted plenty throughout the year but less than in past. I can't find the page as a reference but I had already showed some concern. He essentially said he was pretty busy with various things in life and post less here as a result.

Far as RobertT, he's probably just busy commercializing the security tech in hardware links I posted. ;) Kidding aside, I wouldn't be surprised if he was busy and just didn't care repeating what he's already said here as the same topics come up. We were fortunate to have learned plenty whenever he was here, as I'm sure we might in the future.

And like with everyone's contributions, it being on Bruce's blog means it's there for anyone to index, read, share, and learn. I've always said the collective wisdom archived here might be Bruce's longest-lasting contribution to INFOSEC. Might end up being more valuable than the crypto work that made him famous.

Chris AbbottMarch 9, 2014 9:13 PM

@Skeptical

In terms of ethical and unethical, I have a question for you. Do you consider any of the following things to be ethical?

Capturing private webcam conversations of innocent Yahoo users, many of which were sexually explicit,

Spying on foreign companies to obtain information for economic gain unrelated to national security,

Weakening security software, making innocent people more vulnerable to attacks,

all when there's no evidence to prove that this makes anyone safer?

pianissimoMarch 9, 2014 9:50 PM

@Clive Robinson:

The GnuTLS vulnerability occurs in code that, like the Apple code, uses 'goto' in a series of 'if' statements to recognise that an error has occurred. The bug exists because (exactly like the Apple code) the same variable 'result' is reused to 1.) test the return status of subroutines further down the call stack, and 2.) return this routine's status to its caller. When an error occurs, the code does a 'goto' to a cleanup tag that frees its temporary variables, then falls thru to the sole return statement. This cleanup code is executed unconditionally, so the success and failure paths have merged together.

https://www.cigital.com/justice-league-blog/2014/03/07/understanding-gnutls-certificate-verification-bug/

Note, in particular, that exchanging two lines in the function ('result = 0;' and 'cleanup:') would eliminate the bug.

This coding style is a _fragile pattern_. It is present in the Apple Security.framework code, and definitely in many other programs both open and closed source. What's particularly insidious is that tiny changes like lines duplicated or slightly rearranged, changes that are small enough to be plausibly blamed on a flubbed keystroke command or a flaky diff tool, will cause the security of the whole system to silently break. In addition, errors are more common because of different return status conventions that are unavoidably mixed together in every C program or library.

Some of the less obvious ways that using C hurts you are 1.) manual storage reclamation, because unconditional cleanup "post-ludes" are the only way to correctly free your storage, effectively preventing using 'return()' or 'longjmp()' at the point an error occurs; 2.) arcane storage rules that make program verification extremely difficult, e.g. the 'static' storage class, or pointer aliasing; 3.) little or no support for point-free programming, meaning programs are cluttered with too many randomly-named variables, and the likelihood of reusing variables for unrelated purposes is high (how many C coders even realise that using 'result' or 'err' for both the status of my subroutines and for my own status is a pun?), again frustrating verification; and 4.) no support for declaring program invariants. This is far from a complete list, but I believe these problems are underappreciated.

yesmeMarch 10, 2014 2:16 AM

@pianissimo

You are falling in the trap of going too much into details. The main problem is quality control.

With proper quality control these bugs would have been discovered. Think about peer to peer reviews, unit tests, documentation, policy, etc..

C only makes it easier to mess up.

HjörleifurMarch 10, 2014 2:17 AM

Gates Spends Entire First Day Back in Office Trying to Install Windows 8.1

https://archive.is/2XR1y

"A Microsoft spokesman said only that Mr. Gates’s first day in his new job had been "a learning experience" and that, for the immediate future, he would go back to running Windows 7."

Clive RobinsonMarch 10, 2014 3:12 AM

@ Wael,

Yes RR stands for Rolls Royce. Specificaly it's about their jet engine production out of Derby UK. Their big turbofan engines are part of the "Trent" family and come with something called "totalcare",

http://www.mromanagement.com/feature/totalcare-rolls-royce

Note the bit at the end about each engine having it's own hard drive, well it's actually quite a bit more than that it's more like a high end industrial control system that you might find running a factory. Which of course will raise a further flag in @Nick P's head and start him wondering about a "Stuxnet for Jets"...

And at the risk of being accused of starting a conspiracy yes Malaysia Airlines have RR Trent engines under total care,

http://www.rolls-royce.com/news/press_releases/2012/120709_malaysia_airlines_mou.jsp

But then so do many airlines because Trent engines and total care does offer some real advantages over other manufactures products.

As for what differentiates planes from busses trains and taxis, well apart from the length of flights and distances traveled per journy it's "crossing borders" an aircraft could be in more than ten countries each week as well as spending a big part of it's time in "internationl air space" so lots of juresdictions. But I guess the "pilot privacy" is not realy about pilots but airline comercial and legal liability. Look at it this way there are plenty of people who's hobby is aircraft in one way or another and you can already get ADS-B software and receivers that will let you see not just what pilots see but ATC staff as well. Now imagine just how well a bit of kit would sell if it could "put you in the cockpit" as "a fly on the wall"... Now it's more than likely that such people would record the audio and log it and archive it and even analyse it (look at the likes of SWLs and "numbers stations" to see this). Now consider that in the event of an accident they would probably sell the audio recording not just of that flight but any others that had the same flight crew or aircraft. The various specialist journalists are always looking for career enhancing oportunities to get their name into main stream national and international press so you can see what would likely happen. And inevitably some sharp practice ambulance chaser legal type would also see the career benifit out of such recordings, after all a nice little class action involving 30% fees on upwards of a quater of a billion would buy the odd condo or two around the world, and that's before you start talking about insurance on the airframe etc etc... such is the way of the world.

Speaking of "ways of the world",

    Everything that has a beginning must have an end.

That is a philisophical point with the axiom of "human experiance" underlying it and also the assumption of "times arrow". There are an increasing bunch of physicists that think even this view,

http://m.space.com/13393-universe-endless-void-big-crunch.html

From just a couple of years ago is not just "so last year" but realy out of data. The problem is that as far as mathmatical models are concerned "infinity" is a problem in a finite entity which our universe is generaly beleived to be. Which is not helped by the notion of time starting with the "big bang"...

The more current thinking is our universe is one of many like one of many bubles in Swiss cheese, the difference being that the bubbles develop fractal like along the lines of a Darwinian process (see "Eternal Universe" and false/true vacuum). To quote a very recent comment by the well respected physicist Dr Michio Kaku,

    “The modern thinking is that time did not start with the big bang, and that there was a multiverse even before the big bang. In the inflation theory, and in string theory, there were universes before our big bang, and that big bangs are happening all the time. Universes are formed when bubbles collide or fission into smaller bubbles.”

He has also done a series of programes for various media outlets where he goes into the nature of a vacuum and how it is not a truely empty space.

Athe downside of the false/true vacuum idea is the posability that the bubble that is our universe could end without warning and quite abruptly in 10-12 billion years. However he thinks it is probable that before then we will have learnt how to move between bubbles.

Steven Hawking has also indicated that he thinks we will within a few generations be able to form our own Universes that can co-exist with our own...

Either way you are not looking at the end of time.

So "pays your money and takes your choice" ;-)

PetrobrasMarch 10, 2014 4:16 AM

@Scott "SFITCS" Ferguson: "Joule and E were designed with security in mind (but the above paragraph still applies)."

Thanks for pointing me to this language family.
Unfortulately, http://en.wikipedia.org/wiki/E_(programming_language) needs a java or a lisp backend. The first is a mess with garbage collecting. The second, lisp backend, is slow.

And E is dynamically typed. So it will long need a backend.

Parasail is typed at compilation time, and doesn't have a garbage collector. But it still needs a backend see https://groups.google.com/d/msg/parasail-programming-language/f9RbGbDs0_c/bgjzD5oBtIAJ (use http://webcache.googleusercontent.com/search?q=cache:https://groups.google.com/d/msg/parasail-programming-language/f9RbGbDs0_c/bgjzD5oBtIAJ if you do not want to activate javascript).

WaelMarch 10, 2014 4:16 AM

@ Clive Rpbinson,

Which of course will raise a further flag in @Nick P's head and start him wondering about a "Stuxnet for Jets"...
Just @Nick P's head? Tell me something, is this an engine->satellite transmission path or also a satellite->engine transmission path, as in a command can be sent via satellites to the engines versus pure health monitoring?
And at the risk of being accused of starting a conspiracy
No risk at all! It's a sure thing :)
But I guess the "pilot privacy" is not realy about pilots but airline comercial and legal liability.
This implies blackbox data is filtered to protect the interests of some, right? Otherwise the live feeds can be protected in the same manner (proprietary encoding and encryption). The contents of the blackbox can be decoded only in certain places.

That is a philisophical point with the axiom of "human experiance" underlying it and also the assumption of "times arrow"
Axiom? What happened to Kurt Gödel?
Either way you are not looking at the end of time.
Did time have a beginning?

Regarding infinity, I erased what I wrote about it... Don't want to go there... But I was writing about complex numbers, square root of minus one, and the symbol "infinity", then changed my mind.

Steven Hawking is a genius, but... I don't believe everything he says, just like I don't follow all what Richard Feynman did or said. For example, I wash my hands after I use the bathroom. If they prove it, then I am all ears. If they "think it", then I am free to think as well.

Wesley ParishMarch 10, 2014 4:46 AM

@Clive Robinson and the rest of the Malaysian Airlines 777 thread

Which of course will raise a further flag in @Nick P's head and start him wondering about a "Stuxnet for Jets"...

Took the words right out of my mouth ... that was the first thing I thought of when I heard about the 777 going missing. It disappeared too quickly for several scenarios the news mentioned. No communications was received from the pilot or anyone else on the plane.

A Biggles book I read when I was so much younger gave three regions of possible failure in aviation: the airframe, the engine, and the pilot - we could consider avionics as an artificial enhancement of the pilot, or we could consider it as a fourth area of potential failure.

I thought for that plane to disappear like that, with no sign of it anywhere, both engines would have to stop at once. Avionics was the first suspect; now we know about the system used to monitor the engine, we have so much more a "surface" for failure to occur. No slur on Rolls Royce: but they're not perfect.

The success of such a StuxNet for aircraft engines would depend on the success in bridging the air gaps - or if there are any air gaps at all.

BenniMarch 10, 2014 6:37 AM

Historically interesting is this BND Mission.
http://www.spiegel.de/politik/deutschland/irak-krieg-bnd-meldete-den-amerikanern-auch-truppenbewegungen-a-395345.html

During the bombardement of bhagdad the Hermans had to evacuate their embassy. But certainly someone had to protect it from looters. So they send two spooks. The spooks were welcomed friendly by the iraqis because of the german Opposition to the war. But in such an embassy alone it can be lonely and the spooks startend cruising in bahgdad. They tagged buildings with GPS, Sent the coordinates with an encrypted sattelite phone to germany, and the BND was too happy to share the coordinates with the NSA, with the result that the tagged buildings suddenly dissapeared. Of course after a month of Operation all was published in DER SPIEGEL

benniMarch 10, 2014 6:40 AM

Sorry the Herrmans should read germans of course. Stupid german autocorrection of my smartphone

Clive RobinsonMarch 10, 2014 7:32 AM

Just watched the latest news confrance on MH730...

Apparenly oil slick and flotsam seen in the water is not from an aircraft.

And more interestingly the two European passports that were stolen to board the flight two things have been said after examination of the security footage,

1, Neither person travaling on the stolen pasports looked Asian.
2, All the security procedures were followed.

So a heads up...

@ Bruce,

I guess you'ld better get ready for phone calls.

And I can confidently predict that "the deck chairs are going to be re-aranged on the Titanic" with regards to the "security protocols" for screening passengers, as the DHS/TSA are going to get questions about the effectiness of the existing protocals in use.

BenniMarch 10, 2014 9:13 AM

This here is also an interesting BND project:
The BND institute for questioning asked an irqi refugee. He wanted the us to attack iraq, and told them strange stories of weapons of mass destruction. The bnd of course all gave this to the cia, even if it was obvious that the source curveball was full of lies:

http://en.wikipedia.org/wiki/Curveball_(informant)

that BND project was what started the war in iraq. And here is DER SPIEGEL, getting the drawings of the laboratories that curveball provided directly:

http://www.spiegel.de/politik/ausland/geheimdienste-saddams-mobile-dattellabors-a-298425.html

According to SPIEGEL, these rolling containers would be useless for making bioweapons, but more suitable for agricultural chemistry. DER SPIEGEL also got an answer of the BND: "Wir halten die Angaben weiterhin für glaubhaft": We still think that the information of is credible"

It was this BND information that started the war. Later, SPIEGEL published that this refugee got 2008 a german passport, and that he gets 3000 euros monthly from a sham firm of the BND.

Actually, one might wonder how the bnd can actually work if every month of so, one of its operations gets published. Apparently, Spiegel must have some mole there at the BND.


Assad attacks his people with gas? Well, the BND hears that calls with its spyship. And what the BND hears just gets leaked by Spiegel:

http://www.spiegel.de/politik/deutschland/syrien-bnd-faengt-beleg-fuer-giftgaseinsatz-durch-assad-regime-ab-a-919965.html


name.withheld.for.obvious.reasonsMarch 10, 2014 9:18 AM

WTHOT (Way The Heck Off Topic)...

This reminds me of InfoSEC, EMSEC, and the general environment around technology. The senate will be in session to "debate" climate change? Let me share my thoughts.


As an engineer I am concerned that about climate change--specifically two major issues; the scientific methodologies and the affects of pollution. And, I am afraid that congress, the senate, is going to do a grave injustice to both issues today. Let me address this in reverse
order.

  1. Polluting the air, water, and land of any country is a travesty, and,
  2. a miscarriage of natural justice.
  3. The poor bear the greatest burden with respect to the impacts of pollution including quality of life, health, and environment.

  4. Responsible enterprises would prioritize and attempt to understand and mitigate issues that negatively impact our environment--they do not.
  5. Climate scientists' intentions may be noble, but their exercise of science is not.
  6. Climate models cannot be proven, in geologic time and with respect to anthropogenic impacts on climate.

  7. Climate models, climate forcing and anthropogenic effects are not fully quantified in any model system today, or a sufficient amount of "sampling"--in engineering during the development process in any new device with unknown behavior is to perform "over-sampling".

  8. Causation in climate models cannot be established--even using empirical science, let alone using a proven formalism. Maxwell's equations regarding EMF traversing a dielectric is wonderful, energy dissipation (thermal, electrical, electromagnetic) can be calculated repeatedly with great precision. Climate models cannot even predict year-to-year weather patterns with even any level of certainty, let alone be expressed as a formalized model such as Maxwell's.

  9. Climate science is of complexity with the number of linear and non-linear forcing and feedback mechanisms--some have yet to enumerated--I can name several.

  10. The use of science to color law is inexcusable--this does a disservice to the public and undermines well practiced science. Today students are being taught that incomplete modeling can produce
    causation...tell the FDA that it is okay to approve drugs that have not undergone a double blind study.


I believe that reducing carbon emissions is just plain good sense--no need to skew science and the public's perception of the scientific community. Having a clean and healthful environment should be cause
enough.

Nick PMarch 10, 2014 10:13 AM

@ Wesley

"A Biggles book I read when I was so much younger gave three regions of possible failure in aviation: the airframe, the engine, and the pilot - we could consider avionics as an artificial enhancement of the pilot, or we could consider it as a fourth area of potential failure."

There's a lot more than that. Some affect the cabin directly and can kill the pilots before so much as a distress call. See the link I posted above to stats.

That nobody heard from them *is* the most alarming part for me, though.

@ Clive

Their description of the device sounds more like a logging system that's attached to analysis on the ground. There's no inherent worry there. However, if the system isn't read-only and *is* more like an industrial computer then it could be an attack point. Moreover, there's a shitload of computers and code in this airplane. Many possible attack points. Although I've previously praised DO-178B development, it's a *safety* certification and not a *security* certification. If anything, the lower amount of code in the Level A systems might help a sophisticated attacker find an attack more quickly.

Note: Remember that an attack might be assisted by someone on the plane who can get access to internal computers or networks. I know they will try to protect a public facing internal network. I seriously doubt that they protected with as much effort the many private computers and embedded devices on the private network. There might even be a cable easy to get at from the restroom or something.

I'd like to totally eliminate weather, though. There's been reported cases of massive storms just popping up out of nowhere over there. With modern planes, does a thunderstorm have the ability to totally jam their communications? I know lightening has dropped plenty of planes and some went down from extra fuel usage fighting storms. This is a pretty big plane, though.

And if we're going to be conspiratorial, let's have fun with it. :) My conspiracy nut line is that China was testing an advanced attack that could take down an airliner. It might involve hacking the plane. It might involve an active RF weapon. It might involve a missile shot from one of their many interceptors. Those 20 Freescale workers shouldn't have been flying over to steal secrets of China's Loongson 4 processor.

name.withheld.for.obvious.reasonsMarch 10, 2014 10:48 AM

Okay, now I have a conspiracy theory based on several comments posted here.

1.) A made note of the possible use of "seeds" to Bruce's blog due to the SSL/TLS session encryption.
2.) Today I made two successive posts to Bruce's blog 15 minutes apart.
3.) 8 minutes after the first post, a spam post follows my post.
4.) 7 minutes later after the last post, a spam post again appears after my post.

Could these be like "guard" posts? Some sort of blog post modem?

SkepticalMarch 10, 2014 12:01 PM

@Nick P: The lack of communication does seem to imply five possibilities:

1) The aircraft began to behave in a manner that required the complete attention of the crew, and the crew was unable to recover control or send a signal before the aircraft crashed. This could be any number of things.

2) There was a failure in the cockpit oxygen system, resulting in hypoxia in the pilots. Before falling unconscious, and in a hypoxic state, one of the pilots may have made a fatal adjustment to controls, which resulted in the crash of the aircraft.

3) The crew was violently removed from the cockpit (by force or threat) and did not have time to send a distress call. Whoever attempted to fly the aircraft then crashed.

4) The cockpit itself was the subject of an explosion (a terrorist attaches a shoe bomb to the outside of the cockpit door, for example - this is a scenario I find disturbing). This then led to the crash of the aircraft.

5) The plane itself disintegrated in flight, either due to an explosion or some incredibly unlikely series of structural failures.

yesmeMarch 10, 2014 12:47 PM

@Skeptical,

6) A complete powerfailure, caused by some reason.

7) They flew into another dimension (think "The Final Countdown" (1980) / "The Triangle" (2005))

8) An UFO hijacked all the energy for a while (think "The Abyss" (1989))

9) They crashed into an object.

Altough points 7 and 8 are not that likely ;-)

Knott WhittingleyMarch 10, 2014 1:07 PM

I think it's reasonable to make some important legal distinctions between (1) mere intrusion (simple unauthorized access), (2) bypassing security systems, (3) unauthorized copying of information, (4) theft of intellectual property worthy of protection, (5) unauthorized distribution of relatively unimportant information, (6) unauthorized distribution of important information, and (7) minor sabotage e.g., for civil disobedience and (8) malicious sabotage.

You can put a well-intentioned civilian hacker in prison for years and years just for intrusion or easy bypassing of stupid security systems, or for downloading data of no special significance with no malicious intent.

But the government reserves to itself the right to do all of these things, and nobody is even threatened with the prospect of a single day in jail, or even losing their jobs, if it's consistent with the government and/or administration's and/or intelligence community's goals.

We pretend that minor acts of intrusion are a Very Very Big Deal, and criminalize them, irrespective of intent. But when the government does it, it's all okay---we can steal massive amounts of varied information on everybody in the whole world, spy on people's intimate moments when they're naked, leak classified information for reasons that that are merely political, economic, or just undiscussed, etc.

Corporations and the government apparently have more than reasonable expectations of privacy---hack their computers, go to jail.

Citizens don't. If you're dumb enough to use a computer at all, for anything people typically do with computers, you're unreasonable to expect there to be such a quaint thing as "privacy."

And Clapper and Alexander still have their jobs, and are routinely elaborately ass-kissed by each their supposed overseers in congressional hearings---apprently to waste as much time as possible and avoid any serious discussion of whether this stuff is remotely plausibly legal or constitutional.

I dunno whether it's more Orwellian, or more Kafkaesque. Anyhow it's surreal.

SkepticalMarch 10, 2014 2:11 PM

@yesme: Like the UFO!

I agree that some type of system failure (power or other) is a possibility. In my head, it was included in #1, but the way I worded it implies something like a control surface issue rather than something like a power failure.

Is #9 meant to signify a mid-air collision?

@Wael: True. Can we rule that one out at this point?

WaelMarch 10, 2014 2:35 PM

@Skeptical,

No debries, no clues, nothing! My hope is it landed somewhere after a power failure. Nothing can be ruled out.

yesmeMarch 10, 2014 2:49 PM

@Skeptical,

I meant any object with #9. A missile, plane, debris from an active vulcano, a lost weather balloon, a meteorite or maybe parts or a fuel dump from a plane that flew there before. I don't know.

AnuraMarch 10, 2014 3:10 PM

@Nick P

And if we're going to be conspiratorial, let's have fun with it. :)

Most likely scenario is that one of the American's on board was heading to China to release classified materials on the JFK Assassination. Despite having a fake passport, they were being tracked by a locator chip implanted during their childhood vaccinations. Upon becoming aware of their location and intentions, Obama gave the green light to use HAARP to take down the plane in mid-air with a massive bolt of lightning.

BenniMarch 10, 2014 3:23 PM

@Yesme, a swarm of birds going into the propulsion engines would suffice.

But i also think it smells like a terror attack.

Clive RobinsonMarch 10, 2014 4:38 PM

@ Nick P,

    Their description of the device sounds more like a logging system that's attached to analysis on the ground. There's no inherent worry there. However, if the system isn't read-only...

As far as I can tell the system works by sending near real time information by sat to RR's Derby plant, where it is analysed in near real time so that RR's engineers can liase with the airline engineering / maintainance staff by phone and discuss what is required to be done.

Now one of the things touted by a RR sub is "improved efficiency" which implies RR sub staff can "fine tune" each Trent engine remotly in any part of the world. This tends to sugest that the sat link is two way and that RR sub staff can change engine parameters so that the engine is not "read-only". I'm assuming for maximum flexability this probably could be done real time, but even if it's not the implication is that the system is sufficiently powerfull that malware could be loaded on it.

This begs the question of what level of authentication and autherisation is in place and what lower level security is in place not just in the engine managment system but also in the comms.

If it's like the vast majority of "engineer led" designs then I suspect the security will be minimal at best.

Clive RobinsonMarch 10, 2014 4:41 PM

@ Knott Whitingly,

Have you posted your comment above to the right page on this blog?

It's just that it reads as though it's ment for todays main entry.

Clive RobinsonMarch 10, 2014 6:12 PM

@ Benni,

    But i also think it smells like a terror attack.

Whilst I would not rule it out I suspect it's not for a couple of reasons,

Firstly whilst China certainly behaves in a way you would expect terrorists to respond to, it's level of state control of media significantly reduces any impact terrorists would aim for.

Secondly as far as we are aware no terrorist group has come forward to claim the loss of MH370 as their work.

But more importantly consider what avenues are open to terrorists to bring down a modern plane.

The plane was at 35,000ft (aprox 7miles up) providing the cockpit door was closed terrorists in the passenger compartment have very limited means of inflicting sufficient damage to the airframe to either bring the plane down fast or incapacitate the flightdeck crew. Attempts to do this in the past decade have not been effective.

More success is likley to be acheived via checked baggage not carry on, even so I would not expect the flight deck crew to be immediatly disabled.

But consider the hight from which the aircraft would have droped and the speed of decent.

If the aircraft broke up at that hight you would expect a lot of debris much of which would float. Likewise if it hit the water at a fast rate of decent you would expect it to brake up leaving floating debris. So far no debris has been found, which sugests any decent was controled and if it did hit water it was at quite a gental rate of decent so as to keep the plane in one piece and also sink fairly quickly. You would expect that at that comparatily slow rate of decent that the flight deck crew would have had time to send out a distress call.

Which sugests either the aircraft did not go into the water anywhere near where it was supposed to or it was activly flown into the water by either a pilot or the control system so as not to leave traces...

Whilst this has happend befor with a lone pilot on the flight deck trying to kill themselves modern rules dictate that due to a terrorism risk the flight crew does not leave the flight deck so both the pilot and co-pilot should have been on the flight deck.

Flying into the water has been known to happen with modern flight systems when certain types of failure cause false information to come up on the flight system displays that confuse the pilots.

I guess we are going to have to wait untill one or more black boxes have been found and analysied and this has taken two years in the recent past.

Nick PMarch 10, 2014 8:54 PM

@ Knott Whittingley

Good points.

@ Skeptical

Good analysis. Yes, there's quite a few possibilities that can make an airplain seem to disappear without a conspiracy.

@ Benni

Birds! Good thinking! Yes, I remember reading a major maintenance pain for Air Force was loosing engines (sometimes planes) to birds.

@ Anura

I present you the award for Best Airplane Conspiracy Plot!

@ Clive Robinson

"Now one of the things touted by a RR sub is "improved efficiency" which implies RR sub staff can "fine tune" each Trent engine remotly in any part of the world. This tends to sugest that the sat link is two way and that RR sub staff can change engine parameters so that the engine is not "read-only". I'm assuming for maximum flexability this probably could be done real time, but even if it's not the implication is that the system is sufficiently powerfull that malware could be loaded on it."

Good points. Yes, if can get input onto it the system becomes security-critical rather than safety-critical. And so much risk enters the equation.

@ name.withheld

"Okay, now I have a conspiracy theory based on several comments posted here"

While anything's possible, it's likely just a coincidence. Spam here comes in waves. It's scattered among many threads. It looks like both the decision on where to post and the posts themselves are entirely done with scripts. The content is produced by a template from humans with poor English. Altogether, it seems like run of the mill spam.

Additionally, when the moderator filters it, the protection lasts for a decent amount of time before the next wave hits. A denial of service attack would hit the blog a lot harder with higher volume and ensure most of it lands on important threads. The spam here has almost no effect on discussions. If it's a conspiracy, it's the lamest conspiracy ever executed against a publisher.

AlanSMarch 10, 2014 9:50 PM

@Skeptical

you write "Did he make a formal complaint to anyone? Ask to speak to the Office of the Inspector General? He didn't exhaust all avenues; indeed it doesn't seem he really tried..."

The answer to your question is in the text immediately before the section you quote, (see Snowden's Statements to European Parliament, pp.5-6):

"...repeatedly raising concerns about legal and policy matters with my co-workers and superiors resulted in two types of responses. The first was well-meaning but hushed warnings not to "rock the boat," for fear of the sort of retaliation that befell former NSA whistleblowers like Wiebe, Binney and Drake. All three men reported their concerns through official, approved process, and all three men were subject to armed raids by the FBI and threats of criminal sanction. Everyone in the intelligence Community is aware of what happens to people who report concern about unlawful and unauthorized operations. The second were similarly well-meaning but more pointed suggestions, typical from senior officials, that we should let the issue be someone else's problem. Even among the most senior individuals to whom I reported my concerns, no one at NSA could ever recall an instance where an official complaint had resulted in an unlawful program being ended, but there was a unanimous desire to avoid being associated with such a complaint in any form."

The earlier NSA whistleblowers did report through an OIG and were retaliated against. Drake was indicted. That's not exactly a great recommendation for playing by the rules. Really, what did they think the next whistleblower was going to do?

FigureitoutMarch 10, 2014 10:44 PM

AlanS
--This is why the agents that abused their authority on me b/c I showed how stupid their jobs were...will never be brought to real justice. Since no one else can provide any "transparency" or "accountability", I took it on myself and baited some dumbass agents to see what their investigations were like. Based on my experiences and now further evidence from Snowden, 100% that they have abused others, but done so in a way that would be attributable to "benign causes". Civilians and citizens *should not* be forced to conduct military-grade OPSEC to live a normal secure life, this is going to end terribly w/ a lot of waste and less potential advances b/c people are wasting time on stupid sh*t like OPSEC.

RE: "the plane mystery"
--I thought nothing was beyond the NRO's reach...

BuckMarch 10, 2014 10:57 PM

What is Snowden still doing in Russia?
Some of you may remember... There was a certain condition as part of the terms for his asylum approval:

Edward Snowden Can Stay in Russia on One 'Strange' Condition (July 1, 2013)
Mobile title: Putin: Snowden Can Stay on One Condition
"If he wants to stay here, there is one condition: he has to stop his work aimed at damaging our U.S. partners, no matter how strange this sounds coming from me," Putin told reporters.
http://abcnews.go.com/blogs/headlines/2013/07/putin-edward-snowden-can-stay-in-russia-on-one-strange-condition/
Maybe this one isn't necessarily a 'leak' per-se, but it definitely conveys damaging connotations regarding U.S intelligence management/oversight processes:
Snowden: I raised NSA concerns internally over 10 times before going rogue (March 7, 2014)
Yes. I had reported these clearly problematic programs to more than ten distinct officials, none of whom took any action to address them. As an employee of a private company rather than a direct employee of the US government, I was not protected by US whistleblower laws, and I would not have been protected from retaliation and legal sanction for revealing classified information about lawbreaking in accordance with the recommended process."
http://www.washingtonpost.com/blogs/the-switch/wp/2014/03/07/snowden-i-raised-nsa-concerns-internally-over-10-times-before-going-rogue/
But how bout this one, where he's actively encouraging others to take up arms against the NSA..?
Snowden at SXSW: The NSA set fire to the future of the Internet
"The NSA... they're setting fire to the future of the Internet. And the people in this room, you guys are the firefighters. We need you to help us fix this," Snowden said.
...
Soghoian [principal technologist with the ACLU] had harsh words for a broad swath of technology firms, including Google for data collection via Android and Chrome, Facebook for data collection and privacy violations, Apple for making its address book insecure, Yahoo for not implementing encryption sooner, and Mozilla for not making Firefox secure enough.
"The irony that we are using Google Hangouts to talk to Snowden is not being lost on me," he said, and he also noted the tech companies' response to the documents Snowden leaked. [ http://news.cnet.com/8301-13578_3-57616044-38/pardon-snowden-one-tech-exec-tells-obama-report-says/ ] (Emphasis Buck's)
http://news.cnet.com/8301-1009_3-57620111-83/snowden-at-sxsw-the-nsa-set-fire-to-the-future-of-the-internet/

Obviously the 'meme' has been lost on Ellen Nakashima of the WaPo in this humorous journalistic explanation...
Snowden: Mass surveillance is backfiring on U.S. in effort to combat terrorism
Snowden, who was using a Google videoconferencing program that ran through seven proxy servers to mask his location, used much of his talk to urge companies and technologists to develop and adopt better and easier-to-use encryption.
http://www.washingtonpost.com/world/national-security/snowden-mass-surveillance-is-backfiring-on-us-in-effort-to-combat-terrorism/2014/03/10/61573dfa-a877-11e3-8d62-419db477a0e6_story.html
But, am I really to believe that an NSA-level adversary can neither find, fix, nor finish an enemy combatant who only uses Google services when behind at least seven proxies!? If that's the case, what worth would possibly exist in our billion dollar defence budgets, internet backbone taps, and ever-present all-seeing eyes in the sky..? Right... Sure! ;-)
This all seems to suggest (to me anyways) that this whole media circus is one whopping farcical dog & pony show...
And Russian intelligence interests are acting at least complicity... At worst, as an actual cooperative component in the operation!

FigureitoutMarch 10, 2014 11:20 PM

But how bout this one, where he's actively encouraging others to take up arms against the NSA..?
Buck
--Do you honestly believe that intelligence agents of all countries wouldn't sell out their country in an instant? No one gives a F about anyone else really. Since they know how investigations happen they can skirt it.

The "7-proxies" meme was hilarious, all protocols suck, the entire system is subverted and it sucks ass. People need to get that thru their heads, you can backtrack every internet trail. Thankfully my story hasn't been picked up by the media, I can't imagine Snowden's hell right now...

There's a global elite, that sit on the militaries and intel-agencies of the world. As less and less people join the military and intel-agencies (better talent goes elsewhere) so too will their pathetic grip on the world.

Nick PMarch 10, 2014 11:39 PM

@ Buck

"But, am I really to believe that an NSA-level adversary can neither find, fix, nor finish an enemy combatant who only uses Google services when behind at least seven proxies!?"

One theory on this is much simpler than others: Snowden chose to be in Russia because he knew US wouldn't mess with him there. "They aren't sending Predator drone strikes, Navy SEALs, etc to Putin's territory" is how one associate of mine commented on the situation. That sounds about true if only because we don't mess with Russia in an obvious way that can bite us back. Like in the Cold War, there are still rules about games US and Russia play.

Snowden might be a double agent or an American traitor/whistleblower/hunted leveraging these rules for his benefit.

FigureitoutMarch 10, 2014 11:51 PM

Mobile Security Post (or lack thereof)
http://www.bluecoat.com/company-blog/2014-02-20/why-your-mobile-device-isn%E2%80%99t-secure-you-think

First I'll quote the think that gets me about...almost all electronics now...Bluetooth, that worthless crud I don't want.

Virtually every mobile device has bluetooth capabilities, but this is also an easy weakpoint for hackers to exploit. Using special software and antennae, hackers intercept the signals transmitted by the Bluetooth in order to access info on your phone and even to send texts or place phone calls.
--I'm saying more, well if they can send hidden text/phone calls, they can track you easily w/...phone calls and texts that they just check w/ their phones...

Then a reddit comment that made me laugh:
Yeah... it's FUD. Nothing specifically new here; the same rules apply now as have always applied:
Unless you wrote it, or know exactly where it came from, don't trust other people's code. If you trust an app store, then trust it -- the code coming from it ought to be signed. As a rule, if you root/jailbreak your device and start installing unsigned code from third-party distributors, you're asking for trouble.
Don't trust public networks unless the traffic is encrypted. Cellular counts as public.
Don't connect your storage to untrusted devices.
It's the same in computing as in the rest of life -- don't expose yourself to people you don't trust.

--B/c every single software everyone downloads, they physically verify w/ "the creator" that they verified via software on the internet. I bet this 'tard has like 3 rootkits running on his phone right now.

The recommendations of the article were equally pathetic, all those recommendations can be easily cracked goddamit!

FigureitoutMarch 11, 2014 12:31 AM

Reports of "smart"phones still being active in the "plane mystery":

http://www.dailymail.co.uk/news/article-2578020/Why-cellphones-missing-Malaysian-Airlines-passengers-ringing-Family-members-claim-loved-ones-smartphones-active.html

All I have left to say is...how sick if these people are all dead but their phones are broadcasting their voicemail messages, "Leave me a message", etc. Like some sad novel, even in death you can't escape the surveillance and it will record your horrifying realization that you're about to die in a plane crash...

SkepticalMarch 11, 2014 11:17 AM

@AlanS: I see. So when Snowden said "yes", that he felt he had exhausted all possible avenues, he interpreted all possible avenues to mean things that did not involve giving any formal notice to anyone at the NSA or in the US Government charged with actually investigating allegations of abuse, as I was concerned that I would be ignored or fired.

He's playing word games; all possible avenues includes avenues he thought were difficult, or would expose him to some form of retaliation in the form of being fired. Conscientious whistleblowers courageously run that risk. Those with other, or additional, motivations skip town with information on what actually concerns, and in addition to that, with tons of classified material that have nothing to do with whistleblowing but might be "useful" personally.

Thomas Drake, incidentally, began formally complaining in late 2001. He actually took the trouble to speak with the NSA's General Counsel. He cooperated with a NSA OIG and DOD IG investigation in 2002. In 2005, he provided information to a reporter writing a series of stories about the very programs he had complained about, and which were the subject of the 2002 investigations. In 2007, the FBI searched his home, and he was eventually indicted. The prosecutors, who treated him very poorly and were rightly castigated by the judge for it, believed that he had been retaining and (probably) leaking classified information to the media.

The idea that Drake was targeted six years after complaining about a program, a program about which the NSA OIG and DOD IG agreed was wasteful, because he had complained about that program, seems implausible to say the least.

But not as implausible as a claim by Snowden that he couldn't possibly talk to anyone at OIG, or the GC, because he was worried that somehow he would be retaliated against. Was he concerned that six years later the FBI would search his home and find classified material?

Frankly, I suspect Snowden began exceeding authorized access and grabbing files at an early stage, and once he began doing that, he knew that it was too late to go to the OIG or GC. It's a very human, understandable reason not to do it. But it doesn't mean that going to the OIG or GC was "impossible."

AnuraMarch 11, 2014 2:06 PM

@AlanS

Feinstein probably isn't the best person for speaking out against the CIA snooping on her, given her unabiding support for the NSAs programs. Then again, she's probably not a good choice for a lot of things, e.g. Senate.

Of course, I don't think "good choice" is applicable to most politicians who run for office. Seriously, seeking a position of power should automatically disqualify you from the job.

SkepticalMarch 11, 2014 2:44 PM

@AlanS: Quite the mess. I'm going to reserve judgment until we hear more. As it stands I have a few questions:

(1) Did the Committee and the CIA have what is often referred to in civil litigation as a "clawback agreement"?

In discovery during litigation, parties sometimes accidentally produce documents or material to each other which are in fact privileged. Clawback agreements essentially allow a party to say "we didn't mean to give you that; it's something protected by privilege; please give it back (and don't look at it)."

As I said, it's used to protect accidental production of privileged material.

The interesting quirk about this affair, if I read Senator Feinstein's statement correctly, is that the Committee does not recognize the type of privilege that the CIA would assert to withhold material. In consequence, it is possible that there was no clawback agreement of any sort between the CIA and the Committee.

I say "possible" since it strikes me as monumentally unwise for there not to be such agreement at the outset.

Nonetheless, if there were not one, I can envision what CIA practice would be if they mistakenly produced a document: simply take the document back. And I can envision the Committee's response to this.

(2) Was it possible for the "search tool" used by the Committee to be used, whether accidentally or purposefully, to access undisclosed documents?

(3) When Senator Feinstein says that the staffers honored "the spirit" of the agreement when they removed printed documents from the CIA facility without presenting them to the CIA first, does she mean that the staffers sneaked out the documents but redacted them in accordance with the agreement?

(4) What provisions, if any, regarding CIA's ability to secure its networks did the Committee and staffers agree to when accessing the "segregated network drive" on the CIA's system?

(5) Did the Committee, when it requested and was denied access to the "Internal Panetta Review" in late 2013, give the impression that it had not seen any of that review (though in fact it had)?

(6) Aside from the markings on the "Internal Panetta Review", were there other indications to the staffers that the material would be of the sort ordinarily withheld by the CIA?

(7) When the Committee learned that staffers no longer had access to the portions of the "Internal Panetta Review" that they once did, did they inform the CIA that these documents were previously accessible and now were not?

First impression: this strikes me as a classic example of what can happen when there is ambiguity concerning the rules of the game in a contested area, not all moves are immediately visible, and the interaction between the parties has become highly formal.

At this point, I suspect that the staffers broke the rules by removing the documents from the facility without presenting them to the CIA first, as apparently agreed upon. I also suspect that the CIA may have either exploited ambiguity in the agreement concerning when/whether they are permitted to examine staffer actions on the system, or perhaps broke the rules of the agreement.

Absent truly clear evidence of illegal activity by either party here, this also seems to be a political dispute between two branches of government, and one best resolved with negotiation and understanding.

AlanSMarch 11, 2014 5:11 PM

@Skeptical

"the idea that Drake was targeted six years after complaining about a program...seems implausible to say the least"

That's not what happened. No one was much bothered by Drake, Wiebe, and Binney because they couldn't get any traction. The OIG report was mostly classified. That all changed on December 16, 2005 when the NYT published a story on warrantless wiretapping (that eventually turned out to come from another source). At that point the administration launched an investigation to find the source for the NYT article that ended up targeting anyone who was a source of information for publications that were critical of NSA programs. The FBI searches that lead to Drake's indictment happened in 2007 as part of that investigation.

AlanSMarch 11, 2014 5:19 PM

@Anura

I guess, for Feinstein, it's different when she's the victim. It will be interesting to see where this one goes.

Olaf OgreMarch 11, 2014 6:23 PM

Of course this nominee will defend the data collection practices. That's why he is the nominee in the first place.

NSA nominee defends bulk data collection
http://news.yahoo.com/nsa-nominee-defends-bulk-data-collection-201910921.html
Vice Admiral Michael Rogers, nominated by President Barack Obama to head the agency at the center of a public firestorm over surveillance, told lawmakers the NSA needs to be able to access the vast amounts of metadata to thwart terror attacks.

Nick PMarch 11, 2014 9:15 PM

@ Clive Robinson

Thanks for the link. It's nice that one of the guys previously pushing it is coming out to say what a mess it's become. On the other end of the spectrum, quite a few recent publications in safety-critical and formal methods communities explore integrating agile methods with their processes. *That* should have some interesting results. ;) If success, then it will be something to expand upon. If fails, we'll point out that a method designed for a stream of quick fixes might not have been appropriate for 'correct the first time' projects.

Example: Imagine asking for the specs of critical aspects of the Boeing 777 control system to only be told "the code is the documentation." My reaction would be absolute terror if I flew often.

BuckMarch 11, 2014 11:22 PM

Loads of security updates for the latest iOS 7.1 (released March 10, 2014) Where possible, CVE IDs are used to reference the vulnerabilities for further information.

https://support.apple.com/kb/HT6162
Alternate source: https://isc.sans.edu/diary/Apple+iOS+7.1/17789
This update includes fixes for 19 numbered CVEs - for WebKit alone!!!

In light of the recent SSL/TLS 'goofs' it would seem wise now to more carefully scrutinize significant patches to popular software programs... This part in particular caught my eye, possibly notable by being the only change in the changeset without an attached CVE:

  • Certificate Trust Policy
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Root certificates have been updated
Description: Several certificates were added to or removed from the list of system roots.
Of course, this sort of change should probably occur fairly regularly, but it still could prove to be beneficial to us -- keeping an eye on which authorities are being 'removed from the list of system roots'... (I suppose the 'added' ones too ;-)

Would anyone who's preparing for a minor version upgrade care to check their diff logs of the root CAs for us?

Shawn SmithMarch 12, 2014 10:27 AM

And again, Skeptical is skeptical only with claims not made by the TLA organizations. The CIA set up the document review system at a secure location and it was under their full control. This is after they destroyed evidence their agents committed torture, in direct contradiction of the Conventions Against Torture Treaty signed by Ronald Reagan and ratified and enacted by Congress in the '80s. It is the job of the Senate Intelligence Committee to oversee the CIA, and all the Senators on that committee have all the security clearance they need, pretty much by definition.

To use an analogy, if a casino withholds information demanded by a state's gaming control board, especially if that information would reveal that the casino cheated its customers, that casino loses. If a restaurant does not let a state health inspector investigate their kitchen, the restaurant loses. Regulatory bodies are granted broad powers over the entities they regulate and can pretty much remove the ability of that entity to continue operating.

In my completely meaningless opinion, it's high time that the CIA actually be held accountable for its crimes. Everything from the Mosaddegh coup to the Bay of Pigs to the fuck ups of double agents in their ranks, to the absolutely moronic idea that torture will get anyone to give anyone else reliable and accurate information.

SkepticalMarch 12, 2014 12:50 PM

@AlanS: No one was much bothered by Drake, Wiebe, and Binney because they couldn't get any traction. The OIG report was mostly classified.

The complaint regarding Trailblazer led to two investigations, one by the DOD and one by the NSA. The DOD investigation produced a report which found numerous problems and deficiencies, some of which the NSA's own investigation concurred with, and some it did not. Differences between the two reports required additional official analyses, and no doubt reports. The program's end was hastened by these reports, which were also the subject of questions in Congressional hearings.

So it's false that they "couldn't get any traction." Their complaints led to massive investigations by separate oversight and compliance groups, and eventually helped close down the program.

That all changed on December 16, 2005 when the NYT published a story on warrantless wiretapping (that eventually turned out to come from another source). At that point the administration launched an investigation to find the source for the NYT article that ended up targeting anyone who was a source of information for publications that were critical of NSA programs.

Well, the NYT had known about the wiretapping program for over a year at that point, and the Bush Administration knew this as well. So it's unlikely that the investigation began with the publication of the article. This is a quibble, but it pushes back the investigation of that leak to 2004.

The FBI searches that lead to Drake's indictment happened in 2007 as part of that investigation.

Except that it seems to me to have been triggered by his 2005 communications with a Baltimore Sun reporter, who published a series of articles in early 2006. These articles were primarily about Trailblazer and the alternative program that Drake had championed, ThinThread (which, by the way, was itself designed to enable the analysis of vast amounts of domestic data; ThinThread simply encrypted and anonymized that data, while still conducting analysis of it, until a key was entered to decipher and identify it).

The point here is that Drake was investigated, and indicted, because of his leaks to the press, not because of complaints made through official channels. I think we agree on this much, no?

SkepticalMarch 12, 2014 1:05 PM

@Shawn Smith: It is the job of the Senate Intelligence Committee to oversee the CIA, and all the Senators on that committee have all the security clearance they need, pretty much by definition.

No one has alleged that members of the Committee or their staff lacked clearance.

One of my questions concerned whether staffers removed documents from the secure facility in violation of the agreement with the CIA, under which terms everyone was to operate. That has nothing to do with the clearance level of the staffers. Neither does my question as to whether the search tool provided to the staffers could, whether deliberately or accidentally, provide access to documents to which the staffers were not granted permission.

To use an analogy, if a casino withholds information demanded by a state's gaming control board, especially if that information would reveal that the casino cheated its customers, that casino loses. If a restaurant does not let a state health inspector investigate their kitchen, the restaurant loses. Regulatory bodies are granted broad powers over the entities they regulate and can pretty much remove the ability of that entity to continue operating.

The complicating factor here is deliberative privilege, which renders the above analogy inappropriate. The executive branch isn't simply a commercial entity subject to full regulatory oversight by Congressional committee. It's a separate branch of government. So when a Congressional committee conducts an investigation and requests various witnesses and things from the executive branch, the executive branch may well refuse where those requests violate deliberative privilege.

Shawn SmithMarch 12, 2014 3:29 PM

Skeptical said at March 12, 2014 1:05 PM:

... which renders the above analogy inappropriate. ... So when a Congressional committee conducts an investigation and requests various witnesses and things from the executive branch, the executive branch may well refuse where those requests violate deliberative privilege.

All right, you want a more appropriate analogy? How about the Senate Watergate Committee demanding the tapes that Nixon made of conversations in the White House? I think we all know how that turned out. I'm sure you'll trot out other Senate committee demands that did not work out well for the Senate. Fair enough.

I'll say it again. The CIA set up the documents to Senate staffers first. If they realized only after the fact and who-knows-how-long that they should not have made some of those documents available, it does not speak much for the competence of the CIA. And we don't know what the agreement with the CIA was, other than the documents must be viewed at the remote secure location. We do know that the CIA did destroy evidence of wrongdoing (the video tapes of the torture interrogations), that multiple high level officials of the CIA regularly lie to the public (it's part of their job.) And now we're just supposed to take their word that they did nothing wrong? Sorry. They've burned too many bridges for me to believe almost anything they say. Perhaps I am part of a small minority. It would not be the first time.

The Intelligence Committee is investigating possibly illegal actions by members of the CIA, perhaps even its acting General Counsel, in regard to the undeclared Iraq War. When even a CIA and NSA apologist like Dianne Feinstein can call you out on the Senate floor, that's an indication that things have gone seriously off the rails. Without a fairly large change, that relationship is not likely to get restored to the level of trust necessary for the legislative and executive branches to get all chummy.

AlanSMarch 12, 2014 8:29 PM

@Skeptical

No, I don't agree. At a press conference on December 19, 2005, Gonzales, the then AG, when asked about an investigation stated: "As to whether or not there will be a leak investigation, we'll just have to wait and see." News reports indicate that at some stage 5 prosecutors and 25 F.B.I. agents were assigned to the case. Most of the FBI raids happened in 2007. The source of the leak identified himself in late 2008. In 2007 they had no idea so they just swept everyone up. It didn't help Drake that he'd been a source for the OIG Report and in 2006 was sharing unclassified information with a journalist at the Baltimore Sun. When the FBI questioned Drake they were interested in finding the source for the NYT story. They didn't have anything of substance on Drake but they did find some minor and questionable stuff they turned into major crimes. The main charge against him related to retention of 'classified' documents, mostly related to the OIG investigation; not leaking stuff to the Baltimore Sun. Some of the documents weren't classified when they were in his possession but classified after they were seized from him. They were also trying to pressure him to reveal information about others who were suspected on leaking. He was a critic and he wouldn't do what they wanted him to do, so they retaliated against him. Intended or not it was a clear message to others who would think about following a similar path.

SkepticalMarch 13, 2014 5:48 PM

@AlanS: I'm pretty sure Drake himself thinks he was targeted because of the leaks to the Baltimore Sun and the NYT, not the OIG and IG investigations into Trailblazer from years earlier.

As to the vindictiveness of the prosecution, the case obviously fell apart, and as I've said, I don't think he was treated appropriately by the prosecution.

Some of that is simply a result of the culture of federal prosecutors. If they think you've violated federal law, that you're not cooperating fully, that you're unrepentant about the matter or have destroyed evidence to escape culpability, then once they make the decision to prosecute you they will pursue you with every tool they have available.

And no doubt some of it is also, and here at least we may agree, institutional sensitivity to the proliferation of leaks to the press and the damage such leaks can do. That sensitivity elevates the amount of official attention leaks of classified information attract, and it changes the level of importance those leaks are assigned.

But do I think the motives were to punish him for participating in the IG and OIG investigations? No. It doesn't fit with the timeline, with the questions they asked Drake, or with the DOJ (who has no problem with people coming forward through official channels to report wrongdoing; they rather like that in fact). There would be zero institutional support, anywhere, for doing so. Remember that the IG and OIG agreed with the complaints made to them.

Let's also remember that there were undoubtedly lots of people either critical of, or with doubts about, various NSA programs. If anyone suggested to the DOJ that someone be vindictively prosecuted because he properly reported concerns to the OIG or IG, I strongly suspect that the DOJ would not only refuse but would take a hard look at the person making that suggestion.

SkepticalMarch 13, 2014 6:02 PM

@Shawn Smith: The CIA set up the documents to Senate staffers first. If they realized only after the fact and who-knows-how-long that they should not have made some of those documents available, it does not speak much for the competence of the CIA.

According to Feinstein, they produced upwards of 6 million pages. I would fully expect mistakes to happen in a discovery process of that size. That's why there are clawback agreements in a litigation context.

And we don't know what the agreement with the CIA was, other than the documents must be viewed at the remote secure location.

I agree. That's why I have so many questions.

And now we're just supposed to take their word that they did nothing wrong?

No one, least of all me, said anything about "taking their word" for it. I had 7 questions off the top of my head after reading Feinstein's statement, and none of them involved simply taking anyone's word for something.

Writing this actually makes me wonder about another part of Feinstein's statement.

On the one hand, she said that they did not rely at all on the document at issue (the Internal Panetta Report) in their findings. So presumably everything in their findings is adequately supported by other documents/material turned over to them. On the other hand, she says that the Internal Panetta Report is essential to refuting CIA denials/disagreements with parts of the Committee findings. There's some tension between those two claims.

Knott WhittingleyMarch 13, 2014 7:03 PM

Skeptical,

I don't see any tension between those two claims, if my interpretation is right.

I'd guess that Feinstein thinks that the 6300+ page report is plenty damning and convincing, but that the CIA will (to more or less quote Porter Goss) "deny everything, admit nothing, and make counter-accusations" about whatever's in it.

It seems inevitable that the CIA will downplay all the important negative stuff in the report and claim---at least for public consumption---the the report is slanted, unfair, and generally untrue.

I'm nearly certain that irrespective of the actual truth, they'll claim that the report does not take into account all sorts of exculpatory evidence that they, unfortunately, can't share with the US public, or even non-committee members.

They will assassinate the character, authority, knowledge and/or motives of anybody who seems dangerous to them. It's what they do, and what they've always done. (It's what politicians often do, but the veil of secrecy about the CIA's job makes it much more doable, and irresistably tempting.)

They will predictably cover their asses by any means available to them, and they have plenty of means available to them not available to most others.

One is do claim that an impartial observer would agree with them if they could see the same classified docs that the Committee did.

Another is to claim that even the committee was not privy to certain information that unfortunately they can't even show to the committee due to privelege issues, or because they're being witchhunted and have to defend people's right to avoid self-incrimination, etc.

So I see the point of revealing the gist of the Panetta report, if in fact it does what the Feinstein says it does---that is, it reveals that even observers biased in favor of the CIA agree with the Committee's assessment of the evidence, despite their public stance of disagreeing.

That's the kind of evidence I'd want in my back pocket if I was going up against CIA. Wouldn't you?


AlanSMarch 13, 2014 8:20 PM

@Skeptical

Drake doesn't think what you claim he does. He's given lots of interviews on this e.g. Drake: 'There was no protection against reprisal'

On reprisal: "There's nothing in the act that actually protects you. I don't have cause of action - I can't go to the courts for redress. The only thing I was able to do, as it all came out later, was the office of the inspector general for the Department of Defense does have a reprisal unit. So I was able to file paper work with them, making the claim - with material evidence - that I had been reprised against. There's history on that, and they accepted that I was, but that has not resolved itself."

On Snowden: " He certainly learned the lessons well from my own case....In fact, I dare say that if he had remained in the United States we may never have seen or heard anything about the rather dramatic or explosive disclosures that have been made since June. He had to escape the United States to have any hope of retaining his freedom let alone getting the information in the hands of designated reporters and journalists."

The latter point is exactly the same as the one I made at the beginning of this thread and which you took issue with. I wrote: "The earlier NSA whistleblowers did report through an OIG and were retaliated against. Drake was indicted. That's not exactly a great recommendation for playing by the rules. Really, what did they think the next whistleblower was going to do? "


Nick PMarch 13, 2014 8:35 PM

@ AlanS

Well-presented. Yes, the case against going through the regular channels is rock solid. Only a fool would do so seeing what happened to whistleblowers before.

AlanSMarch 13, 2014 8:38 PM

@Skeptical

"Clawback agreements?" The Intelligence Committee has oversight over the CIA. They get to see and review whatever they want that is relevant to that task.

AlanSMarch 13, 2014 8:48 PM

@Nick P

Yes, the fools are the people who retaliated against the whistleblowers who went through legitimate channels.

SkepticalMarch 14, 2014 6:53 AM


@AlanS: Drake is not talking about the investigation and prosecution there. Here's how he says he was retaliated against:

What were the consequences for you personally, subsequent to you using these channels to express your concerns?

It's kind of a death by a thousand cuts administratively and bureaucratically. They find ways to change your job; they find ways to cut back on your responsibilities. Long story short, I was flagged because I was cooperating with investigations, and then put on a black list. I was marked so to speak.

After stripping me of many responsibilities as a senior executive, they actually reorganized the entire engineering directorate and after they finished reorganizing it, I had no job left and I was given a paper title. So essentially, I was bereft of any responsibilities; all programs were removed from me; I no longer had any direct responsibilities within the directorate. So the handwriting was on the wall. That was the point at which I ended up making a fateful decision, but that gets into the other side of whistleblowing in terms of when you go public.

So yes, Drake does indeed claim he suffered retaliation for complaining through official channels.

But no, Drake does not claim that he was prosecuted by the DOJ because of those complaints.

Now, the retaliation claim as Drake does describe it above is much more plausible to me than the notion that the DOJ investigated and prosecuted him as reprisal. Indeed, the DOD IG report notes that it acted carefully to protect the confidentiality of some of those it questioned because they feared retaliation from management.

However, I'm also not sure how much of Drake's retaliation claim is true. He championed a program that, rightly or wrongly, was not selected, and it sounds like his immediate bosses soon left for the private sector. Apparently he was first moved to a less sensitive position after discussing classified material with Congressional staffers before clearing the discussion with NSA. From the New Yorker article:

In addition to briefing Roark, he had become an anonymous source for the congressional committees investigating intelligence failures related to 9/11. He provided Congress with top-secret documents chronicling the N.S.A.’s shortcomings. Drake believed that the agency had failed to feed other intelligence agencies critical information that it had collected before the attacks. Congressional investigators corroborated these criticisms, though they found greater lapses at the C.I.A. and the F.B.I.

Around this time, Drake recalls, Baginski warned him, “Be careful, Tom—they’re looking for leakers.” He found this extraordinary, and asked himself, “Telling the truth to congressional oversight committees is leaking?” But the N.S.A. has a rule requiring employees to clear any contact with Congress, and in the spring of 2002 Baginski told Drake, “It’s time for you to find another job.” He soon switched to a less sensitive post at the agency, the first of several.

So it seems plausible to me as well that his future at the executive level at NSA was already pointing to an exit, for reasons unrelated to the Trailblazer/ThinThread reporting issues.

Regardless, the possibility that Drake's career may have suffered from reporting through official channels does not foreclose those avenues as possibilities for Snowden, which he should have at a minimum exhausted first.

SkepticalMarch 14, 2014 7:24 AM

@Knott: One is do claim that an impartial observer would agree with them if they could see the same classified docs that the Committee did.

Another is to claim that even the committee was not privy to certain information that unfortunately they can't even show to the committee due to privelege issues, or because they're being witchhunted and have to defend people's right to avoid self-incrimination, etc.

So I see the point of revealing the gist of the Panetta report, if in fact it does what the Feinstein says it does---that is, it reveals that even observers biased in favor of the CIA agree with the Committee's assessment of the evidence, despite their public stance of disagreeing.

At best it shows that someone in the CIA either agreed with parts of the Committee's report, or disagreed with the CIA's ultimate position on the subject.

My sense of tension between her two claims arises from the fact that if the Internal Panetta Report was not relied upon for the Committee Report, then the other sources should be sufficient to support the Committee's claims. If those other sources are indeed sufficient, then the Internal Panetta Report is not essential.

Could the Internal Panetta Report add to the Committee's argument? Sure. Hey, look, one of your own people agrees with us! That may be slightly helpful rhetorically, but it's not essential, and it doesn't help me or anyone else decide which side has the better arguments.

But perhaps there's more to the Internal Panetta Report, or to the nature of the CIA's response to the Committee Report, that makes it more important. Or perhaps the points you make are weightier here than I realize.

Let me put it another way. I don't think her two claims are contradictory, but I do think there is tension between them absent additional explanation (and your points may ultimately be that additional explanation).

@AlanS: "Clawback agreements?" The Intelligence Committee has oversight over the CIA. They get to see and review whatever they want that is relevant to that task.

I disagree, if your claim is that they get to review whatever they want.

WaelMarch 14, 2014 10:44 AM

@Nick P, @Clive Robinson,

Re link transmitting data...
Yup! Seems there are a number of them, not just one!
http://en.wikipedia.org/wiki/ACARS
I think Clive Robinson talked about it as well. That's in addition to the diagnostic information the engine transmits to RR...

Clive RobinsonMarch 14, 2014 11:23 AM

@ Nick P, Wael,

The Guardian Online has another comment on the same topic,

http://www.theguardian.com/world/2014/mar/14/malaysia-airlines-flight-mh370-may-deliberately-flown-west-hijacked

The problem is the Malaysian authorities --who under international protocols take the investigative lead-- are saying nothing or the opposit.

However they have called representatives of both Bing ans Rolls Royce in to "talks", bare in mind both organisations have sat links for engineering data to be sent back for real time analysis.

Also remember the last plane to disapear in odd circumsttances was an Air France flight and it was two years befor a black box was found...

I'm not going to speculate very far on this one partly because I've been right so far but mainly because there is very little information.

So far the press have mauled the passenger lists and pilots pasts, what has not yet been mentioned is the cargo manifest, this could give little or a lot.

For instance it is known that like the Russians China buys in a lot of foreign currancy and other very valuable comodities, there is a small outside chance that the cargo is of sufficient value to steal and thus unlike political hijackers would very much want to cover their tracks and thus account for the so far reported odd behaviour...

KnottWhittingleyMarch 14, 2014 2:08 PM

Skeptical re internal Panetta report:

"At best it shows that someone in the CIA either agreed with parts of the Committee's report, or disagreed with the CIA's ultimate position on the subject."

That's just the CIA line, which is the least the Panetta report would plausibly show, and far from the most.

If Feinstein is to be believed, the report shows significantly more than that, which is why CIA wanted so badly to hide it from its own oversight committee, ham-handedly grabbed the document back, and threatened people who've seen it.

You seem to reflexively take the CIA position as the baseline. Given CIA's history, that seems more than a little naive or disingenuous.

Not that I trust Feinstein, but the CIA is hardly the gold standard of honesty about its own misdeeds, propaganda and coverups.

And nobody should expect it do be. Spies are professional liars, which is why they need real oversight. Unfortunately, so are politicians, which is why we need to see the Panetta report for ourselves.

Where there's that much smoke, there's plausibly fire, and when Dianne Feinstein goes to the mat for it, I think there's very probably fire, if not something explosive.


KnottWhittingleyMarch 14, 2014 2:19 PM

"And it's fine for him to have such a view, but the law doesn't grant veto power over government policy to every single employee with classified access."

Sure it does. That's what whistleblowing is about.

Every government employee with classified access has not merely the right but the moral duty to blow the whistle under some circumstances.

How could that not be true?

Everyone on all sides knows that breaking the law is justified under some circumstances. We just disagree on how extreme those circumstances need to be, and exactly which ones count.

If Snowden knew that the Adminstration intended to overthrow our democracy and install Obama (or Dick Cheney) as dictator for life, and whistleblowing "within the system" was unlikely to work, he'd surely be justified in making that public.

The real argument isn't about whether government employees ever have the right to reveal classified government misdeeds. It's about when they have an obligation to, and when they don't.

I'd say enough other people had failed in their constitutional duties, and enough whistleblowers had failed to get enough traction, that Snowden was eminently justified in revealing at least some of the classified information he's revealed.

And given his use-it-or-lose-it situation, I think it was probably justified for him to do it the way he did it---hand the information over to a few journalists he trusted---and get the hell out of Dodge.

SkepticalMarch 14, 2014 3:59 PM

@Knott: If Feinstein is to be believed, the report shows significantly more than that, which is why CIA wanted so badly to hide it from its own oversight committee, ham-handedly grabbed the document back, and threatened people who've seen it.

If it showed significantly more than that, then why wasn't it used in the Committee Report (CR)? This is the part that raises a question in my mind.

Consider the possibilities:

1 - Internal Panetta Report (IPR) demonstrates a fact alleged by the CR that is not strongly, or as strongly, established by other materials. The IPR should then have been relied upon in the CR.

2 - The IPR substantiates wrongdoing alleged by the CR that is not strongly, or as strongly, established by other materials. Here, even more than in case 1, the IPR should have been relied upon in the CR.

3 - The IPR contains something that casts doubt upon a factual allegation made in the CIA's Response, and the substance of that factual allegation is not addressed directly by the CR. For example, the CIA Response might claim that "no one who has examined documents x, y, z, has come to the same conclusion as the CR." The IPR could directly refute such a claim, whereas the CR obviously could not.

Case 3 seems to be the most likely here. Indeed even according to Feinstein, the IPR is a review of materials that the Committee had access to. Or in her words, [w]e believe these documents were written by CIA personnel to summarize and analyze the materials that had been provided to the committee for its review.

In other words, the IPR would not contain any factual material to which the Committee lacked access. Instead it would mostly likely contain the opinions of CIA employees regarding the material being viewed by the Committee.

So I'm not taking "the CIA position as the baseline." I'm simply applying what we know of the IPR based on Feinstein's own statements, and making a few deductions about the likely evidentiary value of the IPR.

"And it's fine for him to have such a view, but the law doesn't grant veto power over government policy to every single employee with classified access."

Sure it does. That's what whistleblowing is about. Every government employee with classified access has not merely the right but the moral duty to blow the whistle under some circumstances.

We're simply using the term "veto power" in different senses. I mean that mere approval/disapproval over policy is not granted to every employee.

I agree that sometimes an employee has the ethical obligation to violate the law, but I wouldn't consider that to be an exercise of veto power in the sense I used the term. I'd consider it instead to be an act of civil disobedience, which I fully agree is sometimes justified.

However, justified civil disobedience requires more than simply violating the law. In MLK Jr's words:

One who breaks an unjust law must do so openly, lovingly, and with a willingness to accept the penalty. I submit that an individual who breaks a law that conscience tells him is unjust and who willingly accepts the penalty of imprisonment in order to arouse the conscience of the community over its injustice, is in reality expressing the highest respect for law.

And as I said, so far as Snowden's own culpability is concerned, even if one believes that some programs should have been revealed, that would not excuse the vast amount of additional information that he took and exposed which reveals no wrongdoing at all.

Finally, this is a complex area of law and policy. It's not black and white legally, and it's not black and white morally. It's unlikely that Snowden had a firm grasp of the constitutional issues raised by these programs; and the notion that he had a sufficiently firm grasp to justify the enormous violations of law he perpetrated is not credible at all. That's not to say that he couldn't form an intelligent opinion about these programs. He could and he has. But an intelligent difference on policy questions is not enough to justify violating the law. In this respect, not every employee has veto power over government policy.

Knott WhittingleyMarch 14, 2014 4:36 PM

I guess we have different ideas about civil disobedience---and I don't think King's were as simple as you make them out to bed.

Suppose, for example, that some German in Germany in 1942 decided to try to kill Hitler, and to get away with it, escaping to England. (Not that I'm saying anybody is as bad as Hitler. I'm just attempting a reductio ad absurdam of your simple position by showing one easy counterexample.)

Would that person be wrong to try to get away with it, e.g., by stealing a fast plane, bombing Hitler's car, and high-tailing it to England?

Should they instead land the plane, turn themselves in to the SS, and "face the music"?

Oh hell no, IMHO.

There are times when it's reasonable and admirable to hang around "face the music," and times when it's just stupid, self-destructive, and counterproductive in non-self-interested. I'm quite glad Snowden is alive and at large, rather than being held in solitary and incommunicado.

Given my current understanding of the situation, it was right for Snowden to do what he did, including trying to escape to asylum in another country. (Too bad we foreclosed all options but Russia.)

Before you make hay of the disanalogies between Snowden and this hypothetical Hitler-assassin, I'd like to clarify the context with respect to Martin Luther King.

As I understand it, King did not really think that violence was off-limits in principle. He said, IIRC, that violence against oppressors could be quite justified, even against oppressors who were not attacking you with physical force.

The argument for nonviolence was largely a strategic one---the problem isn't that violence against oppressors is never justified, but that it's often perceived as unjustified by ignorant and biased schmoes, so nonviolence works better. It's harder to take cheap shots at somebody who's willing to let the oppressor commit acts of violence against them, including beatings, jailings, or even assassination. It looks better on TV, because it's harder for your enemies to paint you as unjustifiably radical if they're visibly violent and you're not.

Likewise, "facing the music" in an unjust system is not a good thing in and of itself. It's a way to make yourself immune to certain criticisms that are often invalid, but play well on Fox News.
It deprives your enemies of certain cheap talking points.

Those talking points are largely a diversion from the basic moral issues of when it's moral to take unauthorized action against an authority, because that authority is illegitimately authoritarian.

It's a media strategy, not a basic moral argument. King was largely inspired by Gandi, and chose the strategy of nonviolence because Gandi showed how well it can work, and why.

Arguably, Snowden should have stayed around to face the music for similar strategic reasons, and you could even make a higher-order moral argument that it would have looked better on TV, and that matters, so he should have.

But seriously, no. I think it's better for him to stay away for the time being, and maybe come back later after a lot of this has played out.

For now I think it's the right thing for him to do, both in his self-interest and in our interest, to stay away and maintain the option of coming back and "facing the music" later, after further revelations (of his and others') erode the appearance of legitimacy of the NSA, the secret courts, and the unholy alliance of many "overseers" with those overseen.

When we have a more effect adversarial oversight regime, and a more open and just legal system with regard to the intelligence community, then maybe he should come back---in which case I think he'd get a minor prison sentence just to make the point that whistleblowing like his is a Big Step to Take, not to be undertaken lightly.

And if we never have such a cleanup and fixing of the system, then he shouldn't come back. And nobody should blame him.

WaelMarch 15, 2014 11:54 AM

@Nick P, @Clive Robinson,

And if we're going to be conspiratorial, let's have fun with it. :)
And
So far the press have mauled the passenger lists and pilots pasts, what has not yet been mentioned is the cargo manifest, this could give little or a lot
Ok, how about This! I'll skip the other link that says the plane was found in the Bermuda Triangle...

Clive RobinsonMarch 15, 2014 2:03 PM

@ Nick P,

The NYT link you give fails on this smart phone due to "to many server redirects" which appears to be the case for many NYT pages (it's a badly designed site any way ;-)

I note however the "mobile" in the link, have you got yourself a smart phone these days and if so keypad or touch screen for entry?

I've read other reports of what the Malaysian PM supposadly said and it appears to be ambiguous and could be Hijacking rather than diversion by another state etc (apparently some people think the. Russian Gov beleive the US Gov have diverted it because it contained WMD material...).

From other sources it's been said that shortly after the last radio message the aircraft climbed above the maximum hight for a 777 then turned and dropped down to a few thousand feet. The climb sugests something went wrong on the flight deck. Others have pointed out that turning of the normal communications systems requires a rotory switch to be turned two positions which would indicate a deliberate act, however I reserve judgment on that as it could be due to electrical fault.

As for the people on the aircraft, well let me put it this way if it did not "land" on an airstrip/runway the chances are it would have broken up and it would be unlikely to expect survivors. If it did land someone was in all likelyhood planing to do a "cover up", if so they would need the "bodies" to be in the "right condition" to make it beleivable. Either way the probability is unfortunatly "no survivors", and now may even be "no bodies" either.

Nick PMarch 15, 2014 3:39 PM

@ Clive Robinson

re Summary of evidence Malaysian plan was hijacked

I have a Samsung Galaxy. It works fine. :) Here is a non-mobile link that might work better for you.

In case the new link fails you, then here's a few highlights from the article:

Prime Minister Najib said it changed course sometime after it took off and remained on the new course for around seven hours.

He said one communication system was disabled first as it flew over northeast Malaysia. Then as it was going across Gulf of Thailand toward Vietnam it's transponder turned off. One article noted you can't just bump the switch due to its design so it must be intentional. Prime minister's specific words are "These movements are consistent with deliberate action by someone on the plane." Military radar said it turned west and then started flying in a certain direction.

They have some salellite data (a ping) that shows two potential arcs based on last known communication. One isn't good: northern Iran, Afghanistan, Pakistan, Afghanistan, and northern India. Other is from Jakarta to a point off west coast of Australia. There's tiny islands with a small airport over there. If it's hijacking, one arc seems more probable to me than the other. They can't narrow it down any further at the moment.

China is sending technicians over to help Malaysians investigate. Their own people are looking in the western area it might have gone. Meanwhile, the annoucement hasn't changed American version of things. Anonymous source said "it doesn't mean anything; it's all just a theory; find the plane, find the black boxes and then..." Strange reaction to news that comms and transponders were turned off, plane turning around, and flying smoothly for hours.

An aviation tracking professional said "Always when you fly, you are in contact with air traffic control in some country.” “Instead of contacting the Vietnam air traffic control, the transponder signal was turned off, so I think the timing of turning off the signal just after you have left Malaysian air traffic control indicates someone did this on purpose, and he found the perfect moment when he wasn’t in control by Malaysia or Vietnam. He was like in no-man’s country."

A commercial pilot added some more. He points out that the reinforced cockpit doors mean the pilot could probably sound an alarm before it's opened. He added the transponder being turned off on the new plane at just the right time suggests someone that knows the plane well. Together, these suggest at least one pilot was involved. He also said the northern corridor has a bunch of military radar so they either didn't make it far or took a different route.

So, data so far suggests a hijacking done by someone that knows the plane, knows where military radars are, knows air traffic control zones, and was traveling in either a remote or downright hostile direction. We don't know who they are, their goal, whether they made it, or if they intend to let their hostages live. And we know Malaysia and China are working on the answer, with the US unconcerned about this new information for reasons I hope are bureaucratic.

SkepticalMarch 15, 2014 4:56 PM

@Nick P: Strange reaction to news that comms and transponders were turned off, plane turning around, and flying smoothly for hours.

The US official was responding to the Malaysian announcement of a criminal inquiry, not the additional information about the plane. That the Malaysian Government announced the criminal inquiry doesn't mean much in determining what happened. And we don't know whether the plane was flying smoothly.

The US dispatched assets to search in the Indian Ocean at least as early as Thursday, and apparently had urged the Malaysian Government to do the same. See e.g. ABC News.

Here's a quote from a separate story on Friday:

A senior U.S. military official told ABC News that they had not ruled out that the plane was flown to a secret site so it could be used at a later date.

"I am keenly interested in resolving this mystery so we can discard the possibility, however remote, that the airplane can be used for nefarious purposes against us in the future," the official said. The official added that "all our intelligence assets" are being used to try to figure this out.

I doubt that the US, or anyone else, is unconcerned about any fact regarding this incident.

One possibility we didn't mention earlier is a fight between the captain and co-pilot over something (a love interest, or something else). It results in the death of one of them. The survivor doesn't know what to do, but is able to execute a series of tactical decisions to gain additional time. Ultimately, despondent and indecisive, he crashes into the ocean, either after exhausting fuel or after deciding that death would be the only exit for him.

Another, which I think has been discussed, is a well-planned suicide/mass-murder by one of the pilots, who took steps to conceal events from crash investigators.

Currently I incline towards those two possibilities, particularly the latter.

If this is the case, then it may also be guessed that the pilot chose the ultimate crash site with some care. The Sunda Trench, apparently containing the deepest waters in the area, and also seismically active, would be a probable choice.

I would put my money, if someone offered very good odds, on or near the intercept of the possible arcs given by satellite data and this trench, beginning with the deepest spots.

Nick PMarch 15, 2014 7:08 PM

@ Skeptical

"The US official was responding to the Malaysian announcement of a criminal inquiry, not the additional information about the plane."

Where did you get that out of the story? The report says that the announcement "did little to change investigators perspectives on *what happened to the plane.*" "Find the plane, find the black boxes and then we can figure out what happened... until they have something more to go on it's all just theories." Of course, theories backed by evidence are worth looking into more than others. If the plane was hijacked, there's not much reason to look for the black box. "Find the plane" is still a good idea at that point.

"I doubt that the US, or anyone else, is unconcerned about any fact regarding this incident."

Fair enough. That they want the FBI over there goes to their credit, too. I was probably forgetting in my haste that the US govt is a collection of many independent parts. Maybe that one official represented a group (eg FAA) that mostly looks through the lens of finding crash evidence. Then others, esp military or police, would be more inclined to investigate a potential hijacking. Might be that simple.

"Another, which I think has been discussed, is a well-planned suicide/mass-murder by one of the pilots, who took steps to conceal events from crash investigators."

It's funny you say that because that possibility entered my mind a few times today. There's many precedents for this sort of thing. I'm not sure how many involve airliners, but it could happen.

"If this is the case, then it may also be guessed that the pilot chose the ultimate crash site with some care. The Sunda Trench, apparently containing the deepest waters in the area, and also seismically active, would be a probable choice. "

Interesting idea. If you end up right, then I'll send you a prize. Of course, for verification purposes, I'll need your name, address, birthdate, mother's maiden name, and SSN. All covered by my strong privacy policy with protection against leaks inspired by NSA's internal controls.

Clive RobinsonMarch 15, 2014 7:47 PM

@ Skeptical,

    Another, which I think has been discussed, is a well-planned suicide/mass-murder by one of the pilots, who took steps to conceal events from crash investigators.

Whilst I would not rule it --or many other things-- out, there is the issue of the passengers and their mobile phones to be satisfactorialy explained.

If as reported passengers phones were "ringing" as opposed to being "out of range" or "diverted to VM" this tends to suggest the phones may well still have been connected to an International network [1]. If this was the case as with the last of the 9/11 planes --UA Flight 93-- how come passengers were not ringing friends and relatives to say goodby etc.

However if the 777 is landed on the water in the right way the airframe would not break up but sink to the bottom slowly. If it has done this then it might as with the Air France aircraft take a couple of years to fid one or more of the black boxes.

Thatsaid as I've mentioned earlier, the fligh cargo manifest might prove of interest just as much as the passenger manifest.

The real problem currently is lack of information, and as with all vacuums nature fills it with whatever is close to hand.

[1] I can think of ways that an out of range phone might sound as though it's ringing even if it's not but that should only happen once not repeatedly.

BuckMarch 15, 2014 8:25 PM

I can think of at least one way that an in range phone might ring repeatedly without any response.

I believe someone already mentioned "The Langoliers" on a different thread here somewhere... Perhaps all the passengers were asleep?

SkepticalMarch 16, 2014 7:52 AM

@Nick P: Where did you get that out of the story? The report says that the announcement "did little to change investigators perspectives on *what happened to the plane.*"

Right. What did little to change perspectives? The announcement. The announcement of what? Of a criminal inquiry.

The timing with which comms were shut down, and the information that led to the redrawing of the plane's range of possible resting places, came from development with the US, and had been reported previously.

The article is a little poor here as it doesn't frame the question to which the official was responding, but if you look closing at the wording, the reaction is to the announcement of the MG's criminal inquiry and conclusion that this was a criminal act.

"Find the plane, find the black boxes and then we can figure out what happened... until they have something more to go on it's all just theories." Of course, theories backed by evidence are worth looking into more than others. If the plane was hijacked, there's not much reason to look for the black box. "Find the plane" is still a good idea at that point.

The black boxes would include the cockpit voice recorder, which would be essential to determining what happened in the cockpit. The flight data recorder will also provide vital information that is currently missing about the plane's route, condition, even knowledge/skill of the person(s) at the controls. Most importantly it would tell us a lot about why the plane crashed, if it did.

Deliberate act or not, these boxes are essential to clearing up the mystery. Without them, we can fit the few pieces we have into a lot of different jigsaws. With them, we can narrow the possible jigsaws to a small number, perhaps just one.

Fair enough. That they want the FBI over there goes to their credit, too. I was probably forgetting in my haste that the US govt is a collection of many independent parts. Maybe that one official represented a group (eg FAA) that mostly looks through the lens of finding crash evidence. Then others, esp military or police, would be more inclined to investigate a potential hijacking. Might be that simple.

Maybe, but I think they'd all be tantalized by any new information about the incident. If they were asked whether the MG's conclusion that this was a criminal act means much to their analysis, they might sound less impressed.

"Another, which I think has been discussed, is a well-planned suicide/mass-murder by one of the pilots, who took steps to conceal events from crash investigators."

It's funny you say that because that possibility entered my mind a few times today. There's many precedents for this sort of thing. I'm not sure how many involve airliners, but it could happen.

I can think of at least two. In at least one, involving EgyptAir, the cockpit voice record and the flight data recorder were essential to piecing together what happened. N.B. The GOE's investigation rejected the possibility of pilot suicide, but other investigatory bodies from around the world held differently, based on the CVR and FDR evidence.

"If this is the case, then it may also be guessed that the pilot chose the ultimate crash site with some care. The Sunda Trench, apparently containing the deepest waters in the area, and also seismically active, would be a probable choice. "

Interesting idea. If you end up right, then I'll send you a prize. Of course, for verification purposes, I'll need your name, address, birthdate, mother's maiden name, and SSN. All covered by my strong privacy policy with protection against leaks inspired by NSA's internal controls.

I'll make an additional prediction that it was the captain of the flight, if this hypothesis pans out. The level of planning and technical knowledge required seems to fit his approach generally, and his care about his reputation in the community and for his family would provide motive to obscure the reality of his action from clear public view.

I hasten to add that it's merely a hypothesis, and that by all accounts the captain, in addition to loving his family, being an active member of his community, and being deeply enthusiastic about all things relating to flying the 777, was, perhaps is, a good man.

So, with those disclaimers firmly in mind, I'd say best guess right now is the Sunda Trench, with the captain at controls.

I'll be happy to send you verification of identity, as soon as you verify that you're using NSA procedures to safeguard the data. :) So please point out the multiple people who have leaked information you deemed classified, and I'll put together the SEND for you.

SkepticalMarch 16, 2014 8:22 AM

@Clive: The cell phones continuing to transmit would be a problem for the explanation I proposed, but thus far that seems to be a rumor. I've yet to hear of anyone with access to data from the cell companies, whether an employee of the companies or an official involved in the investigation, confirm those stories. Apparently some cell companies will provide a single "ring" tone to the caller before sending the caller to voicemail, even if the called phone is off.

Re: cargo. The piracy hypothesis is still alive, I agree. My major problems with it flow from these considerations:

Assuming piracy, then operation was extremely well planned by someone with deep knowledge of 777 flight operation and international ATC protocol and even, perhaps, the weaknesses of Malaysia's military radar. So three outcomes:

1 - given such expertise, and a 777 in good condition, it would be likely that they would be able to land. But an undetected landing seems unlikely (though still possible!).

2 - a crash at sea would also be unlikely given such expertise and an intention to land somewhere.

3 - an airborne departure from a 777 in flight, along with the targeted package, seems unlikely.

If it's piracy, then I think 1 is indeed the likely outcome. At least one of the pilots would be in on it (the younger pilot, most likely) given the perfect exploitation of the handoff from Malaysian ATC to Vietnamese ATC, though if one of the passengers has sufficient aviation background, that calculus changes (pirates could seize the plane prior to the handoff, wait until it was done, and then have the pilots go dark).

Still, I incline towards the pilot suicide theory given the facts so far (which could change quickly, e.g. credible sighting of 777 at low altitude near possible and remote landing strip, disclosure of highly valuable cargo, etc.), as it doesn't require as many moving parts or the addition of assumptions concerning undetected landing possibilities, a gang with sufficient intel to pull this off, and a cargo making this all worth it.

Money is still on Sunda Trench at this point. Though my hope is still that it was piracy, they did land, and after cargo is securely transported elsewhere the passengers will be released to attempt to find their way to communications node.

A failed hijacking, though, is still quite possible. Perhaps the hijackers incorrectly programmed the autopilot after disabling the crew, or were foiled by the pilots who either literally ran out the clock on them while pretending to follow their instructions, or who, before being disabled and under threat by the hijackers, while pretending to follow instructions instead programmed a path (if this is possible) around populated areas that would result in the plane eventually crashing at sea from lack of fuel

Clive RobinsonMarch 16, 2014 3:20 PM

@ Skeptical, Nick P,

Whilst some assume the US Authorities are responsible for the finding out that the aircraft was still flying, they were not. From what I've been told Rolls Royce had been in contact with MAS ground/engineering services about the Trent Engine performance and that this may well have been the cause of MAS not declaring the flight missing. Apparently there were anomolous engine readings that may well corespond to the aircraft being taken above it's maximum safe operating hight.

This caused further enquires to be made to Inmarsats UK offices adjacent to Old Street Underground station --it's a nice building inside if you get the chance to visit-- they passed the information on to SITA (Aero UK/Geneva not the French owned UK cleaning and waste org) who inturn passed it onto MAS. Whilst this was being kept confidential in the UK because of the criminal implications, apparently somebody in Boeing who became aware of it via the Inmarsat-SITA communications leaked the information to the US Media. And the first the US Authorities got to know of it was via the Boeing leak and hurried communications to the UK companies and authorities where various things had been ruled out, and after Rolls Royce staff were already in progress towards Malaysia.

As usual US Authorities were a little more free with foreign gathered intel than they should have been when talking to the press and thus released the piracy asspect.

Whilst there is much speculation the two most important bits of information we need to see are the Rolls Royce logs of the MH370 aircraft's Trent Engines and the full cargo manifest.

Speaking of speculation Rupert Murdoc of News International is tweeting about an international jihadist movement targeting China and that this is an oportunity... The reality is the Chinese Government have found themselves impotent under quite serious questioning by their own people and have thus been throwing the toys out of the pram at the Malaysian Authorities. In turn the Malaysian PM is currently embroiled in a quite serious political shananigans in Malaysia having jailed his ex deputy who had split away from him over various issues including coruption. This is being used by Malaysian political affiliates to imply that one or both pilots have taken "political action", bearing in mind neither pilot requested to fly with the other and it was a quick rosta that put them together on MH370 this appears unlikely. If you are wondering why Rupert "the bear faced liar" Murdoch is all a twitter think back to how he got his wife... It just so happens that he has significant interests in China Media currently which means he has to be nice to the Chinesse Government one way or another. The question is thouh is which political side is he stroking and what it has to do with other pollitical events (ie Russia).

Getting back to MH370 it appears that there is now a question mark over who's voice was on the final radio messages as it's been sugested it was not either of the pilots. Apparently this has arisen because the messages were sent after the various automatic systems had started to be shut off. If these sugestions are true then "suicide by pilot" is unlikely.

However there is a problem with that which is all to do with the passengers and their smart phones etc. It needs to be noted that this flight was schedualed to fly North West at a time it is unlikely the passengers would have been asleep. The question arises that if they were awake and aware of the aircraft being taken over did they try to communicate via their phones etc to give warning. If at the supposed turning point to fly South West they were out of range if the SW course was maintained they would have come back into range within 45mins... Thus the phone operators would likely to have seen some of the phones re-register with the networks.

There is a lot of information that has yet to be brought forward which I suspect will throw more twists and turns in the enquires, but at the moment it's the Trent Engine TotalCare logs and cargo manifest that are of most interest. Whilst the engine logs I would expect to remain under wraps for as a minimum comercial confidentiality reasons ans likewise the SITA logs the cargo mainifest is a "documennt of public record" for international flights thus it's odd it has not been released like the passenger manifest.

What I would also like to know is if the aircraft had SITA's "OnAir" service or not because that could answer quite a few questions via Monaco Telecom about the passenger phones.

Nick PMarch 16, 2014 8:22 PM

@ Skeptical

re black boxes

Good points.

re verification

"I'll be happy to send you verification of identity, as soon as you verify that you're using NSA procedures to safeguard the data. :)"

Haha. Unfortunately, the specifics of our controls are code-word classified under our internal system. The owner of the data said it couldn't be released to you. You'll just have to have faith like you do with the NSA. :P

@ Wael

Wow. Great link.

@ Clive Robinson

Or the planes were confiscated by hijackers, then placed into a bag. Another possibility.

The lack of information is the main problem, though.

@ all re plane

It's been fun discussing this, predicting and analyzing. We've worked out many potential angles. I figure we should just put the thread to rest, though, until we get more solid information. I'll also be interested to look back at the theories and see which connected to the plane's condition, if it's found.

Clive RobinsonMarch 17, 2014 5:00 AM

@ Nick P,

    I figure we should just put the thread to rest, though, until we get more solid information.

Yes we've gone about as far as we can without certain information. Though on the analysis side we appear to have been ahead and better informed than most newspapers and other media outlets.

But there have been other side effects of this tragadie that are going to have potentialy very long lasting effects.

Firstly is China, the Chinese Gov has maintained it's position by appearing to be omnipresent and omnipotent to the Chinese population. In just a handfull of days this image has come crashing down in China in a way the government could not stage manage. Much of Arab Spring started with a lot less and it's becoming clear to many both inside and outside China that the Chinese Gov have been reduced to impotent rhetoric and that the "Specter of Chinese Control" of it's. Sphere of Influance nations is in effect gone. Malaysia has "slipped the leash" as have others and it's "economic development" that has loosened the collar, and it's escaped from their Pandora's Box. It's a problem Russia has with the Ukrain, the people have got rid of the puppets in charge who ran the country as a criminal enterprise. The problem for Russia is it was maintaining and extending it's sphear of influance via the "gas tap", it could simply bring a nation to heel by turning it off at inoportune times such as winter. When Crimea was signed over to the Ukrain it was considered to be not of significant mineral wealth to be worth keeping, the ports the Russian's used were considered enough of a hold to extend influance. However science changed things with fracking. Crimea sits on a lot of what was formaly considered inaccessable shale gas which represents a significant political threat to Russia's Gas Tap politics. Whilst the criminals were runing Ukrain the problem was managable, now it's not and Putin is starting the same tactics that gave rise to WWII. The Chinese Government it no doubt watching and thinking as to if it's a viable way to re-excert influance.

And the potential for military action has been highlited through the loss of MH370, every one has turned to asking for the military to look at what their radars saw. But the problem is it's revealed just how ineffective they are and thus like The Emporer's New Cloths...

Some journalists are waking up to this "Defence Pretence",

http://www.bbc.co.uk/news/world-asia-26603830

But as some know "Defence Pretence" is not just radar it's pretty much everything and the implication is the old "Might is Right" doctorin dressed up as "Defence through offence" or "First Strike".

It's a subject we skate around because we don't want to think about it as people or nations of citizen's as was once said "You don't want toknow the truth, because you can't handle the truth".

The truth is "competative edge" if you are a small nation seen as backwards and harmless you don't represent a threat to the entrenched "power politics" of the so called "Super Powers". Thus "Defence spending" is a waste of resources. Thus if you devote your nations GDP profit to reinvestment it can have a major effect quite quickly (look at South Korea for example). Suddenly you are nolonger a backwards nation but an "economic power house" and you are a threat because you have in effect destroyed the Super Powers home economy, you have as some see it "stolen their birthright".

If however you take a step back you realise that the "enemy at the gate" is not bearing arms but gifts that work better than any weapon, because they destroy you from within. For David to beat Goliath he did not need a sling shot and a chink in the armour, just wine laced with opium and a little time for Goliath to become fat, lazy and dependant thus an easy push over.

Thus a country is vulnerable because it can not defend it's self from the enemy without and the enemy within, it can not afford to and it's this fact that brings empires down. So the game is to fake it, that is have "cardboard tanks" which make you enemy without think you are strongly defended you spend your money on the enemy within with "bread and circuses" and leave defences to rot because it won't show untill tomorow and you live for today.

There is another trick which is to realise it's not possible to defend aas the perimiter is to big and the exploitable weaknesses to many, so it's a waste to spend on deffence as you will never cover it all. Instead spend not just on reinvestment but also on offense only and attack others before they become to strong.

Essentialy this is what the MIC is about you reinvest to make better weapons and eat up the defence budget, in the process you sell on your last generation developments to other nations to ensure their is always sufficient threat to look credible and thus keep the tax dollars rolling in. If there is not a credibal threat you invent one. As long as there is sufficient inertia and cost in the system then it remains a viable business.

But what happens when their is a game changer? What if the cost of offence becomes close to or in effect zero?

This is the worlds of terrorism and cyber-warefare, you can not spend sufficient money to buy defense against them the DHS has proved that, and it's costs have crippled the US economy to the point it won't recover in our life times if ever.

In this "brave new world" you have three choices, firstly put up with the attacks, secondly strike first and thirdly work out a way to stop people wanting to attack you in the first place.

In Europe we learnt that the first option was the least costly, the occasional terrorist attack actually had little direct economic impact, certainly less than disease and accidents and even lightning strikes. The secondary economic impact was higher and it was seen that the second option was not viable so eventualy the third option was used. It's still a rocky road, for instance N.I. has had a couple of bombs directed at security forces just the other day but the attitude of the citizans has changed they've made it clear they don't want terrorism they want to travel the road of peaceful economic growth and they will remove the rocks from that road one way or another.

However there is a problem, there will always be those who see a short cut to success through not following societal rules, in the physical world they are limited by the resources available to them and distance, which usually equates to cost as the limiting factor.

However in the non physical cyber world resources are there for the taking at near zero cost and distance has a near zero cost metric. Thus cyber-weapons are cheap and defence to costly to contemplate which is why the "defence by ofense" "strike first" doctorin is being persued with such determination by various organisations. Also it accounts for the "enemy within" monitoring to find those who potentialy will be a threat long before they are and cut them down in one way or another.

The disapearance of MAS flight 370 may not have much of a direct economic impact but the potential secondary effect could be quite devistating as it could act as a catalyst for change in China, which might be peaceful or it might not. Either way it's lifted a veil on "Defence by Pretence" that many in power did not want known, because it leads to questions that can not be truthful answered.

After all how long before citizens in the US start asking "why are we spending on the NRO etc when they can't find a hugh slow pasenger aircraft?" Or similar questions which rips away the omnipresent omnipotent illusion by which political power is maintained...

SkepticalMarch 17, 2014 1:14 PM

@Clive: Getting back to MH370 it appears that there is now a question mark over who's voice was on the final radio messages as it's been sugested it was not either of the pilots. Apparently this has arisen because the messages were sent after the various automatic systems had started to be shut off. If these sugestions are true then "suicide by pilot" is unlikely.

I haven't heard anyone suggest that the voice is not one of the pilots, although it hasn't been said that it is one of the pilots either.

The timing of the transponder and ACARS shutoffs actually strengthens the theory that this was an act perpetrated by one of the pilots.

Suppose you're a pilot intent on crashing an aircraft but concealing where and why the aircraft crashed. And suppose the aircraft is a 777 in commercial service.

You'd have to disable the two data-links that you know of: transponder and ACARS.

You'd have to avoid arousing the suspicion of ATC.

ACARS is less likely to be noticed than the transponder shutoff, and requires you to be off the flight deck to disable. So you do that first, shortly after takeoff, using one pretense or another to go below to do so.

The transponder is trickier. Your co-pilot is going to notice, and ATC may notice.

So the ideal time to turn off the transponder would be just as the plane is handed off from one ATC to another. Malaysian ATC contacts the flight, and instructs them to contact Vietnamese ATC at a given frequency. You acknowledge. In that moment neither ATC has responsibility for you; the chances that you can turn off the transponder without attracting notice are greatest. So you do so.

If there were multiple people involved, I would expect ACARS and the transponder to be turned off nearly simultaneously at the point of the ATC handoff. That they weren't indicates, though not conclusively, that this is the act of a single individual with a great deal of knowledge about the 777.

My money remains on the following: suicide/homicide by the captain, who crashed the aircraft over the Sunda Trench, south-southwest of Sumatra.

KnottWhittingleyMarch 17, 2014 2:37 PM

Skeptical,

The Malaysia Airlines are saying this morning that that the voice is the co-pilot's, according to BBC and MSNBC.

Dunno if it's true, or how sure they are, or how they know.


KnottWhittingleyMarch 17, 2014 2:44 PM

I wouldn't assume, even inconclusively, that it's a single individual. You might have one or more others busy keeping crew and/or passengers at bay while the co-pilot messes with systems in the cockpit, then puts the plane on autopilot and goes elsewhere to mess with other systems.

I would think that it'd be hard, or at least very risky, for a single actor to try to steal a 777 with over 200 people on board. (Then again, I've never thought much about how to hijack a plane.)

Clive RobinsonMarch 17, 2014 6:21 PM

@ Skeptical,

The original idea that the message was by neither pilot came up when the Malaysian authorities started talking about the plane being diverted and questions arose over "hijacking".

For the authorities to correctly identify it as the co-pilot they must have a recording from some where which they have played to someone who knows the co-pilots "work voice" very well, because if you've ever listened to the pilots voices when they us HF it sounds like they are using throat mics.

I am still hoping to see the cargo manifest, because if a fire started in certain parts of the aircraft aand burnt through or fused some cables then you would lose some of the equipment at different times. And smoke "over coming" passengers would account for lack of mobile phone use. Likewise the turn to the west could be an attempt to head for another close airport. And if the pilots had adjusted the auto pilot befor becoming overwhelmed them selves then it is quite possible for the aircraft to carry on flying till it ran out of fuel.

However the reporting of the aircraft rising above it's maximum safe operating hight and then odd steping down in hight sounds more like someone was still in control. And the last clear message tends to sujest there was neither alarm or panic. However some people are questioning even this information all of which makes the incident odd at best.

BuckMarch 17, 2014 10:11 PM

@Clive

You're so close to connecting these two dots:

  • smoke "over coming" passengers would account for lack of mobile phone use
  • rising above it's maximum safe operating hight ... sounds more like someone was still in control
I'm starting to suspect that you're just waiting to see who else will come to the same conclusion... ;-)

Clive RobinsonMarch 18, 2014 6:07 AM

@ Buck,

    You're so close to connecting these two dots

Yes and no...

Firstly you need to consider that just under three quaters of air accidents are atributed to problems with the plane or the ubiquitous "pilot error" [1]. So it's more probable this is the cause than any other. However the main problem is reconciling some form of failure with the known facts, otherwise you have to go for the Sherlock Homes argument of "after you have eliminated...

So you have to consider many posabilities, we know that basicaly a commercial jet can be brought down by,

1, A failure of the plane and/or the crew.
2, Hostile activities of those on the plane.
3, Or an external influance on the plane.

We know aircraft have been downed by the aivionics giving the pilots information that is misleading at best [1]. One occurance was due to a cleaning procedure that involved blocking up an air preasure sensor tube to stop the cleaning process causing problems. Nobody considered what would happen if the cleaners forgot to fully remove what they had used to block the tube...

We also know that commercial pilots are not as well trained as military pilots in things like recognising the effects of oxygen starvation due to slow cabin preasure leak or other causes. But whilst this might account for why the passengers did not try and contact people by phone it does not account for the turning off of various asspects of radio serveces like ADS-B and ACARS but not others. Whilst this may look like the actions of a person it need not be, it's known that fire in the nose section where some of the avionics systems are located can produce this result. Fire has in the past been caused by electrical sources, cargo (oxygen generators) and even the tyre on the nose wheel.

Fire can also produce fumes and smoke that could cause the overwhelming of pasengers and crew, but it would usually cause some kind of alarm or panic in them first. This does not sit well with the last message clearly received from the aircraft which as reported sounded routien, untroubled and calm.

Then there was the change of course, this could easily have been an experianced pilot on recognising a major emergancy seting the plane on a course to the most suitable landing place by the auto pilot to free up them and the copilot to take other action. However you would expect them to also make a mayday call to the control network stating the emergancy and their intentions.

But there have been reports of other course changes with time including the loss of hight, this suggests there was somebody still in control of the aircraft.

Whilst not impossible it does appear unlikely and thus options 2&3 appear more likely. Much of this appears to "track back" to "off record" comments made in the US. Specificaly the suggestion it was a new form of sophisticated piracy done by the use of cyber-warfare like an enhanced version of "planesploit". However to hold water the argument needs to supply a reason for the piracy which has not been realisticaly presented. Whilst it is known that China does ship in very valuable cargoes by air this is not of necesity proof of piracy. It has also been sugested that a high level political briefing sugested the plane was carrying WMD materials and that the US tried to capture or down the aircraft...

All of which might be reconciled with further information such as the engine logs Rolls Royce has and the cargo manifest.

So untill further credible evidence turns up --and it may never-- I'm going with the likes of fire causing failure of systems and crew with the autopilot flying the aircraft untill it ran out of fuel. I'm not ruling out piracy or hacking just going with the historical probabilities.

[1] Pilot error can historicaly decoded as meaning : As the pilot's dead and can not defend themself we'll blaim them because we don't want to admit we don't know the real reason or don't want to or can't find the real cause for various reasons... One thing that has become more noticable with "zero hours" training is "information overload". Basicaly the modern flight systems are so complex and designed in particular ways that whilst they make a pilots life easier in normal conditions they cause confussion in abnormal situations.

[2] One article going on about "Planesploit" and other remote hacking attacks is http://www.huffingtonpost.co.uk/2014/03/17/malaysia-mh370-hacked_n_4977688.htm as I said in my original post I did not want to start a conspiracy theory about people attacking the airplane systems via satalite etc systems.

SkepticalMarch 18, 2014 6:19 AM


@Knott: If you successfully deceive the passengers, then there is no need to keep them at bay. A successful deception can be worth a division.

@Clive: Those transmissions can be a little noisy, but the co-pilot may have a distinctive voice, or it just happened to be clear enough for an easy ID. Or the authorities actually aren't sure. Who knows.

Re: climb to 45k, I'm curious to see how reliable altitude readings based on engine data are. They may be very, very reliable for all I know, but I'd like confirmation from someone who knows that these readings are good.

I'd like to know what's in the cargo as well, but the piracy theory is running as a second or third hypothesis for me given all the other assumptions I must make in order to get the theory to work. That may change as we learn about the cargo, passengers, and pilots, of course.

I agree that there's still the possibility of a catastrophic failure of all comm systems, followed by the pilots, perhaps disoriented and on the brink of losing consciousness, entering bad instructions into the autopilot. This would also require an assumption that the cockpit oxygen system failed, and that the passenger oxygen system similarly failed.

There now seems to be doubt about when the transponder and ACARS went offline, so we may have to hold speculations derived from that timing until we get something more definitive.

I'd also love to know what they're finding on the captain's flight simulator. If he's the culprit, I'd expect that there would be some scenarios that he's been practicing which he would have attempted to delete (e.g. flying under 5k across central Malaysia).

Clive RobinsonMarch 18, 2014 9:00 AM

@ Skeptical,

With regards the voice over the radio it might be recognisable to some but not to others who know the person well. For instance most people talk considerably differently when on the phone to a friend or family member than they would their boss or potential business client. Likewise I talk very differently on long haul HF and SatComms than I do over NBFM comms especialy if the mode is ISB/SSB/AM or other analogue modes or I'm using a thoat/whisper mic. Not just what I say but how I pronounce words th emeter, pitch and intonation. It can be just as bad when using digital voice systems using low rate / bandwidth CoDecs.

As for the reports of flying above fourty thousand feet these --supposadly-- came from direct radar systems reletative to the previous thirty thousand foot readings as did further reports of course changes and height.

However Rolls Royce do offere extensive monitoring of performance quite capable of detecting very small changes in performance so that fuel consumption / efficiency can be optomised. Thus I would expect them to cross reffrence the engine performance with itms previous performance known weather data and the performance of other Trent engines they monitor in the area.

The problem I have with Mad Pilot / suicide terrorist is the lack of ground target, these sorts of people usually want their deth to make a statment of some form, which is currently absent. Whilst "suicide pilot" can not be ruled out ususally a motive can be found which so far has not come to public light.

The supposed upset over politics currently going on in Malaysia is a non starter and more likely a politico puting spin on it for their own political advantage than reality, because of the lack of "statment" of some form.

As for the home built flight simulator, this is not an unknown hobby, some people actually spend large sums of money actually buying genuine levers, buttons, pannels, chairs etc. There's several magazines dedicated to the subject just like there are for model railway enthusiats. Some reports indicated he had a proffessional interest in simulator training and inspection, however the details are not altogether clear. It's also quite common for pilots to use simulators to get the feel of routes and aproaches before or even if they might do such a route for real, I suspect much will be mase of it but little relevance in reality, we'll just have to wait and see what real evidence if any comes out.

Yes there is a problem with the transponder information as reported in the press it leaves people with the impression it's a single box in the cockpit with an on/off switch, which is very far from the reality. Basicaly it's more like a LAN with a couple of gateways to one or more WANs with extensive EOW and Keep Alive systems. More importantly the likes of ACARS uses multiple frequencies in the VHF band (around 130MHz) and SatComs via Inmarsat and it automaticaly switches btween the two. As such bits are distributed all over the airframe and the likes of a fire could take various bits off line in an order that might indicate where it started and how far it spread etc. Without extensive, accurate and highly detailed information known only to the likes of Boeing, MAS , SITA and Inmarsat it's only possible to make generalised assumptions.

What you can be sure of is whilst the press and politicos are having their "bun fight" in public the legal teams and PR teams of all the companies involved are hunkered down inprivate in litigation protection mode. And this will almost certainly result in people sitting on documentation and other information and only releasing that which they are obliged to do to assist the air accident investigation board in Malasyia, who in turn will be spied upon by other vested national interests (China, UK and US to name but three).

Another thing we can reasonably be certain of is that the engineering teams of these companies are going to have significant thoughts about "planesploit" and the posabilities Ed Snowdens revelations have opened up. You can already see journalists picking up on this and various independent industry people are "fluffing answersn" in ways that are going to make some journalists "smell blood in the water". And I know from experiance what happens when people start digging. All of the coms systems and the systems that sit on top of them have not been designed for security, partly because the base designs are over thirty years old, partly because security of this sort has never been realy considered let alone specified and paid for, but mainly because they have been designed for reliability which in engineers minds means lots of test hookups etc and as I keep saying test harnesses get in deep because they are designed to do so and thus give access and thus exploitability at all levels.

The only question in my mind is when --not if-- Bruce is going to get asked for his views either by journalists or at a conference pannel.

One thing that will come up at some point soon is "Mad Pilot -v- Cockpit Doors" and other War On Terror thingd such as "Passenger screening" and other "Security Theater" subjects. Which is why I gave the "heads up" originaly.

Clive RobinsonMarch 18, 2014 1:21 PM

It would appear the Malaysian Government has changed it's story about when the various radio signals changed/stopped, such that they were coincidental and not seperated by about a quater of an hour.

Although this makes it rather more likely to be a systems failure such as fire/mechanical breakup not human action the Malaysian Government are still insisting other actions show a human was responsible...

This is looking more and more likely to be a simple and tragic failure of the aircraft rather than a deliberate planed action by one or more individuals.

Whilst the aircraft failure could be caused by cargo of some kind this also looks less likely. But on the assumption it was it is also less likely it was a terrorist device etc.

KnottWhittingleyMarch 18, 2014 1:59 PM

FWIW, one piece of evidence they're adducing is that the plane turned off course without gaining or losing altitude as it almost invariably would if it were being flown manually. From this they infer that it was programmed to go off-course, by someone who knew not just airliner stuff but 777-specific technical stuff.

As usual, I dunno if they're right.

twiNightMarch 22, 2014 11:52 PM

To 8: thank you for a very good comment, it is impossible not to notice how hard most people here and elsewhere avoid talking about the obvious.

We are at the beginning of the largest historical event of our lifetimes, far bigger than the fall of the Soviet Union, and it is an entirely open question what if anything will remain afterwards except it will be chock full of rubble. Maybe it will be rubble governed by the global death of all freedoms, or maybe the US manages to obliterate itself first. However I'm afraid that last possibility is far too optimistic, it took the Soviet Union nearly three quarters of a century to throw in the towel but if the US lasts another twenty or maybe just ten years then they're not going to have any such options or choices any more.

Ten years is nothing, except for attrition due to natural causes like death the US is likely to have exactly the same individuals as "politicians" when the main impact comes.

AlanSApril 7, 2014 8:22 PM

@Skeptical

"But no, Drake does not claim that he was prosecuted by the DOJ because of those complaints."

Yes he does. If you read his various statements there is no disconnect between the earlier "administrative" retaliation and the later prosecution. He became a target for prosecution later because previously he'd been labeled as a troublemaker. See for example his testimony to the European Parliament Committee on Civil Liberties where he talks about the administrative retaliation as just the beginning and then goes on to discuss the raiding by the FBI and prosecution.

Klutzy the GazelleApril 29, 2014 10:43 AM

Is there a place to post general questions? For example, how would I find out if Blue Shield CA's customer service website functionality is really hosed this morning, and for how long it's been that way? How would I find out if their phone customer service that I dialed on my cell phone, that sounded unprofessional, was in fact theirs? How would I find out how often it happens that mail sent from a post office doesn't reach the addressee?
How smart is it, that California's Department of Business Oversight offers no way to privately contact them to report security flaws in a financial business? (You call, and say it, and the fellow says "file a complaint from the website")
What is the closest thing that we in the U.S. have in the way of a civic early warning system, to alert when things don't seem right?

WannabeApril 30, 2014 2:17 PM

@Klutzy the Gazelle: "For example, how would I find out if Blue Shield CA's customer service website functionality is really hosed this morning, and for how long it's been that way?

Answer for this one an similar internet-related matters: isc.sans.org

BuckApril 30, 2014 3:36 PM

@Wannabe

I used to fancy the SANS ISC as a fairly informative source, but over the last few years I've felt their daily diaries have been getting more and more delayed, droll, and downright redundant... :-\

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.