Schneier on Security

r • February 22, 2017 6:29 PM

@Wael,

You shouldn’t feel paranoid anymore brother, at this point it should be ack².

r • February 23, 2017 7:02 AM

@cphinx,

worse than that it’s:

In the face of nuclear weapons and interconnects,

this IS(information security) Shore’ing up one’s defenses

Understand, that your standing in standing either up or back down the reference to ROE never precludes ‘self defense’.

If you had the chance to disarm your foe, or even the opportunity to attempt it; wouldn’t that be more important than the ability to pull an intercontinental holistic trigger?

We can spare lives by spearphishing your deeployees; they get lonely out there and lonelyness makes one do sad desperate things ask the Israeli soldiers clicking on Hamas front women.

Paid played and plaid.

Hen can get mad! Or QQ all that hen wants but the reality is glaring. Don’t let the butt hurt get you.

We (The US-crowd(not the in-crowd)) exist in a democratic environment, accept that it is within the interest of every other competing sovereign interest to defame discredit disseminate and leak every aspect of an operation like this.

And also to develop attacks and defenses in kind and of kind.

It’s a form of disarmament pressure that can be placed upon democratic nations as a whole, don’t let the leakers slander what at this point is beyond a given but a practical requirement.

Would you prefer that we relax our position and allow China or Iran to control international media with their Deeply Learned Twitter Bots?

Would it stop there?

How would Saudi Armaco feel if we left the lights on with nobody watching the boundaries and hacktivity ?

It’s not busyness as usual when I want to put you out of busyness.

r • February 23, 2017 8:34 PM

@cphinx,

I think you and I are in absolute agreement here. I don’t think I’ve felt threatened at all by the reality of this ‘DMZ’ since the reality of IT truly sunk in.

@vas pup,

Likely I enjoy your postings more than you enjoy mine, thank you for those links.

r • February 24, 2017 5:29 AM

@65535,

You know, about that attack: most everything I’ve seen about it paints a picture of trojanization and or backdooring. After a move like that, the easiest and likely the best kind of modification to an event log filter/parser would be to blind it somehow.

Considering how aggregated and complete your list/response is, I’m curious: are/were you one of the users of it?

r • February 24, 2017 5:48 AM

@65535,

They’re not going to give up their offensive stance, it’s just not going to happen. For them to start pushing true security (secure software, secure hardware) would open themselves up to the same problems we are already facing now with reverse engineering and counterfeiting. Sure, they could make the whole world secure but then they would lose signals, everytime they would improve resistance to an attack those mitigations could be copied and spread worldwide only making their ‘job’ considerably harder than it is now. This is why we see (or don’t) redteams and the science of omni, if they take a larger defensive stance than recon and sabotage it would do nothing to address the other layers that leak. It’s the same game, only expontentially more difficult and costly.

I’m not condoning what they’re doing, I’m rationalizing (not stretching) it within the constraints of what I view as reality. Security is a HUGE field, they run a grey/dual-hat operation and you want them to become white hat in a reality where it in full honesty and practicality likely does not exist?

Do you ever wear white?

It stains most easily, let them do what they’re doing; it’s not 100%. We can keep right on mitigating and circumnavigating them as we’ve been, there are no leaks really coming out of the other groups – you don’t find that suspicious or curious at all?

That’s like saying Mossad doesn’t exist, close your eyes. Our institution is vulnerable to both the public and outside influence let’s thank god that we have any information at all at this point and make a bid to nudge it/them/us back into the correct stream.

Like @Bruce has been saying, they/us/we need more technologists more thinkers more questioneers.

I hope what was done with Kingslayer was something ignorant, like an outright trojan; you’d better all hope it wasn’t something far more intelligent like a small programmed event overflow a heap double free or a blind spot.

r • February 24, 2017 5:39 PM

@Clive,

I understand the slippery slope, it’s an unfortunate conundrum at this point.

But what are we to do if not converse about it? If not comprehend it? If not alert others to it?

If it wasn’t them who else is there? Who else would be there?

I think that’s the only aspect of what they’re doing that even gives them a ‘smidge’ of the defensive err.

That’s it, as sad and as weak and as horrible as that is.

They’re recon, I recognize it – I may not entirely accept it but I do not have to.

My hands are bound by the ineffectiveness of my voice, our voice.

All one can do is plot and scheme and hope that he’s taken enough precautions and thought far enough ahead that he can eek out some sort of private world for his thoughts.

It’s unlikely to happen though, interdictions supply chain poisoning – everything we do leaks.

If I investigate something on ali baba I’m flagged, if I check it out of the local library – I’m flagged.

Get my drift? You know exactly what I’m saying and we both know that no matter how indecent it is if we don’t have any sort of fireline to firewall us from the el rando’s we’re even worse off than we are now.

Put my weapons down? I did, I was given a long time ago a cold hard look at the perpendicular angle to which I view my own interests and they view some of ours. I’m free to research however, why? Because I saw the long game a long time ago and maybe they knew it, I don’t know I can only assume.

I sit here more than enough to pique anyone’s interests into my curiosities, no big deal. I’ve amendments for that (for now I suppose). But those certainly don’t protect me from the collusion of GCHQ or BND. What about the GRU or Mossad?

Or the Chinese? OPM really scared me, for more reasons than I think you’ve all pieced together.

Maybe I’ve taken the bait, who knows but my voice doesn’t change. There are things well beyond our control or anyone elses, and the only way to stop human nature is to start stopping humans – for the most part – I’m far against that.

r • February 24, 2017 5:47 PM

Companies pouring billions into open source technology, what?

To be shared with North Korea?

To be shared with Israel?

To be shared with whom free-of-charge but not a backdoor or beacon?

Don’t get your hopes up, proliferation is the game.

It’s pro life.

r • February 24, 2017 7:16 PM

@Miss iLE,

Attacks only get better, the NSA will decrease as more and more ML/DL & computer ‘assisted’ targetting comes ‘online’. The CIA will always have it’s heals dug into reality more than the NSA even if it’s more or less(more or less) vulnerable to the same misdirection as the NSA.

Certainly we’re under symmetric attacks as human beings, just don’t let people lie to you and tell you that it’s only the NSA doing it.

That’s the poison apple.

Even if the NSA was shutdown tomorrow, anyone with any sense knows ‘that the show must go on’.

r • February 25, 2017 5:06 AM

The most annoying thing about all of this is?

These sort of hactors practicing SEO 2.0, it used to be link farms…

Then it was refactoring and weights…

Now it’s less bump bump bump and more cram push choke.

Don’t gag, it’s not a gag; these people(?) are serious.

r • February 25, 2017 5:23 AM

And the above, by the way: has my “great seal” of approval.

r • February 25, 2017 5:35 AM

Assange is a victim of lock in, he’s locked into the smallest of venues. How many communication outlets do you think he really has access to?

Trapped like a rat in a cage. His options are limited, the rest of us?

We’re still free to make decisions, when where how…

The big one is WHY?

And that, mein freund is aimed straight at one’s heart.

r • February 25, 2017 5:47 AM

A word of advice,

not a single compiler I own is clean.

Not coff not omf not aout not elf.

There’s not a linker or stdlib on my computer that I’ve left unturned.

all of your libs and .a’s belong to me.

Because I sed so.

r • February 25, 2017 5:53 PM

@Anura, Clive,

Actually, Anura is onto something here.

Let’s give you what I’ve been filling my brain up with:

https://www.nytimes.com/2017/02/22/world/asia/kim-jong-nam-assassination-korea-malaysia.html

The police say the four North Korean conspirators watched the attack unfold. Soon after, they passed through immigration, had their passports stamped and left the country before the authorities realized Mr. Kim had been murdered. All are now believed to be in North Korea.

I’ll drop more when I get the rest of my 40 pages of history that I just re-loaded sorted out for you guys.

r • February 25, 2017 6:48 PM

nytimes 02/15:

The news media in Malaysia reported that the police were looking for four male suspects, suggesting that the plot was more involved than initially indicated. It was unclear whether the Malaysian man arrested Thursday was one of the four.

https://www.nytimes.com/2017/02/15/world/asia/kim-jong-un-brother-assassination-north-korea.html

nbc 02/21:

Malaysian police also arrested one North Korean in connection with the attack, and publicly announced the names of four other Northerners it wants to question, but who had left the country soon after the attack.

http://www.nbcnews.com/news/north-korea/kim-jong-nam-death-north-korea-could-lose-rare-friend-n723471

wapo 02/20:

With one North Korean in custody in Malaysia and at least four of his compatriots suspected of involvement,

…

His pronouncement came after Malaysia released information about four North Koreans who had been in Kuala Lumpur for several weeks but left on the day of the attack.

…

The man who has been arrested is 47-year-old Ri Jong Chol,

…

The other four named by Malaysia as suspects are now back in North Korea, having gone to great lengths to avoid going through China — the most direct route — to get home. They appear to have flown from Kuala Lumpur to Jakarta, Indonesia, then to Dubai and on to Vladivostok, Russia, then from there to Pyongyang.

It is not known why they went to such trouble, although China had been protecting Kim Jong Nam, who had lived in quasi-exile in Beijing and the Chinese territory of Macau for about 15 years.

https://www.washingtonpost.com/world/north-korea-says-malaysia-cant-be-trusted-to-investigate-the-killing-of-leaders-half-brother/2017/02/20/7f0cccb4-f740-11e6-be05-1a3817ac21a5_story.html

reuters 02/19:

Four North Korean suspects in the murder of the estranged half-brother of North Korean leader Kim Jong Un fled Malaysia on the day he was attacked at Kuala Lumpur airport and apparently killed by a fast-acting poison, police said on Sunday.

A North Korean man, a Vietnamese woman and an Indonesian woman have been arrested already in connection with the death of Kim Jong Nam last Monday, which has triggered a diplomatic spat between Malaysia and Pyongyang.

South Korean and U.S. officials believe Kim Jong Nam was killed by agents from the reclusive North, whose diplomats in Kuala Lumpur have sought to prevent an autopsy on the 46-year-old’s body and demanded it be handed over.

“We believe the North Korean regime is behind this incident, considering five suspects are North Koreans,” Jeong Joon-hee, spokesman at South Korea’s Unification Ministry that handles inter-Korea affairs, told a briefing on Sunday.

Kim Jong Nam, the eldest son of the late North Korean leader Kim Jong Il, had spoken out publicly against his family’s dynastic control of the isolated, nuclear-armed nation.

The young, unpredictable North Korean leader had issued a “standing order” for his elder half-brother’s assassination, and there was a failed attempt in 2012, according to some South Korean lawmakers.

Deputy Inspector-General of police Noor Rashid Ibrahim told a news conference that Malaysia was coordinating with Interpol to track down the four North Koreans, but would not reveal where they flew to on the day of the murder.

“The four suspects are holding normal passports, not diplomatic passports,” he said. “Next plan is to get them. We of course have international cooperation especially with Interpol, bilateral involvement with the country involved, we will go through those avenues to get the people involved.”

The four suspects arrived in Malaysia just days before the attack on Kim Jong Nam, according to police.

Noor Rashid named the four who escaped as Ri Ji Hyon, Hong Song Hac, O Joong Gil, and Ri Jae Nam. The police are looking for three other people who are not suspects but who they believe could help with their enquiries, one of whom is North Korean.

http://www.reuters.com/article/us-northkorea-malaysia-kim-police-idUSKBN15Y068

I’ve got more, not on that specific sub-topic but I still need time to collate the kicker out of this for the VX aspect. Please don’t mind the repetitive and backwards orientation of the narrative but do note than the reuters link hits on the chemist & other suspects and potential exact vector prior to vx being named ‘officially’.

The big one is next I think you get the initial point for now.

r • February 26, 2017 4:38 AM

@Mod,

Did you make a pass over his blockquote failure?

I think it’s worse now than it was, at least before it looked like it was messed up now the response case is semi-inverted.

@Id10t,

Let me refresh your memory of why you illicit such a response from me.

Not just Lavabit, anyone providing any IT services to Americans is required to make it easy to hack. Every single ISP and mail provider has to log everything the Americans do and make it trivial to get at that data per CALEA. Anyone who refuses to so sabotage American security will be kidnapped and if they struggle they will be murdered.

Really?

And you believe this is true why? Because of your own state propaganda? The funny thing is I can’t even find a news article translated to english from any other countries that would even come remotely close to that assertion lol.

Links please or it never happened.

I think your inability to use blockquote properly led you to re-read my words as your own.

You’re a fraudulent representation of a free-thinking individual come back when you’re honest with us and yourself.

Can you add hominems?

r • February 26, 2017 10:29 AM

We know from previously, as with Iran and it’s Genovian sourced blueprints that our intelligence structures are not above the dissemination of misinformation and sabotage.

It would be wise for you to build all your own tools, would you dare ask the Maoists to share?

r • February 27, 2017 7:40 AM

@Dan H,

I’m on the fence about Snowden at this point in all fairness, but there is a HUGE glaring difference: he released at least SOME of his exfiltrations.

So even your position is a position of slant at this point, this knot is a hard one to undo.

On the same fence, making him ‘better’ are the same qualities that potentially make him ‘worse’. The damage he’s done through going public is considerably further reaching otherwise.

@Patriot,

@Bruce’s site is quirky, blockquote usage allows for only a single depth making it very easy to handcode.

Dreamweaver?

Believe you me, I am an avid supporter of the EFF and ACLU at this point in my life but I think our empasse is that I see no way around the militarization that has been and will continue to occur. My apologies for dismissing you as one of the previous GRU apparitions and believe me that I completely understand your reservations either as a united states citizen or not but we are all in deep shit at this point. There’s no other way to go about it other than to cough infiltrate the system and then to infiltrate their heads.

Responsibility must be promoted, if you believe that online censorship is bad and spying is bad then likely you will also believe that the silence resulting from the usage of a nuclear weapon on what are effectively peasants is also bad.

The world has gotten to the point where we are firing ‘nerf guns’ at centrifuges, at researchers, at protesters. Because these are perceived and basically sometimes are ‘soft weapons’ the escalation has gotten to the point where it’s went from a couple of salvos of soft foam into an outright war with them.

But, if these nerf guns can be used responsibly then there is good that can be done. I think that should be the goal, to temper our usage so as to not be lobbing what are essentially temper tantrums.

This problem is not going away, not now and not ever there will always be hackers and spies. We don’t really know enough at this point to call for a complete deescalation and even if we could we know from past experience (the recent pipeline and occupy wallstreet etc) that such powers will be continually abused.

Believe me, I’m scared about the juridictional changes related to warrant issuing and the “going light(not dark)((‘green lighting’))” of things like IMSI catchers at this point.

We must develop arguments both for an against and we must disseminate these arguments in a manner that’s conducive to a dialog because otherwise they will continue to be used indiscriminately.

That’s my odd little angle to the situation at hand, again I apologize for my paranoia with seeing you as a GRU ghost (I did see your PLA position).

We are in this together, we have to understand both what is capable and what is reasonable.

Those two questions are an ever evolving monster and we only get glimpses of what’s going on underneath the rug.

I do not refute that EG is the NSA, but something to consider is that where stuxnet and iran are considered it was likely (and proven) to be a much larger (group wise) interaction than some solo NSA effort and therefore may include components of the CIA etc.

EG could be the same thing, we don’t know a whole lot about TAO but the NSA is likely not the only opponent with such capabilities and we absolutely do not know where the overlap begins or where it ends.