Top secret NSA catalog reveals US government has been secretly back dooring equipment from US compan - Polidicks

[QUOTE=catbarf;43357676]That's the FBI's purview, not the NSA's, and it's a whole different kettle of fish. The way they do things is substantially different because they have a significant amount of resources at their disposal, and because the US is their sole area of operation. If you look into those articles, many of them don't even involve the FBI- that example of a guy looking up backpacks and pressure cookers was a guy at work, and the police were contacted by his employer. In any case, if there's no further reason for interest, then you'd get dropped from the list. You're not going to have every single phone line wiretapped, all your mail read, and all your emails monitored indefinitely because you did a google search for 'pressure cookers'. Can you imagine being the guy who has to justify to the budget committee a hundred-million-dollar operation over a guy who once looked up pressure cookers and backpacks?[/QUOTE] The one I was thinking of I'm pretty sure was a guy who looked up a pressure cooker at home and at another point in time not long before/after that his girlfriend or wife had looked up backpacks for a hiking trip. And I believe the NSA does let other agencies use their capabilities at times.

[QUOTE=whatthe;43357759]It may have begun this way and I'm sure it did, but with the increase in media coverage of this subject, the increase in security issues and availability/accessibility of the anonymity something as simple as a laptop can give you they are almost certainly having to expand their search. Sure I might not have anything to worry about myself but we don't have to read the news to hear about false convictions, and the trigger happy Law enforcers that probably regularly make mistakes. Anybody that can give the NSA a run for their money in terms of evasiveness could pin anybody for their cyber backlog of searches and communications, that I am sure of. But there-in lies the main issue, us laymen haven't a clue what these people are capable of, and we are supposed to sit here and not feel worried sick about these mysterious fucks tip-toeing around systems like they own the place? [/QUOTE] Don't get me wrong, I'm not saying this is 100% okay and you should be fine with it- the use of dragnet collection without appropriate oversight and safeguards is alone cause for serious concern and I imagine the NSA is about to get reamed for it by Congress. All I'm saying is that a lot of people seem to fundamentally misunderstand the mentality behind dragnet collection, it's not about keeping an eye on every single person (American or not), just about figuring out who they should keep an eye on. You're totally right that it could lead to false positives, but in the context of this thread I'd wager that nobody here is going to post something about pressure cookers and then tomorrow morning find malware on their router. That's just not the picture these documents paint. Remember that any response has to be proportional- a program that costs $5,000 to tailor to a piece of hardware and then $50,000 to deploy with attendant counter-intelligence risk isn't something they're going to use on every single person who seems the least bit suspicious. All I'm saying is that regardless of what other nasty bullshit the NSA is up to, NSA-built spyware isn't something you or I need to worry about. It's something for other governments and defense industry firms need to worry about. [QUOTE=whatthe;43357759]Nah. Whilst I appreciate they don't have the budget to monitor everyone in America, they could easily delegate lower-profile targets and processing to the appropriate agencies, and it's not as if we will sit here and believe the NSA are the only agency in America that are doing this.[/QUOTE] Honestly, it's probably only the NSA, probably with some help from the FBI. Nobody else has the access to domestic telecom infrastructure needed and most people working in other agencies don't have the security clearance necessary to handle it. Besides, if they were handing off spying on Americans to other agencies, you'd think someone working for them would have gone through the legal whistleblowing channels, and not only would they be legally protected against retaliation but they're not even working for the agency they're whistleblowing on.

[QUOTE=catbarf;43357927]All I'm saying is that regardless of what other nasty bullshit the NSA is up to, NSA-built spyware isn't something you or I need to worry about. It's something for other governments and defense industry firms need to worry about.[/QUOTE] I don't think I have much of a place to say in reality, I live on a tiny island but it's funny how prevalent American news is everywhere. I feel far more part of it than I [B]technically[/B] am, disregarding the the capacity of compassion I can afford.

Some things I've noticed while reading this thread: 1) "They don't have the budget to monitor everyone" - Well, in a way that's their goal. It's been revealed before that the NSA wants to [I]store[/I] as much information as they come across. When you can store everything, the analysis of it is a Big data mining problem, a problem they're getting better and better at solving. [url]http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/[/url] 2) Once you achieve that, it allows the NSA to pull your data at any time whenever they deem you interesting. As SMBC points out: [img]http://www.smbc-comics.com/comics/20130108.gif[/img]

[QUOTE=DoctorSalt;43358408]Some things I've noticed while reading this thread: 1) "They don't have the budget to monitor everyone" - Well, in a way that's their goal. It's been revealed before that the NSA wants to [I]store[/I] as much information as they come across. When you can store everything, the analysis of it is a Big data mining problem, a problem they're getting better and better at solving. [url]http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/[/url] 2) Once you achieve that, it allows the NSA to pull your data at any time whenever they deem you interesting. As SMBC points out: [img]http://www.smbc-comics.com/comics/20130108.gif[/img][/QUOTE] That comic is the best summation of why privacy is important that I've ever seen.

Everyone is spying on everyone, everywhere, always. Some people just have the upper hand because they have access to people who are better at it. Its always been this way and always will be, no one should be surprised. Two things about this though, the monitor cable that can share what's going through it sounds technically amazing. I'd love to know how that thing works. Secondly, the fact they seem to feel a need to use backdoors to snoop on Cisco devices suggests that the [url=http://www.cisco.com/en/US/tech/tk583/tk799/tsd_technology_support_protocol_home.html]lawful interception[/url] feature package isn't being used. Which is a massive shame as the person who designed it (can't find the article right now, do some googling and it will appear) hated the idea and designed it with protecting peoples rights in mind (it can only snoop on individual people etc). Although I have also read that ISPs in America have been avoiding any hardware with that set of features purely so they cannot be forced to use it against their customers, which I guess would make sense.

Damn, I had hoped they wouldn't of got to this level, but it is to be expected....

So do people actually believe EVERY SINGLE PC being shipped (hundreds of thousands a day) are being intercepted and bugged? Does anyone realize how expensive that is? They're most likely only doing it to people they're already investigating. What people like Snowden do is leave out information about the scope of the activities (I first noticed that in hte PRISM leaks when he left out pages that probably discussed the scope of the surveillance). There's no way they have the manpower to do this to every PC being manufactured.

[QUOTE=SPESSMEHREN;43358662]So do people actually believe EVERY SINGLE PC being shipped (hundreds of thousands a day) are being intercepted and bugged? Does anyone realize how expensive that is? They're most likely only doing it to people they're already investigating. What people like Snowden do is leave out information about the scope of the activities (I first noticed that in hte PRISM leaks when he left out pages that probably discussed the scope of the surveillance). There's no way they have the manpower to do this to every PC being manufactured.[/QUOTE] Shh don't ruin peoples ideas that the NSA are sitting and intercepting every single bit of data flying around the internet. This is the exact reason why this shouldn't be news or worry anyone. Unless for some reason you honestly think the US government is spying on you nothing is happening.

bet in the new catalog theres a tool called skynet. >_> seriously though people are gonna be pissed off about this. [QUOTE=SPESSMEHREN;43358662]So do people actually believe EVERY SINGLE PC being shipped (hundreds of thousands a day) are being intercepted and bugged? Does anyone realize how expensive that is? They're most likely only doing it to people they're already investigating. What people like Snowden do is leave out information about the scope of the activities (I first noticed that in hte PRISM leaks when he left out pages that probably discussed the scope of the surveillance). There's no way they have the manpower to do this to every PC being manufactured.[/QUOTE] true and its probably saved many lives, but if they are using it on US citizens and their networks, why did 9/11 happen? why did the boston bombing happen? whats with all the school shootings? until they are ready to come forward with more than "sorry thats classified" about the actual good its done for the US alone then its wrong. if they just named 1 example of good its done i'd atleast shut up.

One day, someone will start shooting these cocksucks. and absolutely nothing of value will be lost by their deaths.

[QUOTE=ZakkShock;43359620]One day, someone will start shooting these cocksucks. and absolutely nothing of value will be lost by their deaths.[/QUOTE] you are now a person of interest.

[QUOTE=Jsm;43358529]the fact they seem to feel a need to use backdoors to snoop on Cisco devices suggests that the [url=http://www.cisco.com/en/US/tech/tk583/tk799/tsd_technology_support_protocol_home.html]lawful interception[/url] feature package isn't being used. Which is a massive shame as [I]the person who designed it (can't find the article right now, do some googling and it will appear) hated the idea and designed it with protecting peoples rights in mind (it can only snoop on individual people etc).[/I][/QUOTE] Three guess why it's not being used, and the first two don't count. :v: I wonder if trusted computing platform modules (e.g. TPMs on your brand new motherboard for supporting Secure Boot options) are in that catalogue, because that's what the skeptics warned from the start. Also, relevant once again: [IMG]http://imgs.xkcd.com/comics/infrastructures.png[/IMG]

[QUOTE=elixwhitetail;43354902]Okay, NSA, seriously, if you don't stop we're gonna insist you change your name to something sinister with mandatory punctuation like P.O.I.S.O.N. or something, and the head of the agency will need to be bald, smoke a cigar, have a monocle, and pet a really pampered cat.[/QUOTE] Why not change their name to A.C.R.O.N.Y.M. A Criminal Regiment of Nasty Young Men.

Don't worry, the 4th amendment will protect us! Oh wait... courts ruled it doesn't do any thing. FUCK!

[QUOTE=catbarf;43357477]They could say a number (and they have) and people here will insist it's bogus. And they won't release details, since that would compromise their methods, although that's looking like less and less of a concern every day. Not everything is about catching terrorists. Sometimes it's about knowing what they're up to, and being aware of other threats. We may not have the ability to catch and prosecute known terrorists in Yemen, Afghanistan, or Pakistan, but knowing what they're planning keeps us one step ahead of the game, just as knowing how much Iran or North Korea are bullshitting about nuclear weapons prevents us from being blindsided. A lot of it is the result of the Korean War, in which Western intelligence analysts were utterly blindsided by the outbreak of civil war. Since then the US, UK, and other members of Five Eyes have tried hard to stay aware of global politics, and have poured an enormous amount of resources into basically just knowing what's going on.[/QUOTE] Even so you'd expect them to try to persuade the public by showing that what they're doing is actually working, which would help all the negative press. Although then the people which provide the threats (not always terrorists) would begin to wise up and take extra precautions to stay off the radar (if it's even possible, pen and paper?).

[QUOTE=Adzter;43362443]Even so you'd expect them to try to persuade the public by showing that what they're doing is actually working, which would help all the negative press. Although then the people which provide the threats (not always terrorists) would begin to wise up and take extra precautions to stay off the radar (if it's even possible, pen and paper?).[/QUOTE] Remember that they operate under secrecy and only reveal information about their capabilities to strictly the people who need to know. You and I don't have any direct political influence on them, so that information isn't disclosed to us. They answer to Congress, and Congress controls their budget so they report to Congress, specifically the Permanent Select Committee on Intelligence for the House, and the Senate Select Committee on Intelligence for the Senate. As long as they're doing their job correctly, there is no negative press because nobody's the wiser. I wouldn't be surprised if they start declassifying information now to try to get some good PR, but in general the only people they'll report that sort of information to is whoever's signing their checks.

If the NSA can get in, so can malicious people. (Although, who can tell the difference?) I hope this ends in white hats, gray hats and black hats uniting to prove a point. [QUOTE=elixwhitetail;43359964]I wonder if trusted computing platform modules (e.g. TPMs on your brand new motherboard for supporting Secure Boot options) are in that catalogue, because that's what the skeptics warned from the start. Also, relevant once again: [IMG]http://imgs.xkcd.com/comics/infrastructures.png[/IMG][/QUOTE] Since the start of proprietary software, it's been pretty clear that all this was going to happen. We now live in a world where most software can't be scrutinised, despite relying on it to protect our money, our privacy, our rights, ourselves.

[QUOTE=nikomo;43356343]Nice, they have Cisco and Juniper covered, so that's pretty much 99.999% of the Internet.[/QUOTE] Joke's on them, I have DD-WRT on my router.

[QUOTE=Lone_Star94;43361120]Don't worry, the 4th amendment will protect us! Oh wait... courts ruled it doesn't do any thing. FUCK![/QUOTE] 2nd amendment then?

[QUOTE=Jookia;43362899]Since the start of proprietary software, it's been pretty clear that all this was going to happen. [B]We now live in a world where most software can't be scrutinised, despite relying on it to protect our money, our privacy, our rights, ourselves.[/B][/QUOTE] Fuck, software isn't even the only thing that property rights/copyright has fucked up. The [URL="http://boingboing.net/2008/07/04/california-construct.html"]law itself[/URL] [URL="http://boingboing.net/2012/12/30/public-resource-liberates-glob.html"]is increasingly[/URL] [URL="http://boingboing.net/2013/03/27/municipal-codes-of-dc-free-fo.html"]being copyrighted[/URL] [URL="http://boingboing.net/2013/11/21/germany-threatens-to-jail-carl.html"]and paywalled[/URL]. (Boingboing was an easy cache of examples.) Let us remember [URL="https://en.wikipedia.org/wiki/Aaron_Swartz"]Aaron Swartz[/URL]. [editline]30th December 2013[/editline] [QUOTE=a203xi;43364407]2nd amendment then?[/QUOTE] You're not allowed to skip to [URL="https://en.wikipedia.org/wiki/Four_boxes_of_liberty"]the last box[/URL] until you've exhausted the other three, and by and large most Americans can't be assed to even start with the first.

That's a horrifying looking complex. Seriously, it looks terrifying and evil in every way.

A lot of people seem to think that an intelligence officer is required to collect your data, that is simply not true. All of the data is collected and stored in data-centers automatically and is available if needed, that has been the mission statement since the early 1990s when the US intelligence apparatus internally recognized the internet as an emerging battlefield for global intelligence operations. It spawned many domestic programs in 2000-present. It is classified as SIGINT, the past few years of Defcon's NSA panel have had some really good information about these programs, their history, and their modern use and this year's was one of the best, especially the ACLU panels regarding their recent investigations and lawsuits because of Snowden's leaks.

[QUOTE=Looter;43369635]A lot of people seem to think that an intelligence officer is required to collect your data, that is simply not true. All of the data is collected and stored in data-centers automatically and is available if needed, that has been the mission statement since the early 1990s when the US intelligence apparatus internally recognized the internet as an emerging battlefield for global intelligence operations. It spawned many domestic programs in 2000-present. It is classified as SIGINT, the past few years of Defcon's NSA panel have had some really good information about these programs, their history, and their modern use and this year's was one of the best, especially the ACLU panels regarding their recent investigations and lawsuits because of Snowden's leaks.[/QUOTE] Didnt the NSA guy at defcon last year get called out on his bullshit and got booed off stage?

[QUOTE=Zero-Point;43363168]Joke's on them, I have DD-WRT on my router.[/QUOTE] Presumably they could just ask the chips themselves for access, some kind of burned-in hardware backdoor. If you can get to the lowest level code, the stuff that starts first and loads the OS, you can insert anything you want no matter the OS. BIOS-level rootkits are really the main thing we need to worry about, as anything else is easily accessible and wiped. Any nation is capable of this. Check this out: [url]http://www.bunniestudios.com/blog/?p=3554[/url] It shows that low-level stuff we don't think about is extremely vulnerable to this kind of thing, and undetectable without specialized hardware.

[QUOTE=mdeceiver79;43355239]Loads of companies do this. British Intel employees are warned against using Lenovo because they fear backdoors (from china). Again everyone jumps at NSA because they're the bad guy, the reality is many countries do this. Its not about security its about spying on other governments it has been done for years in some form or another. "yeah but that makes them super evil" No it just makes them spies. These tactics are needed in the more globalised environment, if you restricted all surveillance and monitoring to your own country your spy agency would be near blind. US wants to stay top dog. That means knowing about things before they are made public so counters can be produced and they are not "caught on their back foot". Be this military, socially or economically. Stop being naive.[/QUOTE] Spying is a lot like masturbation. A lot of countries do it, all countries know a lot of countries do it, but when you get caught and the full extent of your international escapades are unveiled to all, people go nuts.

[QUOTE=Metalcastr;43371964]Presumably they could just ask the chips themselves for access, some kind of burned-in hardware backdoor. If you can get to the lowest level code, the stuff that starts first and loads the OS, you can insert anything you want no matter the OS. BIOS-level rootkits are really the main thing we need to worry about, as anything else is easily accessible and wiped. Any nation is capable of this. Check this out: [URL]http://www.bunniestudios.com/blog/?p=3554[/URL] It shows that low-level stuff we don't think about is extremely vulnerable to this kind of thing, and undetectable without specialized hardware.[/QUOTE] I watched his talk earlier (after the one about this stuff actually), very very interesting. I learnt two major things from it: flash memory is a seriously low margin bussiness, and microprocessors are getting everywhere.

[QUOTE=Psychokitten;43372804]Spying is a lot like masturbation. A lot of countries do it, all countries know a lot of countries do it, but when you get caught and the full extent of your international escapades are unveiled to all, people go nuts.[/QUOTE] i don't think anyone likes the idea of their computers and homes and their phones being masturbated on okay some people are probably into that but that's besides the point

[QUOTE=Tobba;43370580]Didnt the NSA guy at defcon last year get called out on his bullshit and got booed off stage?[/QUOTE] No, that wasn't the [url=http://www.youtube.com/watch?v=sqIz-RNUL1g]ex-NSA employee panel[/url]. That was probably one of the still-employed guys talking at one of the goon panels.

[QUOTE=JohnnyOnFlame;43355718]I want to see who's going to point & laugh at Richard Stallman for being nuts now.[/QUOTE] Even though he is right about something doesn't mean he isn't a full-out cave-dwelling nutcase. He's the IT equivalent of Alexander Supertramp.