In 2000, the NSA hacked the Hague-based Organization for the Prohibition of Chemical Weapons


#1

Originally published at: http://boingboing.net/2016/11/06/in-2000-the-nsa-hacked-the-ha.html


#2

A very simple question: why?

What could they possibly hope to find that they needed to hack it? Was it just for sport?


#3

The Director-General in 2000 was a Brazilian and the US security apparatus had not pwned* the organsation with other means?

* access to all strategical documents et al


#4

Some of these hacked servers were used as jump boxes to attack other targets. In this case though, a compromised DNS could have laid the groundwork for a number of other attacks on anyone interested in reading material hosted by the org.


#5

The Director-General was re-elected in 2000 and was later forced out in April of 2002 due to US pressure, officially because the US thought he was mis-managing the organization. I would expect this was part of that.


#6

This “legal note” may be of interest.

LOUD TALK ABOUT A QUIET ISSUE: THE INTERNATIONAL ATOMIC ENERGY AGENCY’S STRUGGLE TO MAINTAIN THE CONFIDENTIALITY OF INFORMATION GAINED IN NUCLEAR FACILITY INSPECTIONS

http://digitalcommons.law.uga.edu/cgi/viewcontent.cgi?article=1287&context=gjicl

In other words, if rival states are obliged to provide information to the OPCW as part of inspections, this information may be of intelligence value. Rival states may also be interested in the material provided by the United States to the OPCW, and so a bug may be useful in counter intelligence work.

We simply don’t know. Allow your cynicism and your knowledge of game theory to guide you to the truth.


#7

Well, the thing is: was the intel there that useful? I have a hard time believing it. I might be naive, but I would be very surprised to learn that whatever the OPCW had was really significant, especially since the various states involved were, I imagine, very careful in what the inspectors could see.
More to the point, shouldn’t the NSA have taken its information directly from the source?
The alternative, of course, is that the NSA is much less efficient than everybody has been led to believe (either because they’re not that good, or they’re that lazy).


#8

You don’t understand. I hack a dns server for the org, then I use that to hack the Russian member of that org (by directing him to go to a malicious webpage that looks exactly like it was from the org). I’m not necessarily interested in intel from that org, maybe not even in intel from that particular guy, but I now have a potential entrance in a number of other systems. I send an email from his laptop to a more valuable colleague, containing a malicious attachment, he opens it and now I own him too. And so on and so forth. That’s basically the NSA job description.


#9

I got that part. I was answering to the idea that the OPCW had some specific information that the NSA wanted.


#10

Since when has the NSA required there to be “specific information” that it wants for it to hack? It wants all of the information.


#11

“If we have every haystack, we have every needle.”


#12

For the most part it is nearly impossible to find the needles in their hay mountains now.

They are however still creating the biggest mountain possible with the (probably correct) assumption that some day they will have the computational skill and power needed to actually find all the needles.

To be clear, this does not, to me, validate what they are doing, it just makes it even more pressing to stop them. I don’t buy the “It’s so much info, it’s useless to them” narrative.


#14

This topic was automatically closed after 5 days. New replies are no longer allowed.