Companies should never try to intercept their users' encrypted traffic

There have been a number of incidents. This search brings up some: Google (Just being lazy. Immediately comes up instances where this stuff is prepackaged and comes right out of the box compromised.) You could change it around and come up with better search terms, using some of the results there.

There are, of course, poor industrial controls there. This is endemic and the problem stretches back actually centuries. There is also excessive profiteering from their government employees. (Which is also very endemic and also stretches back centuries.)

Yes, of course. I have more horror stories about the US then I do with China. “Five Eyes” concerns me much more then China does in terms of hacking and global threats [to such things as individual liberty and general global stability].

I mentioned in my first post statements about how GCHQ members had a penchant for watching Yahoo Messenger video sex tapes. Snowden mentioned how he saw employees engaging in this peeking tom activity as an everyday thing. Contrast that with the potential intelligence and law enforcement value of those sex tapes. Are they already using that? If not, when will they start using that material for extortion and other means of control?

I found the Petraeus case highly suspicious. Like the FBI agents were given breadcrumbs from someone. High intel chief knocked out of his role because of online evidence found “by accident”? Meh. It stinks to high heaven.

Or, look at the Stratfor/lulzsec/Sabu case. The FBI got him hacking foreign embassies and he hacked Stratfor and some local government agencies on their watch. Zero mainstream news coverage. Online news, technical news services cover and break the stories. What else is going on in all of that?

How do you really ensure you can get into companies like Google, Yahoo, and the like? How do you know which VIPs you can trust? How can you be sure you can trust them if you don’t know anything about their private lives? What about politicians? State, national politicians? How can you make sure they either vote your way, or that they keep their mitts out of your work?

And why not use some of that intelligence powerhouse to make some money while you are at it? Maybe fund some off the books, well, what? Little operations, or really big, self-sufficient operations that you can rest assured at night no one will be able to stop tomorrow because of some liberal meddling?

Hoover did it, for decades, him and many of his employees. Very largely, they got away with it, too. Really, so did every other nation since the invention of the telephone, at least, where we have any records of exposed intelligence operations. There really are many reasons to hack your own nation up, with practically no downsides.

Getting caught is usually the only deterrent. None of Hoover’s guys came forward. Well, except the one, really, who became Deep Throat. Why don’t people involved in illegal secret surveillance operations that have to involve many people tend to come forward?

One story from a friend: Her grandfather retired early from the CIA. He was recruited young, from the Mafia. (This is from Chicago.) He ended his days scared to talk even in his own house or outside. He retired early because he had left the Mafia which he was born into to join the CIA thinking “these are the good guys”. They weren’t. Besides the paranoia of seeing such stuff happening, who is going to be more watched then the people involved?

Still online stuff, from some conspiracy theorist, right. :smile: And it is, but worth noting.

Yeah, in a sense, the high value targets are the major product vendors, hardware, software, telecommunications infrastructure, those sorts.

You only activate on usable, worthwhile targets, obviously.

The US, anyway, openly has numerous vulnerability finding mills, and gets source code for anything that runs on DoD systems for the NSA to go through. You probably have seen the articles about China and Russia also demanding this manner of access.

Obviously, if you aren’t a worthwhile target, you aren’t a worthwhile target. Likewise, with your company. One of my favorite songs that I apply to this is https://www.youtube.com/watch?v=3xZmlUV8muY Gabriel, Games Without Frontiers.

It is the “Great Game”. People usually aren’t getting hurt, and while some countries might strive for global tyranny or something, I am very confident that those plans would be thwarted. Definitely can be some rough riding, especially when they start getting into stuff like full blown stock manipulation, and aggressive economic intelligence. I mean, before the information revolution, they had to get actual people in companies and government… and rely on stuff like minox camera taking, or really risky stealing of files. Now? Superdump of information from across the world.

The “information revolution” very much is a revolution for espionage, and promises to change the landscape of how corporations and governments get along. How can the US afford to not get involved in massive corporate and economic espionage when they are dealing with Russia and China who do so by default?

If I were a guy tasked with bugging say all laptops coming from my company, the firmware attack on HDs would be one attack I would want, especially if it could be done remotely. But the dream cake would be getting on there hardware which can operate as a bug for the data crossing the system. Time and time again, I find that these “what I would do” scenarios ring out as “what they did”.

It would have to be extremely hard to detect. And it would have to be able to be turned on and off remotely, very preferably across the internet. And I would want to hit every major vendor I could onshore and off.

Was not at all surprised to see the US doing exactly this sort of thing.

And just to highlight this, again: all I am doing is ‘around the campfire’ FUD . Just stories. Botnets, yeah, that stuff can be scary, they have them nowadays hammering at sites for usernames and passwords doing it slow, and mixing around IP addresses in really sophisticated ways. *(Stuff seen from my wafs.)

From peer talk, a lot of the attacks are just stuff that is meaningless. Historically, it took the Soviets many years to make sense out of their 70s and 80s tech thefts by implanting people in places like IBM in Europe, if they ever even got around to it. Which they often did not.

Which is worse, for a lot of companies: getting hacked by an APT wolf who probably won’t even use the data, or by someone who will go out and use it right away causing real company damage? So, yeah…

The technical intel departments of the secret services collect the knowledge even from their own countries. Often the thing you need for your military toys is not needed to be stolen from the enemy but peacefully plucked from the factory in your own (or ally’s) area, where it is worked on in the open and used for something else.

Case in point, I heard about the sapphire windows for the nose cones of the antiaircraft missiles. Russians were unable to grow the crystals well. Turned out that one of the East European states had the tech, the scientist in charge was ferried to USSR like a king by a private plane (a military jet, actually, a MiG), and then got MiG-shipped samples from his factory when it turned out that Russian problems were mostly caused by impure feedstock.

The missiles later took down that U2 plane.

1 Like

Interesting story.

I have seen evidence of the US getting tech from the software industry in various ways. And evidence of funding in far less direct ways then In-Q-Tel. A lot of it I applaud. Much of it I have seen has been used for purely defensive purposes. I am not opposed to offensive hacking efforts by intelligence agencies or law enforcement agencies. It is just, there has to be a line. And that line is very important.

This topic was automatically closed after 5 days. New replies are no longer allowed.