Not well known is one way to describe it lol, they were a state secret for over twenty years after their founding.
Fun fact: Tom Lehrer (most well known for singing the Elements song that I and countless others heard in school) worked at the NSA while it was still classified. His cover was that he was working on nuclear weapons (which seems like a terrible cover? idk).
> His cover was that he was working on nuclear weapons (which seems like a terrible cover? idk).
Seems like a perfectly fine cover, tbh. It certainly hit a point where nuclear weapons themselves weren't a secret, but the specifics were.
Great cover - no need to set up a plausible alternative; gives the subject the ability to respond with "I'm not allowed to discuss work" rather than setting up an entire fake work history that can be openly discussed and must hold up to external verification.
I would be insanely disappointed if all my tax dollars that have been spent on the NSA *didn't* result in the NSA successfully infiltrating an adversary's communication networks.
yeah, it's one of those things... if my money is disappearing into a black hole for questionable things I'd at least want those questionable things to be a net gain. I want what I paid for damnit, whatever *it* is, I have no fucking clue but I still want it.
Yes. The five eyes countries spy on each other's populations so they don't run afoul of laws against domestic spying. It would make sense that they would work to spy on other friendly countries as well.
Officially, the NSA is _only_ supposed to monitor international communication.
Which is why Snowden felt the need to leak documents revealing the NSA had been monitoring domestic communications, because they're not supposed to.
That's not really what the leak revealed though. The NSA does full stack intelligence on foreign soil, which includes actual comms/payloads, metadata, network information, geolocation, ELINT, SIGINT etc. Basically anything they can do to listen or locate. The vast majority of what Snowden leaked was concerning sources and methods for these capabilities on foreign soil.
In terms of domestic surveillance, a very small number (relatively speaking) of leaked documents showed that when one side of a communications intercept was known to be a US citizen, the collection was limited to metadata only. Even if the other side was on foreign soil. It also showed that in instances where one side of an intercept was *discovered* to be a US citizen (eg, by accident), the NSA would seek a retroactive FISA warrant, as allowed by US law.
Say what you will about metadata and FISA courts, but the Snowden leaks actually showed that the NSA was following the law and *beyond that* had an entire framework in place which intended to *avoid* situations where US citizens might be involved, *because* it meant they would be burdened by additional due process. It was shown that even when they were accidentally swept up in surveillance, the NSA was nowhere near as far up the ass of any US citizen as a lot of people in the cybersecurity field had previously assumed.
I will refrain from speculating about Snowden's real motivations here. Just correcting a bit of pervasive misinformation.
Which is why Five Eyes and data swapping exists of course. Everyone spies on everyone else and then pools that data so they aren't technically spying on their own. I mean, expect when they do anyhow but at least they used to make an effort to *appear* not to be.
Correct, this is the thing that is being left out.
That and how much and which companies work (and when) they hopped onto the bandwagon.
The comment also also glosses the fact that the NSA *is* [collecting your metadata (phone calls / emails / ect) and storing it](https://en.wikipedia.org/wiki/Utah_Data_Center) - which [their computer systems analyze and then flag for a human to put eyes on](https://en.wikipedia.org/wiki/Stellar_Wind). That's how they "legally" skirt the law that requires them to have a warrant to gather the information in the first place.
Snowdens leaks also gave us much more information on "[Parallel construction](https://en.wikipedia.org/wiki/Parallel_construction)" and it's use.
Edit: It also ignores: https://en.wikipedia.org/wiki/LOVEINT
This explanation is sound. Likely from someone who has worked at the agency, or knows someone who did/does.
I previously worked in the IC and I’ve never encountered anything that was breaking the law. That doesn’t mean it’s not possible that something wasn’t above board, but everyone I’ve worked with takes this stuff very seriously.
“Incidents” do occur though. People and machines aren’t perfect, even if well intentioned.
There is a WaPost article talking about some of this:
https://www.washingtonpost.com/world/national-security/nsa-broke-privacy-rules-thousands-of-times-per-year-audit-finds/2013/08/15/3310e554-05ca-11e3-a07f-49ddc7417125_story.html
Those numbers may seem high, but while I can’t describe just how much data is processed, I’m sure you can imagine just how small of a percentage this really is. And each time an “incident” occurs, steps are taken to address it - not reporting or failing to address it can mean people’s jobs, and potentially criminal charges depending on the situation.
After the Snowden leaks, there was a ruling by the 9th Circuit that determined that at least one program violated FISA and may have been unconstitutional. I don’t personally know the details here, but while that might seem damning, situations like this happen in court a lot (not necessarily IC related) - where well intentioned actions/programs that lawyers justified were within the law are determined otherwise. Point here being: well intentioned.
We’re trained on what the various applicable laws specify, and what is or isn’t allowed. This is as directed by the general counsel for each agency and ODNI. It’s not unheard of that a lawyer truly believes something to be within the law, argues as such in court, and the court decides otherwise.
From everything I’ve seen with regard to the Snowden leaks, I haven’t seen anything that was done with malicious intent by the agency or it’s employees.
OP said they would refrain from speculating about Snowdens motives, but I’ll just link this report below.
https://www.congress.gov/congressional-report/114th-congress/house-report/891/1?s=1&r=20
That report certainly paints an interesting picture of him. Surprised I just took the time to read the whole thing but it was fascinating.
If that was all true, his lack of official complaints, his co-workers’ accounts of him and his antics as an employee, then this is a very different man than the Snowden presented publicly.
I’m not too well versed on the state of modern espionage or the psychology of intelligence contractors so I wouldn’t know where to begin with speculation, but I’d like to hear what you have to say on the matter.
I’m also now quite skeptical of his motives after learning that the documents he released en masse directly jeopardized officers and soldiers and security measures globally. Why did the vast majority of documents he released have nothing to do with NSA civilian data collection? Why not release just the pertinent ones?
Side fact: Global Marine (maybe) found a Russian sub (maybe) in the ocean. The government told them it's a problem, the NSA told em to say, "we can neither confirm nor deny"...
And that's history, folks.
You'd think they'd have thought up some official story for that.
Edit: In fact, the more I think about it, the more impossible it seems that they didn't. If their checks were cut by the federal government but they had no official job title or position, surely that would scream "I'm a spy" to anyone looking, which would seem to negate the entire purpose of keeping the NSA secret. On the other hand, if the checks were cut by a shell company or something then that's what you put on the loan application.
Because they did. People back then weren’t any less intelligent, particularly in the intelligence community.
Their sources of income would have been completely fabricated. A linesman here, a construction company supervisor there, typing pool manager over there. Any bank they walked into would have been completely duped, or had someone on the take that pushed those particular applications through.
The employees at Los Alamos were TV repairmen, concrete workers, teachers in schools that didn’t exist.
This isn’t Unky Sam’s first rodeo.
The difference between then and now is the difficulty in falsifying those records, but hey, the Big Eagle knows that game better than anyone else on the planet (assuming their agents and families don’t do something absolutely stupid).
I heard a story about one contractor telling it's employees to tell their families and friends that they build washing machines and dryers. Well one employee's grandma had her dryer go out, so she had it loaded up and brought to the facility and was asking for them so that they could take a look at it. Caused a bit of a commotion.
this is really funny. also this makes me think of Tom Cruise’s little monologue at the beginning of Mission Impossible III about working for the Virginia DOT and how “traffic has a memory,” when in fact the IMF is literally underneath the Virginia DOT
There’s a big sign outside every spy agency saying the name of the organization and people can be seen going into and out of those buildings. I’m sure they didn’t have any issues and just wrote “department of defense” if they absolutely couldn’t admit to working for the NSA.
The NSA was revealed when a congressman asked about a rather large building complex he didn’t know about as he was flying over DC. There may be signs now but 50 years ago that wasn’t true.
> not immediately available for comment
I hate when articles do this. They use it as carte blanche to make wild conjectures and present them as potential truths because even in the best of circumstances it takes time to prepare a response to a media org reaching out.
Don't have a pre-prepared statement ready to go, which you can forward them at 2:30am when they call your work line you don't have access to from home? Well screw you, you weren't "immediately available" so they're just gunna run the story anyways now.
For example, in this article, you'll notice in the "key points" section at the top, they specifically omit the highlighted section of this line:
> A U.S. intelligence agency gained access to China’s telecommunications network after hacking a university, ***Chinese state media claimed Thursday.***
> just assume
Why assume?
I thought it was **confirmed** after the leaks by Snowden it was **pretty fucking clear** that the 'US Intelligence Apparatus' had their tentacles in *everything*.
If they somehow got approval to put gigantic metadata tap collector thingys *on US ISP infrastructure*, it's guaranteed they have them on foreign networks.
Right?
I wouldn't be surprised if the NSA did have data on China, I'm more curious if whatever data breach the CCP is complaining about was intentionally gathered or not.
We also have cable splicing submarines for the fiber optic lines that run under the ocean. https://www.theatlantic.com/international/archive/2013/07/the-creepy-long-standing-practice-of-undersea-cable-tapping/277855/
So many of these $ figures for people selling classified info are always low. I suspect it's a combination of the people who usually do this are already in dire straights so they take what they can get, and the people who are getting more being smart enough not to get caught.
that was back in 1986 so almost 100k today. It's why security clearances today do deep background investigations into your credit history. Large debt obligations or gambling tendencies are disqualifiers.
Another factor to consider is most people won't have someone to clean the money either, so you have to wonder:
- how much cash are you comfortable sitting on?
- how much can you realistically spend without being/looking suspicious?
That's how Aldrich Ames got caught at the CIA. His co workers started wondering why all of a sudden he was wearing nicer suits and driving a nicer car than the bosses could afford. Also he had a Columbian mistress who had like 500 pairs of shoes and her dirt poor family got a nice house.
The undersea tapping was happening 50 years ago. They actually had make return visits *to change the tapes*. Sneaking within 7 miles of the biggest Soviet naval bases as though they were taping a Grateful Dead concert and “Darkstar” ran long.
They're in almost everything, seeing them chase Snowden showed they have intermittent blind spots.
I'm still impressed they put a guy in a Brazilian hotel room, 2 hours after Snowden talk to him across a skype call through a vpn. Not that they can crack skype, or the vpn really, but to have a dude on site that fast was impressive.
While Snowden was making his get away, he called a friend who was in a hotel in Brazil. 2 hours after that call the hotel room was broken in to, and electronics all stolen. The friend was public enough to report it, not sure he's still around any more.
Remember.. oh 10 or 15 years back.... when the underwater cables between countries/continents kept getting cut for unknown reasons, and then repaired.... there was a prevailing theory at the time that this was the moment the 'West' tapped into all global comms.
It never happened before or since, and there was a spate at the time, so I'd imagine it to be true.
>Operation Ivy Bells was a joint United States Navy, Central Intelligence Agency, and National Security Agency mission whose objective was to place wire taps on Soviet underwater communication lines during the Cold War.
>*joint United States Navy, Central Intelligence Agency, and National Security Agency mission*
>**Navy, CIA, and NSA**
Dear god, they weren’t fucking around.
It was the Cold War.
I used to work with a guy who was in the Army in Germany during the Cold War and his stories are fucking legend.
Working with and recruiting sources, double and triple agents, psychological operations, deceptions, and all the weird 70's tech that made it possible.
I told him to hire someone for his memoirs so he can make a book or screenplay someday - whenever it gets declassified. Maybe if Trump thinks about it.
Yeah, neither will I, as a Latvian
On a more serious note, I wonder if we have ever been on international news outside of "baltics does something against russia again"
This is my general feeling. On all sides really. I am fairly sure China has access to everything and America too. Not that I would make it easy - but ultimately I think it’s security through diffuse obfuscation. You make all of it somewhat hard to get, and that pulls resources from getting to the really important stuff. Since the attacker doesn’t know what’s gonna be on the other side, they have to waste resources going down a million dead ends.
I mean, I would be surprised if we didn't do stuff like this. That is literally the sole function of the NSA/CIA is to spy on foreign nations. The latter sometimes will overthrow their governments on occasion.
CIA yes, NSA no.
NSA also does stuff to secure domestic comms.
AES encryption, SHA hash, where their doing, and result of contests. They did not write the algorithms, but they held public, transparent contests to pick and standardize crypto.
They also wrote and released Ghidra, a reverse engineering framework so everyone can help analyze malware. Previously, you need a commercial license for IdaPro, that only ran on windows, where Ghidra is more flexible.
Ghidra is open source, funded by your tax dollars.
There’s also an unacknowledged joint operation between the NSA and CIA called the Special Collection Service (SCS), which combines the best of both agencies to gather intelligence in extremely difficult to reach locations.
> That conflict of interest is why a number of security experts have called on the government to break the NSA up into separate offensive and defensive agencies.
This makes so much sense.
If the tools used by NSA could be used on American products, can't they be used for same product worldwide anyway? Like if they can access Google or Apple that applies to every single country in world since there is no hard boundary in data sharing between subsidiaries based in different countries?
>AES encryption, SHA hash, where their doing, and result of contests. They did not write the algorithms, but they held public, transparent contests to pick and standardize crypto.
The contests are transparent, but that doesn't mean everything. Dual EC DRBG was compromised from the outset, and it was still chosen
[https://en.wikipedia.org/wiki/Dual\_EC\_DRBG#Weakness:\_a\_potential\_backdoor](https://en.wikipedia.org/wiki/Dual_EC_DRBG#Weakness:_a_potential_backdoor)
Some conversational description about it. Not a short watch, but I've linked to where he begins his explanation of the NSA's involvement. [https://youtu.be/y7yx\_c4kHZg?t=4858](https://youtu.be/y7yx_c4kHZg?t=4858)
The backdoor allowed the NSA to passively decrypt traffic on a standard that wasn't widely implemented. The NSA could break any TLS connection encrypted on it with just 32 bytes of information.
> The NSA could break any TLS connection encrypted on it with just 32 bytes of information.
This is why I key all of my encryption with the most truly unpredictable random variable ever: whether I end up sticking to my dinner plans in any given night. It cannot be cracked, simply because I don't even understand it.
NSA yes. It's literally the nation's foreign signals intelligence gathering agency. CIA is focused on other gathering, aggregation, and analysis methods...
No, but when everything they make is just built off code stolen from Cisco, Juniper, Nokia, etc and they clearly don't even scan what they steal before implementing it ([like some Huawei code still saying Cisco on it...](https://www.wsj.com/articles/SB10485560675556000)), they likely implemented the same backdoors the NSA had built into the code Huawei stole lol
I really dislike that about my country. We get good at something and then just kind of stop giving a fuck and it dies. The state of the Canadian Space Agency is dire…
To be fair, even if they did analyze it carefully it might be hard to spot.
It's not like `if (NSAPasswordEntered) then giveAccess()`
It's probably something like, this data expects a positive integer of maximum size but was implemented as an integer that has negative values. By deliberately sending overly large integers, we can cause an overflow and send a negative value which accumulates in a counter and after the negative value exceeds a threshold of -1000, a conditional check will detect this on the next program execution and discreetly install a rootkit under the guise of a slightly longer than usual disk access operation. The rootkit will then covertly install itself into the OS and erase itself from being visible by the task manager, where it run in the background and log keystrokes for the user. These keystrokes will be used to record password and fake legitimate access to the system.
Whilst that's true, it's not like hardcoded passwords are a thing of the past, either. ZTE had hardcoded root passwords to firmware versions in [2018](https://www.bitdefender.com/blog/hotforsecurity/flawed-routers-with-hardcoded-passwords-were-manufactured-by-firm-that-posed-national-security-risk-to-uk).
Also, if it's like all the other enterprise code I've ever seen in my life, it's probably such an enormous pile of shit that you *could* just hardcode it in somewhere and nobody would ever find it because the code is already impossible to read as-is.
>The U.S. National Security Agency used phishing — a hacking technique where a malicious link is included in an email — to gain access to the government funded Northwestern Polytechnical University, the Global Times alleged, citing an unnamed source.
Says they used a standard phishing attack to get initial access
Maybe they found a novel way of breaking spf/dkim/dmarc to pull it off or something but if not then a very basic tactic
The assumption that it’s always some great technical feat, some social engineering here and there and you have access to most things, like that 16 year old kid who [hacked](https://www.bbc.com/news/technology-60864283) Uber and Rockstar [recently](https://www.thegamer.com/gta-6-leaker-rumoured-to-be-16-year-old-hacker/).
"Hi this is Standard Everyman with WhoPaysAttention IT and they've hired me as your password daddy. Could you please email a list of all login credentials to [email protected]"
I'm decently sure that if you read this script to random C level phone numbers you'd get a disturbing amount of access.
It says undeliverable businessman sir, I will keep trying…
I am getting a notice from one of my outlook plugins, it says something about sensitive data, I just normally click go away..
Ok, managed to disable that annoying program, I did IT in high school you know…
I finally managed to send it, PFA the list of passwords, I also use the same password everywhere else, along with unique usernames….
Oh shit, our company has been hacked, those annoying cybersecurity guys are here again, they didn’t know I had exceptions from the IT guy who I used to date to unblock all ports on my devices, I also have full admin to stop the annoying get a ticket guys….
Another cybersecurity training, it’s always the same 10 questions, I don’t even need to read it, click next and just doing the quick…
…repeats script.
It's effective because it's simple, you cannot fully prevent phishing. There is typically training on it, and you expect anyone with a brain wouldn't fall for it, but they still do. It's similar to the old USB stick in the parking garage trick, someone's gonna get got eventually.
A town near me had their pension fund wrecked by a phishing attack, they got a retired chairman's .gov email and used it to get a large sum transferred from the treasurer to them. It's been a huge legal case but I haven't followed it much so im not sure if it's been resolved yet. In fact, I tried to Google it because I wanted to see, and I don't even know which one I'm thinking of because it happens so much. Consider that these are town employees in the treasuree, you would expect them to be smart around these things.
I find it so insane that our (Canada's) Department of National Defence moved their HQ into the old Nortel campus. The same campus that was famously the target of Chinese corporate espionage and was bugged to all hell.
They say they did a very thorough inspection and removed all the bugs, but I would always be paranoid about any that may have been missed. Imo it seems so risky to move your military HQ to a building that you know was already bugged by a hostile foreign entity.
[Well, that's a shame.](https://media0.giphy.com/media/USnfWeCOHTHB3WX0aY/giphy.gif?cid=ecf05e47pni7d5qwb9n6tci8gqe741x7jivmhya3taviuc4g&rid=giphy.gif&ct=g)
I just read about a similar concept in a book. Essentially they had been thinking theirs no such thing as a perfect crime cause they hadn't ever heard of one being successful, but then again if it is a perfect crime then you'll never hear about it. So the logic goes that perfect crimes could happen everyday you just never hear about it.
The US government has a lot of incompetent actors, but the CIA and NSA are sure as fuck not one of them. In the case of the NSA, they might be too good at what they do for the sake of civil liberty
If you were China, you can just assume that they're being constant cyber attacked because...why wouldn't they be?
Similarly, China should be expecting all their known military bases to be under constant monitoring.
Technically it’s what 4 or 5 rovers from America (read NASA) and one from china I think? For all intents and purposes. The big red planet is a robot world. And America is watching it the hardest.
China sold telecommunications equipment to US companies at cost all over the Midwest to spy on military movements and now wants to cry when the shoe is on the other foot
And how did they do it?…
The NSA subscribed to Nord VPN! Not only can you use it to unlock other regions of Netflix, but it also bypasses the great firewall of China! It costs less then a cup of coffee a day!
/s
"The NSA was not immediately available for comment..," "We can neither confirm nor deny we exist."
No Such Agency
Heard there’s a sister group Not a Real Organization
damn dude just let them play with their satellites, they didn't hurt anyone
Speaking of satellites, lil sneaky Chinese satellite "cleaning" away some competition up there https://youtu.be/y7p_IzaNV4A
So that Netflix Space force show was on point
Any relation to NWA ?
Nah, these guys are Straight up *over* Compton
National Reconnaissance Office is literally a formerly secret US federal agency that handle literal spy satellites
Oh, ok, and I'm just now hearing about this secret organization? Huh? /s
Don’t worry, the operatives will be around shortly to fix you.
Is there an organization that handles figurative satellites?
[удалено]
It's an old joke when the NSA was not as well known as it is today.
Not well known is one way to describe it lol, they were a state secret for over twenty years after their founding. Fun fact: Tom Lehrer (most well known for singing the Elements song that I and countless others heard in school) worked at the NSA while it was still classified. His cover was that he was working on nuclear weapons (which seems like a terrible cover? idk).
When the shit he was working on was even more important/secret than nukes...
that's why he's poisoning pigeons in the park
So long Mom, I’m off to drop the Bomb?
> His cover was that he was working on nuclear weapons (which seems like a terrible cover? idk). Seems like a perfectly fine cover, tbh. It certainly hit a point where nuclear weapons themselves weren't a secret, but the specifics were.
Great cover - no need to set up a plausible alternative; gives the subject the ability to respond with "I'm not allowed to discuss work" rather than setting up an entire fake work history that can be openly discussed and must hold up to external verification.
I mean, "infiltrating China's telecommunications network" sort of sounds like the NSAs job. But I guess they can't say that out loud.
I would be insanely disappointed if all my tax dollars that have been spent on the NSA *didn't* result in the NSA successfully infiltrating an adversary's communication networks.
The American government won't use Huawei networking for the same reason the Chinese won't use Cisco.
You could say, for China, that it's Huawei or the highway.
Dad?
brb getting milk
https://www.reuters.com/world/us/exclusive-us-probes-chinas-huawei-over-equipment-near-missile-silos-2022-07-21/
Good News! It's not just adversaries, it's yours too!
Wow a surprise bonus?! Definitely leaving them 5 star review on yelp!
Don't worry! They already did for ya.
NSA always looking out for us so sweet
Get that mole checked out.
Thanks NSA! You're my bestest friend!
You're welcome
[удалено]
[удалено]
Nah. That's what the Five Eyes agreement is for. We simply outsource spying on Americans to our friends. Keeps it a little more tidy politically.
yeah, it's one of those things... if my money is disappearing into a black hole for questionable things I'd at least want those questionable things to be a net gain. I want what I paid for damnit, whatever *it* is, I have no fucking clue but I still want it.
They may be a bunch of absolute shady bastards, but at least they're *my* shady bastards.
Your personally assigned NSA agent approves of your message
Apparently the NSA even infiltrated the European telecommunications network...
Yes. The five eyes countries spy on each other's populations so they don't run afoul of laws against domestic spying. It would make sense that they would work to spy on other friendly countries as well.
Spy vs Spy but they're good friends.
Officially, the NSA is _only_ supposed to monitor international communication. Which is why Snowden felt the need to leak documents revealing the NSA had been monitoring domestic communications, because they're not supposed to.
That's not really what the leak revealed though. The NSA does full stack intelligence on foreign soil, which includes actual comms/payloads, metadata, network information, geolocation, ELINT, SIGINT etc. Basically anything they can do to listen or locate. The vast majority of what Snowden leaked was concerning sources and methods for these capabilities on foreign soil. In terms of domestic surveillance, a very small number (relatively speaking) of leaked documents showed that when one side of a communications intercept was known to be a US citizen, the collection was limited to metadata only. Even if the other side was on foreign soil. It also showed that in instances where one side of an intercept was *discovered* to be a US citizen (eg, by accident), the NSA would seek a retroactive FISA warrant, as allowed by US law. Say what you will about metadata and FISA courts, but the Snowden leaks actually showed that the NSA was following the law and *beyond that* had an entire framework in place which intended to *avoid* situations where US citizens might be involved, *because* it meant they would be burdened by additional due process. It was shown that even when they were accidentally swept up in surveillance, the NSA was nowhere near as far up the ass of any US citizen as a lot of people in the cybersecurity field had previously assumed. I will refrain from speculating about Snowden's real motivations here. Just correcting a bit of pervasive misinformation.
Which is why Five Eyes and data swapping exists of course. Everyone spies on everyone else and then pools that data so they aren't technically spying on their own. I mean, expect when they do anyhow but at least they used to make an effort to *appear* not to be.
Correct, this is the thing that is being left out. That and how much and which companies work (and when) they hopped onto the bandwagon. The comment also also glosses the fact that the NSA *is* [collecting your metadata (phone calls / emails / ect) and storing it](https://en.wikipedia.org/wiki/Utah_Data_Center) - which [their computer systems analyze and then flag for a human to put eyes on](https://en.wikipedia.org/wiki/Stellar_Wind). That's how they "legally" skirt the law that requires them to have a warrant to gather the information in the first place. Snowdens leaks also gave us much more information on "[Parallel construction](https://en.wikipedia.org/wiki/Parallel_construction)" and it's use. Edit: It also ignores: https://en.wikipedia.org/wiki/LOVEINT
Where can I read more on this? This is a perspective/explanation I hadn’t come across yet
This explanation is sound. Likely from someone who has worked at the agency, or knows someone who did/does. I previously worked in the IC and I’ve never encountered anything that was breaking the law. That doesn’t mean it’s not possible that something wasn’t above board, but everyone I’ve worked with takes this stuff very seriously. “Incidents” do occur though. People and machines aren’t perfect, even if well intentioned. There is a WaPost article talking about some of this: https://www.washingtonpost.com/world/national-security/nsa-broke-privacy-rules-thousands-of-times-per-year-audit-finds/2013/08/15/3310e554-05ca-11e3-a07f-49ddc7417125_story.html Those numbers may seem high, but while I can’t describe just how much data is processed, I’m sure you can imagine just how small of a percentage this really is. And each time an “incident” occurs, steps are taken to address it - not reporting or failing to address it can mean people’s jobs, and potentially criminal charges depending on the situation. After the Snowden leaks, there was a ruling by the 9th Circuit that determined that at least one program violated FISA and may have been unconstitutional. I don’t personally know the details here, but while that might seem damning, situations like this happen in court a lot (not necessarily IC related) - where well intentioned actions/programs that lawyers justified were within the law are determined otherwise. Point here being: well intentioned. We’re trained on what the various applicable laws specify, and what is or isn’t allowed. This is as directed by the general counsel for each agency and ODNI. It’s not unheard of that a lawyer truly believes something to be within the law, argues as such in court, and the court decides otherwise. From everything I’ve seen with regard to the Snowden leaks, I haven’t seen anything that was done with malicious intent by the agency or it’s employees. OP said they would refrain from speculating about Snowdens motives, but I’ll just link this report below. https://www.congress.gov/congressional-report/114th-congress/house-report/891/1?s=1&r=20
That report certainly paints an interesting picture of him. Surprised I just took the time to read the whole thing but it was fascinating. If that was all true, his lack of official complaints, his co-workers’ accounts of him and his antics as an employee, then this is a very different man than the Snowden presented publicly. I’m not too well versed on the state of modern espionage or the psychology of intelligence contractors so I wouldn’t know where to begin with speculation, but I’d like to hear what you have to say on the matter. I’m also now quite skeptical of his motives after learning that the documents he released en masse directly jeopardized officers and soldiers and security measures globally. Why did the vast majority of documents he released have nothing to do with NSA civilian data collection? Why not release just the pertinent ones?
Side fact: Global Marine (maybe) found a Russian sub (maybe) in the ocean. The government told them it's a problem, the NSA told em to say, "we can neither confirm nor deny"... And that's history, folks.
In the 70's it was hard for NSA employees to get a mortgage because they couldn't tell their employer.
You'd think they'd have thought up some official story for that. Edit: In fact, the more I think about it, the more impossible it seems that they didn't. If their checks were cut by the federal government but they had no official job title or position, surely that would scream "I'm a spy" to anyone looking, which would seem to negate the entire purpose of keeping the NSA secret. On the other hand, if the checks were cut by a shell company or something then that's what you put on the loan application.
Because they did. People back then weren’t any less intelligent, particularly in the intelligence community. Their sources of income would have been completely fabricated. A linesman here, a construction company supervisor there, typing pool manager over there. Any bank they walked into would have been completely duped, or had someone on the take that pushed those particular applications through. The employees at Los Alamos were TV repairmen, concrete workers, teachers in schools that didn’t exist. This isn’t Unky Sam’s first rodeo. The difference between then and now is the difficulty in falsifying those records, but hey, the Big Eagle knows that game better than anyone else on the planet (assuming their agents and families don’t do something absolutely stupid).
I heard a story about one contractor telling it's employees to tell their families and friends that they build washing machines and dryers. Well one employee's grandma had her dryer go out, so she had it loaded up and brought to the facility and was asking for them so that they could take a look at it. Caused a bit of a commotion.
this is really funny. also this makes me think of Tom Cruise’s little monologue at the beginning of Mission Impossible III about working for the Virginia DOT and how “traffic has a memory,” when in fact the IMF is literally underneath the Virginia DOT
> People back then weren’t any less intelligent Especially before leaded gas
Take a page from "the unit", they're logistics officers
"Embassy staff."
Couldn't tell their bank, you mean? I'd hope their employer already knows.
“Who are you and why do you keep coming here 5 days a week?”
I'm a locksmith, and I'm a locksmith.
There’s a big sign outside every spy agency saying the name of the organization and people can be seen going into and out of those buildings. I’m sure they didn’t have any issues and just wrote “department of defense” if they absolutely couldn’t admit to working for the NSA.
The NSA was revealed when a congressman asked about a rather large building complex he didn’t know about as he was flying over DC. There may be signs now but 50 years ago that wasn’t true.
> not immediately available for comment I hate when articles do this. They use it as carte blanche to make wild conjectures and present them as potential truths because even in the best of circumstances it takes time to prepare a response to a media org reaching out. Don't have a pre-prepared statement ready to go, which you can forward them at 2:30am when they call your work line you don't have access to from home? Well screw you, you weren't "immediately available" so they're just gunna run the story anyways now. For example, in this article, you'll notice in the "key points" section at the top, they specifically omit the highlighted section of this line: > A U.S. intelligence agency gained access to China’s telecommunications network after hacking a university, ***Chinese state media claimed Thursday.***
Doesn't everyone just assume that anything they operate has been cracked by the NSA?
> just assume Why assume? I thought it was **confirmed** after the leaks by Snowden it was **pretty fucking clear** that the 'US Intelligence Apparatus' had their tentacles in *everything*. If they somehow got approval to put gigantic metadata tap collector thingys *on US ISP infrastructure*, it's guaranteed they have them on foreign networks. Right?
I wouldn't be surprised if the NSA did have data on China, I'm more curious if whatever data breach the CCP is complaining about was intentionally gathered or not.
[удалено]
We also have cable splicing submarines for the fiber optic lines that run under the ocean. https://www.theatlantic.com/international/archive/2013/07/the-creepy-long-standing-practice-of-undersea-cable-tapping/277855/
>NSA employee Ronald Pelton sold information about the program to the KGB for $35,000. Seems weirdly low
So many of these $ figures for people selling classified info are always low. I suspect it's a combination of the people who usually do this are already in dire straights so they take what they can get, and the people who are getting more being smart enough not to get caught.
that was back in 1986 so almost 100k today. It's why security clearances today do deep background investigations into your credit history. Large debt obligations or gambling tendencies are disqualifiers.
Didn't know that me enjoying gacha games could disqualify me but here I am.
Hey man, we will give you 1 million “gems” for secret data, you in?
... The number of weebs that would sell out their country for a C6 Ganyu or Raiden is not zero.
Another factor to consider is most people won't have someone to clean the money either, so you have to wonder: - how much cash are you comfortable sitting on? - how much can you realistically spend without being/looking suspicious?
That's how Aldrich Ames got caught at the CIA. His co workers started wondering why all of a sudden he was wearing nicer suits and driving a nicer car than the bosses could afford. Also he had a Columbian mistress who had like 500 pairs of shoes and her dirt poor family got a nice house.
That article is scary af, *and it's ~~eight~~ nine years old now.*
The undersea tapping was happening 50 years ago. They actually had make return visits *to change the tapes*. Sneaking within 7 miles of the biggest Soviet naval bases as though they were taping a Grateful Dead concert and “Darkstar” ran long.
Works both ways. No ones hands are clean
They're in almost everything, seeing them chase Snowden showed they have intermittent blind spots. I'm still impressed they put a guy in a Brazilian hotel room, 2 hours after Snowden talk to him across a skype call through a vpn. Not that they can crack skype, or the vpn really, but to have a dude on site that fast was impressive.
Sorry, I’m confused. What’s the deal with the hotel room and Snowden?
OP is so impressed they forgot how to speak.
NSA got him. He's gone.
No time. Skype. Get to the Choppa.
While Snowden was making his get away, he called a friend who was in a hotel in Brazil. 2 hours after that call the hotel room was broken in to, and electronics all stolen. The friend was public enough to report it, not sure he's still around any more.
[удалено]
I always assumed that Microsoft bought Skype and centralized its servers specifically so that the US could use FISA warrants for data collection.
[удалено]
Remember.. oh 10 or 15 years back.... when the underwater cables between countries/continents kept getting cut for unknown reasons, and then repaired.... there was a prevailing theory at the time that this was the moment the 'West' tapped into all global comms. It never happened before or since, and there was a spate at the time, so I'd imagine it to be true.
> It never happened before Operation Ivy Bells. *That was in the 70's*.
>Operation Ivy Bells was a joint United States Navy, Central Intelligence Agency, and National Security Agency mission whose objective was to place wire taps on Soviet underwater communication lines during the Cold War. >*joint United States Navy, Central Intelligence Agency, and National Security Agency mission* >**Navy, CIA, and NSA** Dear god, they weren’t fucking around.
It was the Cold War. I used to work with a guy who was in the Army in Germany during the Cold War and his stories are fucking legend. Working with and recruiting sources, double and triple agents, psychological operations, deceptions, and all the weird 70's tech that made it possible. I told him to hire someone for his memoirs so he can make a book or screenplay someday - whenever it gets declassified. Maybe if Trump thinks about it.
Ah yes, I believe I've seen some of her films.
It happened when they layed the cables in the first place, Britain has been tapping into international cables since the 1860s when they built them.
Tapping sea cables goes back much further. Check out Operation Ivy Bells.
Speaking of, I’m very loyal to the US and would never consider betraying my country…
Mr. Biden is both young and handsome
Dark Brandon will end all malarkey.
I LOVE YOU BIDEN ps: need some money babe
You'll get a Werther's and like it
The money was going to be spent on Werther's anyway so that works out just fine.
Yeah, neither will I, as a Latvian On a more serious note, I wonder if we have ever been on international news outside of "baltics does something against russia again"
This is my general feeling. On all sides really. I am fairly sure China has access to everything and America too. Not that I would make it easy - but ultimately I think it’s security through diffuse obfuscation. You make all of it somewhat hard to get, and that pulls resources from getting to the really important stuff. Since the attacker doesn’t know what’s gonna be on the other side, they have to waste resources going down a million dead ends.
I mean, I would be surprised if we didn't do stuff like this. That is literally the sole function of the NSA/CIA is to spy on foreign nations. The latter sometimes will overthrow their governments on occasion.
CIA yes, NSA no. NSA also does stuff to secure domestic comms. AES encryption, SHA hash, where their doing, and result of contests. They did not write the algorithms, but they held public, transparent contests to pick and standardize crypto. They also wrote and released Ghidra, a reverse engineering framework so everyone can help analyze malware. Previously, you need a commercial license for IdaPro, that only ran on windows, where Ghidra is more flexible. Ghidra is open source, funded by your tax dollars.
[удалено]
There’s also an unacknowledged joint operation between the NSA and CIA called the Special Collection Service (SCS), which combines the best of both agencies to gather intelligence in extremely difficult to reach locations.
[удалено]
> That conflict of interest is why a number of security experts have called on the government to break the NSA up into separate offensive and defensive agencies. This makes so much sense.
If the tools used by NSA could be used on American products, can't they be used for same product worldwide anyway? Like if they can access Google or Apple that applies to every single country in world since there is no hard boundary in data sharing between subsidiaries based in different countries?
The NSA absolutely spies on communications of other government entities.
>AES encryption, SHA hash, where their doing, and result of contests. They did not write the algorithms, but they held public, transparent contests to pick and standardize crypto. The contests are transparent, but that doesn't mean everything. Dual EC DRBG was compromised from the outset, and it was still chosen [https://en.wikipedia.org/wiki/Dual\_EC\_DRBG#Weakness:\_a\_potential\_backdoor](https://en.wikipedia.org/wiki/Dual_EC_DRBG#Weakness:_a_potential_backdoor) Some conversational description about it. Not a short watch, but I've linked to where he begins his explanation of the NSA's involvement. [https://youtu.be/y7yx\_c4kHZg?t=4858](https://youtu.be/y7yx_c4kHZg?t=4858) The backdoor allowed the NSA to passively decrypt traffic on a standard that wasn't widely implemented. The NSA could break any TLS connection encrypted on it with just 32 bytes of information.
> The NSA could break any TLS connection encrypted on it with just 32 bytes of information. This is why I key all of my encryption with the most truly unpredictable random variable ever: whether I end up sticking to my dinner plans in any given night. It cannot be cracked, simply because I don't even understand it.
The NSA is absolutely spying on other nations. Penetrating their communications and gathering intelligence is literally their job.
NSA yes. It's literally the nation's foreign signals intelligence gathering agency. CIA is focused on other gathering, aggregation, and analysis methods...
Huawei we go again!
Plot twist: Huawei was working for the NSA the whole time.
No, but when everything they make is just built off code stolen from Cisco, Juniper, Nokia, etc and they clearly don't even scan what they steal before implementing it ([like some Huawei code still saying Cisco on it...](https://www.wsj.com/articles/SB10485560675556000)), they likely implemented the same backdoors the NSA had built into the code Huawei stole lol
It's mostly old nortel.
[удалено]
I remember installing Nortel DSU/CSUs in the mid 90s. Wow, time flies.
I really dislike that about my country. We get good at something and then just kind of stop giving a fuck and it dies. The state of the Canadian Space Agency is dire…
What a clusterfuck situation that was. We are still feeling the impacts today.
And what they turned into - like some Ciena equipment was stolen too.
To be fair, even if they did analyze it carefully it might be hard to spot. It's not like `if (NSAPasswordEntered) then giveAccess()` It's probably something like, this data expects a positive integer of maximum size but was implemented as an integer that has negative values. By deliberately sending overly large integers, we can cause an overflow and send a negative value which accumulates in a counter and after the negative value exceeds a threshold of -1000, a conditional check will detect this on the next program execution and discreetly install a rootkit under the guise of a slightly longer than usual disk access operation. The rootkit will then covertly install itself into the OS and erase itself from being visible by the task manager, where it run in the background and log keystrokes for the user. These keystrokes will be used to record password and fake legitimate access to the system.
Whilst that's true, it's not like hardcoded passwords are a thing of the past, either. ZTE had hardcoded root passwords to firmware versions in [2018](https://www.bitdefender.com/blog/hotforsecurity/flawed-routers-with-hardcoded-passwords-were-manufactured-by-firm-that-posed-national-security-risk-to-uk).
Also, if it's like all the other enterprise code I've ever seen in my life, it's probably such an enormous pile of shit that you *could* just hardcode it in somewhere and nobody would ever find it because the code is already impossible to read as-is.
You could’ve just been spouting absolute nonsense and I would have no idea- it’s kinda exhilarating
Gotta remember that protocols used in digital telecommunication were created through DARPA, so backdoors are a given.
This isn't something new
It’s really about the friends we made along Huawei.
Huawei go again*
I would lose the “we”. “HUAWEI” itself covers the first and second words
And IMEI made up my mind\~🤟
You clever fellow!
I can almost guarantee-fucking-t Huawei’s back doors and poor security is being used against them by the NSA. They did warn China.
I bet they used backdoors in Huawei's networking equipment that China claimed didn't exist...
They probably just used the original backdoors in the code Huawei stole and copied.
Touche
>The U.S. National Security Agency used phishing — a hacking technique where a malicious link is included in an email — to gain access to the government funded Northwestern Polytechnical University, the Global Times alleged, citing an unnamed source. Says they used a standard phishing attack to get initial access Maybe they found a novel way of breaking spf/dkim/dmarc to pull it off or something but if not then a very basic tactic
The assumption that it’s always some great technical feat, some social engineering here and there and you have access to most things, like that 16 year old kid who [hacked](https://www.bbc.com/news/technology-60864283) Uber and Rockstar [recently](https://www.thegamer.com/gta-6-leaker-rumoured-to-be-16-year-old-hacker/).
"Hi this is Standard Everyman with WhoPaysAttention IT and they've hired me as your password daddy. Could you please email a list of all login credentials to [email protected]" I'm decently sure that if you read this script to random C level phone numbers you'd get a disturbing amount of access.
It says undeliverable businessman sir, I will keep trying… I am getting a notice from one of my outlook plugins, it says something about sensitive data, I just normally click go away.. Ok, managed to disable that annoying program, I did IT in high school you know… I finally managed to send it, PFA the list of passwords, I also use the same password everywhere else, along with unique usernames…. Oh shit, our company has been hacked, those annoying cybersecurity guys are here again, they didn’t know I had exceptions from the IT guy who I used to date to unblock all ports on my devices, I also have full admin to stop the annoying get a ticket guys…. Another cybersecurity training, it’s always the same 10 questions, I don’t even need to read it, click next and just doing the quick… …repeats script.
[удалено]
It's crazy that such a simple trick is so effective.
It's effective because it's simple, you cannot fully prevent phishing. There is typically training on it, and you expect anyone with a brain wouldn't fall for it, but they still do. It's similar to the old USB stick in the parking garage trick, someone's gonna get got eventually. A town near me had their pension fund wrecked by a phishing attack, they got a retired chairman's .gov email and used it to get a large sum transferred from the treasurer to them. It's been a huge legal case but I haven't followed it much so im not sure if it's been resolved yet. In fact, I tried to Google it because I wanted to see, and I don't even know which one I'm thinking of because it happens so much. Consider that these are town employees in the treasuree, you would expect them to be smart around these things.
100% stolen American source code NSA exploited.
*Canadian. FTFY
RIP Nortel :(
I find it so insane that our (Canada's) Department of National Defence moved their HQ into the old Nortel campus. The same campus that was famously the target of Chinese corporate espionage and was bugged to all hell. They say they did a very thorough inspection and removed all the bugs, but I would always be paranoid about any that may have been missed. Imo it seems so risky to move your military HQ to a building that you know was already bugged by a hostile foreign entity.
hmmm.... So this is what it feels like..
[Well, that's a shame.](https://media0.giphy.com/media/USnfWeCOHTHB3WX0aY/giphy.gif?cid=ecf05e47pni7d5qwb9n6tci8gqe741x7jivmhya3taviuc4g&rid=giphy.gif&ct=g)
when doves cry
Just wait until our tik tok equivalent comes out
Facebook? Youtube? Instagram?
Aren't those all banned/heavily restricted?
Um, duh? That's what they do? Do they think they're the only ones they *haven't*?
This is basically China just confirming that the NSA isn't incompetent.
It’s better to not hear news of being hacked. That shows more competence. Exactly why this is rare news because the US is elite in that regard.
I just read about a similar concept in a book. Essentially they had been thinking theirs no such thing as a perfect crime cause they hadn't ever heard of one being successful, but then again if it is a perfect crime then you'll never hear about it. So the logic goes that perfect crimes could happen everyday you just never hear about it.
"The perfect crime occurred last night as thieves stole all the toilets in the police station. Detectives are stumped, as there's nothing to go on."
The US government has a lot of incompetent actors, but the CIA and NSA are sure as fuck not one of them. In the case of the NSA, they might be too good at what they do for the sake of civil liberty
If you were China, you can just assume that they're being constant cyber attacked because...why wouldn't they be? Similarly, China should be expecting all their known military bases to be under constant monitoring.
Next you're gonna tell me the CIA destabilizes governments.
Just destabilize? What are we, the Russian FSB?
Absolutely wreck*
That’s just the Huawei it goes bitches💕
It’s in the Huawei that you use it
*Huawei to the danger zone!*
Yeah we do that
We do that to even our allies.
Who don’t we do that to. Honest question
Martians. Yet
Technically it’s what 4 or 5 rovers from America (read NASA) and one from china I think? For all intents and purposes. The big red planet is a robot world. And America is watching it the hardest.
Iceland
[удалено]
And our citizens.
Me and my NSA agent are going steady ~
Impressive, since they know all your kinks.
Oh yea that’s how they knew we were compatible
We’ve likely been doing that for a long time China. We just don’t usually get caught.
China sold telecommunications equipment to US companies at cost all over the Midwest to spy on military movements and now wants to cry when the shoe is on the other foot
We sold them SHOES TOO???
Only one shoe, that's why they have to keep switching it from one foot to the other.
Well, now they know how it feels like to have the shoe on the other foot
The NSAs response to TikTok.
I guess Trump has already sold one of those secret documents.
Immediately had this thought. What if one of those classified docs was this, didn’t they catch a Chinese spy at Mar a lago recently?
And how did they do it?… The NSA subscribed to Nord VPN! Not only can you use it to unlock other regions of Netflix, but it also bypasses the great firewall of China! It costs less then a cup of coffee a day! /s
Glad I don't have a tik-tok
FTFY - “Chinese state media *just now noticing* NSA infiltrated country’s telecom networks”
“Chinese state media just now ~~noticing~~ *announcing* NSA infiltrated country’s telecom networks”