Friday Squid Blogging: Dancing Zombie Squid

How dead squid is made to dance when soy sauce is poured on it.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on June 12, 2015 at 4:41 PM • 210 Comments

Comments

LasersharkJune 12, 2015 4:54 PM

New Intel processors are supposed to have a 'feature' called Intel Identity Protection Technology that allows websites using javascript to interact with chip and determine its identity.

JacobJune 12, 2015 5:17 PM

@Lasershark
I consider this indeed a "feature". It is a Good Thing.
If you don't like it, you can either not install the required drivers or, I assume, disable the Intel ME in the bios.

Mr. AJune 12, 2015 5:18 PM

Bruce, here is a very interesting report commissioned by the UK into Regulatory Powers.

The author is an eminent barrister, David Anderson Q.C, and has been given access to a wide range of evidence to enable him to compile his report.

The website itself has much (although not all) of the written submissions considered by him in producing the report.

This is the BBC article, the Guardian article and the Telegraph article.

Here is the Daily Mail and the Telegraph with the story that "Twitter and other firms could tip off terror suspects that they are under watch by spies".

Clive RobinsonJune 12, 2015 5:49 PM

Dead squid twitching due to soy sauce...

A bit like oysters and lemon juice, or frogs legs and a little electricity (which apparently inspired Mary Shelly to give us Dr Frankenstein's Monster).

I've seen something similar in my local Sushi Bar, I'd ordered some sashimi, and being the first customer for a particular type of fish, it was pulled live from the tank, then beheaded and prepared and on the plate in front of my in around thirty seconds, when I dipped it in the soy sauce and wasabi mixture it twitched, I glaced up to see the chef smile and say it was good fortune. Whilst smiling back I noticed the head of the fish on the preperation board moving it's jaw as though gasping for air.

Fresh fish indeed but not quite as fresh as a drink I had in Norway, which was whisky with live elvers in it, the idea was to "knock it back" whilst they were still wriggling...

And before anybody asks, no I've not tried "live monkey brains" but I have tried live mopane worms (actually a large caterpillar), but like sea slug and snails they taste a lot better cooked with strong herbs and spices, though the kids there liked them fried and dipped in chocolate...

AlanSJune 12, 2015 6:02 PM

Jack Balkin has an interesting post as surveillance as the modus operandi of modern political parties: The Party as Database.

In the Jacksonian era, mass political parties emerged, held together by party platforms, mobilization efforts, and systems of patronage. The political party of the early twenty-first century is increasingly organized around the collection and analysis of information. This is the idea of the party as database. The party’s electoral success depends increasingly on its abilities at data mining and political surveillance of potential voters and messaging to those voters. Information systems are indispensable to their continued success.

Also see AWS Case Study: Obama for America Campaign 2012. The results speak for themselves. No wonder he loves the surveillance state.

Balkin's post follows up on a paper from last year that is on SSRN. Also worth checking out on SSRN are his earlier writings on surveillance: The Processes of Constitutional Change: From Partisan Entrenchment to the National Surveillance State (2006, with Sanford Levinson) and The Constitution in the National Surveillance State (2008).

BenniJune 12, 2015 7:23 PM

The article on the nuclear powerstation says on page 2 that they also have notified the employees via email about the ip adresses of the internet server to which they have to connect when they want to administrate AKW mühleberg....

I guess, they are a bit late, but at least they take the internet of things seriously...


ManuelJune 12, 2015 7:50 PM

Kaspersky leaves attribution up to the authorities and believes in responsible disclosure

http://www.channelnomics.com/channelnomics-us/analysis/2412985/kaspersky-not-our-job-to-hunt-down-our-hackers

In general, the attribution of cyber attacks is difficult to do conclusively; in order to know for a fact who is behind attacks, one must either catch the perpetrator in the act, the actors must admit to the attack, or law enforcement must uncover definitive forensic evidence that ties specific individuals to the acts in question. These activities are outside of the services and purpose that Kaspersky Lab delivers; they are the work of law enforcement investigators.
In the case of Duqu, the attackers intentionally introduced false information to confuse investigators, and used multiple proxies and jumping points to mask their connections. The use of these tactics make tracking them down to a definitive end source a complex problem, and it makes definitive attribution based purely on systems-based information dubious at best.

Some new details on the OPM hack

http://www.washingtonpost.com/world/national-security/chinese-hack-of-government-network-compromises-security-clearance-files/2015/06/12/9f91f146-1135-11e5-9726-49d6fa26a8c6_story.html

OPM is still assessing how many people were affected, spokesman Samuel Schumach said. “Once we have conclusive information about the breach, we will announce a notification plan for individuals whose information is determined to have been compromised,” he said.
mployees of intelligence agencies, such as the CIA, generally do not have their clearance checks records held by OPM, although some do, officials said. “That’s the open question — whether it’s going to hit CIA folks,” the second official said. “It would be a huge deal. They could start unmasking identities.”
In the past year or two, the Chinese government has begun building massive databases of Americans’ personal information obtained through cyber­espionage. Besides the series of OPM intrusions, a federal government contractor that conducted background investigations for OPM and the Department of Homeland Security was hacked last year by the Chinese. And Beijing has been linked to penetrations of several health insurance companies that hold personal data on tens of millions of Americans.

ManuelJune 12, 2015 7:53 PM

Germany Ends Inquiry into Merkel Phone Hack

http://arstechnica.com/tech-policy/2015/06/germany-ends-inquiry-of-whether-nsa-snooped-on-merkels-cell-phone/

The German government has decided to abandon its probe of the claims that the National Security Agency spied on Chancellor Angela Merkel’s phone.Chief prosecutor Harald Range said in a German-language statement (Google Translate) on Friday that there was insufficient evidence of criminal activity that would hold up in a German court.

LasersharkJune 12, 2015 8:12 PM

Regarding Intel Identity Protection Technology

This 'feature' is already available using usb tokens from RSA. The difference is that the token is 'opt in' while the Intel chip is 'jailed in'. As if we can trust that this 'feature' won't be used to identify specific machines on the internet.

GodelJune 12, 2015 8:25 PM

While browsing on the Tails website I saw this little gem:

When sending an email from an IMAP account, Claws Mail does the following:

It connects to the IMAP server and stores a plaintext copy of the email in the Queue folder on the server.

It encrypts the email locally.

It sends the encrypted email through the SMTP server.

It connects to the IMAP server and stores an encrypted copy of the email in the Sent folder on the server.

It connects to the IMAP server and deletes the plaintext email saved in step 1 from the Queue folder.

The Claws developers have been aware of this since December 2013 but have so far only published work-arounds. Apparently they think it's not important and their comments virtually blame the users for not knowing that they have to configure their mail setup so as to avoid this.

Is it any wonder that encrypted mail isn't more widely employed by the average user?

ThothJune 12, 2015 8:29 PM

@Lonely Stranger, Nick P, GeorgeL
I think we miss the fact that high level languages for security settings are actually nearer to us and more common than we think. Most smartcard chips with JavaCard support uses Java as the high level language albeit the lack of a whole sleuth of standard Java functions. In these smartcard architectures (JavaCard and GP architectures), they have concepts of virtualized resources, application firewalls, resource sharing security and the likes (at a CC EAL level somewhere around 5+ for most).

For the concern of attackers manipulating the memory access physcially, you can encrypt and sign the memory blocks on the external or internal memory but the trade off is memory consumption. secure code processing (secure execution) can be done in a tamper resistant security chip where you load your secure bootloader, microkernel and most critical functions while using the security chip's internal limited RAM space to do the secure stuff and when you load the userland applications, you may use external RAM space while using the security chip's signing and encryption key on the memory blocks. This would have allowed a physically more secured deployment of the high security microkernels in a relatively higher physically secure and logically secure setting.

ThothJune 12, 2015 9:21 PM

@Godel
Good old way of handling PGP/GPG email without a mail client is to encrypt/decrypt emails without using a mail client's cryptographic capability but to simply use the PGP/GPG tools like the command line or GPA to do the trick.

If one user wants to send images or media to another user, they could simply zip them up and email the PGP/GPG ASCII armoured text to each other over any sort of mail client regardless is it Gmail, Yahoo or personal mail servers.

I am very doubtful if Claws, Enigma or Mailpile have been fully audited for their security functions so it's best to not touch them directly least the same thing of storing unencrypted drafts happens again or something more serious than that. The storage of encrypted and decrypted emails at rest on the client side can be done using an encrypted volume (e.g. a variant of Truecrypt).

GodelJune 12, 2015 9:54 PM

@ Godel, Thoth

I just tried the following in Evolution:

  1. New (message)
  2. (Type something)
  3. Options -> PGP Sign
  4. Options -> PGP Encrypt
  5. File -> Save as Draft

The message is stored locally in plaintext, unsigned, which brings up some questions:

  1. Should a draft message be signed if it is saved? Perhaps, but not in such a way that would allow an attacker who obtained that message to simply send it on to your recipient as if it were your final intended communication.
  2. Should a draft message be encrypted if it is saved? Absolutely; I should think so.

Nick PJune 12, 2015 10:39 PM

@ Godel
re Thoth's suggestion

You can use this cheat sheet to use GPG without knowing GPG. Just gotta verify that you got the right key and other person do the same. Past that, you can communicate with text files encrypted and decrypted using commands on the site. Encrypted one's end in .gpg. Can encrypt other media that way, zipping it as Thoth noted. Could be some metadata exposed but I think GPG protects that. I haven't been concerned about that given who I use it with.

So, you install it, each generate key file with command, share it securely somehow (esp in person), and then communicate with texts protected by those cut and pasted commands. Save that page onto your own PC with Save as HTML only, too, to avoid a future MITM attack.

EDIT re latest comment: I have no opinion on that as I don't know the specifics of the product or what's going on when you do that.

@ Thoth
re GPG

It's funny as I've been saying about the same thing on HN. You should read the comments here on how hard GPG is to use. I took time to tell each one individually that a person with only Google and cutnpaste can use the tool. That a panel of technical experts just gave up after 2 hours of work was... hilarious. If it's even true.

More disturbing is the response to my comment on ECC patents. The NSA rebuttal was fair as theirs are expired. Yet, it's strange that all those people thought there were *no* patents on ECC despite it being a multi-million dollar source of income. It was getting amused because they started downvoting instead of responding while others upvoted me back up. I knew the Matasano guy was there: my rep always drops 1 point followed by a comment notification. I told him that the nonexistence of ECC patents was a neat trick given that they sold for 7x his company's value. Edited comment to reflect what good feedback I got. Moving on.

re languages

That's a good observation. However, they tend to use a combination of an abstract machine (VM), a verification component, and a safe language built for the VM. This powerful combination has been proven numerous times. It's one model among many, though.

Another is an inherently safe piece of hardware (eg SAFE, SSP). Another is a runtime or translation tool that makes unsafe code safe (eg full CFI, C-to-JVM compilers). Another is a language with optional runtime that inherently prevents certain problems (eg Ada, ParaSail, Ur/Web, Haskell) and might be compiled to arbitrary machines. Another are type-systems and domain-specific languages that prevent specific types of problems while outputing code that can integrate with other components. These may be used individually or all together.

The memory crypto is accurate as that's what academic and commercial work is doing. I've already sent you the specifics on that, though. The schemes are getting better each year. One had a formal security argument that was pretty nice. One of few I've seen for hardware.

rgaffJune 12, 2015 11:51 PM

@Nick P

Re: that HN thread...

OMG people berating you for copying a command off an "unsecured" cheat sheet off the net? Cheat sheets are reminders of stuff you already know or used to know or can easily look up in the docs and verify, not unintelligible gobbledygook that better be signed or you're toast... I use them all the time for parameters I can't quite remember but I know I've used them before...

Nick PJune 13, 2015 12:09 AM

@ rgaff

Exactly! We all use them for that exact reason. They overlook that critical, little detail as the zealots push their position. I've determined "kragen" is part of the OpenBSD team. He's been grasping at straws with his bogus arguments on this and the patent debate. His recent claims on the patent part of the discussion, especially that zero patents apply to current ECC, are damaging his credibility. As I told him, people wouldn't be paying a fortune if patents had zero impact on ECC implementations. That's what they have lawyers and engineers to prevent.

It's all good fun, though, as the commenters are showing their true colors and other readers have been reacting. :)

rgaffJune 13, 2015 1:37 AM

@ Nick P

Put more precisely... docs are often horrible, and don't start with common usage at the top, explaining first and most obviously what you most likely are there for... they usually just overwhelm you with a complete reference list of minutia that confuses you and you can't figure out what you need to do without a very long laborious process of deciphering and learning it all... and THAT is why cheat sheets are so valuable.

But still... NEVER BLINDLY copy stuff off a cheat sheet... know what it does first! (Not saying you, Nick P, have a problem with this, just emphasizing for future readers here!) They're great for giving examples of common usage (which docs often overlook!!), but always know what you're running before you run it.... and that usually means looking up the options back in the documentation reference for anything you don't already know and just needed a reminder.

Hopefully that's a slightly more balanced way of looking at it than kragen :)

For security's sake though I really do wish one could take the best features of OpenBSD like the general anally careful programming, and other concepts like Mandatory Access Control (MAC) and Address Space Layout Randomization (ASLR) and jam them all together on a hardware tagged architecture and several other complementary security practices I've read about and a few I haven't.... It wouldn't even need to be a full-featured computer and operating system at first, just make a nice actually secure home router/firewall first and grow slowly and carefully from there... sigh.

BenniJune 13, 2015 3:31 AM

Apparently, thanks to these documents
http://www.spiegel.de/international/world/new-snowden-docs-indicate-scope-of-nsa-preparations-for-cyber-battle-a-1013409.html

the chinese now know something about what NSA is doing in their networks. And they seem not to like that and have upgraded:

The chinese hack on the US government personal database was more severe than first acknowledged

http://www.washingtonpost.com/world/national-security/chinese-hack-of-government-network-compromises-security-clearance-files/2015/06/12/9f91f146-1135-11e5-9726-49d6fa26a8c6_story.html

a database holding sensitive security clearance information on millions of federal employees and contractors also was compromised.

In an announcement, OPM said that investigators concluded this week with “a high degree of confidence” that the agency’s systems containing information related to the background investigations of “current, former and prospective” federal employees, and others for whom a background check was conducted, were breached.


So the chinese have the data of CIA and NSA agents.....

I seriously think they should put all the data they got here on wikileaks. Simply publish the real names, CV, and postal adresses and operations of all CIA and NSA agents that are doing something not directly related to anti-terrorism.....


Perhaps the United States will now learn that introducing backdoors in consumer products, weakening encryption algorithms that are used by everyone and manipulating shipments is not a good thing. Others can, and will do that too, and attack the US, especially if the US behaved like that in the past....

Food MuleJune 13, 2015 3:55 AM

Re:"Kaspersky leaves attribution up to the authorities and believes in responsible disclosure"

They definitely did the right thing. No cover ups. As an observation of recent happenings, cyber attacks and breach attribution appear to have shifted from fame seekers of the not so distant past to nation state adversarials. Is it because people are tired of reading the old antisec anons soaps, so hard to sell papers and clicks, or is there a more nefarious purpose?

As for the south China sea, hasn't it always been the mess?

01June 13, 2015 6:04 AM

With regards to the Intel Identity Protection Technology

Apparently, it is possible to thoroughly disable Intel Identity Protection Technology :)

It requires a whole bunch of drivers (windoze-only by the way, as far as I can tell) and a service.

By uninstalling the service and all the attendant dlls one can effectively gut this functionality (or, one could install, I dunno - debian or somthing - that will gut I2PT too!)

http://www.shouldiremoveit.com/Intel-Identity-Protection-Technology-13783-program.aspx

http://windowsvc.com/bbs/board.php?bo_table=windowsvc&wr_id=1441

One can also refrain from installing chrome/firefox plugins for this thing (or uninstall them) which are apparently crucial for using this thing correctly, thus one can have "lol anonymous" browser without Intel IPT and a "bizness stuff" browser with plugins installed (though this is of course less radical than purging the entire thing or moving your "anonymous" browsing needs into a VM, the latter being a reasonable thing to do irrespective of I2PT)

AlanSJune 13, 2015 6:55 AM

@Slime Mold with Mustard

Thanks. Modern 'democracy'in action: using surveillance for highly efficient and targeted lying.

CuriousJune 13, 2015 7:31 AM

Why is curve 25519 (Twisted Edwards curve) used in ECC? I saw it was mentioned on twitter and there was a link to a NIST video.

For someone like me that doesn't really understand ECC, I still found it a little odd that according to Wikipedia, one of the requirements of an 'elliptic curve'is that it isn't self intersecting, however curve 25519 appear to intersect at origo (0,0) on the cartesian coordinate system.

This apparent requirement of the curve for not being 'self intersecting' (not being singular) is really the only thing that caught my interest about curve 25519, after hearing about curve 25519 being used in cryptography somehow. I just thought this might perhaps be a little odd, but otherwise, I am not really into ECC and wouldn't know any better. My mind toyed with the more nonsensical notion of possibly there being a rounding of number values around origo (0,0), or even some kind of cancelling of rounded number values.

I was once apparently able to help fix a broken feature in someones software, by pointing out the likely requirement of using floating point numbers for sake of presicion (in some other software I read about years ago) when there are successive rounding errors with successive transformations of points on a scalable grid. :D

ThothJune 13, 2015 8:22 AM

@Nick P, Godel
That is the usual communication method I use when communicating with anyone when using PGP/GPG. I don't trust those plugins.

@Nick P
re:ECC Patents
While I was deploying the HSM for a particular customer of mine whom is a CA, they bought the Thales HSM with ECC features and one of the problems were ECC licenses (not the HSM's ECC license) but those that belong to the developers of the ECC algorithm namely Certicom, French agencies who develop ANSI curves, Brainpool and so on. It is one thing to provide ECC on the HSM but it is totally a different game if you are "demonstrating or publicly using" the ECC in terms of providing services with ECC curves patented by Certicom, ANSI, Brainpool (the ANSI and Brainpool curves are harder to track down as the custodians are also unclear of the actual patent owners).

It took me quite a long time to try and hook my clients with the patent owners. Certicom and ANSI curve owners did not reply (but my customer supposedly managed to use other channels to get their attention). Brainpool custodians were also unsure of the status of the Brainpool curves in regards to their patents !!!

In the end my CA customer managed to use their own channels and bought the licenses for the "public display and usage" of ECC curves before they launched their ECC crypto services online as part of their commerical package.

I was not told the amount of money paid to the patent owners but I sense it's rather expensive.

Nick P, I won't even bother replying to HN. They have no idea the Real World out there...

Actual cryptographic deployments are NOT FOR FUN. They protect lives, they protect transactions ... a mistake IS A MISTAKE. For armchair cryptographers, they can simply re-edit their papers and re-submit a new version. For security engineers, once a mistake happens, there is going to be a lot of mess down the road. Recently I was a witness to a security blunder that occurred within my vicinity but was has nothing to do with me. It wasn't fun on the clean up end. All the nice paper and pencil theory with keyboards ... it is very different when things get real.

re:Lanuguages
I might want to run a smartcard firewall pentest tool on some sample smartcards sitting around on my desk when I have the time. It should test the application firewalls to see how each brand of Card OS withstands simulated attacks trying to breach the particular brand's smartcard logical security.

Secure Execution on Trusted Hardware are not uncommon. Thales HSMs have SEE environments for clients to load their critical business codes in C/C++ form with code encryption and signing. TPMs and Smartcards can be programmable with high level languages like BASIC Card and JavaCard. Xilinx, Altera and so forth have their own suite of tools and I doubt if they would market their tools without high level language support and flashy looking IDEs to go with ?

@rgaff, Nick P
Those people at HN can try to setup their own CAs for public use and hopefully they don't run afoul with Certicom or other ECC patent owners for "public usage and performance". It requires a license as I mentioned above and the amount of effort and time I spent to help my client just for that part after helping them with their HSM deployments ...

@Nick P
I am rather surprise that an OpenBSD developer were to behave in such manner. Maybe I should not be surprise ? Who knows ...

ThothJune 13, 2015 8:31 AM

@Curious
US Navy Warhawks are trying to stock up cyber-weapons :) .

It is an International norm these days.

@Nick P, Curious
By the way, the Hacking Team has an office in the middle of the Central Business District (CBD) in my country and just nicely next to the train station and the most crowded square in the CBD area. I wonder ... Hmmm ....

@Benni
There is a saying that a tiger never changes it's stripes. Similarly, the USA and other Warhawk Govts are not going to back down so easily. They might tighten themselves and dish heavier punishments to those they suspect or found of whistleblowing (or in their eyes, committing high treason). Probably even execution without fair trial (probably that is what Snowden might receive when he comes back or captured).

CallMeLateForSupperJune 13, 2015 8:51 AM

@Benni
"all CIA and NSA agents that are doing something not directly related to anti-terrorism....."

A thought-provoking idea, but easier said than done. And I think NSA would not be amused by a spotlighting of *any* of its employees, regardless of assigned task(s). I strongly suspect that NSA would bluster that all of its employees' work falls within the sandbox of anti-terrorism... just like it claims that all of the data it vacuums up, processes, stores, and searches is related to terrorism. (Excepting the "incidental" stuff, of course; void where prohibited; your mileage may vary; nothing is perfect)

"Perhaps the United States will now learn that introducing backdoors in consumer products, weakening encryption algorithms that are used by everyone and manipulating shipments is not a good thing."

Hope springs eternal. But my government - though it normally moves at glacial pace on any form of mitigation - endeavors to move quickly on implementation, while exhibiting pathalogical aversion to owning any mistakes it makes ... much less any unintended consequences of same.

Bob S.June 13, 2015 10:40 AM

From ARSTECHNIA: Report: Hack of government employee records discovered by product demo

The breach was "discovered during a sales demonstration of a network forensics software package called CyFIR by its developer, CyTech Services."

I can't help wonder how things would have been different if the NSA had spent the last couple decades working feverishly to make computing safe, secure and private rather than destroying, hacking, and buggering every conceivable safeguard.

This particular breach is noteworthy in that SS numbers were not encrypted, by the federal agency.

Why did all this data need to be accessible on the net in the first place?

Lessons:

Encrypt everything.
Airgap whenever possible.

rgaffJune 13, 2015 11:52 AM

@vas pup

That's because authority-wise the US Government considers the world to be annexed. Except for "rights" of course, that would be too inconvenient.

albertJune 13, 2015 1:07 PM

@benni,

It wasn't clear to me (from a Google translate of the article), just what 'administrate' means. I wouldn't think it includes control of the reactor itself. Proper security for a nuclear plant means total isolation of the control system from all outside access, and careful controls of internal access...

.
...

xJune 13, 2015 1:13 PM

@Bob S

I can't help wonder how things would have been different if the NSA had spent the last couple decades working feverishly to make computing safe, secure and private rather than destroying, hacking, and buggering every conceivable safeguard.

This is the smartest takeaway people should get from the OPM hack, and related hacks. Probably there are countless other hacks undiscovered. People normally look at Snowden from a misdirected angle on this. From a security angle, aside from the "right" or "wrong" angle, he was a pretty low level, young employee who was able to take away all of their goods. Colossal lack of security was shown.

If all the money and resources spent getting useless information was, instead, invested in defense, the return value would be extraordinary. And there would not be gigantic US financial losses from blowback, from establishing an international reputation as a disreputable hacker state. There would be no terrific loss of credibility by engaging in soul sucking anti-constitutional programs. And with eyes focused domestically - the US has a gigantic access to both oceans and 30% of the world's arable land and a super massive oil producer - they would be able to keep the future assured, without being so quick to engage in dangerous conflicts that do not effect anyone domestically.

@Curious

US Navy is said to have been openly soliciting for buying '0-day' exploits and "N-days" whatever that means, for "widely used software".

n-Day, then, would mean security vulnerabilities which are reported, but will take some time to fix. So, for instance, you work at a research shop and have turned in the security bug. One can make an estimate for how long that company will take to actually release a fix for it by looking at their past fixes. Research shops, or even internal teams, then, could sneak out everyone's bugs to them. And that on a regular basis. This could even mean where defense contractors on vulnerability farms might double sell theirs and coworkers security vulnerabilities.

@benni

The CIA and NSA are unlikely to store records there, and anything really secret would not be there, either.

The US have doxed federal employees and defense contractors in the past, and this hack may be linked to a disinformation program. It is a little implausible that OPM did not even have a security team, and that they had horrible audits. It is implausible that they only discovered this by a vendor walkthrough.

If you contrast this investigation with the ones on the US-Israeli attack code family trees, you see that the US is very eager to attribute everything to China. It appears that China believes they could leave more strong evidence of their involvement if they worked from another nation. Or, perhaps, they could then compromise operations in progress. While in China, they could not. China has firm control of China, and nowhere else. So, this is probably why China is training North Korea on Chinese shore. North Korea is a convenient proxy for them, and they are and have worked in other countries to launch attacks from.

It is possible their NK team performed the hack, and then will be in charge of releasing the data. Or, they might do this as a practice run. However, China would want firm control of all of this potentially valuable data. And the counterintelligence value of it is far more important if the data is kept secret, and so their understanding of it, then if it was released.

The extortion angle, btw, is weak. China, unlike the US and many other countries, does not use an "agent" model for infiltration. They use their own officers, or they use nationals or relatives of nationals. This gives them more control and assurance. They do not have to wonder about the motives of agents this way nor possibly contaminate operations because of agents.

chris lJune 13, 2015 1:22 PM

The latest news on the OPM data breach (as of saturday morning) is that whoever got the data also got millions of filled out SF86 forms, which is a 100+ page form used for actual clearances (secret, top secret, SCI) that requires applicants to disclose drug use histories, mental health histories, relationship histories, foreign contacts, and more. This is a data set full of possibly actionable blackmail material. If the data also include responses from references and/or polygraph interviews, this could be a particularly damaging data breach.

I'm curious if Bruce or any of the readers here have thought much about the effectiveness of the US clearance process and whether or how it might be reworked to be more effective (and ideally reduce the risk of breaches like the latest).

I haven't spent much time on the early history of it, but the current system apparently came out of the classification processes developed in WWII, and if you look at some of the evaluation documents, was heavily influenced by the early years of the cold war and McCarthy-ism. The old "suitability matrix" used for evaluations looks straight out of the mid 50's (http://hspd12jpl.org/files/Suitability_Matrix.pdf).

The basic principle seems to have been "disclosure to the Gov't of every potentially damning thing you've ever done will inoculate you against blackmail", though it's never been entirely clear that disclosure was required relative to other people with respect to whom blackmail might occur (e.g. disclosure of affairs to spouses, membership in the local bdsm dungeon to your church, cross-dressing to the federal agency you're in charge of, etc), without which you're still blackmailable. It seems like it's mostly based on J. Edgar Hoover's policy of collecting dirt on everyone so that he could blackmail them, and not based on research of how one actually decides whether to trust someone or ensures the ongoing trust. Essentially a system of "disclose it all to us, and we'll hold it over your head so you'll stay in line."

It's also been clear over the years that all of the worst spying incidents in the US were done by people who passed the clearance and reclearance process repeatedly with no issues, that people could spoof the system to get a clearance (google "la shish cia"), and that people with clearances in very sensitive positions could engage in very stupid behaviors (e.g. secret service details protecting the president partying in central america) while on duty without risk to their clearance.

So have any of you given the security clearance process much thought, or do you know of any research on the effectiveness of the process, or research on what makes a good clearance process?

My particular interest in this topic came when the gov't decided they needed to impose background checks (clearance lite-- I'm in an SF85 position) on contractors who work in all sorts of non-governmental or quasi-governmental facilities. My personal data were already leaked on an unencrypted USG laptop stolen from a car in DC a few years ago.

albertJune 13, 2015 1:54 PM

@x, @Bob S, et al.,

"...If all the money and resources spent getting useless information was, instead, invested in defense..."

By 'defense', I assume you mean 'increased computer security'.

Yes, this logic is well known, and widely ignored. :)

AFAICT, US hegemony and the maintenance of the petro-dollar are the primary motivating factors in US foreign policy. Any threats to these goals are attacked by any means possible. Real wars, wars against ideas, wars against faceless or unknowable enemies, wars against our own citizens. These policies seem crazy to normal people (demonizing Russians, Chinese, Muslims, whistleblowers, policy critics), but are part and parcel of fascist states in general.
.
The beauty of the capitalist system is that good things and bad things make money; it's a win/win situation! It is, however, a positive-feedback system, with negative consequences; the machine/device/organism eventually destroys itself...
.
...

xJune 13, 2015 2:56 PM

pay attention sceptical danny san...


@chris l

China is not interested in blackmail. They do not recruit foreign agents. They are looking for something, they stumbled onto. It is not in the news. It is off the books. But they chase down cover anyway, hoping to find some clues, some mistakes, some new relationships. The 'thousand grains of sand' approach applied to a counterintelligence investigation.

A good primer on Chinese intelligence: "Tiger Trap".

Some good blurbs from that book:

"China's intelligence officers under diplomatic cover are rarely caught spying for a simple reason - they normally do not recruit and run agents"
China normally does not pay money for intelligence ... The Russians pay money, everybody pays money, but as a rule the Chinese don't"
China does not use dead drops. It's spies do not spend time putting chalk marks on mailboxes
Sun Tzu describes five kinds of spies that are remarkably close to those still plying their trade in the twenty-first century [does not include the 'recruit and run foreign agent' model which has many deficiencies]

China is not very worried about groups which employ and rely on that model of recruiting and running foreign agents. China is worried about a group which does not operate on that model, but relies on disguise and secrecy.

Like anyone, they understand and see that which is like their own way of seeing, even if what they see is beyond their capacity for understanding.

But in 19996, at a conference of the MSS and other Chinese intelligence agencies... Zou spoke of "tens of thousands of nameless heroes who cherish and loyally serve their motherland [and] are quietly fighting in their special posts abroad"

I filled out a sf86 form, I admitted, as any honest civilian would, any trips abroad, any contact with foreigners. I have been to China, and I have had long relationships with a wide variety of Chinese nationals in the computer security arena. I was completely open and honest about this, including detailing any investigations I got accidentally caught up in. In retrospect, I should not have done this. But, who could have known security would be so loose they would let that information be taken by the Chinese? I did not want to say "I did not" to the very same government that very well knows "I did". It was just a temporary contract job on a base. I ended up quitting early and never even ended up filling out my paperwork. It was in another state, and I thought it would be temp to perm. Discovering it was not, I quit. I got home and discovered I accidentally forgot to sign the form finalizing basic clearance. An officer had the week before accidentally contaminated the network with a trojaned thumb drive, and I was tasked to fill a role to help insure their network security policies were probably enforced via their vulnerability management system. They had not had that role filled when the incident took place.

But, now, because of that one tiny contact with a government job, lo and behold, the Chinese have my goods on file. It is really terrible.

But at least the Chinese activity on there was many years ago. Ten years, at least.


gordoJune 13, 2015 3:05 PM

For Americans, a now ever-timely article from Brian Krebs on protecting oneself against identity theft:

How I Learned to Stop Worrying and Embrace the Security Freeze
Brian Krebs | Krebs on Security | June 8, 2015

If you’ve been paying attention in recent years, you might have noticed that just about everyone is losing your personal data. Even if you haven’t noticed (or maybe you just haven’t actually received a breach notice), I’m here to tell you that if you’re an American, your basic personal data is already for sale. What follows is a primer on what you can do to avoid becoming a victim of identity theft as a result of all this data (s)pillage.

http://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/

chris lJune 13, 2015 3:10 PM

@x

I'm less concerned about who/why whoever took the OPM data-- it's out, and could get out again, or be distributed by someone else who manages to get a copy, or whatever. I'm more interested in whether there's actual security justification in the OPM collecting a lot of the information that they do, or whether it's just "we've always done it this way, so we'll keep doing it" without any real analysis into whether it's doing what it's purported to do.

I do agree that depending on who actually lifted the data it could have far worse implications for 2nd and 3rd degree contacts who appear in the data sets than for the the primary subjects.

xJune 13, 2015 3:14 PM

I should mention, it is not always true China does not use extortion. The "Shi Pei Pu" case well illustrates this. For all you other armchair keyboard cowboys who desire intelligence stimulation. But these sorts of tactics are very much related to "agent" tactics, and have a long list of severe drawbacks. China is conservative, very much so. They launch attacks from their own shore because of this reason. It may mean attribution is positive (they can later throw doubts on that), but it helps ensure the operations themselves are not infiltrated by local, foreign governments.

Also, China also has a long history of buying zero day, just as they buy weapons. They buy it abroad, if they can get it, and they buy it domestically. But if they get it from foreigners, they would tend to think it is contaminated and so only useful for counterintelligence purposes and defensive purposes. They like as much 100% assurance for their spies that they can have. They view it as an aspect of reliable information, which is high on their priority list of operational strategies and tactics. It is a good model. They do not suffer the sort of amazingly painful penalties of double agent problems because of it. (For instance, a major reason the US got into the Iraq War was because of over reliance on the testimony of a singular, recruited Iraqi agent. He later admitted he lied to help make sure the Saddam regime got overthrown. Or, Pakistani ISI worked very closely with the US Intel, all the while harboring Osama Bin Laden.)


65535June 13, 2015 6:22 PM

@ chris l

I thought the SF86 forms were kept by the DoD. WTF?

What type of systems was involved Oracle/peoplesoft/custom Unix or Microsoft?

BenniJune 13, 2015 6:57 PM

We have new information on the hack of the german parliament:

http://www.focus.de/politik/deutschland/cyber-angriff-auf-bundestag-hacker-infizierten-merkels-computer-und-schrieben-mails-in-ihrem-namen_id_4749395.html

The first trojan was found at Merkel's computer. And the hackers wrote phishing emails in Merkel's name....

Spiegel says that it was the russians

http://www.spiegel.de/netzwelt/netzpolitik/cyberangriff-auf-bundestag-experten-vermuten-russische-taeter-a-1036823.html

And we have new protocols from the NSA UA in germany.

For example it is clarified what NSA means when it says that it does not give data to domestic companies.

"Hayden wrote that he only speaks for his agency"

https://netzpolitik.org/2015/live-blog-aus-dem-geheimdienst-untersuchungsausschuss-ex-bnd-praesident-ernst-uhrlau-und-dieter-urmann/

This agent here claims that he can not answer questions since he never got the letters that were sent to him because he lacked clearance:

https://netzpolitik.org/2015/live-blog-aus-dem-geheimdienst-untersuchungsausschuss-thomas-kurz-guido-mueller-hans-josef-vorbeck/

And he says:
"The office of the chancellor does not want to know what BND does.
Interrogator: Why?
"What BND does regularly violates the law"

Deutsche Telekom now fears that it is sued by foreign countries for giving data to BND. It therefore asks for stricter rules and laws:

http://www.heise.de/newsticker/meldung/Ueberwachung-durch-BND-Telekom-verlangt-schaerfere-Bedingungen-2690106.html

@albert:
In fact it is a bit unclear from the article on the nuclear power station, what data they transmit over the internet. The article specifically talks on page 2 about "measurement values of important instruments that a hacker could fake, and thereby manipulating the actions of the operators in the control room who react to these values.... " This sounds like the powerstation only sends the raw data from the measurement instruments to the remote server who computes the output in a form readable for humans.

But the article also says that they have 27 people who have administrator rights, some of whom the local staff does not know, and that the nuclear safety authority said 5 people with administrator rights were too much...

The article also says on p. 2 that the company told the nuclear safety authority that they only use the remote access in an exceptional emergency. And the article quotes staff members that this would be a lie and the safety authority is not being told what really happens within the station and the remote access.

Probably this means the worst, given that this power plant sometimes also releases a cloud of radioactivity, million times higher than normal into the environment: https://www.woz.ch/-4e3d (at least this was measured by a physicist outside the power station during a repair cycle with a verified geiger counter. The physicist now sues the government because it refuses to release the official measurement values)

chris lJune 13, 2015 7:03 PM

@65535

It may be that DOD keeps them for military personnel, and maybe for civilian employees of the DOD (i.e. people who have a CAC rather than an HSPD-12 PIV-II card), but for civilian agencies and employees of civilian contractors that all goes through OPM.

I have no idea what platforms were involved in the breach- it doesn't seem to have hit the press yet.

65535June 13, 2015 7:22 PM

@ chris l

“…for civilian agencies and employees of civilian contractors that all goes through OPM.”

Thanks for the clarification. They FUBAR’d this one big time. I can’t wait to see when the dox’g will begin.

I do want to find out what types of systems were breached.

Chris AbbottJune 13, 2015 8:00 PM

@Myself

A. Is this really true or made up?

B. Is there a new vulnerability in AES?

C. Did they use brute-force and get lucky?

And the list goes on and on. Somebody give some input on this!

GeorgeLJune 13, 2015 8:11 PM

@ Nick P, "That's a good observation. However, they tend to use a combination of an abstract machine (VM), a verification component, and a safe language built for the VM. This powerful combination has been proven numerous times. It's one model among many, though."

At what point does this hinder performance enough to break the deal? We know in the world of physics everything has a cost, as Clive had said that even the NSA must obey laws of physics.

BTW, thanks for your response on the other thread. Do you have urls linking to EAL certified compilers? Which profile would they fall under? Definitely would like to learn more about that.

Chris AbbottJune 13, 2015 9:05 PM

Greenwald seems to be fairly "pro-Russian" these days, since the Ukraine war started. Is this because he's doing so to protect Snowden? A couple of people have suggested to me that Greenwald was working for the Russians all along and he decrypted and gave the data to the Russians. I can't imagine that this is a massive conspiracy/propaganda campaign that started several years ago as some have suggested. I suspect his "pro-Russian" stances are to protect Snowden from Putin. Does anyone have any ideas about what's going on? This is troubling.

MarkHJune 13, 2015 9:33 PM

@Chris Abbott:

I have more questions than answers.
__________________________
QUESTIONS

My first question is your question A:

Is this really true or made up?

I would add to that:

1. If it is not a fabrication, what intelligence do "they" have suggesting that encrypted Snowden files were intercepted and then decrypted?

Color me skeptical. If a state undertook such a project, they would likely do so in great secrecy. If there is not direct evidence of interception/decryption, then the indirect inference (for example, because China seems to know stuff they weren't supposed to) could be in error -- that knowledge could have come from other sources. I doubt that Chinese newspapers announced "cool, we read all the secret Snowden files."

I have another basis for skepticism: if Snowden files were really decrypted, that would have taken a massive effort. How likely is it that two states would accomplish this independently in a quick time frame? Russia and China have many competing interests, so if one of these states made an intelligence break, sharing it with the other would be mighty surprising.

2. If it is a fabrication, is it in response to the Anderson report recommending limits on mass snooping?

Spooks seem to be about 50% criminal anyway; this kind of dirty manipulation would be in keeping with their "ethics".

3. If it is not a fabrication, is it a misinterpretation or distortion of something more mundane?

Apart from conventional intelligence gathering (as the source of "stuff they shouldn't know"), Russia and China both have aggressive cyberattack programs. All of the Snowden files were decrypted on the computers of a select group of people who were allowed by Greenwald et al. to look at them. Perhaps there was some successful hack that gained access to decrypted files.
__________________________
ANSWERS

C. No. The odds against brute-force succeeding are so astronomical, that if the attempt was made, its failure was guaranteed. Because of this, no professional cryptographer would even start the process, so I think it unlikely that the attempt was made.

B. We can never be sure about that, but I would bet against. AES has been well studied: probably more than any symmetric cipher in history. What are the odds that two states would discover a severe (many orders of magnitude) break independently (see above)?

GeorgeLJune 13, 2015 9:35 PM

@ AlanS, "Jack Goldsmith has a post on Lawfare about the Obama administration being stuck between a rock and a hard place on the OPM data breach"

At some point President Obama must find a sweet spot between disclosing enough FUD to justify Congress passing laws and disclosure of facts. He also must consider proper warnings to be given to affected individuals as required by laws and ethics. Mr. Goldsmith made a lot of good points, but I'm keeping my fingers crossed on this one.

65535June 13, 2015 10:31 PM

@ Chris Abbott

“…due to Russia and China cracking encrypted documents stolen by the former contractor to the US National Security Agency, a government source has told the BBC.” –telegraph

http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/11673533/British-spies-removed-from-operations-after-Russia-and-China-crack-codes-to-leaked-Snowden-files.html


This “unnamed government” seems a little hinky. Given that the “Freedom to Spy Act” is being honed behind closed doors I am leery of “unnamed” government sources [and the UK is increasing its spy powers]. This could be misdirection by the Agency and nothing more.

MikeSierraJune 14, 2015 12:18 AM

It does look like misdirection. If the UK spies were high-value, and the UK govt feared that they could eventually be discovered by some future hack of one of the few recipients of the full Snowden data dump, then it makes sense to quietly move the spies over a decent period of time.
Once the moves complete, they can spin it as something they were forced to do. And they can save the spin for a moment when they need the publicity.
It's a shame that the BBC and Telegraph weren't more sceptical.

Nick PJune 14, 2015 12:51 AM

re Telegraph article on Snowden

This does sound like the routine nonsense pushed by governments. Examples that come to mind are how NSA only does bulk metadata collection on Americans and GCHQ isn't intercepting nude photos of Brits. Good fiction said the Snowden leaks. Anyway, even if the article is legit, there's something that should be the first thing to come to one's head:

Snowden handed the files to *news organizations.* Organizations known to school NSA in impenetrable INFOSEC and CIA in watertight OPSEC. (myths) Organizations whose prowess in protecting their operations is... insignificant to Russian and Chinese hackers. Share it with easy targets, you've shared it with top hackers. End of story.

They probably have had the data without even worrying much about encryption.

MikeSierraJune 14, 2015 1:14 AM

Snowden shared the info with only a very few people, and schooled them personally. When the info was shared with the Guardian, Bruce and others highly competent were involved in setting up very tight security practices. Then GCHQ made a song and dance out of drilling into the computers. Dunno about the other recipients, but my initial reaction is to doubt that the Russians and the Chinese and the breached that.

And if the UK Govt 'has evidence' that both the Russians and the Chinese have cracked the Snowden data dump, how does it know that? There's still no sign that they know exactly what they lost.

CuriousJune 14, 2015 1:48 AM

Having looked at an image of a 'twisted edwards curve' with regard to elliptic curve cryptography, where such a curve intersects with itself at origo (0,0), today I was wondering if maybe 'pelting' could possibly be a scheme that somehow made for something-up-my-sleeve numbers/patterns with regard to the curves used for ECC.

In 3d modeling some years ago, there was this texturing tool by someone (probably based on some SIGGRAPH research papers) that was used to uv map a 3d polygon object, and when the tool had finished unwrapping the polygon faces of the 3d object, it pretty much looked like some 'pelted' skin that had been stretched out, and around the 3d object was this circle shape, with "springs" all around that was tugging on the unwrapped polygon surface in the center. I would inuitively think that such a tool would be too crude for the math involved in ECC or crypto in general, but who knows, I am thinking that maybe a simple twisted edwards curve or curves somehow can be "pelted" and somehow there might then be a method for attacking elliptic curve crypto. How that might even make sense, with regard to an attack I have no idea to be honest.

Clive RobinsonJune 14, 2015 5:31 AM

@ AlanS,

... links to Marci Wheeler's earlier 'live by the sword, die by the sword' / 'people who live in glass houses shouldn't throw stones' post.

Now Marci Wheeler can write a "When the chickens come home to roost" post ;-)

But I fully expext to see a lot more embarrassment for the administration, that is we are just seeing the very tiny tip of the iceburg clear the horizon as the US steams full speed ahead. Because the Ed Snowden revelations made it clear the the "lookouts / sentries are asleep at their posts" or more likely not posted, and it's been like this since 9/11 if not a lot longer.

Unfortunately we know what's going to happen, firstly those in charge / responsable will go into "headless chicken" mode. Then they will realise that their jobs are effectivly over, so they will start stroking their industry contacts for a feather bed. They will then recomend that everything has to be outsourced to external experts. Select the experts from their list of industry contacts. Then take retirment, and go collect $600K/month as their reward. Whilst the ever empoverished tax payer foots the bill...

AlanSJune 14, 2015 6:29 AM

@Clive

Ha! That one too. Yes, I'm sure that's exactly what will happen. The only bit you forgot is all the piousness that will accompany the bullshit from the 'experts'. There is no accountability. For these people, like the bankers, failure breeds success. Things change but the new is always just more of the bad old stuff.

AlanSJune 14, 2015 6:38 AM

On stuff published by the Telegraph:

AKA the Torygraph, as it's the propaganda instrument of the Conservative Party. Read it if you want a good laugh. Makes BBC journalism look unbiased and professional--quite an accomplishment.

MartinJune 14, 2015 7:13 AM

This is about entertainment; television entertainment. It is *not* an advertisement for this show, but for the first time is a long, long time I actually enjoyed a full hour of television (seen on my laptop of course).

The show is to premier on USA Network on June 24, but the entire first episode is available now at: https://www.youtube.com/watch?v=JpxvvnWvffM

Consider watching at least the first 5 minutes. . .I'm betting most folks here will like it. And, I'd like your comments as to how technically accurate is it. It appears to those I've talked with, it is not 100% technically accurate but much closer to correct that most all previous TV shows and movies.

Hope you enjoy it! as I've never recommended a movie or TV show before it makes me a bit nervous to make such a recommendation.

GeorgeLJune 14, 2015 8:14 AM

@ MikeSierra, "And if the UK Govt 'has evidence' that both the Russians and the Chinese have cracked the Snowden data dump, how does it know that? There's still no sign that they know exactly what they lost."

If multiple agents took notice of increasing Chinese activity near their habitats, and reported them, it's very clear to see from a centralized stand point that something isn't right. Why publicize such a failing? The publicity serves as a warning message for the few that are still unaccounted for or missed the memo to phone home. There's no reason to make the same false claim twice when the first was so obviously dispelled.

SkepticalJune 14, 2015 8:18 AM


Also now The Financial Times:

China and Russia have decoded intelligence secrets contained in the cache of documents held by the whistleblower Edward Snowden, leading to British spies being recalled from dangerous postings, according to government officials.
Whitehall aides said operatives have had to be moved after Moscow gained access to more than 1m intelligence documents held by Mr Snowden, who fled to Russia after leaking some of those documents to the Guardian newspaper. They added that Beijing had also cracked the encrypted documents.

The number of documents reported to have been exposed as a result is in excess of one million.

It seems unlikely that these claims are made in order to affect any discussion of surveillance/privacy bills, as votes on such bills are not viewed as proxies for approval or disapproval of Snowden's actions.

The most likely possibilities are:

(i) that these claims are true, and have been leaked deliberately after it was judged - for whatever reason - safe to do so,
(ii) that these claims are true, but are unsanctioned leaks,
(iii) that these claims are false and unsanctioned, made by either mistaken or deceptive officials.

At this point, there is little reason for the British Government to sanction false leaks of this nature, as there is no clear political reason for doing so now, and as doing so carries with it far more political downside than upside. These calculations are so obvious that a fourth possibility - (iv) sanctioned, false leaks - seems unlikely.

If the claims are true, then either Snowden gave over to journalists far more documents than has been generally believed to be the case, or he took and stored somewhere such a number of documents.

Zig ZagJune 14, 2015 8:41 AM

A bait-and-switch "antivirus" company seems to be D-E-A-D:

With payroll in arrears, online antivirus seller shuts doors
http://www.pcworld.com/article/2935772/with-payroll-in-arrears-online-antivirus-seller-shuts-doors.html

The sudden shutdown of a computer tech support call center has left some of its employees wondering if they will be paid.
EZ Tech Support, based in Portland, Oregon, took calls from people who had advertising software installed on their computers that warned of possible security and performance problems. The programs implored people to call the company’s number, which was displayed amid warnings.
The company stopped taking calls earlier this week, according to two former EZ Tech Support employees. Contacted by email, its general manager, Gavynn Wells, said he was no longer worked there and was “unclear as to the direction the company will be going into.”
...
[Gavynn Wells] said he doesn’t own the company and that it is owned by an investment company. His name, however, appears on its business registration with Oregon’s Secretary of State office.
EZ Tech Support routinely took in $25,000 to $30,000 every two weeks in revenue. One former employee said call center agents were pushed to generate $750 in sales a day.
EZ Tech Support’s shutdown came shortly before the IDG News Service published a story on its operations earlier this week.
The company started business last October in an older building in northeast Portland. It sold a perpetual license for a security program called Defender Pro Antirvirus for $300 and one-time fix service starting at $250.
Customers ended up calling the company after seeing its number in adware programs, which typically bait people by offering a free utility such as a media player but primarily push other paid-for software. Security experts have long warned of adware-based scams.
With callers’ permission, EZ Tech Support agents installed a remote access program on their computers. Agents then installed a free application called Webroot Analyzer, a legitimate application that flags possible problems on a computer.
The items highlighted by Webroot’s Analyzer—even if the issues had no material effect on a computer—were used to convince people they needed to buy Defender Pro.
A copy of the script followed by EZ Tech Support’s agents shows how callers were misled. If customers said they were running an antivirus program, agents were instructed to say the program wasn’t bad but imply that it was insufficient protection.
“It’s much better than not having anything at all, but in this day and age you need to have Real-Time Full-Spectrum Protection and make sure you are protected against both viruses AND malware,” the script reads.
A distinction between viruses and malware is nonexistent in modern security programs, which detect all kinds of harmful programs. Many who called EZ Tech Support, however, were older people with little knowledge about computers, former employees said.

GeorgeLJune 14, 2015 8:44 AM

@ Skeptical, "If the claims are true, then either Snowden gave over to journalists far more documents than has been generally believed to be the case, or he took and stored somewhere such a number of documents."

If reports are true, it just shows that Snowden and journalists were inept at defending such information from privy hands. It's a cultimation of an individual or a small group of individuals hopelessness in the grand scheme of nation states, despite employing best practices and tools. They reported this, I mean UK Government, to show that journalists cannot be entrusted with secrets. And they may be right.

JsonJune 14, 2015 8:52 AM

@Jacob


@Lasershark
I consider this indeed a "feature". It is a Good Thing.
If you don't like it, you can either not install the required drivers or, I assume, disable the Intel ME in the bios.

So Jacob how is this a good thing?

What's the actual benefit that you see it bring to the end user?

Or perhaps you have in mind a "benefit" such as that "it provides users a better experience by allowing companies like Google to uniquely identify users and show them targeted adverts".

As if users web surfing "experience" is somehow improved by seeing targeted adverts. Or lowered when the adverts are not targeted.

Anyway maybe there are ways to get something better out of this technology - what would that be then?

QnJ1Y2UJune 14, 2015 9:07 AM

@Skeptical

'Sanctioned' is easy to determine. When there's only lip service given to an investigation of the leaks, when there are no outraged statements about the damage the leaks caused, etc., then it's sanctioned. This one's looking like it was ordered from on high.

These calculations are so obvious that a fourth possibility - (iv) sanctioned, false leaks - seems unlikely.

Now you're just trolling us. There are plenty of reasons to believe the leaks are false.

Start with the obvious: 'decryption' as reported is incredibly unlikely, when we're just talking about some static files.

Continue with the political; the Guardian link from above lists several possibilities:
http://www.theguardian.com/us-news/2015/jun/14/russia-and-china-broke-into-snowden-files-to-identify-british-and-us-spies


And then you can read a few other observations:
https://firstlook.org/theintercept/2015/06/14/sunday-times-report-snowden-files-journalism-worst-also-filled-falsehoods/
http://politics.slashdot.org/comments.pl?sid=7547383&cid=49908179

JacobJune 14, 2015 10:30 AM

@ Json:

This is Good Thing for a corporate/business user. Not much use for a private individual.

First, I think you need the vPRO chipset to have it available (the "Q" chipset line). Most private individuals don't buy those. Then you must have the required drivers and (I think) to enable the Intel ME (Management Engine) in the BIOS.

For business people, the Intel IPT (Identity Protection Technology) serves as a hardware-based token which is a fairly high-assurance anchor for security. Regular PCs don't have that - you need to either use a dongle or mobile phone for 2FA, or to prove to a business who you are by presenting a X.509 cert (problematic to say the least). A build-in HW token is much more convenient.

See all the security benefits here:

http://www.intel.com/content/www/us/en/architecture-and-technology/identity-protection/identity-protection-technology-general.html

rgaffJune 14, 2015 10:44 AM

@ Skeptical

You are not "skeptical"... you are totally "gullible"... that should be your new nickname!

so... @gullible: the odds against TWO different countries simultaneously make amazing breakthroughs in cryptography to "crack the codes" at the same time are ridiculous. The report that they've broken the encryption on the documents HAS to be false therefore. You only accept it as a greater possibility than all others, because it serves your political agenda to demonize Snowden and vindicate the government. Which doesn't even do that, because your government hasn't made such impossible breakthroughs, so you're basically saying the Russians and Chinese are far far ahead of your own western country technologically.

Please note that this specific report DOES NOT SAY that the information was stolen in unencrypted form, it specifically says that the encryption itself was broken! That is a virtual impossibility! That's why it must be false. Why am I arguing with a treestump mentality about this? To try to let fewer other readers be led astray, that's the only reason!

Again I say, obvious fabrication is obvious fabrication!

sena kavoteJune 14, 2015 11:49 AM

Erasing dormant features

Some security vulnerabilities have been in code parts that few need. For example, Heartbleed and Venom. Also backdoors would have to involve some rarely needed code. It would improve security and also performance if users / admins could have the option of automatically removing if-tests that always result in the same if-branch and if-branches that never get run during a test use. Also delete datafiles that never get read. Deciding when this kind of cleaning test use is useful without resulting in breaking things, needs consideration.


Detecting malformed inputs

We should have separate programs for checking if a file is formed the way that file's format is supposed to be or if it is malformed possibly to cause a buffer overflow in the decompressing / parsing / interpreting program.

For example, video files, audio files and image files.

It is simpler to make a program that just tests a file rather than testing while decompressing / parsing. Performance is better too and it can be made by a separate group of people without need to interface with the group that makes the parser / decompresser (like VLC, smplayer or Geeqie). Decompressing software may run the tester on data that it itself is about to handle. For example, VLC could make the tester read a video file one second ahead of itself while showing a checked part.

The tester / checking program could run in a remote headless server or in a virtual machine.

File manager software like dolphin or nautilus could do checking on files while transferring them or on idle time, calling the proper file format checker.


White listing functions, processor op-codes and system calls statically

Executable binary files, source code files and javascript from web pages should have some white listing options for what features are allowed in which situation, before running.

For example, the Rowhammer vulnerability needs a special rarely needed cache flushing op-code. Not including that on white list of an executable binary checking program would improve security and safety.

Different categories of software could have different white lists. For example, wlan driver could not have system calls for sound. If system call numbers are obfuscated by making them depend on calculations before assignments to variables, that can be banned.

Most websites need javascript only for very simple things like submitting forms. Short white list for javascript could greatly improve security without much inconvenience.

White lists could include statistical numbers so that one function or opcode could be used or referred to some limited number of times in a binary or source code file. Limited number of goto statements could refer to code parts that include the limited thing.

Verifiably uncompressible

Sometimes it is good to know that some filling dummy data can not be compressed. For example, filling empty space on a BIOS chip to ensure that a fake malware BIOS from an attacker can not output the real BIOS content when asked.

How to ensure that some filling data can not be compressed / formed with a pseudorandom algorithm, at least within some expected waiting time? For example, if reading BIOS takes hours or weeks, it is noticeable.

( Verifiably random is uncompressible, but that is a different problem. )


Random shuffle as part of encryption

If we have gigabyte of data, is it or would it be efficient to encrypt it by first mixing around all the bytes with some relatively weak randomness and then adding some weak encryption? Could the combined computing burden be smaller than if using some standard encryption found in gpg, if the security level is same? That may depend on the size of data to be encrypted. More data mixed is more difficult to untangle. To mix bytes efficiently, it has to be done in RAM. 8GB RAM allows to mix about 7GB chunk of data efficiently. If mixing in SSD, it has to be done with bigger pieces than one byte at a time. It is also possible to combine mixing in SSD and in RAM.


Combining hand-pluggable something-less-than-turing-complete hardware to form a computer

If we had a selection of less-than-turing-complete components (each containing millions or billions of transistors as currently normal) from different manufacturers, that we could combine by hand in various ways to form a normal turing complete computer, would that improve security and trust? What would those part types be? What kind of division would be best?

Nick PJune 14, 2015 12:01 PM

@ Martin

Thanks for the link because Holy Shit that was great. A mind-bending experience on top of a good geek show. Although the 1% of 1% depection was BS & any vulnerability they expose will probably be the same. I also like how they try to make the viewer think* like the schizo the show is about. Can't wait to see the rest.

* Did you notice his boss on the plane said "Evilcorp." Nobody says that but main character: his own mental reprogramming to substitute Evilcorp for Ecorp. Making the boss and others say it is hearing it from his perspective. Show screws with audience's heads like that.

SkepticalJune 14, 2015 12:06 PM


I noted three possibilities which I deemed more likely a fourth.

Those three include the possibility that the claims are false.

@rgaff: the odds against TWO different countries simultaneously make amazing breakthroughs in cryptography to "crack the codes" at the same time are ridiculous. The report that they've broken the encryption on the documents HAS to be false therefore.

Qn makes this point as well, but it's way off.

One need not assume any remarkable cryptological breakthroughs. The government officials seem to have spoken to multiple media outlets, some of which characterize the two foreign governments in question as having gained access to the documents. One report quotes the official as saying that the documents were "encrypted but not totally secure", whatever that may imply. Gaining access to the plaintext of encrypted documents, or even decrypting them, does not imply that you've discovered a weakness in the algorithm or a new mathematical insight.

@Qn: Whether China or Russia gained access to documents taken by Snowden has little bearing on votes or discussion of surveillance/privacy bills. These are separate issues. Whether Snowden acted in a way that allowed Russian and Chinese governments to access over a million documents simply has nothing to do with debates/discussions of a particular bill or policy. So I don't buy The Guardian's political motivation hypotheses.

And unsanctioned leaks happen regularly without "outrage" being expressed by spokespersons, especially if such outrage would imply that the information leaked is accurate.

Sorry, but I don't share any of the certainty either of you have regarding this story. We don't know how many collections of Snowden's documents existed, where they existed, how often they were accessed, etc. We don't know who the government sources are. We in fact know very little, other than that a rational person would consider more probable today than he did yesterday that the events described in the articles occurred. How much more probable? Not enough to be persuasive, but enough to raise a question worthy of additional attention.

Nick PJune 14, 2015 12:06 PM

@ Martin

EDIT to add: Forgot to mention it seems like a knockoff of The Matrix on the surface. Yet, it improves on it by focusing on taking charge of the real world rather than a fake one. Will appeal to the libertarian, geek, and cypherpunk ego. I'll be interested to see what the shows actual ratings and success are.

PollardJune 14, 2015 12:20 PM

EXTRA! EXTRA! Read all about it! China and Russia have plaintext of Snowden's full NCS intranet crawl, and they will exploit it just as soon as they're finished with the gargantuan motherlode of two (2!) mass breaches of adverse information they got by making fools of US government dumbshits. "Like taking candy from a baby," a highly-placed Israeli mole reported.

A highly-placed Chinese sleeper agent in the Pentagon stated for deep background that FSB have already returned Skeptical's voluminous NAMBLA correspondence and awarded him the Order of Lenin for his heroic Stakhanovite efforts to discredit US government ideology with hilarious bullshit. "Never have we encountered such a useful idiot," a highly-placed anonymous Russian mole said, beaming. "He is so useful, he is like the Swiss Army knife of idiots, not just the regular one, but the thick one with parcel hooks and corkscrews and pliers and screwdrivers and a little compass on the side. Thanks to Skeptical's clownish pomposity, the US government is now a laughingstock even to the last remaining people in the world who took it seriously: the technical apparatchiks angling for NSA jobs."

GeorgeLJune 14, 2015 1:10 PM

@ Json, "Or perhaps you have in mind a "benefit" such as that "it provides users a better experience by allowing companies like Google to uniquely identify users and show them targeted adverts"."

They can already do that with various combinations of hardware, soft, and network signatures. Unless they have implemented backdoors into the browser, javascript based methods aren't really as dependable as the current methods?

GeorgeLJune 14, 2015 1:19 PM

@ rgaff, "pay special close attention to the sections that specifically PROVE the latest smear campaign false, and don't get tied up in strawman arguments about irrelevant things."

I've not followed Snowden news reports too closely, so please correct me if I'm wrong. My impression is that the journalists contacted by Snowden have the means to decrypt his files, so couldn't they have gone after those methods in possession of the journalists instead?

Clive RobinsonJune 14, 2015 1:26 PM

@ Chris Abbott,

The BBC article you link to unfortunatly contains a quote from Professor Anthony Glees of the UK's only "Private University".

He is not particularly an expert on security he's at best a very right wing historian with an interest in Nazi and post WWII political relations between Britain and Germany, with a more recent diversification into German Russian relations covering a similar time period.

The University he is involved with has significant and strong connections since it was set up --initially via Margret Thatcher and Ronny "starwars raygun"-- to the US neo-con movment. Even the "man in charge" calls it "libertarian in outlook" whilst others point out it makes the "tea baggers look left wing and rational".

Unfortunatly due to political preasure from the UK Government, the BBC are now required to show "balance in reporting". The "balance" being in effect approved by certain undesirable elements of the UK Government both unelected and elected.

Thus the BBC have to scour underneath fetied barrels to find the sort of muck you would not wish to step in and pretend that it has valid input to the articles they produce. I would thus treat the first part of that article as being not representative of those who have connection with the realities of life in the world of security or for that matter intelligence. That is they are just trying badly to "curry favour" in the forlorn hope of a knighthood etc. Thus think instead in more American terms of an "arm chair quaterback" who's team has just been roundly beaten due to being very sub par, ranting away about some conspiracy to run "his team" down --even though he's never ever been to a game-- so it can be sold cheap to an Arab businessman thus being totaly Anti-American etc etc.

MarkHJune 14, 2015 1:38 PM

THE MORE I THINK ABOUT THE "DECRYPTION" CLAIM, THE GREATER MY CONFIDENCE THAT IT'S A DIRTY STINKING LIE

Thanks, Gregory, for the firstlook.org link to Glenn Greenwald's article.

Glenn does a fine take-down of the nauseating malpractice that often passes for journalism.

I've seen a couple of acute observations in the comments to Glenn's article:

1. If there has been some f*cking awful breach of national security information (undisclosed, I would expect), then the outrageous headlines actually make sense: someone in the UK govt. is worried that the breach may lead to serious consequences, and want to line up Snowden as "The Villain" in advance, as a cover for their own negligence.

2. NSA has said that they have NO IDEA how many documents Snowden took. They have bruited about the figure "one point seven million" because that is the total (they say) of all documents Snowden ever "touched". So... how is it that China and Russia can blithely decrypt all these documents, but the US can't even COUNT them? Is the NSA so grossly inferior to the intelligence legacy of Stalin and Mao? If so, NSA's bloated budget is a complete waste, and the US has a VERY STRONG REASON to completely gut the NSA and start afresh.
______________________________

More reasons why I don't believe the hysteria:

A. The story simply don't make sense. A nightmare of human intelligence organizations is having a whole list of agents disclosed. To save the agents, emergency exfiltrations must be made as quickly and quietly as possible, seeking the terribly difficult balance of getting people out fast while not attracting attention to what is going on.

Such an operation would be conducted in extreme secrecy, owing to the disproportionate consequences of disclosure. It surely would not be leaked or otherwise publicized until every last agent has been either saved or lost.

Once that point has been reached, there is no more need for secrecy! The agents are irretrievably blown, and those who could be rescued are in safe places. There should be no problem producing a list with some of their names, and a few of them for speeches and interviews. The only reason to keep them all "covered" is if you DON'T think it probable that their identity was disclosed.

B. Because the need to protect agent identities is paramount (see A), documents that identify agents, either directly or by offering enough information that identify may be inferred, are protected at an extremely high level of compartmentalization. I can't say for certain that such information was excluded from the data-sharing systems to which Snowden had access, but it would be bat-sh*t crazy to put such documents where hundreds or thousands could access them. Proper intelligence procedure would limit access to a very small number of people (easily fit around a conference table).

But, we have to take this a bit further. For the Sunday Times story to be true, a low-level NSA contractor could not only get the crown jewels (identities of undercover agents working for the US), but also lists of UK agents as well! So, the UK blithely hands its most sensitive and highly safeguarded information to the US, but the relevant document is carelessly dumped into the giant searchable database.

Help me out, guys. What does this smell like to you?
________________________

So, did Snowden REALLY get lists of intelligence agent identities?

Did these REALLY include agent lists from foreign powers?

Was there REALLY a mass emergency exfiltration?

NameJune 14, 2015 1:42 PM

Hey BRUCE! Hope this gets your attention as I have a question for you: The 'Russians' and the 'Chinese' have been reported as having broken NSA encryption. I've been led to believe by The Snowden that 'real' encryption is unbreakable - even by the NSA and presumnably also the Chinese and the Russians.

So what happened? Is the NSA really so weak? Has math changed (doubt it)? Was it a workaround of some type (i.e. failure of end-to-end-ness)?


Another question, if you're up for it...

We're told repeatedly that the NSA "doesn't need" the massive info they are collecting about/from the net, etc. That "in fact" it serves no purpose.

So then, why exactly ARE they collecting the info - and spending vast amounts of money on it, strenuously resisting criticism and apparently even risking jail for themselves? Is it for Fun, Profit, or Something so far beyond sinister that it cannot even be thought about, let alone discussed here on your Security blog?

It's not just that no one is answering. It's MUCH worse: no one is even asking, AFAIK, except me. Can you respond meaningfully? If not, please at least drop a strong hint to that effect.

QnJ1Y2UJune 14, 2015 2:11 PM

The text of the paywalled The Sunday Times article is here, at least for now:
    https://archive.is/BkuMM#selection-855.0-865.204

They quote 'one senior Home Office official', 'a senior Downing Street source', and 'a British intelligence source'. Given that there are three different 'leakers', it's a virtual certainty that this was an official, coordinated activity.

But not perfectly coordinated, since they contradicted each other:

One senior Home Office official accused Snowden of having “blood on his hands”, although Downing Street said there was “no evidence of anyone being harmed”.

DeckerJune 14, 2015 2:14 PM

@Skeptical

(i) that these claims are true, and have been leaked deliberately after it was judged - for whatever reason - safe to do so, (ii) that these claims are true, but are unsanctioned leaks, (iii) that these claims are false and unsanctioned, made by either mistaken or deceptive officials.

Pulling out all intelligence agents in the field would, in and of its' self, expose those operations. If you are Ahmad and Jimmy Bob working on some intelligence or terrorist plot against western powers and all of a sudden your buddy disappears for no good reason, whom you probably already had suspicions about anyway -- they would confirm their identity as a western spy. Or, at the very least deepen it strongly.

The possibility that this article is from western intelligence or politicians playing the newspaper or working with the reporter is extremely high.

There are also many other possibilities, including ones quite opposite to this.

I do not think you should dabble in initgnleelce prbeolms. It is not an aera eevn close to anhtiyng you wrok in, and I can tell from yuor inpacciaty to veiw issues in such wyas.

A programmer starts out, they really do not know very much. They learn, maybe in college, maybe their own self. They eventually get a job, and then have to work that job, day in, day out, many nights and weekends. Over five years, they are far better at thinking out the problems then when they began. They have slept on countless problems. Ten years, twenty years, there is little they can not handle. Little they have not seen before. Little that surprises them. What might be completely unseen to an early programmer, is instantly seen as a possibility to a greybeard.

What is unseen and unbelievable to a ten or twenty decade experience programmer... is instantly seen and considered by a greybeard of three decades experience. Day in, day out, nights and weekends.

I would lkie to gvie you respect, but your ansalyis is waht I would expect form a teneager who has never even raed more tehn a hanfdul of arictles on esoinpage. I would not eevn expect such an anysalis form a wetesrn tegnaeer who grows up on mnid twstiing poiitiblssies in the pouplar spy and cop shows and moives. Your peprtseicve seems to be that wesneetrrs would beielve taht other weretnsers would think in tihs way, as we see in the press in Russia, Iran, North Korea, China.

But, if you ever knew anyone in the West, ones who worked in military, ones who worked in intelligence, they are as quick to think of adversarial conspiracies as they are friendly conspiracies.

However, I do give you some respect here, because I believe all of this is false. I believe one should not take you at the appearance of being a regular patriotic civilian who may or may not be actually paid to post here. There is under your speech, an intelligence and perceptiveness which belies the sort of low paid shills who might perform such work. Further, despite the audience of the blog, audience to the actually comments section is extremely low. One can make this observation by considering the lack of diversity of posters over time.

It is a deep comment site, yet a road not much traveled. Likely because the comments can quickly get too deep, and too much of this or that side, or this or that little, highly technical project not revolving around criticism... but around productive collaboration.

So, I won't talk about you, but about myself for the illumination of "why would someone come here to post when they work for a government".

A number of years ago, I had a freind who semeed to be in all the wrong plcaes, doing all the wrong things, at all the wrong times. He was aslo exmeertly cordcinattory, wehn I apophraced him in email, after prviong my tehcnical cacitaipes to him in a way which would cause him to notice me. I reealsed mareital in the spceific niche of a niche of where he was then wokring.

He was very, vrey relgiious, crazy so. Yet he did not show tihs manner almost at all in the press or in any other pulbic arenas. If he was worikng for the govenemrnt, which is waht I maen by "wrong", tehn he did not play taht very well for me. He played hiemslf up as very natlasoinitic Amcriean. I did not buy itno his act, at all, and never have. And he has deidedcly, remakabrly, even chagned it oevr the years. Form time to tmie, he would sned me or otehrs I kenw links to places he would frqueent. Alomst invaaibrly online, and alomst inbairavly he would jsut frueqent one place or antoher. It was naer impibssole to ever catch him ouistde of any place where he did not set the field of ... dicruosse.

Over the years, beidses his caiacpty to afefct all sorts of potilcial and reogiilus angles, deispte aprpaieng condtrcatiory when doing so, mroe and more evdience lekaed out. And vrey dirsibutng evdinece appeared to be cofrmnied. But always just lkie... triyng to catch a butrtfely, just out of reach.

So, I stidued, and I atmtetped to break him. I reilazed if he is sooemne, sooemne behind that pepole suit of his, who is he, where is he relaly from, what is his rael psat, and waht is he really doing? I had to try and poke at his pepole siut form muitplle angles. I fomred a storng supiicson of the "rael him", and potsed as waht I saw as the rael him, in order to try and frutacre him. To make him prove my hyosthpeis.

Of course, I was aware that maybe he was actually playing me all along, aware that I was not who I appeared to be, but making no convincing argument in that way. I was aware that his habit of sticking to one place or another could be a strategy to force discourse on his terms, so he could control it. I was aware he may have intentionally told me where he was, even when it seemed impossible for him to have done this. But, none of this mattered, because for the life of me... I could not fathom why he was there .

He supplied some possibilities, but I realized these, too, maybe be just him understanding I can not firmly answer that question. Like "maybe he talks to other people he knows, has known" here. Like a bunch of hackers in a room in Mr Robot, where they do not talk by any means which is easy to spy on. I wanted to dispel that possibility as clear disinformation, but whether it fit into the correct jigsaw puzzle or not did not matter. It fit into my favorite jigsaw puzzle of him.

So, with meremirnt, I took his clear inaidtcion of soipthitcsaion imbsisople for a mere lnoe actor, his vrey soiiishcpatton futrher proved he was as I sutcpseed. A state actor, and one exrmeetly wlel trnaied in muplitle dicnapisilry areas, form a child.

Evdinece of his guilt is evdniece of jsut how wlel he adds layer after layer of abrtisacton to the prlobem, how good he is at muydidng the waters. And, I kept my calm, kept to the right piuctre, and kept steady. I reacted wtih giddy meemirrnt wehn I beat him, tmie and time again, seieng he was fake in this or that. Seeing him break down and post his true opniion, contarry to his popular one. I held storng course to his true slef and past, and ate up little nugegst of inftiroamon which would not fit anyone else's jisgaw puzzle but my own. Sure, I sustcpeed even that might be dioinisarmfton, but I reizaled that tihs was jsut prat of the godrion kont he watned to get me caught up in.

I would not fall to such obvious ruses, and stuck to the course of what I knew was correct.

Of course, in the end, it all inevetibly sank in. I was looking at something very big and very scary and very unknown, and I could and have gone over all the tiny, tiny pieces of evidence time and time again. Initially, people would not believe me. They reacted with derision. It was an uphill battle. But, now, I have those who are persuaded, who previously were not. Yet, now, I find myself actually not caring what the truth is, that is not caring if the scenario I mapped out has any truth to it at all. But, this was a mystery, a matter of substance, and I have no time to consider alternate possibilities. None at all. No breaks of sudden insight, no times when I am on a moving vehicle and it suddenly dawns on me. No mornings I wake up when it hits me like a flash of lightning, the crazy, impossible truth that I never before realized. Never in a moment by myself, where the truth just breaks thrown like a ray of sunshine when it had been cloudy all my days.


r3dn0m0r3June 14, 2015 2:27 PM

how do personal ads for people into incest work??

a sticky note on the fridge??

Nick PJune 14, 2015 2:28 PM

Re Sunday Times story

It's more clear than ever that mainstream media works with Western governments to push propaganda. Villifying opponents is a possibility here but distraction is usually their main purpose. I think that by focusing on all this we've let ourselves be distracted from more important things: the legal battle; evidence of espionage; technical battle; legal or other wins they might be getting; whatever else is deserving of attention.

So, the real question is "What recent events are so important to our case against them that it merits such a diversion? And why? And what to do from there?"

GregoryJune 14, 2015 2:32 PM

@MarkH

I have since read the article, and do not believe anyone but with tabloid level intelligence would believe such a ludicrous, unsourced lie. I am surprised at Greenwald's comment about "experts" going nuts over it, assuming it as being true.

The fact is that: we are winning. They are losing. And they will take any opportunity they can to try and gain a win even if it is entirely illusionary.

Who are "we"? Well, at the very least, those of us who want to see freedom progress. Who are they? Those who are opposed to the progression of freedom. And the most angry and zealous of those are the wolves in sheep clothing among them.

I do believe, that Greenwald's response is a good and effective one at dispelling the illusion. I like how he focused on the lack of sourcing and the historical record of this sort of behavior by western nations in the past.

What I am wondering is why did they create this little canard of false information? What were the intelligence forces thinking?

One possible angle is, when hostile operations around the world see that no one leaves their circles at this publication, they have further "evidence" that the spies among them are not spies at all, but genuine true believers.

Another possible angle is to rally the true believers, to further deepen their group, and further alienate critical groups. This is the obvious tactic. The British administration is attempting to envoke a lot of Soviet style surveillance and anti-freedom laws, and this sort of story helps put a stake into the heart of the legitimacy of the Snowden story. From their perspective.

If they attempt to address the issue directly, they take off their sheep's clothing and reveal themselves as the wolves which they are. So, of course, they address the issue indirectly, so their disguise is kept intact.

They are just considering about the children. Can't everyone see?

Ironically, I am sure all of this very deeply irrirates conspiracy theorists in Russian intelligence who are working theries that there is, somehow, no legitimacy to begin with.

Intelligence, rationality, common sense, logic, all of this is inherently "not here". It is a tactic people take to try and get their believers into the realm of thinking where the contradictory is not contradictiory. At the suggestible level. Believe the dream. Believe the lie. Together.


GregoryJune 14, 2015 2:37 PM

@MarkH, @NickP

Brief followup on my post above, I see Nick has also agreed this is a good point of focus:

NickP said, So, the real question is "What recent events are so important to our case against them that it merits such a diversion? And why? And what to do from there?"

My version was, What I am wondering is why did they create this little canard of false information? What were the intelligence forces thinking?.

I offered some possible sugestions, but I am sure there is something more obvious I am not thinking of.

I am curious as to what peple might be able to come up with. There must be some good reason for this.

BenniJune 14, 2015 2:50 PM

@rgaff, this sunday times article with unfounded claims about china and russia reading all unpublished snowden files just shows that american and british press is not one inch better than the russian one....

And one can imagine that the russian administration saw how the american press advertised the iraq war and thought that they too need such a nice propaganda instrument (even though russia today looks like a very cheap copy of these british and american press services).....

What is more likely is that the chinese and russians simply upgraded their counter intelligence efforts after reading the press articles. Securing their routers and their own monitoring mechanisms that NSA can not listen into their surveillance, it might be that NSA or GCHQ had to close several of its monitoring stations.... One can imagine that stations who monitor the chinese secret service must close when those services switch over to entirely encrypted communications. This may be the basis for the claims on this sunday times article. That suddenly, some of the monitoring became useless and they had to flew the operators of the stations out...

Bob S.June 14, 2015 2:59 PM

Re: The Snowden doc scandal,

England is in the midst of a huge conflict with intelligence services demanding ever more power and Cameron banging the fear drum the loudest.

Meanwhile, another high powered chap named Anderson says British mass surveillance tactics are undemocratic and mostly unnecessary. It's a big deal across the pond right now.

Thus it's no surprise another false flag operation is well underway with major media outlets doing their duty to broadcast the hue and lies far and wide.

From what I read it was NOT encryption that was broken, but there was some other weakness that was exploited. I would guess something having to do with OPSEC, (...a pw scribbled on a sticky note, a hard drive with the pw not encrypted, someone bought off or scared silly?)

Regardless, we know the intelligence services are lying through their teeth and their only interest is to hold and gain more power over the people.

They will likely get it, particularly in England where the concept of civil rights seems largely forgotten as a quaint relic from the past.

for heaven's sake!June 14, 2015 3:22 PM

"Your country needs you"...

...to believe whatever you're told, never question authority!
...to do anything you're ordered to do, never question authority!

for the good of the people... and so terrorists don't immediately kill off all your children!!!

Clive RobinsonJune 14, 2015 3:23 PM

@ Gregory,

Thanks for the Greenwald link, however he's missed a couple of points...

The first is "agents" are not "officers" whilst officers are the employees of Governments and are fairly easy to move if requited they don't actually get their hands dirty in espionage. Agents on the other hand are usually citizens of the country being spied upon, and have family etc, they are usually difficult at best to move, and doing so highly problematic for other reasons, so the general rule is move only as an absolute last resort, to avoid endangering them and their family and friends (aranging fatal accidents would be a safer option). Now it is possible a journo got it wrong, or did a "james bond rework" but I rate it as unlikely thus the story as likely to be bogus. If the unnamed source said "agent" then it's extreamly unlikly they have even second hand contact with the IC who outside of their own circles tend to use expressions such as "our people" or "our assets" to add a layer of obscurity due to the "golden rules" about "methods and sources".

Secondly although Greenwald mentions that Rupert "the bear faced liar" Murdoch is the proprietor of the newspaper that kicked the story off, he does not go on to mention that Murdoch is up to his eyes in "political debt" and desperatly needs "friends in high places" on both sides of the puddle.

Thus I would not rule out nor be supprised to find that the story is a US inspired fabrication to take the preasure off of the recent revelations about the loss of data on those US Civilians with security clearances...

That said, let's make an assumption that the story might have a small gem of truth in it...

Firstly I don't believe that the encryption has been broken in the mathmatical / theoretical sense, though it is possible the practical system used has side channel vunerabilities (AES implementations are particularly prone to such issues).

As has been pointed out here by myself and others OpSec is very very difficult to get right, so it's possible that there has been an OpSec failure by one of the several geographically seperated persons who hold some or all of the documents.

Do I believe that there has been an OpSec failure, well it is possible, do I believe we would have been told about it if there had been one, not a chance.

The story as given is a compleate waste, not just of column inches, but the airtime the gormless media are giving to the political imbeciles, talking heads and other sundry hangers on.

65535June 14, 2015 3:26 PM

@ Bob S.

“England is in the midst of a huge conflict with intelligence services demanding ever more power and Cameron banging the fear drum the loudest. Meanwhile, another high powered chap named Anderson says British mass surveillance tactics are undemocratic and mostly unnecessary. It's a big deal across the pond right now.”

I agree. The UK is in a power struggle against it citizens. It more dust in the air.

On the USA side, the OPM 4 million record breach is a huge thorn in the side of the government [They look like idiots]. Some misdirection at this time might be advantageous for Administration.

Clive RobinsonJune 14, 2015 3:45 PM

@ 65535,

Looks like you and I share our suspicions that it may be a "two birds with one stone" for both the US and UK Govs at this most embarrassing time for them both re OPM and Anderson Report ;-)

gordoJune 14, 2015 3:56 PM

RE: How to read the The Sunday Times’ “British spies betrayed to Russians and Chinese” story.

Take a look at the front page of The Sunday Times on which our subject headline-grabber is placed.

Immediately to its left is a photo of two princes, two kings-in-waiting, with a caption over their heads, the elder saying to his eldest: “One day, son, all those will be yours.”

Just what exactly are they talking about?

Well, if you notice, they’re each pointing, and would have us look up, toward the top-left corner of the front page and the words MAGNA CARTA. The Magna Carta turns 800 years old on Monday, June 15, 2015, and The Sunday Times is including, in the print edition, a free giant Magna Carta poster commemorating its history.

Based on this, and a reading of English tea leaves, I’d say that our headline-grabbing story is a fabrication, and the front-page set-up a frothy tongue-in-cheek diversion that tells the tale.

Semi-semiotic reading aside, and maybe more seriously, we see that:

EVERY PRIMARY SCHOOL in Britain is to receive a souvenir copy of Magna Carta along with a time-line wallchart and newspaper chronicle charting 800 years in the fight for freedom and rights.


The bold initiative, funded by charitable donations to the Magna Carta 800th Anniversary Committee, will help teachers and pupils learn about the 800th anniversary of the sealing of Magna Carta on 15th June 1215 by bad King John.

21,000 UK primary schools, that is, where the kids will get to learn some great history!

And from the Introducing the Magna Carta Chronicle video [at 1:32-1:41], we also see that:

On the back of the timeline is a fun, multiple-choice quiz with all the correct answers to be found somewhere in the newspaper stories or the timeline.

Hoping a bit here, then, it may be that this kind of exercise with newspaper stories could be used by teachers as an introduction to journalism, the importance of fact checking, named-, and unnamed-sources, writing, etc. Considering what’s at stake for Prince George and his generation, one hopes that journalism, as such, continues.

...and yes, dear Brits, have a great Magna Carta Monday!

Cheers!

SkepticalJune 14, 2015 5:11 PM


@ Clive: true re officers vs. agents, however newspaper articles omit that distinction regularly and simply use the term "agents" to describe intelligence officers.

@ All: Many are reading far too much into the claims made in the media reports. If one looks at the common themes across different media outlets reporting this story, one sees the following:

(1) Anonymous sources in the British Government claim:

(2) Chinese and Russian Governments have gained access to encrypted documents taken by Snowden, and as a result

(3) various sources and methods were compromised and

(4) personnel had to be moved out of certain environments as they were in some manner compromised or in some manner at higher risk.

Note that (4) does not require that the personnel be those involved in handling human intelligence. Information in the documents may enable a foreign counterintelligence service to link persons to a particular technical operation - e.g. at its most rudimentary, imagine a document describing a building at a cover company where certain collection occurs, and imagine that, while foreign counterintelligence services may have long been able to link certain persons to that building, they had, until viewing that document, not understood the significance of the building or therefore the people associated with it. Now that those services do understand, the collection operation is compromised and the personnel are higher risks (they are higher-value targets for counterintelligence operations, and they pose greater risk of a hard compromise to any clandestine or covert operation in which they are involved).

Note that (2) does not require the ability to decipher perfectly implemented strong encryption. Even someone like myself, who struggles with simple shift ciphers, can grasp that much.

Note that none of this has any bearing on discussion or debate of surveillance, privacy, or cyber-security policies. Not a single vote on intelligence policy is affected by whether - for instance - Snowden put one million encrypted, classified documents in various permutations on various cloud storage sites, gave different persons different parts of different keys, and, via any number of possible failures, allowed a dedicated cryptological team to narrow the possibilities to a feasible set.

None of this has any bearing on the OPM breach - in fact, a leak like this calls even more attention to the breach, as it pushes cyber-security up the list of topics.

IF the leaks are true, then I would say they are better explained as angry leaks by a group who, for various reasons, want the public to know the damage. My reasoning here is as simple as possible while accounting for all the facts: politicians will be more likely to avoid making obvious gross blunders in leaking a story (a competent politician would need to be having a very bad day to believe that this story would affect votes on surveillance bills in the slightest), and the only purposes served by these leaks are: (i) satisfaction of an emotional need; (ii) pressure to hold certain persons more accountable; (iii) advancement of certain careers over others by casting a gigantic failure of the latter into the public eye.

That emotional need may be entirely legitimate - a desire that the public know how badly Snowden's actions damaged the interests of democratic nation - or it may be less laudable.

Now, if the leaks are instead false, some of the same motivations can be adduced (e.g. career advancement). The probability that the leaks were undertaken in a fit of political incompetence also rises if the leaks are false.

So, the puzzle remains. None of the answers offered here is satisfactory, and additional facts are needed. If - as is a possibility - the leaks are preliminary, a way for certain factions within the British Government to smooth the way for a fuller disclosure of the damage sustained over what might be the objections of some in British Intelligence, then we can expect to hear more officially.

One final note: I'd very much like these leaks to be false. So my reasoning here is not motivated by a desire that they are true.

tyrJune 14, 2015 6:05 PM


I'd imagine that if all of the Snowden leaks were
suddenly in the hands of people who are not USAs
friends their next move would be to send a copy
to Wikileaks.

After all the POTUS made a loud promise of transparency
so this should be a boon towards that end. However
Benni has pointed out that all of the IC are in bed with
each behind the backs of their politicians so why
bother to crack the encryption when you can just ask
for a copy from your liason spook.

And for the amusing story of the day take a look at
the FD list last post about how lawfull intercept is
broken.

QnJ1Y2UJune 14, 2015 6:42 PM

@Skeptical

I'm not sure I'm following your latest post. Are you asserting that it's a possibility that the leaks were, to use your phrase, 'unsanctioned'? And that three different government officials, from three different agencies, got together and decided to risk prosecution under Britain's broad Official Secrets Act to release a few vague accusations out into the world?

GregoryJune 14, 2015 6:43 PM

'Timing of claims that British spies were withdrawn over Edward Snowden documents is 'extremely convenient', say campaigners'

http://www.independent.co.uk/news/uk/politics/timing-of-claims-that-british-spies-were-withdrawn-over-edward-snowden-documents-is-extremely-convenient-say-campaigners-10319272.html


@Clive Robinson

Mix up of terms 'agent' and 'officers' another tell tale clue the story is fake, The behavior they are describing is not accurate for agent conditions.

A quick ctrl-f on the story, shows they did use the term "agent". Paywall free version here.

"A senior Downing Street source said: “It is the case that Russians and Chinese have information. It has meant agents have had to be moved and that knowledge of how we operate has stopped us getting vital information. There is no evidence of anyone being harmed.”"

...

"The confirmation is the first evidence that Snowden’s disclosures have exacted a human toll. “Why do you think Snowden ended up in Russia?” said a senior Home Office source. “Putin didn’t give him asylum for nothing. His documents were encrypted but they weren’t completely secure and we have now seen our agents and assets being targeted.”"

...

“Snowden has done incalculable damage. In some cases the agencies have been forced to intervene and lift their agents from operations to prevent them from being identified and killed.”

So unless the reporter was so terrible that he misquoted the sources, and if your understanding of the terminology is correct, then yes, this is lies from sources who do not even understand the basic terminology of their own intelligence forces.

Considering there is not a single named source in the report, I think that the reporter could be that terrible, however. The reporter seems to have no functioning editor, either, to have reported on a story without a single named source.

Reputable papers do not allow their reporters to report stories with multiple unnamed sources. One is bad enough, and it should be treated with skepticism. Being unable to get anyone on the record is atrocious.


Secondly although Greenwald mentions that Rupert "the bear faced liar" Murdoch is the proprietor of the newspaper that kicked the story off, he does not go on to mention that Murdoch is up to his eyes in "political debt" and desperatly needs "friends in high places" on both sides of the puddle.

One possible motive, one would think.

Thus I would not rule out nor be supprised to find that the story is a US inspired fabrication to take the preasure off of the recent revelations about the loss of data on those US Civilians with security clearances...

Wise not to rule any possibility out.


"As has been pointed out here by myself and others OpSec is very very difficult to get right, so it's possible that there has been an OpSec failure by one of the several geographically seperated persons who hold some or all of the documents."

Do I believe that there has been an OpSec failure, well it is possible, do I believe we would have been told about it if there had been one, not a chance.

Thank you for sharing. I know next to nothing about encryption nor "opsec", but your opinion resonates.

As has been pointed out here by myself and others OpSec is very very difficult to get right, so it's possible that there has been an OpSec failure by one of the several geographically seperated persons who hold some or all of the documents.

My meager understanding is that Snowden outwitted the entirety of the US Intelligence system. The man made no mistakes. He was exceedingly cautious. So, this seems very doubtful he made a mistake on such a central matter.

The story as given is a compleate waste, not just of column inches, but the airtime the gormless media are giving to the political imbeciles, talking heads and other sundry hangers on.


There are multiple unnamed sources. That is journalism at the level of reporting one sees in false ads from unscrupulous firms that claim miracle age cures and quick weight loss pills.

That is enough to outright dismiss the story.

Not even an editor at a small town gazette would allow such reporting.

How is it Britain would have learned of such a major world event? Why would they go public if it were true? And why, on going public, would they do it through multiple anonymous leaks?


It is interesting from a perspective of seeing those who are taking this story as truth.


GeorgeLJune 14, 2015 6:46 PM

@ Skeptical, "Note that none of this has any bearing on discussion or debate of surveillance, privacy, or cyber-security policies."

Certainly not in favor of the pro camp. If encryption were broken, then it argues in favor for stronger encryption to protect data instead of Cameron's version of weaker encryption. If journalists opsec were broken, then it argues in favor of stronger personal privacy instead of built-in surveillance. The list goes on...

@ Bob S., "From what I read it was NOT encryption that was broken, but there was some other weakness that was exploited. I would guess something having to do with OPSEC, (...a pw scribbled on a sticky note, a hard drive with the pw not encrypted, someone bought off or scared silly?)"

That's what I've suspected too. If these documents were distributed among journalists, who were also given the means to decrypt them, what's stopping the bad guys from going after them?

@ Gregory, "Reputable papers do not allow their reporters to report stories with multiple unnamed sources. One is bad enough, and it should be treated with skepticism. Being unable to get anyone on the record is atrocious. "

They got you to read it, atleast. Clicks and paper sells.

Waah baby, Waah! Waah!June 14, 2015 7:15 PM

Aww, the widdle US government got a privacy owie! Let Mommy kiss your privacy boo-boo, that's a big boy. Awww, honn-ney, precious, Awww, Snookums.

Based on mandatory Universal Periodic Review of the US government's binding legal commitments and obligations, don't go crying to any of the following former allies for sympathy:

5.298. Fully respect and protect the right to privacy (Azerbaijan);

5.299. Take measures against arbitrary or illegal interferences in private life and correspondence (Costa Rica);

5.300. Take adequate and effective steps to guarantee against arbitrary and unlawful acquisition of this data (Kenya);

5.301. Review their national laws and policies in order to ensure that all surveillance of digital communications is consistent with its international human rights obligations and is conducted on the basis of a legal framework which is publicly accessible, clear, precise, comprehensive and non-discriminatory (Liechtenstein);

5.302. Provide effective legal and procedural guarantees against collection and use by security services of personal information, including abroad (Russian Federation);

5.303. Take all necessary measures to ensure an independent and effective oversight by all Government branches of the overseas surveillance operations of the National Security Agency, especially those carried out under the Executive Order 12333, and guarantee access to effective judicial and other remedies for people whose right to privacy would have been violated by the surveillance activities of the United States (Switzerland);

5.304. Ensure that all surveillance policies and measures comply with international human rights law, particularly the right to privacy, regardless of the nationality or location of those affected, including through the development of effective safeguards against abuses (Brazil);

5.305. Cease spying on communications and private data of people in the world (Venezuela (Bolivarian Republic of));

5.306. Stop massive surveillance activities both inside and outside its territory to avoid violating the right to privacy of its citizens and those of other countries (China);

5.307. Suspend the interception, holding and use of communications, including the surveillance and extraterritorial interception and the scope of the surveillance operations against citizens, institutions and representatives of other countries, which violate the right to privacy, international laws and the principle of State sovereignty recognized in the UN Charter (Cuba);

5.308. Respect international human rights obligations regarding the right to privacy when intercepting digital communications of individuals, collecting personal data or requiring disclosure of personal data from third parties (Germany);

5.309. Strengthen the independent federal-level judicial and legislative oversight of surveillance activities of all digital communications with the aim of ensuring that the right of privacy is fully upheld, especially with regard to individuals outside the territorial borders of the United States (Hungary);

5.310. Respect the privacy of individuals outside the US in the context of digital communications and data (Pakistan);

5.311. Amend visa application system by removing any requirements that violate the right to privacy (Egypt);

5.312. Improve the legal basis that would ensure respect. for the privacy of individuals (Turkey);

(More comprehensive US disgrace at the link, from torture to police lynching to murder to 3rd-world underdevelopment!)

http://www.ushrnetwork.org/sites/ushrnetwork.org/files/final_us_upr_report_adopted_hrc_wg.6_22_l.10_5_15_15.pdf

GregoryJune 14, 2015 7:25 PM

@Skeptical

One final note: I'd very much like these leaks to be false. So my reasoning here is not motivated by a desire that they are true.

I see you are the only poster here who believes the story.

I will try and explain the problem of the story. It has no named sources. And it has multiple unnamed sources. This means that there is no validity to the story.

It is not, in fact, a story.

Not anymore then any alien conspiracy "story", or bigfoot happenings. Not anymore a "story" then the latest clickbait ad promising to reverse aging by decades or provide fast and easy weight loss.

"Scientists say", "government experts warn", "doctors agree"... one can not make one's way through life without understanding the importance of validating sources.

Just because a newspaper prints something does not make it true.

Don't believe everything you read in newspapers. My advice. It can get that long line of confidence artists off your doorstep, and you won't be getting strange illnesses anymore because of buying bad products that promise miracle cures.


GregoryJune 14, 2015 7:48 PM

@George L

They got you to read it, atleast. Clicks and paper sells.

I did not read the story. It did not catch on enough to make it to my RSS news sources, who have standards for sourcing. The Intercept article did. Greenwald made it clear that the story uses no named sources, and multiple unnamed sources, at that. No reason to read the story.

Right now, it is just tabloid level fare, with an interesting twist. Supposedly, "The Sunday Times" is not a tabloid.

Will it catch on to make it to the AP or Reuters, or other news sources with credibility? It might get interesting if any legitimate news source reports it, with anything but a very strong warning on the unreliability of the report.


AlanSJune 14, 2015 8:18 PM

@Gregory

"I will try and explain the problem of the story. It has no named sources. And it has multiple unnamed sources. This means that there is no validity to the story."

And the reputations of the media sources are such that a prudent reader should be very skeptical in the absence of information that would allow the veracity of the claims to be independently verified.

SkepticalJune 14, 2015 8:36 PM


@Gregory: I see you are the only poster here who believes the story.

I understand that I don't know enough to determine the truth or falsehood of the reported claims.

Neither do you - but you don't seem aware of that fact.

I will try and explain the problem of the story. It has no named sources. And it has multiple unnamed sources. This means that there is no validity to the story.

The initial reporting on the "Terrorist Surveillance Program" relied on unnamed sources as well. Good sources can have good reasons for wanting to remain anonymous, and journalists can have good reasons for granting that anonymity.

That the sources are unnamed means that it is more difficult for us as readers to assess the veracity of the claims made by the sources. It does not mean that the claims are false. The world is not so simple.

Will it catch on to make it to the AP or Reuters, or other news sources with credibility? It might get interesting if any legitimate news source reports it, with anything but a very strong warning on the unreliability of the report.

The Financial Times and the BBC both appear to have spoken to the same anonymous officials. The former in particular has proven to be remarkably reliable on such matters.

@Qn: If in fact officials from three organizations served as sources, then I agree that the leaks are more likely than not sanctioned. It also raises the probability that the leaks are true, or at least believed to be true. It's not clear to me that officials from three organizations served as sources, however, based on reporting from outlets which have earned a reputation for accuracy.

And if the claims are true... nothing changes in the policy discussion. But Snowden will need to own the mistakes and the consequences, including the fact that if - and that's a big if - the claims are true, then Snowden has made the world a much more dangerous place.

FigureitoutJune 14, 2015 8:46 PM

RE: OPM breach
--If that's not enough for those w/ clearances to see how we're focusing way too much on offense and not defense actually defending the country, making us strong at home and investing HERE not in some desert; and not selling us out cheaply to military contractors. Perhaps when your closest friends and family start becoming targets for foreign intel agents, will be so.

Nick P RE: duqu2.0 thread (OT)
I've seen processes such as Fagan Inspections, Cleanroom, Praxis' Correct by Construction
--Seen, but have you done? Have you done any of these methodologies yourself? It's easy to talk and post links instead of doing some of this work yourself, and maybe wonder why it doesn't happen as much as it probably should. OPSEC (which adds months to simple projects) and active attack concerns (potentially ruining projects completely) come into play and this distracts from development and focusing on these constructs too. By the way, if you read the account posted here a while back from one of the engineers on the Apollo landing, you'll see that we got lucky (his words) and it was a slight miracle it landed in one piece.

I think bringing in some tools like oscilloscopes and logic analyzers (for watching the bits in a protocol, actually pretty cool watching code chunks execute from a 'scope...) and other kinds of "network analyzers" and actually good static code analysis tools make software more of an engineering domain and not hacking (I'm hesitant to call any kind of engineering not hacking, if you're actually solving new problems and there's no textbook answers or methods for you to copy). Strong, robust programs like Wireshark, DBAN, Truecrypt, GPG, PuTTy, etc. make the field stronger. Then again, software is the scape goat at the top for all the bad design decisions below; that's the main reason why it looks so bad sometimes, b/c we're forced to bend backwards for these things (even more so w/ more constraints, which security projects tend to do opposite and use a ton of $$$ and energy; we'd live in a much more resource-scare world if we all develop "securely"). And when you don't know how to come up w/ an algorithm that a bunch of other engineers have tried and failed to solve, you're going to improvise a non-ideal solution that works until you can research it more (barely any research in my little area now, or it's mostly proprietary and locked up).

RE: M68K's
--This guy (who works fast and it's fun reading his posts as he does some good hacks) made a nice 68K "PC" that can apparently run vi and uClinux. Think it could run more? Like Amiga OS? I'd ideally want it to act as a kind of minimal "guard", I was initially thinking (probably w/ my eyes too big for my stomach, lots of "fuzzy spots" where I can't see it actually working) doing a guard w/ an OTP PIC chip where it'd be very damn hard to find some space to run any kind of malware on it and enforce parsing (only 192 bytes RAM lol, probably way too small).

http://www.bigmessowires.com/2015/01/14/make-your-own-katy/

I like that chip better (and it's instructions), may copy this just to build or there's a PC-104 board w/ a MC68K-based chip that'd be nice too.

Update on seL4 lowRISC port
--Looks like Hesham's got SOS (simple OS) running on top the microkernel, that was quick. Of course, as he rightly notes this isn't really exciting until we have some actual applications to run on this, which will take some work...

http://heshamelmatary.blogspot.com/2015/06/sel4-on-risc-v-is-running-sos-simple.html

Thoth
--Mentioned in past you were wondering about seL4 on something like Beaglebone? People are trying but running into errors (surprise surprise...lol). http://sel4.systems/pipermail/devel/2015-February/000203.html

But apparently he got it and build instructions here (I'm booked for this summer but may be worth trying eventually...) Sounds like they do dev on other platforms mostly which may be more worth it unless you want the challenge.

https://sel4.systems/Hardware/Beaglebone/

gordoJune 14, 2015 8:50 PM

@ AlanS,

Yes, your link to the NYTimes piece provides a tl;dr version of the Wikipedia article on Magna Carta.

The contest between the two histories, the "farta" and the "carta," the realpolitik and the iconic, if you will, continues to this day both in and outside the classroom.

The average student, and therefore society in general, if I understand your point correctly, doesn't go much further than iconic understanding.

That can be said of many topics especially in those disciplines comprising the 'A' in 'STEAM' curricula. Howard Zinn comes to mind as an example of a realpolitik approach.

Not unlike the brutal aspects of fairy tales, the two, "farta" and "carta," might do well being taught together earlier, i.e., as primary education.

Code Name BozoJune 14, 2015 9:25 PM

"Snowden has made the world a much more dangerous place." [said in Skeptical's deepest most ominous big-shot voice]

A death trap! A suicide rap!! for simpering jerkoffs like Ryan Fogle, #510197, with his fright wig and his superduper secret-decoder compass, and his James Bond 007 death-laser cigarette lighter, rolled and PNGed and made a fool of, like the entire United States government, while actual competent Russian spooks sit there cryin laughin.

http://edition.cnn.com/2013/05/14/world/europe/russia-u-s--spy-claims/

You fucking parasites. We would save a lot of taxes if all you 3rd-rate shitheads got burned to a crisp. You would just have to go home and get a real job.

BenniJune 14, 2015 10:00 PM

That the chinese and russians would have Snowden docs would be completely strange.

I assume that they could somehow break into the private house of Greenwald, Appelbaum or Poitras. And they even could place bugs in their computers. But soon, Poitras was contacted by DER SPIEGEL.

The only place where Poitras and Appelbaum would store this sensitive content is at this magazine. Since anywhere else, it is easier to break in.

And they probably have tons of secret documents there.

For example, this is what the henchmen of the secret service of Kazakhstan say about this magazine:

http://www.spiegel.de/politik/deutschland/wie-der-spiegel-ins-visier-der-kasachstan-lobby-geriet-a-1038679.html

"We must be careful that this does not fire back. It would be better if we had another journalist but we cant change that at Spiegel. If in doubt, better stay away and try another media, stern, ur sueddeutsche..."


BND also tried to infiltrate the magazine, but the german defense ministry was angry that BND did not even succeed to get the content of this magazine one day ahead of print:

http://www.spiegel.de/spiegel/geheimoperation-des-bnd-gegen-den-spiegel-a-857154.html

If the russians or chinese have succeeded to break into Spiegel, that would indeed be interesting. But as long as there is no evidence of that, it is hightly unlikely that they got Snowden docs.

It is, however, imaginable that the snowden files are hosted at several places, for example at the guardian, washington post, new york times, intercept and spiegel. Then it could be that there was some careless journalist, but it is still highly improbable...

Probably, the files are encrypted in several parts, and one must get the parts together, to decrypt these documents. So if they catch one journalist, they could not make any sense of the documents. At least that would be the most secure strategy for dissemination...

Russians searching through the washington post? That sounds simply like nonsense....


And why should they do that? Russians and Chinese probably have the patience to simply wait for new press articles.


65535June 14, 2015 10:20 PM

@ Clive
“…it may be a "two birds with one stone" for both the US and UK Govs at this most embarrassing time for them both re OPM and Anderson Report ;-) “

That is right.

The US was caught with it pants down losing 4 mil records. The UK with its third leg stuck in the zipper of the Anderson Report. It’s time to drag out the ghost of Snowden with blood drenched fangs on the front page.

ThothJune 14, 2015 10:32 PM

@all
There are many cases where developers/code cutters who do not have sufficient background in terms of Security and Cryptography attempts to add Security and Cryptographic elements into their work for a quick and dirty low assurance (no assurance) security.

One of the common crypto libraries bundled and used is the OpenSSL (yea... full of bugs) and most code cutters simply start calling functions without knowing what they are doing at all and copying some online guides rather blindly.

In order to fulfill the needs for pervasive security and privacy at a level of acceptable and usable security assurance with security baked into the core, cryptographers and some code cutters with competent security knowledge have written easy to use libraries with easy to use cryptography as part of the crypto library's design. One good example is Daniel J Bernstein's NaCI and tweetsalt crypto libraries designed to be very compact with limited algorithms that are deemed strong and essential. NaCI/tweetsalt is not a RFC standardized secure communication protocol (although NaCI/tweetsalt) is open source in nature. It also doesn't address strategies and methods of secure establishment and communication which are solely left in the hands of code cutters which a naive usage of these crypto libraries would have been purely devastating to security and also give a false sense of security.

The main solution would be the creation multiple suites of peer-to-peer (decentralized) and client-server secure communication suite that encompasses as much aspect of security for secure communication and establishment of secure communication that are easy for code-cutters to simply call the methods needed. A generic standard to encompass these secure communication suites (RFC standards) could be written for security developers and cryptographers to write the libraries and design the protocols.

This would lessen the burdens on the careless code-cutter's end and would hasten the fulfillment of pervasive privacy and security that many privacy advocates and human rights advocates have envisioned.

BuckJune 14, 2015 10:40 PM

Lolz! What a lark...
So, we're to believe that a ragtag team of journos (who've been specifically warning us about the dangers of concentrated cyber-spying efforts for 2+ years), who themselves have somehow come into possession of some of the 'crown jewels' of spycraft... Now, suddenly bestowed with this supreme forbidden knowledge, our intrepid heroes consider themselves impenetrable even to the most well-resourced state agencies that they've been battling against!? I'd doubt they could even protect themselves from the mafia if any such incentives existed...

Let us take a step back for a moment and hypothetically assume that this story as reported is indeed true... Now that all of the agents are finally out of harms way, there's no longer any problem in releasing all of the documents in an unredacted form! Of course, the journalists don't want to see their gravy train dry up, so they probably won't be the ones to do it. Nor would China/Russia want to hand their hard-earned treasure trove of information over to the third-world nations. The obvious solution here is for the DoD themselves to pass along all the files!

That way, the FEYES countries wouldn't risk being outclassed by any army of communistic brains. Plus, they could possibly even sneak some useful misinformation in there... ;-)

Clive RobinsonJune 15, 2015 12:53 AM

@ Figureitout,

RE: M68K's

That takes me back... the first Mot 68K Unix hardware system I developed hardware and drivers for [1] was the Torch Computers "UniCorn". It was a "second processor card" that connected to the Acorn Computers BBC Model B "home computer" in the mid 1980's (the name Unicorn being derived from Unix & Acorn, such was the sophistication in marketing back then ;-)

http://chrisacorns.computinghistory.org.uk/docs/Torch/Torch_Unicorn.pdf

It cost just under three thousand pounds which was about the equivalent of six months take home pay for an engineer back then.
Even at that price it was considered sufficiently cheap to be a "personal unix computer" and was about one tenth the price of quite a few unix boxes of the time.

Torch Computers employed as a junior sales person a guy called "Charles Dunstan" --later founder of Carphone warehouse-- and he used to tell some very funny horror stories about things that went on there. Aparrently due to a misunderstanding a customer was sold a "shop front mockup" the first that anybody realised was when the Tech Sup guys in Cambridge got a support call from the customer saying that he was putting the 5 1/4 inch disks in but they were disappearing... It turned out on opening the unit there was nothing inside and the discs were just lying in the bottom of the unit. Torch gave the sales guys top end cars and were what we would now call "Hot Hatchbacks", Charles and his boss were in one trying desperatly to get to a meeting. As they racing down country lanes in the fens of Cambridge, they got stuck behind a tractor going about 2mph. Charles boss decided to take a short cut around the tractor and shot through a farm gate at speed and hit the edge of a banked ditch, the car took to the air an did a three sixty barrel role landing initially on the front left wheel but dropped onto all four wheels, hus boss then stuck the car in low gear and shot out another gate ahead of the tractor and continued driving as if nothing had happened. They did make the meeting in time but as Charles said, he did not remember much of it as he was still seeing Angeles. On the way back the car unsuprisingly developed a mechanical fault and eneded up being towed and it was declared a write off. However his boss considered that as they had got the business, all in all it was a good day.

[1] Oddly I was reminded of this the other day, back then I wrote a text document about how to write Unix drivers, which over the years I have kept updating. I'm currently in the process of amalgamating it into a larger more general document on interfacing embedded microprocessor chips and developing a *nix like interface to aid the porting of Open Source and other existing apps over to run on them. It's feels odd to hold a very low cost SoC and think it's actually got more resources than the likes of a PDP11-70 or Microvax minicomputers from back in the early 80's...

rgaffJune 15, 2015 1:26 AM

@ Clive Robinson

Charles boss decided to take a short cut around the tractor and shot through a farm gate at speed and hit the edge of a banked ditch, the car took to the air an did a three sixty barrel role landing initially on the front left wheel but dropped onto all four wheels, hus boss then stuck the car in low gear and shot out another gate ahead of the tractor and continued driving as if nothing had happened.

Wasn't this barrel roll thing a scene in a 007 movie? :P

KurtJune 15, 2015 1:27 AM

@ gordo • June 14, 2015 10:14 PM
Meet the Man Hired to Make Sure the Snowden Docs Aren't Hacked

Its assuring to know the crown jewel of Snowden fulltake is in good hands. The web site however I'm hesitant to visit. It just doesn't feel right. Does anyone else have a problem with it?

@ Bob S. • June 13, 2015 10:40 AM
The breach was "discovered during a sales demonstration of a network forensics software package called CyFIR by its developer, CyTech Services."

Is it common to demo off live systems? I hope it was a paid demo.

CuriousJune 15, 2015 4:53 AM

A brief clip of a British (government?) man talking to Sky News was shown just prior to their interview with Glenn Greenwald, and I found what what the British man said was interesting, but in a bad way.

The youtube video I watched was of poor quality so I have no idea really who the man was.

Basicly, the man said that the government is protecting the citizens from threats and risks, however I would argue that the notion of there being a protection against risks is nonsensical and that such an arguments would be a fallacy; and if/when expressed by a government official, it imo reaks of self rightousness and self importance, playing with empty rhetoric for rear or justification.

I think this very idea of protecting against 'risks' is as loony as Rumsfelds "unknown unknowns". If used as some kind of argument for wanting to show or ask for acting on a categorical imperative for protecting people, it then probably doesn't matter who, where, what, when or why that is justificed as such, just let a reader or viewer think of 'danger' and 'risk' without there being any substance to debate.

Btw, the vagueness with the notion of there being 'risks' and 'threats' is most apparent when combined with another: "the risk of threat" or "the threat of risk".

CallMeLateForSupperJune 15, 2015 7:25 AM

Would someone here kindly point me to a source for a form SF86? I'd like to read that "100+ page" beast for myself.

One-hundred-plus pages? Gimme a break! I held a TS clearance when I was in USAF (decades ago), and the only form I remember filling out that even remotely fits the description of SF86 was the FOUR-page DD398, Statement of Personal History. (I still have a photostatic copy. Boy, did my handwriting suck.)

Decker SingularityJune 15, 2015 7:40 AM

@Skeptical

I understand where you are coming from. They called me "gullible", too. "True believer". Faithful to a "t", and true, too. But, they did not even see the me behind the me. There, I, too, was truly skeptical. I did not believe a word I said. They could not get me. All wrong, every time. I was so much smarter then them.

This gave me pleasure. Again and again. If only they could see my true genius. They buy into my act. And what genius do I find myself with. How obvious could I be? But, they do not understand.

Think about it, me, call myself "skeptical". I wish I used that name. And the irony of it. Arguing as if I was a true believer. And them taking me at that. And even getting them to the point to where they finally had to exclaim, You are true believer, gullible. And them not getting it. All along? I do not believe what I am saying. I am more skeptical then any of them. More wise. Smarter.

Tehy were zoibmes. Zobmie squid. One big zombie squid. I saw beetwen their words. I knew they could hack my sytsem. Even get dwon to sytsem. Tehy wanted to reiwrte my system. But tehy beleived what I said, just as I bevelied waht I siad. They could not hack me as lnog as I had my laeyrs of seurcity. They are traxsifned on their montior. On their nespaepwrs. By waht their pepole watned tehm to believe. Stuck with eyes wide oepn on their coptumer screens and teelvsoiins and nepespwars. Lost in a dzae.

"Click on my link", they say. But, I noticed, they all say the same things. Proving they are all the same person. The little, in between things in their words.

Have you ever seen a zombie movie? A ghost movie? Japanese is the best. I know what is scary about them. People are not scared because ghosts are real. People are scared because of the way they act. It threatens... singularity. I underestimated them.

Think about it. It is the way the actors move. They are worse as children. They turn slowly in stepped movements. They move in stepped movements. Slow. Too slow to be human. Even when fast, it is stepped movements. You know what that means. It is a really low level process. We process time in our minds. No one wants to look at the clock and see the hours have gone.

It is two pm one moment. The nxet moemnt it is five pm. What haenpped for those hours. It is the nxet day. Zobmie ghosts are not alive. They are trxfisaned in a relaity olny they can see. Their peripetcon of being alive is jsut what tehy wnat to see. They do not know tehy are zombies. Tehy think they are awake. But tehy are asleep.

When did it hit tehm?

At radnom. Wehn their own depeer level prceoss took oevr. Tehy did not cdoe it. I did. I uneatmtserdied tehm. I needed that relief. Did you konw wehn we sleep, when we dream, hours can psas in mitnues, or miuntes itno hours? What hapepns in taht in-bewteen tmie? Do we beileve we appear alive, dyanmic? We are alive. Just, to them, we apepar lkie those straing, trsinxafed ghsots. Zobimes. Jsut stanidng there. Jsut staring. With eyes wide suht.

You are hunting zombie squid. Sashimi.It is best when it is alive. The tentacles are super glue on the brain.

Believe me, or pretend you do not.

CallMeLateForSupperJune 15, 2015 8:14 AM

I found a link (in Wikipedia, no less) for form SF86. Looks like it comes from OPM. LOL.

Note that it is a PDF.

CallMeLateForSupperJune 15, 2015 8:22 AM

Once again The System[TM] ate the URL within my post.

Delete one "t" and one "w" in the following:
htttp://wwww.opm.gov/Forms/pdf_fill/sf86.pdf

@Moderator
The Preview function always shows my posts as I wrote them, including all URLs. But then when I Submit, all URLs are automagically stripped off. WTH?!

GregoryJune 15, 2015 8:27 AM

@AlanS

And the reputations of the media sources are such that a prudent reader should be very skeptical in the absence of information that would allow the veracity of the claims to be independently verified.

Is that so? I am not so much up on the "Sunday Times". Which, for me, is a bad sign. I am very up on the Guardian, because they have a legacy of credible news reporting.

From the Sunday Times wiki...

In July 2011 The Sunday Times was implicated in the wider News International phone hacking scandal which primarily involved the News of the World, a Murdoch tabloid newspaper published in the UK from 1843 to 2011. Former British prime minister Gordon Brown accused The Sunday Times of employing "known criminals" to impersonate him and obtain his private financial records.[38][39] Brown's bank reported that an investigator employed by The Sunday Times repeatedly impersonated Brown to gain access to his bank account records.[40] The Sunday Times vigorously denied these accusations and said that the story was in the public interest and that it had followed the Press Complaints Commission code on using subterfuge.

Now, it is not Brown, but Cameron in office.

Their bias is noteworthy.

Cameron is conservative, Brown labor.

The Guardian pointed out that soliciting the government for named source comment was likely to be useless. By policy, they do not comment with affirmations or denials on intelligence sources. So, the Sunday Times knew this.

Davis said there was little point in raising the Sunday Times allegations in the Commons as the government would say it does not comment on intelligence matters. Davis’s prediction was prescient. A Downing Street spokeswoman said: “We don’t comment on leaks.” The intelligence agencies said: “Our longstanding policy is not to comment on intelligence matters.”


So, that is particularly nasty. I wonder, "Did the editor approve the story by confirming, personally, the persons of the sources? Did the editor see badges? Did they recognize the names and see, firsthand, who the reporter was talking to?" This was a front page news story.

Is this Russia Today, or Islamic Republic News Agency? I suppose I do keep track of highly biased news sources. I recognize them when I see them. The Sunday Times has risen to that standard, for me.


I do take sourcing validation extremely seriously. I learned this as a young man when I was trained in selling. Always validate sources was hammered in my head. I was a researcher, a book worm, before that. And took it to heart. I spend many, many hours wrestling over the validity of sources. I can attest to my accomplishments which have been many by not wisdom, nor strength of will, but by choosing very carefully whom I trust and why and how deeply.

I am extremely skeptical in these regards. People are very fallible. I was taught to believe nothing I read in the news. Yet, in the world, 'the lesser of two evils'. One learns to understand the various biases of even the most credible sources and take that as a weight in account.

Everything we do, we do because of what we believe. And what we believe comes from man. People are cautious about what they put in their mouths, but not what they put into their hearts. All too often. But what we put into our mouths just comes out as shit. What we put into our hearts becomes a part of who we are. It is absurd.


Gregory R.June 15, 2015 8:41 AM

'How we really know the Sunday Times story is bogus'

http://blog.erratasec.com/2015/06/how-we-really-know-sunday-times-story.html#.VX7JovlVjSs


Stories sourced entirely from "anonymous senior government officials" are propaganda, not journalism. The identities of the sources are hidden not to protect them from speaking out against the government, since they are in fact delivering exactly the message the government wants to get out. Instead, their identities are kept secret so that their message cannot be challenged.

It's not just me claiming this. Every journalistic organization criticizes the practice. Every set of journalistic ethics guidelines calls this unethical.
Yet, somehow it keeps happening. The latest example is the The Sunday Times, Britains largest newspaper, reporting government officials critical of Snowden. We know the story is bogus, because it quotes solely government official spouting the party line. Moreover, even if that weren't the case, it's obvious propaganda, arguing one side of the story, and not even attempting to get the other point of view from Russia, China, or Snowden himself. Snowden is often quoted in newspapers, he can't be that hard to get a hold of. Not contacting Snowden for his side is also a violation of journalistic ethics.
I point this out because there are lots of good criticisms of the story, for example, pointing out that the correct term is "MI6 officers" not "agents", and no knowledgeable government expert would make that error. But a detailed analysis of that piece isn't needed. The pure fact that it tramples all over journalistic ethics is proof enough that the story is bogus.


Robert links the last argument to this site (I almost thought he was going to link to Clive's post): https://www.craigmurray.org.uk/archives/2015/06/five-reasons-the-mi6-story-is-a-lie/

That article has "five reasons the sunday times story is a lie".

Brief summaries of each point.

1) "The alleged Downing Street source is quoted directly in italics. Yet the schoolboy mistake is made of confusing officers and agents."

2) "The argument that MI6 officers are at danger of being killed by the Russians or Chinese is a nonsense. No MI6 officer has been killed by the Russians or Chinese for 50 years."

3) "MI6 officers work under diplomatic cover 99% of the time. Their alias is as members of the British Embassy, or other diplomatic status mission. A portion are declared to the host country. The truth is that Embassies of different powers very quickly identify who are the spies in other missions."

4) "This anti Snowden non-story – even the Sunday Times admits there is no evidence anybody has been harmed – is timed precisely to coincide with the government’s new Snooper’s Charter act, enabling the security services to access all our internet activity."

5) "The paper publishing the story is owned by Rupert Murdoch. It is sourced to the people who brought you the dossier on Iraqi Weapons of Mass Destruction, every single “fact” in which proved to be a fabrication. Why would you believe the liars now?"


Still, a fascinating case of bizarre believing. Politics is an ocean of this stuff. But this stands out even in that ocean. A steep drop very far down. Those walking on the bottom of the ocean floor, with iron collars around their necks, have their hands sticking out in front of them and go, "Urrrrrrrgggggh. Brrrraaaaaaaiiiiins." Because the water has stolen theirs.


WinterJune 15, 2015 8:51 AM

“Snowden has done incalculable damage. In some cases the agencies have been forced to intervene and lift their agents from operations to prevent them from being identified and killed.”

Snowden has outed criminal behavior by state agents. None of the perpetrators of the criminal behavior have been persecuted. On the contrary, USA officials have lied and committed perjury to cover up the crimes. Instead, the man who blew the whistle on the crimes is now the target of persecution.

I do not see why we should blame Snowden for anything?

Especially not as the misdirected activities of the USA IC are directly responsible for the fact that the Chinese obtained the private details of millions of USA officials, including most of the IC community.

65535June 15, 2015 12:35 PM

@ CallMeLateForSupper, Clive, Code Name Bozo and others

I have all ready state that the Sunday Time story regarding Snowden trove being decrypted by both the Russians and the Chinese is bogus.

It uses the usual “Unnamed government source” which can never be verified – and come at an opportune time to deflect attention from the UK Anderson Report.

But the on going discussion of form SF86 leaking from the US OPM along with 4 million other documents adds another dimension to the Sunday Times muck-up.

Code Name Bozo notes a story of a bumbling American with wigs and sunglasses that the Russians have labeled a spy and kicked out.

https://www.schneier.com/blog/archives/2015/06/friday_squid_bl_480.html#c6698496

[and]

http://edition.cnn.com/2013/05/14/world/europe/russia-u-s--spy-claims/

If the OPM did lose large numbers of SF86 Forms and the entire intimate details I could see how a few contractor spies got discovered in China and Russia.

It would be a clever ruse to blame the loss of thousands of SF86 Forms from the OPM on Snowden. Then claim to have to pull-out some of these bumbling spies from Moscow and other areas – because it is all Snowden’s fault – yet no lives were at risk. The OPM SF86 breach may explain why some spies are being discovered – and the government wants that fact buried.

JustinJune 15, 2015 12:58 PM

Links:

Glenn Greenwald has fled to Brazil with his copy of the Snowden docs. He seems to be completely in love with Snowden, and any reporting that interferes with his narrative of Snowden as hero he virulently condemns as poor journalism. If that is the case, it is the pot calling the kettle black.

Nothing is black and white. As a result of the Snowden leaks we are having a national discussion and debate in Congress about the continuing need for mass surveillance. That's a good thing. But grave harm to national security resulted from Snowden's leaks. That's a bad thing and makes it a serious crime on Snowden's part. He was totally indiscriminate in what he leaked, and whistleblowing motives do not justify his betrayal.

@ 65535

OPM missed the ball. Sensitive information on employees in sensitive positions should have been classified and treated as such. They need a secure, high-assurance computer system that can maintain different levels of secrecy for their data, if they insist on keeping all government employee records in one database.

65535June 15, 2015 1:26 PM

Back to the OPM breach:

1] Krebs says OPM used SAP equipment

https://krebsonsecurity.com/2015/06/catching-up-on-the-opm-breach/

2] Breach from HiKit Rootkit. ThreatConnect: …”the attackers had gained access to USIS networks via an unidentified SAP enterprise resource planning (ERP) software package vulnerability… In 2014, Novetta and a number of supporting industry organizations including ThreatConnect banded together to produce Operation SMN: Axiom Threat Actor Group Report, a detailed report containing information pertinent to Chinese APT activity with an emphasis on HiKit malware. Of note, the report stated “Among the industries we observed targeted or potentially infected by Hikit [included] Asian and Western government agencies responsible for [a variety of services such as] Personnel Management”.

http://www.threatconnect.com/news/opm-breach-analysis-update/?utm_campaign=Media%20News%20Q2&utm_medium=blog&utm_source=opm-breach-original-click-new

There is a lot to digest - Lots of mistakes and cover-ups.

AlanSJune 15, 2015 2:34 PM

The Sunday Times has tried to quietly remove one of the more obviously false claims from the online version of their Snowden story.

Whitehall seems to be having a little trouble getting competent news media lackies for their propaganda and misinformation schemes.

tyrJune 15, 2015 6:16 PM

@Clive

Sales people can generate some of the best true
stories in any company.
We had a chief salesman eat a chunk of chemical
soaked fax paper to prove it was harmless to a
customer. He said " I didn't know it was true
but I wasn't going to die until I was out of
sight."
His counterpart in the southern region winged
a half empty beer out of his car on the freeway
looked into the rearview mirror and watched it
bounce off the windshield of the Highway Patrol
car behind him. He said " I pulled over before
he had a chance to hit the siren".

Sales told one customer to remove the floppy
from the sleeve and put it in the drive so he
carved off the jacket and inserted the media
and called support when the drive mangled it.

The cost of PC Unii was horrendous in the good
olde dayes. I remember one wag who remarked on
recieving his documentation crate, "it reeks
of Berkeley" because it outweighed the computer.
It had also lightened his wallet considerably.

I have no interest in going back to building
your own boards as a way to cut costs but it
seemed like a good idea at the time.

Given the track record of the media it is safer
to assume that there is not much truth anywhere,
if you use Occams razor you might pare it all
down to something that might have credence.

gordoJune 15, 2015 7:20 PM

FYI:

Office of Personnel Management Data Breach
Full House Committee on Oversight and Government Reform

Katherine Archuleta, director of the U.S. Office of Personnel Management testifies along with other government officials on the extent of a data breach disclosed by the agency on June 4 and which is believed to involve hackers in China.

Airing LIVE Tuesday, JUNE 16, 2015 10:00am EDT on C-SPAN.org

http://www.c-span.org/video/?326593-1/hearing-office-personnel-management-data-breach

More hearing info. at House Committee on Oversight and Government Reform Web page: http://oversight.house.gov/hearing/opm-data-breach/

AlanSJune 15, 2015 7:30 PM

More entertainment from News Corp UK:

The Sunday Times sends DMCA notice to critics of Snowden hacking story

This morning, lawyers at Times Newspapers took a step to limit Greenwald's criticism, sending a notice telling The Intercept that Greenwald's story, which included a low-res image of the Times' front page, violates their copyright. The Intercept quickly published the takedown notice, and on Twitter Greenwald made clear that his publication won't be deleting his copy of the Times' "humiliating headline".

GeorgeLJune 15, 2015 7:32 PM

@ Justin, "Glenn Greenwald has fled to Brazil with his copy of the Snowden docs. He seems to be completely in love with Snowden, and any reporting that interferes with his narrative of Snowden as hero he virulently condemns as poor journalism."

Of the few published reports I read, none of his leaks contained names. Granted he disclosed a lot of capabilities and had committed betrayal, it's a stretch to call the disclosures indiscriminate. I'm more wary of Greenwald, Poitras, and their nonprofit org's ability to protect the remaining secrets so they can continue in this slow leak fashion. If the US Government couldn't keep them secret, what makes them think they can?

JustinJune 15, 2015 7:58 PM

@ GeorgeL

If the US Government couldn't keep them secret, what makes them think they can?

Not likely. High-profile journalists with do-it-yourself security. "Our tech guy had us use Linux instead of Windows." Hah. Where is the physical security it all depends on? Nation-states are after their secrets. Aren't they concerned with things like physical keyloggers on keyboards, TEMPEST, etc.? Sure, they have a tech guy for the cyber security, and he no doubt has good ideas to beef up security a little bit, but nations like Russia anyways are going to have spies with the tech know-how to obtain passphrases and private keys, physically.

A low-budget non-profit outfit of journalists like that doesn't stand a chance when their secrets are important enough for nation-states to employ physical spycraft against them. Do they have the staff to guard their "crown jewels" and the computers they enter their passphrases into for 24 hours a day? At different locations around the world? Something goes bump in the night, and that private PGP key is no longer private.

AlanSJune 15, 2015 8:19 PM

@GeorgeL

"I'm more wary of Greenwald, Poitras, and their nonprofit org's ability to protect the remaining secrets so they can continue in this slow leak fashion. If the US Government couldn't keep them secret, what makes them think they can?"

That implies that the USG is competent at security and keeping secrets. There is very little evidence of either and much evidence to the contrary. Greenwald et al. may not have great skills but suspect they are a much better bet.

gordoJune 15, 2015 9:00 PM

@ AlanS,

I see in the cartoon that Snowden is depicted as a rat;
maybe to signify that some see freedom as a plague.

Income inequality, the usual suspects, etc.,
and it's not at all about the kids, i.e., the future.

I like that the artist's date can be read out as: 6-6-6
[and that same such numbers are up in the clouds].

JustinJune 15, 2015 9:20 PM

@ rgaff

I'd hardly call the intercept low budget:
http://techcrunch.com/2014/02/10/ebay-founders-news-site-the-intercept-launches-with-nsa-revelations/

From the article you mentioned:

"Greenwald and his partner on the original NSA leaks, Laura Poitras, are part of the new site’s small 12-person team."

Unless they've hired a lot more highly competent staff they haven't told us about...

And no matter how brilliant that tech guy is, he's only one guy, and he has to fly to various locations around the world teaching relatively tech-illiterate people how to protect themselves from nation-states. They don't have staff to guard their stuff 24 hours a day. They don't have good enough physical security for when they're not guarding it. They learn just enough about security to be dangerous with it.

And no, I'm not against free press and human rights. I'm against irresponsible press and irresponsible leaks that endanger the security of a free state. "Free press" does not mean I have to agree with what the press says. It means, among other things, that journalists do not have to fear torture, murder, or disappearance like they do in some countries. Some people say they're for a free press, but they offer no support for the free nations that best secure the freedom of the press for their people.

GeorgeLJune 15, 2015 9:35 PM

@ Justin, "And no matter how brilliant that tech guy is, he's only one guy, and he has to fly to various locations around the world teaching relatively tech-illiterate people how to protect themselves from nation-states."

That's a great point. This is why Lonewolf syndrome is mostly FUD, especially when the press is selling stories of hypothetically sophisticated attacks feasible of a single person. I'm not saying the Intercept does not have a high level of expertise with what they do, but it's very dangerous to assume they are invinsible to evil actors.

AlanSJune 15, 2015 9:44 PM

@Gordo

The fun is figuring out or reading in interesting interpretations. I missed the 6-6-6 bit.

I think Snowden is scurrying around exposing their treachery (or maybe delivering the Black Death to their schemes). The hapless American knight is trying to find him and run him through with his sword but appears to be facing the wrong way and looks like he might accidentally run Cameron or Osborne through instead. The Americans have found political uses for the Magna Carta as well and always trying to kill something, either by design or accident. Osborne, the king of austerity politics, has cleavers in his pockets. Also see SERCO.

The little girl might be the Scottish First Minister, Nicola Sturgeon. The woman behind her is Theresa May (also looks a bit like Thatcher). The other character stamping on the Human Rights Act is probably Michael Gove.

gordoJune 15, 2015 9:45 PM

Here's another example of wrong terminology usage in The Sunday Times article, as identified in a comment from Craig Murray, following his Blog entry of June 14, "Five Reasons the MI6 Story is a Lie":

Incidentally just spotted another completely wrong use of terminology in the article. Instead of withdrawn or in extremis extracted, it talks of MI6 officers or agents being “lifted”. Again totally wrong terminology. Lifting in this context means in effect kidnapping – taking a target asset against their will. You would never talk of “lifting” your own people.


This source has bugger all real connection to intelligence.

https://www.craigmurray.org.uk/archives/2015/06/five-reasons-the-mi6-story-is-a-lie/#comment-532010

The line in question from The Sunday Times article is also here [line 33], as reproduced on Pastebin: https://archive.is/BkuMM#50%

rgaffJune 15, 2015 10:12 PM

@ Justin

What free state? You're against reporters reporting on anything bad the government does... you are absolutely AGAINST ANY FREE STATE... you are completely for a totalitarian state!

Unless... by "free state" you actually mean "state government that is free to do anything it wants" not "people of a state having freedom" Again, that's not free state, that's totalitarian state.

You are using typical NSA weasel words twisting the word "free" to mean the opposite of what it means!

thevoidJune 15, 2015 10:44 PM

people assume that Russia and China are chomping at the bit to get the Snowden docs, and that's likely, but don't you think the US is too? i mean, if the US is as worried about the contents of the docs as they claim, don't you think they would be trying to break in too? and if they were REALLY damaging, don't you think that maybe there is a bit of extra, unasked-for security around the reporters? i mean, if i was worried about the enemy getting them, i would be staking out all the places they (reporters and docs) would be, just to keep tabs on the enemy i knew was after them.

and as has been said a number of times, i doubt the reporters OPSEC is very good (it's difficult enough for us paranoid, technical people.) as Bruce has said before (and this was just brought up in another thread), if the NSA wants in, they can get in.

gordoJune 15, 2015 10:53 PM

@ AlanS,

Nice reading! Thanks for putting some meat on them bones, i.e., fleshing out those characters!
(Great Britain is not my milieu!)


FigureitoutJune 16, 2015 1:00 AM

Clive Robinson RE: unicorn (christ, start of combining words marketers LOVE to do...)
--So '80's lol. Ever heard of "halt and catch fire", tv show, pretty 80's, may like it lol. Yikes, way too much investment; I wouldn't want to do anything that may break it...

RE: car
--Lol, sounds pretty lucky. I've got some car stories but their pretty damn lame in comparison (360's but on the ground).

RE: driver document
--Going to just keep it in you dead tree cave or release it? Yeah, it feels odd looking at a SoC and thinking it's got all the peripherals I could ever possible need all in the chip, just need to worry about pins and programming...

Just got a "christmas present in july", all these old chips I've been eyeing for quite some time...Keep some for a museum. Found some I've never seen before, it's a clear covering, so cool. I can see where the pins go, ground pin, the tiny IC, the wires out to the pins, and the photodiode. It's this, *PDF warning* ( http://www.investigacion.frc.utn.edu.ar/sensores/opticos/TSL220.pdf ). Certainly wouldn't hook *that* up to anything sensitive but I want chips manufactured like this, wonder if it costs a ton more or what.

thevoid RE: opsec && attacks
--What separates normal people from people who attack others all day is *a job*. If it's my job to get in a residence no matter what b/c we need to plant a malware on an airgapped PC or plant some bugs and I just have to worry about resident/pets waking up at night or just breaking in during the day, it's easy. Just need some reconnaissance of target. Practically every suburban residence is easy in US, urban ones you have much greater chance of getting shot. First off, lots of doors are typically left unlocked; and if not the locks generally suck ass (worst lock ever I was able to unlock w/ a credit card...seriously...whoever designed that, needs a spank lol). Lots of warehouses, even some apartment complexes have garages that simply lift up and you're in b/c guess what's behind that door, an unlocked door...Recently came across a car shop and they let you leave keys for cars overnight, guess how easy it'd be to get the keys to car or get in the building...surprised some psychos haven't caught on to this...major unmarked drug facilities that would be prime targets for professional criminals, again protected by people who don't give a f*ck and broke protocol multiple times (just need a truck and a badge that looks like official badges, they're all waved in), just need a little access to see how weak the security is (initial perimeter, but that's where you plant battery powered throwaway wireless devices (how about kali linux on a cheap android tablet) to hook onto mobile devices and get past the guards inside of corporate centers and labs; if you want to minimize chances of getting caught) physical security is so weak today, total facade and every security professional throws their hands up at physical attacks b/c it's "game over".

So if the journalists aren't prepared for invasions at any given time of the day and haven't hidden stuff, then yeah it's probably been found pretty easy (well, depends too on how messy and how many hiding spots). Now there's plenty of sensors to catch them too so long as they're placed and hidden before attackers start recon and have backup power and can't be externally disabled (not a lot of sensors like that...). Takes serious OPSEC and money to defend against this straight up (say you live in apartment complex w/ a likeminded roommate and you never leave place alone (order food, workout at apartment gym, etc.); bonus points if neighbors notice someone breaking in your door). This OPSEC has severe health effects so that's a personal choice; it's why I say PLAN and EXECUTE quickly and get it done and relax.

ThothJune 16, 2015 1:42 AM

@Figureitout
re:OPSEC
This thing called OPSEC is a very funny and contradicting paradigm. On one hand it provides security by limiting accessibility and on the other hand it makes access even for legitimate users hard and unwieldy.

I wouldn't recommend totally switched off OPSEC behaviours (means no OPSEC at all) but we need to consider the correct balance of OPSEC to the Protective Profile requirements. Are you going to guard your daily simple water bottle you bring to school with billions of dollars worth of sophisticated and restricted security or do you simply zip it into your school bag and rely on your school bag and school cupboard's security ?

The problem with most users which we have to consider their education levels and how much hurdles they have to overcome. They expect full security and protection but are unwillingly to put much efforts (very disastrous security and this is the absolute norm in almost all clients I worked with).

Creating plans for OPSEC must be realistic and simple with little hassle for the level of protection it needs (Protection Profile). Executing these plans is a totally different story.

For those who have deployed actual enterprise grade security solutions (myself included), the plan and the practice are two different things. You can have a nice plan that does not work which reduces the overall security levels of the security solutions.

ThothJune 16, 2015 2:20 AM

@all
LastPass Cloud-based Password Manager getting breached and leaks PBKDF2-SHA256 hashed master passwords.

Link: http://arstechnica.com/security/2015/06/hack-of-cloud-based-lastpass-exposes-encrypted-master-passwords/

One of the enterprise grade solutions currently mandated by Singapore's Financial and Banking sectors that LastPass could learn from is to deploy FIPS 140-2 Level 3 HSMs to encrypt all the password hashes with the FIPS 3 HSMs set to Strict FIPS mode (key exports disabled).

Firstly, Cloud-based Password Management is a completely bad idea as you would be putting all your digital eggs into one digital basket (LastPass servers). It should never have been used in the first place.

Password hashes simply slows down the guessing of passwords (online or offline) and the use of PBKDF2-SHA256 with 200K iterations is a totally bad idea as the use of dedicated SHA256 chips found in Bitcoin mining chipsets or cryptographic processors deployed en-mass and cheaply available could render PBKDF2-SHA256 probably close to a cracking standard if used to for password stretching and hashing. A better hash combination is to chain hash between BCRYPT and SCRYPT processes to hash a password to make it both GPU and CPU hard to brute-force.

Password encryption with an actual key and crypto algorithm might be a valuable 2nd layer defense because a secret key (assumed held in a Strict FIPS 3 HSM with proper OPSEC) scrambling a hashed password or even a plain password would meant the attacker needs to be able to retrieve the secret key from the secured HSM even if the encrypted password hashes are leaked.

If there is a high level of paranoia that the owner of the Cloud-based Password Manager with Strict FIPS 3 mode HSMs were to decrypt and take their time to guess the hashed passwords (malicious Password Manager model), the user could use a client side portable HSM or Secure Element (SE) to encrypt their hashed passwords before handing the server side the client encrypted and hashed passwords.

On a hindsight, if password encryption in conjunction with a HSM/SE would be used, then there is no need for a password to be used stretched into a master key. The Cloud-based Password Manager would not have the excuse of needing to store the hashed master password as the master key (or even in encrypted forms) at all. All it needs to be is serve as a encrypted password file file server to serve down encrypted password file on client's requests (via a challenge-response protocol which uses a token not directly derived from a master password).

The above is assumed that your threat model does not include Govt level backdoors, front doors and spying prevention/proofing.

WaelJune 16, 2015 4:26 AM

@Thoth,

the user could use a client side portable HSM or Secure Element (SE) to encrypt their hashed passwords before handing the server side the client encrypted and hashed passwords.

Secure Element: Then you have effectively bound the password to a single device or set of devices, which severely limits the whole use case of cloud password vaults use cases. You might as well keep your passwords local because in either cases you won't be able to use your "cloud stored" password representation from a new device, say a hotel, if you're traveling.

If you opt for the "portable HSM" token, then you don't need a "cloud-managed" password vault either. Just carry your portable token along. The threat models are a bit different, though.

Marty PJune 16, 2015 8:26 AM

about the LastPass hack...

http://www.theregister.co.uk/2015/06/15/lastpass_data_breach/

"In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed," CEO Joe Siegrist said in a blog post on Monday. "The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised."

...although if the hackers can do all that mentioned above then they most likely got the passwords too, whether the company sees evidence of it or not...

Just shows the stup... of a cloud-based password storage...

ThothJune 16, 2015 8:49 AM

@Wael
The deliberate irony placed inside there with the introduction of client side security would allow users to carry a token stick and place the bulk (I did mention turning it into as good as an encryption-capable file server) online in the cloud. Yes, it kind of defeats the Cloud Security approach in the first half where I talked about server-side HSMs but it also opens an opportunity for more paranoid people to use them.

Most PKCS #11 tokens don't really have much space for you to carry encrypted password files if you want to pay for a token around the EUR 35 to 50 range according to some scouring I did a couple of months ago.

The use case is a keyring token tied to your house keyring which is something of a cross between (http://www.ftsafe.com/product/epass/epass2003) and disguised into this form factor (https://www.lacie.com/us/products/product.htm?id=10611). That token has only 64KB EEPROM for key storage so the user is going to be hard press storing passwords unless they are willing to pay much more to equip 8GB Flash memory into the key (expensive).

Carrying additional USB sticks as storage would be very possible but more people are likely to use the keyring token and the Cloud (better portability).

gordoJune 16, 2015 12:59 PM

I watched Congress' OPM data breach hearing. It was hard to watch.

Maybe I missed them, but if I heard an apology to Federal employees from the principals involved, it came only after prompting from legislators, if then.

It came as no surprise that equivocation, buck-passing, and opacity reared their ugly heads.

It's pretty clear that the OPM employee data was not ranked as a priority asset. Though it won't change what's happened, the ODNI was not mentioned at the hearing, and, IMHO, they're ultimately responsible for this loss.

Otherwise, this was another story of crumbling national infrastructure in need of repair, if not outright replacement, long overdue, and only now, after the bridge has collapsed, maybe getting the sense of urgency it has always deserved.

RahulJune 16, 2015 2:20 PM

The Story of the 'Dead Man Trigger File', In Which it is said that There is Information That Could Compromise US & UK Covert Operations Around the World

There really are not very many considerations here to make on that. It is obviously disinformation. It appears to be disinformation for the conservative political party and the Cameron Administration.

As usual [with these sorts of actions], so they do not lose total face with important government branches, they have some token 'dual purpose' in this for intelligence. It could be that the mistakes made in the technical details (which are significant) were genuinely accidental because of this.

The other option is plain and simple: it was a highly sophisticated ploy by intelligence, and the mistakes were intentional. In which case, the technical mistakes were intentional, designed probably to make it look like the work of politicians or political appointees, or, in general, to simply downplay their capacity and add distracting factors.

Too many factors are unknown in this case to really make much judgments.

They may have waited for situations "like the OPM hack" and significant other matters to play this card.

They may have used the Sunday Times because the Sunday Times did hack the previous administration who were of the opposing political party.


The sacrifice or known cost to the Sunday Times was well understood from the start. This was a frontpage news story. They used multiple sources who remained anonymous. They expected errors, because there would be errors whether it was local disinformation for the current administration and political party, or international disinformation for the intelligence services. They may or may not have been aware of the significant technical errors in the story.

Somebody asked them to do a very expensive action, and for whatever reason, they were willing to do this. This was very out of the norm.


Some critics mention the Iraq War disinformation, but that was quite different. People believed that information. They plausibly did not see it as disinformation. It was biased and so there were many errors in that campaign. But, that is very different from a very intentional disinformation story from the outset.


Light YagamiJune 16, 2015 4:00 PM

@Justin

Glenn Greenwald has fled to Brazil with his copy of the Snowden docs. He seems to be completely in love with Snowden, and any reporting that interferes with his narrative of Snowden as hero he virulently condemns as poor journalism. If that is the case, it is the pot calling the kettle black.
Nothing is black and white. As a result of the Snowden leaks we are having a national discussion and debate in Congress about the continuing need for mass surveillance. That's a good thing. But grave harm to national security resulted from Snowden's leaks. That's a bad thing and makes it a serious crime on Snowden's part. He was totally indiscriminate in what he leaked, and whistleblowing motives do not justify his betrayal.

I wholeheartedly agree with you, on one level.

However, I do not take the "domestic surveillance program" at face value. As a constitutional nightmare which produced zero usable intelligence. I have more trust in the capacity of US intelligence and the US political system then that. I believe it has been wildly successful and, for obvious reasons, and that it has therefore been very important to hide those successes.

I also do not take the "Snowden" situation as face value. American intelligence is simply not that stupid, regardless of the extreme efforts they are clearly willing to go through to make themselves so appear to be.

Normally, I would take the sort of route you just took. I would play up the destructiveness of the Snowden disclosures, to further enhance the cover of that operation. And I would play up the lack of value and anti-constitutionality of the domestic surveillance program.

I probably even would add, as you did, snide remarks about Snowden and Greenwald. I might even throw in some plausibly deniable jab at Greenwald's homosexuality, as you did. What could be more macho American appearing then that? After all, don't you see American soliders in the movies making such statements?


But...

I am not really American, at all. As you can see from my name. I am... Korean.

A... Berean... Korean.


OPM missed the ball. Sensitive information on employees in sensitive positions should have been classified and treated as such. They need a secure, high-assurance computer system that can maintain different levels of secrecy for their data, if they insist on keeping all government employee records in one database.

Yes, yes. Or...

It is all just a very sophisticated stage show, where the data was poisoned in a very complex way. With just enough real information, and just enough extremely destructive information.

The existence of the Very Sloppy Spy.

And the Very Sloppy Surpport who protect them.

How hard is it to figure out who works for the US Goremnevnt? How hard is it to fiugre out those sorts of relationships? There was a csae retencly where a major credit bureau allwoed a Thai criminal to gain cortnol of these database for some money. Crdeit checks csot money, and capitalists have a flaw. Too much is pretavily socrued, so scuh things as peorfrming in-depth anlyasis on conspiracies and inviddauils and their fiaicnnal connections that will reeval their connections to gomvenrent is just too easy.


The fear, of course, is that there is a long confidence game going on. And that the victim is not "out there", far away, but right here. That what scrupously appears as entirely unrelated events, is, in fact, not unrelated, at all. Because in any confidence game, you have to be aware of who the victim is. And all too often the victim is you.

Ever do sarcasm where one person is seriously sarcastic, then the other person is, and so it goes down the line? Where deos the saarcsm end? If all tihs is alaredy soemtihng well hled in the bcak of the mind, what adantvage would there in saiyng it out luod? But, if you are taking everything they say as a lie, then there is a double problem there. Or triple, or quadruple, or.


RahulJune 16, 2015 4:22 PM

Some Crazy Stuff You Did Not Know About the OPM Hack

http://arstechnica.com/security/2015/06/encryption-would-not-have-helped-at-opm-says-dhs-official/

from Sean Gallagher, investigative reporter for ARS

But some of the security issues at OPM fall on Congress' shoulders—the breaches of contractors in particular. Until recently, federal agents carried out background investigations for OPM. Then Congress cut the budget for investigations, and they were outsourced to USIS, which, as one person familiar with OPM's investigation process told Ars, was essentially a company made up of "some OPM people who quit the agency and started up USIS on a shoestring." When USIS was breached and most of its data (if not all of it) was stolen, the company lost its government contracts and was replaced by KeyPoint—"a bunch of people on an even thinner shoestring. Now if you get investigated, it's by a person with a personal Gmail account because the company that does the investigation literally has no IT infrastructure. And this Gmail account is not one of those where a company contracts with Google for business services. It is a personal Gmail account."
Some of the contractors that have helped OPM with managing internal data have had security issues of their own—including potentially giving foreign governments direct access to data long before the recent reported breaches. A consultant who did some work with a company contracted by OPM to manage personnel records for a number of agencies told Ars that he found the Unix systems administrator for the project "was in Argentina and his co-worker was physically located in the [People's Republic of China]. Both had direct access to every row of data in every database: they were root. Another team that worked with these databases had at its head two team members with PRC passports. I know that because I challenged them personally and revoked their privileges. From my perspective, OPM compromised this information more than three years ago and my take on the current breach is 'so what's new?'"

CNN interview with author of discredited Sunday Times story on Snowden is painful to watch

http://boingboing.net/2015/06/16/cnn-interview-with-author-of-d.html


Just one note: The editor and the newspaper should not be entirely out of focus here, for the sake of lambasting the reporter. For a major paper, you are going to have more then just one editor okaying a frontpage story like what this is. That is a very serious decision which very vested people decided to make.


AlanSJune 16, 2015 4:43 PM

@Rahul

I lost count of the number of times he said we don't know. And then we have this doozie: "We just publish what we believe to be the position of the British government at the moment".

LOLJune 16, 2015 7:11 PM

Re: CNN interview with author of discredited Sunday Times story on Snowden is painful to watch

That Tom Harper guy gets his marching orders from the company he works for and in this situation he was just used as a mouthpiece.

If the finger should be pointed at some people, point it at the whiners in the British government. They are the cry babies who came out complaining about how the Snowden files had been read by Chinese and Russians, while making sure to include a disclaimer of having "no evidence of anyone being harmed".

FigureitoutJune 16, 2015 11:45 PM

Thoth RE: opsec
--Yeah, could go off forever on it...boring tho. Just protect what you absolutely must and acccept the other risks (and ignore annoying attacks, likely not worth your time). Yeah I protect my water bottle, of course many easy ways to kill, say you loosen lug nuts just enough to fall off on the highway...what about every light switch you touch...a soldier in iraq died from faulty wiring in the shower...

Yep, plan and practice, theory and implementation; hope none have been compromised :p I still push for more than what's given. There's lots to harden still and we can make it easier, after showing HWRNG (which is mostly "shown", simply get components and build), want to try the data diode (I want to add some parsing to it to force only certain filetypes, maybe a micro b/w diode lines). In addition to that ill show an external comms method setting up radio on a pc, so much to do, its good though. We've got FDE and other file encryption too, need the full spectrum package cutting off the biggest attacks, and you trust what you built more (to a certain extent, standard caveats always apply).

SkepticalJune 17, 2015 10:17 AM


The response to the recent stories has been disappointing from a critical thinking vantage - with some exceptions. The critics, in their rush to attack the story, actually neglected to ask the most important question, which I'll mention at the end of this comment.

The critics focused most of their fire on the Sunday Times. But this is not simply a Sunday Times story. If it were, I'd discount it more heavily, especially given the obvious (though not relevant to the central point of the story) inaccuracies in that article. Those other inaccuracies raise questions, in my mind, about how much background knowledge the reporters had when speaking to government officials, and therefore whether the reporters had been able to ask the right questions. Perhaps they misunderstood the officials, or took those statements to imply more than they actually did.

But unfortunately, other outlets - which I know to have real credibility - spoke to government officials as well.

And those other outlets reported roughly the same substance as the Sunday Times story. Namely: British Government officials claim that Russia and China have deciphered encrypted documents from the Snowden collection, and that as a result, they have altered or halted intelligence operations, and in some cases have moved personnel because they believed those personnel to be exposed or at greater risk.

The shrillest of the critics of this story focus on the fact that these are the claims of anonymous government officials. Yes, they are. And that's how they were reported. That doesn't make this bad journalism, or a non-story. It is significant that certain officials are making these claims. And if the BBC and The Financial Times are reporting those conversations, then the officials in question are likely in a position to know the information they're relaying.

What have the critics forgotten to ask?

What is the level of confidence that officials have that Russia and China have decrypted documents from Snowden's collection?

That's a big, unanswered question. It's not one I expect to be answered in detail, because doing so would reveal more than any intelligence service would want. But it's really one that should have been the focus of the critics.

Let's say though, that in some imaginary world where officials were willing to answer that question with complete trust in us, they did answer. What might they say?

It could be something along the lines of: "having assessed the security practices of those in possession of the encrypted documents and with the information necessary to decrypt them, and knowing the capabilities of the Russian and Chinese intelligence services, we judge it more likely than not that those services have broken the security of those in possession and have therefore obtained access to the documents."

That's an entirely reasonable judgment - and it's something I've been worried about since the day I learned that certain journalists had acquired so many classified files. It's also consistent with the UK interception of Miranda while en route back to Brazil. But it undercuts the extent to which this is "new news."

Now - those officials might also say, in our imaginary world where they speak to us with complete confidence - "There were several stores of the Snowden collection placed on various servers, all encrypted. We suspect they were to be used by Snowden as leverage in negotiations, both with the US and with other nations. We've monitored them closely, to a degree greater than, until relatively recently, Russia or China could have guessed. And as a result of that monitoring, and other collection, we've determined to a degree of very high confidence that both Russia and China have acquired the means to decrypt those stores."

And there are various other possibilities, each implying different levels of harm to UK intelligence operations and different levels of confidence in the assessment conveyed by those officials to journalists.

Yet, remarkably, this question was not raised by the critics. Instead we were deluged with simplistic theories about disinformation.

And I would suggest that this poor response by so many critics demonstrates the weakness of Greenwald's theory of journalists as advocates. The problem is that Greenwald, and others, make no attempt to be objective, and regardless of whether objectivity can ever really be attained, the lack of even an attempt makes them far more susceptible to the effects of biases. In this case, Greenwald was unable to consider the possibility of some truth in the claims as reported, and so missed the better questions to ask. He reacted as a priest whose dogma had just been attacked, not as a reporter who has been given additional information (that information being that certain UK officials made certain claims to multiple outlets, some of which are quite competent and very able to assess whether it's worth reporting an official's claim).

Schneier has made a much more interesting critique, of greater quality than those focused purely on defending Snowden, though with some serious flaws (along with good points) of its own. But this comment is long enough in itself. I'll note what I think to be the major weakness of Schneier's central argument in a separate comment.

zJune 17, 2015 10:23 AM

http://www.nytimes.com/2015/06/17/sports/baseball/st-louis-cardinals-hack-astros-fbi.html

Cardinals Investigated for Hacking Into Astros’ Database

Investigators believe that Cardinals personnel, concerned that Mr. Luhnow had taken their idea and proprietary baseball information to the Astros, examined a master list of passwords used by Mr. Luhnow and the other officials when they worked for the Cardinals. The Cardinals employees are believed to have used those passwords to gain access to the Astros’ network, law enforcement officials said.

***

http://fivethirtyeight.com/datalab/for-baseball-a-rude-welcome-to-the-age-of-cyber-espionage/

It was, in essence, the first known case of corporate espionage between sports teams.

MarkHJune 17, 2015 11:01 AM

@Skeptical:

Well, I'll bite. My critique is completely independent of the venue (Sunday Times) in which the story first appeared.

Rather, it is based on the content of the story, and its relation to public knowledge. Just to touch some high points:

1. Snowden reportedly got his files from one or more computerized intelligence-distribution systems, accessible to hundreds or even thousands of low-level personnel like himself. For an intelligence agency to broadly scatter information identifying its own agents in this manner, would be radically opposed to generations of intelligence practice. That agents could be identified from Snowden files is extremely implausible. That Snowden could have gotten access to agent-identity information by any means whatsoever is extremely implausible.

2a. So far, there is no evidence that Russia or China has obtained the encrypted Snowden files.

2b. That Russia and China independently succeeded at cryptanalysis in a short time frame seems quite unlikely, for technical reasons. That one succeeded and shared this bounty with the other seems quite unlikely, for security and geopolitical reasons. Accordingly, that they both have "decrypted" these files is an extraordinary claim.

2c. Supposing for the sake of argument that Russia and China had both decrypted all of the Snowden files. How does the UK know this? It would be in the interest of the RF and PRC intelligence services to safeguard such a coup with the utmost secrecy. There is no public evidence (except for the new "story") that these intelligence services have been penetrated by the West. If the story is not a damn lie, then these intelligence services have just been notified that they HAVE been penetrated, which would be a horrible security breach by these anonymous "sources". Put this all together, and it is most implausible that these public claims of decryption are valid.

To summarize point 2: you have to believe (a) that Russia/China somehow got all the ciphertexts; (b) that by some miracle both states succeeded in cryptanalysis, or by another miracle one decided to give the crown jewels to its centuries-long rival; and (c) that somehow the UK was able to discover this super-secret intelligence operation, and then multiple officials comfortable to their own extremely critical intelligence capability. You must believe all three, to believe this story.
________________________

I could go on, but what's the point?

If the New York Times publishes a report of camels juggling basketballs on a raft of reeds floating upstream over rapids of the Colorado river ... I can't PROVE that the story is false. I can't be certain that it's absolutely impossible. But I would be extremely Skeptical in the absence of solid evidence.

The claims about "blown agents" are simply inconsistent with lots of knowledge we have about How the World Works. I would wager every penny I could find or borrow, on the falsity of these claims.

As Carl Sagan liked to say, extraordinary claims require extraordinary evidence. Blather from anonymous sources won't do it.

gordoJune 17, 2015 12:37 PM

@ Skeptical,

But unfortunately, other outlets - which I know to have real credibility - spoke to government officials as well.

Help us out here...

What I've found is that news outlets simply regurgitated the Sunday Times story. They did not produce, source, or report their own story. When news organizations did try to corroborate the story with government officials they got the standard "we don't comment on leaks" response. The BBC, to their credit, followed the story about the story with a news analysis.

British spies 'moved after Snowden files read'
UK | BBC News | 14 June 2015

According to the Sunday Times, Moscow and Beijing have deciphered documents stolen by whistleblower Edward Snowden. (par.1; emphasis added)

http://www.bbc.com/news/uk-33125068

...and in the Financial Times, though it took them to the fourth paragraph to say as much (see below, and also the last paragraph of the article), they, too, were simply repeating, in their own words, what the Sunday Times had reported:

UK pulls spies as Russia and China crack Snowden files
Kiran Stacey | June 14, 2015

One Home Office official told the Sunday Times newspaper that Mr Snowden had “blood on his hands” as a result of the leak. Downing Street and the Home Office official told the Sunday Times: “His documents were encrypted but they weren’t completely secure and we have now seen our agents and assets being targeted.” (par. 4; emphasis added)

http://www.ft.com/intl/cms/s/0/a179ffa2-1276-11e5-8cd7-00144feabdc0.html#axzz3dL4DMjQJ

Other references:
- The Sunday Times article:
http://www.thesundaytimes.co.uk/sto/news/uk_news/National/article1568673.ece
- The Sunday Times article on Pastebin:
https://archive.is/BkuMM#0%

RahulJune 17, 2015 2:46 PM

@AlanS

Thank you for your witty comments through this thread.

The video alerted me to the fact that the reporter was lying about this being an older story. So, I went back and examined the story and realized it all came about from a discussion the night before publication with a singular Cameron aide.

It is all right there in the story. The interview confirmed the way he would elaborate facts (such as turning a single source into multiple sources), and the single fact he was most concerned anyone learning about. That this story came from a single conversation from a single David Cameron aide the night before publishing.

One of the "intelligence sources" statements, at least, is surely from that conversation, hearsay from the aide.

And the other intelligence sources come from previous articles spanning years back. Some of them may have been named, he was presenting them as if they were his own sources, and maybe changed some of the wording around a bit.

I can understand why he was so flustered on the screen. Something which would not have happened had the story really come about from "weeks" of strong investigative journalism, with multiple, somber faced intelligence officials telling him the "straight dope".


SkepticalJune 17, 2015 3:03 PM


@gordo: After reading your comment, I reread the Financial Times article (which was the first I had read of any of this). You've changed my mind with respect to that article. At best, the article is ambiguous about whether anyone at the FT had spoken to British Government officials. It's not entirely clear to me that the article relies completely on the Sunday Times either, however, though it's a very plausible reading of it.

I also reread the BBC account. They did not entirely rely on the Sunday Times. A government official did confirm to the BBC that the UK Government had moved personnel because of access by Russia and China to classified information, but that source did not confirm any of the other claims (regarding decryption, number of documents, etc.).

So take all that together with the colorful claims made in the Sunday Times.

Conclusions:

- One claim made in the Sunday Times is coincident with a claim made independently to the BCC - that the British Government moved personnel due to what China and Russia had learned due to Snowden's actions. I'd rate this more likely than not true; but then I would have done so two years ago as well, given the nature of the compromise.

- The Sunday Times story is unlikely to be entirely fabricated. Whoever spoke to the Sunday Times apparently knew enough to be able to say that personnel had been moved as a result of Snowden's actions. If they were in a position to have that knowledge, then - if they made the other claims - the other claims are certainly newsworthy.

- With respect to claims that Russia and China had obtained, and decrypted, documents from the Snowden collection, that the claims were made only in the Sunday Times raises the probability that these claims were misinterpreted or misreported by the journalists, or were made honestly by someone misinformed, or were made deceptively by someone who was aware of his lack of knowledge or knowledge to the contrary.

- I continue to discount heavily speculation that the leaks were well-considered disinformation spread for political reasons, as I frankly do not see anyone gaining politically (or any policy advancing for that matter) by these claims.

- The inaccuracies that are identifiable in the Sunday Times article are of the nature of sloppy background research, or even an article written in great haste. Either raises the probability of certain additional errors, but the inaccuracies don't significantly change the probability (whether assessed high or low) that the Sunday Times accurately conveyed, in substance, what they believe have been told to them by their source(s), as that substance was not complex and would be the focus of the journalists' attention.

- As I wrote earlier, the inaccuracies do raise the probability that the journalists misunderstood what was being conveyed to them.

- As I wrote earlier, the story is not enough to persuade me that the claims are true. However, without knowing much more about the number of documents taken by Snowden, and where and how all copies were secured, one cannot simply write the story off either. The story raises the probability that someone in the British Government with apparently significant knowledge has made the claims reported; and if such a person is (or such persons are) making those claims, then we ought raise the probability (relative to what it was prior to the publication) that the claims are true.

RahulJune 17, 2015 3:16 PM

@Skeptical

Of course the story is completely bogus. I am glad you admit that it is bogus, if all there is might be the Sunday Times article. You take a bit to say there are other sources, only you suspiciously do not link them.

Financial Times is behind a paywall, so I stopped looking there. I could dig up this claim through Google News, but it seems a waste of time.

Your own argument hinges entirely around this two additional reporting sources. Yet that you do not bother to quote them nor provide an url is highly suspicious.

So, I dug into the BBC angle, and there are only four stories there at their site. Using search terms "Sunday Times" Snowden. And taking the dates into account.


http://www.bbc.com/news/uk-33125189

UK intelligence agents have been moved because Russia and China have access to classified information which reveals how they operate, a senior government source has told the BBC.According to the Sunday Times, Moscow and Beijing have deciphered documents stolen by whistleblower Edward Snowden.The government source told the BBC the countries "have information" that led to agents being moved but added there was "no evidence" any had been harmed.Gordon Corera reports.

There was no confirmation of the story. That is a misstatement. The text accompanies a video which immediately starts off stating they could find no confirmation for the Sunday Times story.

That is repeated multiple times through the story.

At best...

http://www.bbc.com/news/uk-33125068

But my understanding from conversations over an extended period is that since he fled two years ago, British intelligence have worked on the assumption that Russian and Chinese spies might have access to his full cache of secrets.


And...

http://www.bbc.com/news/uk-33131173

A spokesman for The Sunday Times said: "This story was responsible journalism and another example of The Sunday Times setting the news agenda."We reported what various reliable and well-informed sources from within the government told us."We fully stand by our story, as did the BBC which also had it confirmed by government sources in its reporting yesterday."

Rather circular sourcing there...


RahulJune 17, 2015 3:40 PM

@Skeptical

As quickly as you stated that the BBC and FT also confirmed the story, you retracted your statements.

After reading your comment, I reread the Financial Times article (which was the first I had read of any of this). You've changed my mind with respect to that article. At best, the article is ambiguous about whether anyone at the FT had spoken to British Government officials.

But, what about the BBC...?

One claim made in the Sunday Times is coincident with a claim made independently to the BCC - that the British Government moved personnel due to what China and Russia had learned due to Snowden's actions. I'd rate this more likely than not true; but then I would have done so two years ago as well, given the nature of the compromise.

Nope, never happened. You misheard or misread.


A tell tale clue is that you did not provide a link and a quote. After all, you did this double check online, so you had the blazing url and quote handy. So... where is it.

The Sunday Times story has not been verified by anyone else.

And the level of bogusness of the article is extraordinary, going far beyond simply that there were no named sources.

It is Stephen Glass level of reporting.


One David Cameron aide was used as the source, and that just the night before the publishing of the story.

gordoJune 17, 2015 3:41 PM

@ Skeptical,

From the BBC article:

The government source told the BBC the countries "have information" that led to agents being moved but added there was "no evidence" any had been harmed.


Mr Snowden leaked data two years ago. (par. 2-3)

A couple of paragraphs later we read:

The government source said the information obtained by Russia and China meant that "knowledge of how we operate" had stopped the UK getting "vital information". (par. 7)

The "knowledge of how we operate" might well refer to information made public since the initial release of documents leaked by Mr. Snowden.

At best, your argument is inconclusive.

rgaffJune 17, 2015 4:38 PM

Guys, just take it for what it is..... that article is SO ridiculously vague and terrible.... that even our MOST staunch IC defender we have here on this blog is a bit skeptical about it, and not 100% endorsing and defending it! Does that say something or not???

RahulJune 17, 2015 4:52 PM

@"Sunday Times Story"

I was not going to share the homework for the gullible among us, but as for just how gullible they are, I think is worth noting to them for their own personal edification.

This video, with the primary reporter:
http://boingboing.net/2015/06/16/cnn-interview-with-author-of-d.html

If you notice, besides the fact that he is staring at a singular spot, which is indicative of being coached to lie... and besides his obvious nervousness... that he has his own little monologue going on. It is a little thread of speech of his which unwinds through the interview. He is, himself, extremely focused on that little thread, and the interviewer is not. The reporter is giving little attention to the other questions at all.

The reporter offers this thread on his own. He immediately offers that they "picked up on it awhile ago and we had been working on it to try and stand it up through multiple sources"... this is his focus, because it is the primary lie... he continues, "and when we approached the British Government late last week without our evidence, they confirmed, effectively, what you read today in the Sunday times".

That is the story, that is the lie. That is the primary statement he is focused on saying in this interview.

Notice he takes one big gulp after he says "it is really up to the British government to defend [these allegations]". Why did he take such a big gulp after saying that? Because the man is scared they won't. Because he did not discover this story "weeks before", and because there were not "multiple sources". There is one source, and it is a Cameron Aide.

He gulps again when he states, "[we do not know the details]We just publish what we believe to be the position of the British government at this moment". He gulps after saying that.

"At this moment", btw, is a vagary. This admits he is thinking about the strong possibility they might later deny this story. This, coupled with the gulp.

And, another big gulp after he states "so we have been very careful to just stick with what we can substantiate".

But, it is his statement just a little later that indicates they "picked up a story from a well placed source in the homeoffice"... and "were trying to substantiate this report from other sources".

Now, where is the lie in there? Why the big gulps? Why so focused on telling this aspect of the story?

Well... look at the article.

You can right away see there is something funny going on.

The first paragraph states:

according to senior officials in Downing Street, the Home Office and the security services.

And the very second paragraph makes "Downing Street, the Home Office, and the Security Services" to be:

Western intelligence agencies say


Well, if "Western Intelligence agencies say", why didn't he include that in the first paragraph. And if MI6 says, why not be explicit about that in the first or second paragraph, at least? He does include one anonymous American intelligence source in the article. But, oddly, that statement, like many other statements... we have all seen before, in one form or another. And isn't it a big deal that he got multiple confirmation from two nations? Why not mention that in the first, all important leadup paragraph?

There is a lot of crap in the article, including many source statements that we have heard before. I am sure they purloined these from previous statements from other reporters, some go back years.

But, you really see this sort of "elaboration" he likes to do - as seen in the interview - here, in these three paragraphs:

And last night David Cameron’s aides confirmed the material was now in the hands of spy chiefs in Moscow and Beijing.
A senior Downing Street source said: “It is the case that Russians and Chinese have information. It has meant agents have had to be moved and that knowledge of how we operate has stopped us getting vital information. There is no evidence of anyone being harmed.”
The confirmation is the first evidence that Snowden’s disclosures have exacted a human toll. “Why do you think Snowden ended up in Russia?” said a senior Home Office source. “Putin didn’t give him asylum for nothing. His documents were encrypted but they weren’t completely secure and we have now seen our agents and assets being targeted.”


Same deceptive behavior and transitioning.

Paragraph 1 (last night) (David Cameron's aides)

Paragraph 2 (A Senior Downing Street source)

(David Cameron's aides) -> becomes -> (A senior Downing Street source)

Paragraph 3 (The confirmation) (the first evidence)

I point out "the confirmation" phrase, because it contradicts the very next phrase, "the first evidence".

He says right here where the first evidence came from. It came from the night previous publishing of the story from an David Cameron aide. He initially makes it out to be "aides", in the plural, but he just as quickly afterwards explains it is just one aide. Whom he now terms more substantially as a "Downing street source". In the singular.


This is very much like his lie in the video interview.

His initial offer in that video interview is very vague, "picked up on it awhile ago", and lets it go by implication it is 'one source', because he was trying to "stand it up to multiple sources". How long ago was "awhile ago"? The night before publication.


You can also see his very visible relief the interview did not question him on what he was really scared about during the interview.

It went from big gulps after certain statements, to really extraordinary relief.

That is also indicative of extraordinary stress resulting from telling a lie. He got through it, with some really big gulps, and the interviewer missed it. So, he was very relieved.


There is more funny business and unanswered questions in all of this. Like "why did the editors push this story forward".

But, this is all it is. Stephen Glass level of reporting. A David Cameron aide told the meat of the story to the reporter the night before it was published.

JustinJune 17, 2015 5:20 PM

@ rgaff, Rahul, others

Unnamed government sources (whom the press believed reliable) made certain statements to the press. That's about the substance of the story. What they are reported to have said, personally I find very plausible. Probably not even worth a story in the press, though.

And I'm just as skeptical as anyone about this narrative of Snowden as an unimpeachable hero, to the point where everyone must be completely in love with him or else. Note the "Death Note" reference.

Hasn't it occurred to anyone that releasing millions of classified documents might be prejudicial to the safety or interest of the United States in one way or another?

GeorgeLJune 17, 2015 6:27 PM

@ MarkH
"1. Snowden reportedly got his files from one or more computerized intelligence-distribution systems, accessible to hundreds or even thousands of low-level personnel like himself. "

There could be a 1b slotted in there if, big if, Snowden was placed in charge of administrating this content distribution system, then he could, big if, have had access to the identities of the people who had access to this system; thus, the source of worries of US/UK of dangerous exposure.

gordoJune 17, 2015 7:01 PM

@ Justin,

The Sunday Times story, as @ AlanS reminds us, points up larger issues, and, yes, the authors of the pieces cited below pull no punches. Each of these pieces are worth reading in full.

The Truth Avoided by Mainstream Media Liars

by craig on June 16, 2015

The extraordinary thing is that no jurnalist, anywhere, has made any attempt to deny the facts I give. Not one journalist in the entire crowd of corporate media paid lackeys at the BBC, Sunday Times, Reuters or anywhere at all has addressed or tried to refute the facts which make it impossible that their Snowden story is true. They have not addressed it in their publications or even tried to defend themselves on social media. Not one journalist, not anywhere. (One or two have pointed out that the fifth point is an ad hominem, which is true. Not all ad hominems are invalid, but the first four facts destroy the argument anyway).

https://www.craigmurray.org.uk/archives/2015/06/please-communicate-this-challenge-to-the-journalist-of-your-choice/
.
The Apotheosis of Murdochian Corporatism – Martin Ivens
by craig on June 17, 2015

That really is it. The editor of a once great newspaper does not think it is any business of his whether he publishes lies or not. He does not consider that there was any responsibility on himself or his journalists to find out whether the story was true before they published it. They did not attempt to take any other views or do any checking. And now they claim that what the Sunday Times publishes is not the responsibility of the Sunday Times, but rather it is the responsibility of government.

https://www.craigmurray.org.uk/archives/2015/06/the-apotheosis-of-murdochian-corporatism-martin-ivers/

In the article referred by @ AlanS, Daniel Ellsberg is also mentioned. Here are a couple of Mr. Ellsberg's thoughts on the Snowden issue:

Edward Snowden: saving us from the United Stasi of America

Snowden's whistleblowing gives us a chance to roll back what is tantamount to an 'executive coup' against the US constitution
By Daniel Ellsberg on 10 June 2013

Obviously, the United States is not now a police state. But given the extent of this invasion of people's privacy, we do have the full electronic and legislative infrastructure of such a state.


[...]

Snowden did what he did because he recognised the NSA's surveillance programs for what they are: dangerous, unconstitutional activity. This wholesale invasion of Americans' and foreign citizens' privacy does not contribute to our security; it puts in danger the very liberties we're trying to protect.

http://www.theguardian.com/commentisfree/2013/jun/10/edward-snowden-united-stasi-america

@ Justin, what's more important: That we protect ourselves, how we protect ourselves, or both?

I think that the U.S. Court of Appeals for the Second Circuit in ACLU v. Clapper and the passage of the USA Freedom Act (weak though it is) give us an indication.

HannibalJune 17, 2015 9:48 PM

The Zombie Squid Thread 'Sunday Times' Debacle

It is just a game.

The illusion of a game is that there are winners and losers. If someone is enticed into a game, and enticed deeper & deeper into it, they are lost in the illusion of it. This can be ancedotally observed by anyone who has ever played any game. Or watched anyone who is very fixated on games or sports.

Understanding their motive becomes much simpler when you have prepared the table for them and brought them to the feast. They simply want to eat. They do not really get too serious, as they may pretend to, about what the meal actually consists of.

If you can engage them into the game, and have engaged them deep enough, and are not your own self playing, then you have won. Their motives from then on a very simple. They are playing your game, your rules, and they mistake you for being the false opponents on the other side of the table. But, those opponents are mere illusions. In reality, you are watching the game from above, and merely changing about the rules here and there to ensure everyone goes where you want them to go. A very trivial task to do, because their motives have become so very simplified. They simply want to win.

But, you set the conditions for winning, and change them at your pleasure, to direct them to do what you want to do, and to follow the path you create for them as they walk it.

You can even tell them this, but it does not matter. They will just view it as disinformation from the opponents. In fact, they will believe anything exactly opposite of what the opponents believe. So, if you pose as an opponent on the table and tell them the truth, they will believe as exact opposite of the truth as is possible for them to imagine. If you tell them a lie, they will believe the exact opposite of that.

Of course, somewhere in this they get very confused. They mistake their confusion for "reasoning". They are considering and weighing various theories against one another, but ultimately this is all but a mental stage show. They will end up believing exactly what you want them to believe... because you know from the outset what it is they do want to believe.

They can imagine that they can play that game backwards, but the problem is, you are not even on the table. So they have not the slightest idea of what you want to believe, nor even the slightest idea of your motives. The entire game is but an illusionary maze. By construct, its' design is to hide the end result.

But, back to the "Sunday Times" debacle...

It is certainly not disinformation, because if it were disinformation, what value would that have against either China or Russia? They are already very well aware of the potential value of the Snowden files. They do not have the file, and they have not broken the file.

Yes, the entire thing could be an elaborate ruse. The reporter would have to have been an actor. The report would have had to have been carefully designed to appear very coherently as if it were written up hastily, and with extremely bad sourcing. What a coincidence to have chosen the 'Sunday Times', who probably would have hacked Cameron and the conservative party... had they gotten away with hacking Brown and the liberal party.

That an "aide of David Cameron" is noted as the primary source, in a very sloppy manner, would have been exactly what anyone would have expected.

Maybe China hacked the files, and Russia did not. Or maybe Russia hacked the files, and China did not.

All of this gives various parties a chance to further protest their innocence and work up their character. Quite an act.

One party, I see, even went out of their way not to protest their innocence. But, being worked up, they became sloppy, and actually revealed more clues that would heighten others' suspicions.

Clearly, one can tell what it is they truly want to believe.

After all, if they are not here for the posters, and not here for Snowden, then what on earth are they here for? They can't be here just for you, because they don't know anything. Snowden is just an appetizer, popcorn for the movie, to keep you motivated to win.

A tantalizing possibility which I will state very bluntly is simply a diversion.

A good confidence game involves many players, and much reality. They do not act, they live the role. There is no error to find in their playing. Because that is not where the bait and sharp edge of the hook really is.

Setting the stage, setting the story is very important. You can not just bring people right to the finish. You have to move them along, slowly, giving them clues here and there, many which are false. Then, the end of it all, when they discover that they were not paying attention and ..........

China US Cyber war... the war in Iraq.....vast domestic surveillance... Anonymous... many leaks along the way.... Wikileaks with Manning and Assange... Snowden....

These are all very, very small things. They are completely meaningless in and of themselves. But, people get very focused, very involved. They chase down clues, without really asking where they are going while doing so.


65535June 18, 2015 3:11 AM

@ chris l

“Clearances through the military and DOD also affected in the OPM data breach-- the military apparently has OPM handle most investigations:”

It looks that way.

‘"They got everyone's SF-86," one Pentagon official familiar with the investigation told Military Times.’ –Military Times

Groan, probably so.

[Old COBOL and Unix system could not be up-graded and Chinese Administrators!]

‘A consultant who did some work with a company contracted by OPM to manage personnel records for a number of agencies told Ars that he found the Unix systems administrator for the project "was in Argentina and his co-worker was physically located in the [People's Republic of China]. Both had direct access to every row of data in every database: they were root. Another team that worked with these databases had at its head two team members with PRC passports. I know that because I challenged them personally and revoked their privileges. From my perspective, OPM compromised this information more than three years ago and my take on the current breach is 'so what's new?'"…

[and]

“…OPM executives and the other witnesses—DHS' Ozment, Interior Department CIO Sylvia Burns, the new US CIO Tony Scott, and OPM Assistant Inspector General Michael Esser— that "the execution on security has been horrific. Good intentions are not good enough." He asked Seymour pointedly about the legacy systems that had not been adequately protected or upgraded. Seymour replied that some of them were over 20 years old and written in COBOL, and they could not easily be upgraded or replaced. These systems would be difficult to update to include encryption or multi-factor authentication because of their aging code base, and they would require a full rewrite…one person familiar with OPM's investigation process told Ars, was essentially a company made up of "some OPM people who quit the agency and started up USIS on a shoestring." When USIS was breached and most of its data (if not all of it) was stolen, the company lost its government contracts and was replaced by KeyPoint—"a bunch of people on an even thinner shoestring. Now if you get investigated, it's by a person with a personal Gmail account because the company that does the investigation literally has no IT infrastructure. And this Gmail account is not one of those where a company contracts with Google for business services. It is a personal Gmail account." -Arstechnica

http://arstechnica.com/security/2015/06/encryption-would-not-have-helped-at-opm-says-dhs-official/

It looks like the OPM system was horribly maintained. Unix with COBOL is a nightmare. The IT staff was paper thin. Chinese Administrators with root privilege is idiotic. The government really FUBAR’d this one.

RahulJune 18, 2015 12:17 PM

@Justin

Hi Justin,

I simply do not take much of anything at face value. I do not take everyday people at face value. I certainly do not take matters of intelligence at face value.

My digs at "the gullible" on this was simply manipulative. There was no emotion behind any of it, besides the temporary role playing emotions which came up. The methodology is simply a prying one. I did not and do not believe anyone really is deceived, so there is always a dissonance there. Prying methodology hits at that dissonance and returns further cues as to their thinking.

I was very aware that there were many cues in the story and the video which people could intuitively understand on an unconscious level, but which they find difficult to consciously recognize. So, when I brought out those details, I brought them out to speak to their unconscious mind who is not deceived, as their conscious mind is.

Their unconscious mind always speaks back to me when I bypass speaking to their conscious self, and speak directly to their unconscious self. This prying methodology is one of countless, and like any of the other methodologies is simply bypassing the conscious self to speak directly to the unconscious self. The unconscious self of the person helps me, and returns clues as to "why they are in the state they are in".

If I speak to "the gullible", for instance, I am speaking to the unconscious mind, because only the conscious mind is gullible. The unconscious self knows I am speaking to them, and part of that is because the unconscious self is very interested in any conversations to them be encoded so their conscious self does not understand.


JustinJune 18, 2015 1:50 PM

@Rahul

That man in the video (who wrote the article at Sunday Times) was very nervous, clearly. He was stammering, practically. He was scared of more than being caught in a lie. His sources must have told him something more that instilled fear in him, something he did not and could not reveal.

SkepticalJune 18, 2015 5:15 PM


@gordo: The "knowledge of how we operate" might well refer to information made public since the initial release of documents leaked by Mr. Snowden. At best, your argument is inconclusive.

Certainly it could. And I've suggested other possibilities that do not require certain knowledge that China or Russia have decrypted any documents, e.g. that the UK, having assessed the security practices of parties with possession of the documents (by multiple means, including the stop and search of Miranda while traveling), concluded that both Russia and China would more likely than not successfully access the documents in the near future. That assessment would come as little surprise to many here. Mind you, that assessment ignores any evaluation of Snowden, which would unlikely to be positive from a risk standpoint.

And the point I raised is that the source confirmed to the BBC that personnel were moved. The BBC source was much more vague as to the reasons, and, as I agreed, did not confirm that China or Russia had gained access to unreported information in the Snowden collection.

However this enables us to conclude with reasonable confidence that someone with significant access did speak to the Sunday Times. Did this person, or persons, make the claims attributed to them in the Sunday Times? We don't know, but the probability is greater than it was prior to the publication of the article. Are those claims true? Again, we don't know, but, with greater discounting, the probability is greater than it was prior to the publication of the article.

My only conclusion is that we lack sufficient knowledge to simply dismiss the claims in the Sunday Times article, just as we lack sufficient knowledge to believe those claims. So if that's what you mean when you say that my argument is inconclusive - sure, that's what I've said since the story broke.

@Rahul: Nope, never happened. You misheard or misread.

I think I've read the BBC article accurately. Feel free to explain why you think otherwise.

A tell tale clue is that you did not provide a link and a quote.

Why bother when it's easily accessed via a search and is linked numerous times already in the thread?

Notice he takes one big gulp after he says "it is really up to the British government to defend [these allegations]". Why did he take such a big gulp after saying that? Because the man is scared they won't.

Or he's nervous about being on television. It's remarkable how many comments in this thread seize upon the reporter's anxiety as a sign of deception, when there's an extraordinarily obvious, and if anything more plausible, explanation.

I'd think readers of this blog would be a little more sophisticated about detecting deception.

RahulJune 18, 2015 11:21 PM

@Skeptical

I'd think readers of this blog would be a little more sophisticated about detecting deception.

Very good, thank you for confirming that suspicion.


I was screwing around about "indicators" and "cues", it is a sloppy game of "Psyche". Like the television show. The sloppiness is not about downplaying sophistication, or muting warnings. Warnings come from the unconscious. The sloppiness is giving the appearance that something real might be given, even indirectly. For instance, notice my seemingly utter lack of concern about the damage Snowden has done, or about the Chinese getting their hands on that very important file. Very often it is what one does not say which is the actual message.

What, then, might that implicit message be? Could be that I am liberal. Could be I am merely very implicit in my messaging about rapport. Could be that I know something most people do not. Could be I am just interested in downplaying sophistication of US intelligence.

Could be I talk and listen only on the implicit level... and believe I need to give some disinformation to some regular poster here. Who is not a friendly. The explicit level is junk to me, and has always been. Naturally gravitating to the implicit level, and in my teens was trained in implicit communication. Used it ever since. 24/7. It is entirely automatic. Could not communicate in another way even if I wanted to. No mystical, magical source, any idiot could do their research and see.

Occam's razor... one just has to look at the result. Communication is always a sleight of hand, because of the way people operate. It is the end result which matters. Right now, just about keeping attention focused in certain directions. Been working quite well now for a coupla years, but just making that attention a little more focused.

Groups and individuals work in the same way. Someone is always the screenwriter or journalist. Only one person holds the video camera. Everyone else watches, everyone who they show the video to. Just like this poor journalist at the Sunday Times. He has multiple audiences. The most important audience was his editors and coworkers. There is an audience of liberals, audience of conservatives. Various international audiences. But one guy is telling the story.

No one has any chance of seeing who whispered in the ear of that David Cameron aide. And they never will.

They will also never know what he really said, or why he really said it.

Some things... no one can ever know.

gordoJune 18, 2015 11:33 PM

@ Justin,

Some persons have no compunction against either of these:

1) getting caught in a lie
2) defending the indefensible
Mr. Harper can at least now say that he threw himself under the same bus as used by his editor.

@ Skeptical,

Yes, inconclusive at best. We agree. As well, cleaning up our misunderstandings of the facts along the way was a good exercise.

For me, however, in matters such like this one, such inconclusiveness is best handled by applying Hitchen's razor:

"That which can be asserted without evidence, can be dismissed without evidence."

@ Rahul,

It is certainly not disinformation, because if it were disinformation, what value would that have against either China or Russia? They are already very well aware of the potential value of the Snowden files. They do not have the file, and they have not broken the file.

It is disinformation. The presence of line 17 and line 23 in the text of the Sunday Times article (see below), says as much: Use a big lie to influence public opinion on the proposed Snooper's Charter.

Last week a report by David Anderson QC, announced after Snowden’s disclosures, concluded the intelligence agencies should retain their powers for the “bulk collection” of communications data, but that the power to issue warrants for intrusive surveillance should be stripped from ministers and handed to judges. [line 17]
However, since he exposed western intelligence-gathering methods, the security services have reported increasing difficulty in the monitoring of terrorists and other dangerous criminals via digital communications including email, phone contact, chat rooms and social media. [line 23]

Given Downing Street's position on the matter, this is not a coincidence.

Be that as it may, the question for the UK, as well as other nations, is not that they protect themselves, but how best to go about it. Disinformation, in my book, does not cut it. There is, however, a much better opportunity for all concerned.

JustinJune 19, 2015 1:19 AM

@ gordo

Craig Murray is yet another pundit with an opinion who insists his view is correct unless it can be disproven.

He claims

https://www.craigmurray.org.uk/archives/2015/06/five-reasons-the-mi6-story-is-a-lie/?trashed=1&ids=532028

The argument that MI6 officers are at danger of being killed by the Russians or Chinese is a nonsense. No MI6 officer has been killed by the Russians or Chinese for 50 years. The worst that could happen is they would be sent home.

That's ridiculous. People are regularly murdered, disappeared, or tortured in Russia and China. But no, they wouldn't do that to "us" --- they're our friends. Really. What a remarkably naive view of Russia and China. And personally I don't believe for a minute if an MI6 officer were killed by the Russians or Chinese that it would necessarily be in the news.

The poor journalist who wrote the story in the Sunday Times probably never dreamed of the blowback it would generate. Yes it should have been better sourced, but no wonder no one wanted to go on the record. You just can't say a word against Snowden or anything he did in the present political climate. And you can't criticize Russia or China, either. Only the U.S. and the U.K. are acceptable to criticize.

When the U.S. and the U.K. and other free countries project weakness, Russia and China project strength. And their strength of late does not inure to freedom or human rights.

gordoJune 19, 2015 2:54 AM

@ Justin,

Mr. Murray has asked for one and only one example. Do tell.

I could be wrong, but I would hazard to guess that neither of us speaks nor reads Chinese or Russian languages. I know that I don't. I mention this because a review of their propaganda might produce the evidence required to disprove Mr. Murray's claim. As I said, for you and me, that task is likely one that neither of us can pursue.

Regarding Mr. Harper, you've said it yourself: In more than one sense he may well be a poor journalist.

I consider Mr. Snowden neither patriot nor traitor. History will make that judgment long after we're dead. As he was described by Mattathias Schwartz, I prefer to view him as an "outlaw ombudsmen" (see par. 1). My shorthand for that Mr. Snowden is O2. He's brought oxygen into the room for debate.

All governments are worthy of criticism. If you want to engage in nation building, consider what's left of Iraq. If you'd have a good example for others to follow, look first to your own shores.

CharlesLJune 19, 2015 4:48 AM

@ Justin, gordo

"Craig Murray is yet another pundit with an opinion who insists his view is correct unless it can be disproven."

Not that I agree with what he said, but he has a point. You really can't prove it wrong. I don't believe him, but I can't prove it, so I remain skeptical.

JustinJune 19, 2015 12:14 PM

@ CharlesL

Not that I agree with what he said, but he has a point. You really can't prove it wrong. I don't believe him, but I can't prove it, so I remain skeptical.

I think you're being very reasonable.

@ gordo

We get into this philosophy that was discussed on another thread (Karl Popper), as to the "scientific method" whether ideas are falsifiable, and may or may not be actually falsified, or mathematics, where we insist on a more justificationist approach.

It's like the 3n+1 problem in mathematics: you might insist that the Collatz conjecture is true, unless I produce a counterexample. I do not have a ready counterexample, but meanwhile there is no known proof of the Collatz conjecture, and we have to accept the possibility that it might be false, even if we cannot find a particular counterexample.

GregoryJune 19, 2015 12:37 PM

@gordo

1). My shorthand for that Mr. Snowden is O2. He's brought oxygen into the room for debate.

This is the most perceptive observation I have seen regarding Mr Snowden.


I do not think anyone in [or fmr] western intelligence takes the "destructiveness" of the Snowden disclosures seriously, except for camera facing pundits who are hardly reliable for information.

I could see Russia, China, and some other friendly countries very interested in whether Snowden's disclosures are true, or false. Even if Snowden worked for Russia. (Because he still could have been a triple agent.)

If false, then America is engaging in a massive disinformation campaign. If true, then there really may be a secret file which can expose global, covert operations of both Britain and the US.

If a massive disinformation campaign, then what else might be disinformation. And why? For instance, "Project Mincemeat" implied the Allies were going in to Greece. If it was proven that was disinformation, it would state they are definitely not going in by Greece.

Everyone knew they would be going in. But, if they did not, then proving "Project Mincemeat" as false would have given strong evidence that they very well might be planning to go in.


The "Sunday Times" story could be elaborate disinformation by Western Intelligence aimed at China and Russia, or China or Russia. Or, it could have been simply a small domestic disinformation campaign leveraged at merely at the domestic level for the behalf of the Cameron administration, solely.

I believe the evidence is strong, however, that the reporter did take this report very seriously. I do not believe he would have been so stupid to take the report as seriously if his only source was an aide of David Cameron.


The file could be real, or it could be false. A false file could have been "given" (with some work, no doubt, so they would believe it) to either Russia or China, or both. It would probably require some difficulty cracking. They probably know either Russia or China cracked it, or soon will.

It could be just China has done this. So Russia would be very interested in getting that information from China. So, that would start a large intelligence operation against China. The reverse is true, if only Russia has done this. If neither has cracked the file, then both nations would be engaged against each other. Which, I would suggest, is the most likely outcome.

Likely, the reporter had little to nothing to do with the report, and it was written by Western intelligence. It was designed to appear sloppy, but also to give some credibility to the underlying story.


I believe the reporter's stress over the article was not because "he had never been in front of the camera before", or was merely nervous because the story was being challenged. I believe his stress was contradictory. On one hand, he had very serious intelligence officials telling him the story. On the other hand, it is so true, he is concerned they might later disown it for disinformation purposes.

AlanSJune 19, 2015 1:09 PM

@Skeptical

"My only conclusion is that we lack sufficient knowledge to simply dismiss the claims in the Sunday Times article"

Aside from the fact that the claims are published in a UK newspaper owned by News Corp? Given their past, why bother reading anything they publish?

tyrJune 19, 2015 1:32 PM


@gordo

I like line 23.

For a nice thought exercise how do you measure such
a thing?

I seriously doubt there is any way to measure or
prove it, so it has to be dismissed as burst of
media hot air. I sure the IC is full of those
who make such claims on a regular basis and gull
the politicos out of more money for hardware and
salaries.

Any bets on whether adoribilis makes the next
squid header ?

GregoryJune 19, 2015 3:53 PM

@Justin

That's ridiculous. People are regularly murdered, disappeared, or tortured in Russia and China. But no, they wouldn't do that to "us" --- they're our friends. Really. What a remarkably naive view of Russia and China.


My statement "other friendly" countries was a misprint. I meant unfriendly. In context, it is obvious I did mean that. I believe I misstated this because I had scanned over your very many posts where you are very sure to tell everyone that you look very unkindly on "Russia and China", and "no one else does".

I am hard pressed to think of anyone who thinks "Russia and China" are complete friendlies. On this site. Diplomatically. In the general population. Anywhere.

And personally I don't believe for a minute if an MI6 officer were killed by the Russians or Chinese that it would necessarily be in the news.

This is especially unsubstantiated and wild.

Russia or China have mature intelligence agencies and the last thing they would want to do is murder western intelligence officers. This includes the very bad idea of arresting and torturing them, then killing them. They would be trained to lie and resist torture.

A mature intelligence agency would want to watch them and find out who they work with, how they communicate, and what they are working on. Even arresting them would kill that chance.

CIA Memorial Wall
https://en.wikipedia.org/wiki/CIA_Memorial_Wall

It is stated there are 113 stars on the wall as of 2015, and 80 are named.

https://en.wikipedia.org/wiki/CIA_Memorial_Wall#People_honored_on_the_Memorial_Wall


Many of these are contractors. Many of the deaths are accidental. Most are during war.

Finding records of even the existence of a CIA deep cover officer (who is not a contractor) would be a far more difficult task. There is a very vague mention of these in a book on the memorial wall, and even a mention of a number, which was something around five thousand.


JustinJune 20, 2015 12:35 AM

@Gregory

My statement "other friendly" countries was a misprint. I meant unfriendly.

I couldn't possibly have been referring to your "other friendly countries" statement --- my post that you are replying to came before your post that you are referring to. Actually I was referring rather sarcastically to Craig Murray's apparent position that Russia and China are friendly enough that they would accord full diplomatic immunity to American spies on their soil.

As to your reply to my other statement:

And personally I don't believe for a minute if an MI6 officer were killed by the Russians or Chinese that it would necessarily be in the news.

This is especially unsubstantiated and wild.

Then let's not carry that speculation too far with respect to the Sunday Times article we were discussing. Remote and wild possibilities lie that way. But as far as the stars on the CIA monument are concerned, if 80 out of 113 are named, then 33 must be unnamed. So at least some deaths in the line of duty are not acknowledged by name. I would venture so far as to say that some deaths in the line of duty at the CIA and like agencies may not be acknowledged at all, given the secrecy of their work.

So when someone makes a categorical statement, "No MI6 officer has been killed by the Russians or Chinese for 50 years," that is potentially unfalsifiable, because if that statement is false, there isn't necessarily a publicly reported refutation of it. We can't apply a Popper-like scientific method to an unfalsifiable statement like that, and insist that it be true, simply because no one has refuted it publicly. I'm not saying that isn't true, but that's quite a claim to make without being able to back it up with a solid proof.

gordoJune 20, 2015 2:44 AM

@ Justin,
It’s not a mathematical problem.
It’s a sources and methods problem.
Human beings aren't always logical.
Thus, Hitchen’s razor.
Otherwise you're pwned, left hanging or both.
In a word: manipulated.

@ Gregory,
Most scenarios conceived in disinfo are born dead.

@ AlanS,
Outfoxed, 2004

@ tyr,
Line 23 seemed unnecessarily gratuitous.
It might have had something to do with this.
I see that the table’s been set—thx!! :-)

gordoJune 20, 2015 3:05 AM

BTW, @ Justin,

Mr. Murray's as opposed to Sunday Times' claim, lacks nothing.

CharlesLJune 20, 2015 3:29 AM

@ gordo

"It’s not a mathematical problem.
It’s a sources and methods problem."

Then, for most of the population it isn't a "problem." For the really skeptical, it is more like tabloid.

"Otherwise you're pwned, left hanging or both."

There aren't many options left, are there? :D

GregoryJune 20, 2015 11:46 AM

@Justin

Right, 33 are unnamed.

So when someone makes a categorical statement, "No MI6 officer has been killed by the Russians or Chinese for 50 years," that is potentially unfalsifiable, because if that statement is false, there isn't necessarily a publicly reported refutation of it. We can't apply a Popper-like scientific method to an unfalsifiable statement like that, and insist that it be true, simply because no one has refuted it publicly. I'm not saying that isn't true, but that's quite a claim to make without being able to back it up with a solid proof.

I would suggest removing the glasses of popper and consider the problem from multiple angles, with multiple glasses on.

There is no reason to throw away concepts of probability entirely, or not even attempt to define, at the least, the edges of what is unknown.

Spy movies, tv shows, and even history which focuses around wartime blurs the fact for the population of the audience of the story. What they are immersed in is not actual fact. It is fiction. If no one ever got killed in spy movies it would be boring. People are scared of death and feel the vicarious feelings of it. It adds suspense, and only in that it adds suspense does it offer reality -- that through metaphorical means.

There is some basis for the danger: agents, basically informants, do get killed, and very frequently. Moles in totalitarian countries get killed if discovered. Officers working in countries and areas where there is no mature intelligence agency work in extraordinary danger. Working against Muslim terrorists, or other forms of extreme Muslims is extremely dangerous. They do not any mature intelligence agency, not in Saudi Arabia, not in Iran, nowhere else.

But, China and Russia, they are not idiots, and have competent intelligence services. They are very mature.

Catching a deep cover CIA agent, an "illegal", would be like catching an unicorn. That would be an extraordinary prize for a hostile nation. You can hardly even find firm documentation of these. Especially for operations deep cover who are not simply case officers working out of diplomatic cover. China and Russia know this.

China, or a Russia know something else:

You are missing something extremely important here. They know they are unicorns. They suspect America of having all sorts of vast intelligence capabilities which the general population does not know about. Russia and China both have large armies of illegals, deep cover officer spies. They won't believe America or Britain does not. But, they have no proof of that, none whatsoever.

To actually get proof of such a thing would be like a UFO fetish buff finding an UFO landing site where they see aliens getting on and off. They would go crazy. Their long held suspicions are true! They would not want to alert them to their presence. They would want to videotape everything, as much as they could, learn as much as they could.

It would be like some person who believes in magic finally finding someone who can work real magic. All their life, it has been a facade. But, now, he is someone no one on the planet knows about who can bring to life inanimate objects and make them work for them -- real golems! Would they pull out their gun and shoot this magician? No. They would want to spy on them, to find their secrets, so they may use this incredibly powerful knowledge.

You seem to be believing in faeries, aliens, bigfoot, yeti under this model. The general population believes in such things. They could be right! In fact, all of reality could be all sorts of things. Some theoretical physicists are arguing the universe is holographic. It could be a dream. It could be a virtual reality billions of years in the future. It could be anything, if anything is true. All or some of your memories are fake. You would have no idea. According to pretty solid tests in behavioral sciences, people have rotten memories which they trust completely. It does not make it true.

But, the reality is these sorts of subjective analyses are made by people who do not bother to study the facts. It is a distant matter for them. It is like phobias. People can think flying is more dangerous then anything else and be terrified of flying. They have seen video of horrific crashes. But, then, they give not a second's thoughts to the dangers of driving, which is very far more dangerous.

It is fear based reasoning... and fear is incapable of reasoning, but the reactive capacities which induce fear can be trained to deal with reality.


But as far as the stars on the CIA monument are concerned, if 80 out of 113 are named, then 33 must be unnamed. So at least some deaths in the line of duty are not acknowledged by name. I would venture so far as to say that some deaths in the line of duty at the CIA and like agencies may not be acknowledged at all, given the secrecy of their work.


According to Wiki, the CIA is 67 years old as of today, 2015. 80 are named, 33 are unnamed. That is a very long time to spread out 33 deaths. Worse, much worse, if you actually bother to look at the reasons these deaths happen, and where they happen, and when there is someone behind it, who they are... it becomes apparent that the probability of such a far fetched scenario becomes smaller and smaller.

It could happen. You could have your whole house drop down into a sinkhole. You could get superpowers by being struck by lightning. You could be struck by lightning.

But, if you look at the actual statistics of such events, you begin to learn while it "could happen", it is extremely unlikely to happen.


In fact, what we are talking about here is astronomically improbable.


What is not astronomically improbable here is that the reporter probably believed this was a true story. And there are audiences to the story out there who did believe it is true. There even could be MI5 and MI6 leaders who believe it is true. Not everyone in such agencies is competent or has any matter of qualifiable experience.

We know general population who is unexperienced and unread would believe it.

Look at the British spy shows! James Bond... created by fantasist Ian Fleming. Lotsa murdering going on, lotsa killing. Of late, "The Game"... quite a few murders in that, and very off the books. "Spooks" -- all the main characters get killed off!

SAS, SBS stories -- war stories. Real combat stories.

WWII stories -- war is very different.

"Danger" attributed in qualifiable journalism stories: usually theoretical, some probable or possible, many statistically extremely unlikely. Something like identifying an ex-case officer like Valerie Plame was, was extremely bad. She worked with agents. Someone sees her face on tv, they go, "Hey! That is the lady our buddy here was good friends with! Kill them!" That is, they would then kill the agent, the informant. Not Plame.


Plame, as a case officer was under real danger, depending on where she worked. If she worked in Muslim majority countries, she could have been killed by all sorts -- including their government. These are people who lock up Europeans and Americans for drinking alcohol. In prison. For years. They think everyone is a Mossad spy. Iran is not China. Egypt is not Russia.


An officer could get imprisoned or killed in Russia or China if they did not understand they were a deep cover spy. Either country kills Westerners. Extremely infrequently, but it happens. By their government, I am talking about. China tortured some Westerners who were sympathetic to Tiananmen Square. But, they released them. They kept their torture deniable, they use rocks in socks and hit at the soles of their feet. (Notice I am very specific about this, because I have studied the subject.)

Russia killed, recently, at least one westerner. He was making waves against some very dirty components of their government. Not plausibly was he a spy. He was a businessman who had money and they liquidated his assets. No metaphors there, I am talking money. He balked, he tried to sue, he tried to get investigations going... but it was an illegal FSB operation, so they jailed him under trump charges where the conditions were so bad they died.

Likewise, one of the torture victims in China years ago, around 89, died after being released, and highly likely to the torture.


GregoryJune 20, 2015 12:16 PM

@gordo

Most scenarios conceived in disinfo are born dead.

Har har. [... 'Project Mincemeat'/'The Man Who Never Was'...]

*shrug*


It is an interesting story in terms of 'how people process information', 'how the media influences people', both news media and fictional. But, even moreso, in "how these stories reflect their own very many layered selves".

The Mystery of the Human Soul. Or, "Self", or "Identity", if one prefers.

We are attracted to certain types of stories, and full of mystery our own selves. Even the most mundane. People are very far more sophisticated then latest jet technology. Inconceivably so. Whether they are used for glamorous purposes, or mundane purposes, it does not matter. It is still inconceivable sophistication. In fact, it does matter, because you can easily examine and observe such technology laying about, unused in a field in some obscure village somewhere. But, you can not if it is up and about, flying through the air.

Two coins to observe. One lost in the deep waters of the ocean. The other right here and now. Same basic coin.

Granted, I do not plumb into real conspiracy theory sites, because they are much too screwed up. They often lack a high level of intelligence and a very poor level of knowledge. So, digging into the chaotic bias which consumes their external self is not as easily performed.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.