Nice “Work” Guys… (Fools)

Troll the NSA

Oh now that’s gonna leave a mark:

NEWS The American intelligence service – NSA – infected more than 50,000 computer networks worldwide with malicious software designed to steal sensitive information.Documents provided by former NSA-employee Edward Snowden and seen by this newspaper, prove this.

A management presentation dating from 2012 explains how the NSA collects information worldwide. In addition, the presentation shows that the intelligence service uses ‘Computer Network Exploitation’ (CNE) in more than 50,000 locations. CNE is the secret infiltration of computer systems achieved by installing malware, malicious software.

I’m not sure what’s more-disturbing — that the NSA engaged in such a wide-scale infiltration or that they (mostly) got away with it for so long.

The latter says as much about the so-called “security” of the targets as anything else, and it ought to frighten you enough to harden and monitor your corporate network immediately, including without exception the immediate abandonment of all outside “cloud resources” from companies such as Amazon and Salesforce.

If you don’t know how to both harden and monitor said network you need professional assistance and you need it right now.  It has to be in-house, controlled by you and accountable only to you.

For many years now I have watched amusedly as the Russians (and their “splinter” nations that used to be part of the USSR) hacking contingent and then the Chinese flailed away at various corporate and government networks, stealing anything that wasn’t nailed down and some stuff that was.  This continues to the present day, incidentally — my overnight logs (and I’m not exactly a “high value” target!) typically show hundreds of attempts against the security infrastructure here.

The problem I have with this article and what it documents is that it shows quite-clearly that not only did the NSA get in but the break-in and its exploitation went undetected.  The former happens due to sloppiness or active cooperation of some sort.  The latter only happens if you’re as dumb as a box of rocks or trust someone who is — sometimes because they’re paid to be dumb.

Let’s take Google, for example.  Who thought that leasing a dark fiber somehow made it impervious to being picked off?  The technological know-how in terms of doing that has been known almost-literally forever.  So why would anyone ever run an unencrypted link over a cable that exits your fully-protected sphere ofphysical control if you are asserting that anything on there is “safe” or “secure”?  The only rational reason is that you don’t give a damn.  The other reasons are worse (e.g. active cooperation with people who are interested in stealing whatever travels on said cable.)

10 or 20 years ago there was probably an argument for this approach, since encryption was expensive in terms of CPU (and thus money) — you had to balance out whether encryption was worth the cost.  This was definitely true when I designed private IP-based networks for people back in those days — while it was possible to encrypt the price was astronomical to do so on high-speed links, and thus nobody did unless you were carrying high-level state secrets.

But today such an excuse rings hollow with the inclusion of AES-NI instructions in common commodity Intel processors, as just one example.  While data transport speeds have grown dramatically the price-per-computation has come down at a close-to-exponential decay rate.  I can now run my laptop disks in encrypted mode with a modest performance hit for this very reason — never mind that many drives now include encryption on the chipset in the drive itself.

Now those might be “back doored” but the fact of the matter is that the NSA proves again and again that it’s not breaking in by brute force or “back dooring” someone’s equipment — it is simply exploiting the fact that most people are stupid.

But back to my point on the NSA and these 50,000 networks — breaking in is one thing.  Actually getting the data you steal back out to the NSA is another, as that generates a flow that, if you’re paying attention, can be trivially detected and as soon as it is the entity doing the spying is busted.

So why haven’t they been busted?

There is only one explanation when it comes to those who would not have given consent — they’re incompetent.

Here’s looking at all the various suppliers of this technology to various business and government interests, kid.

Now about buying that cloud computing and network resource (and all the companies selling same, especially the public ones…..)

The Market Ticker

Go to responses (registration required to post)