Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Why The USA Hacks
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
Marilyn Cohodas,
 User Rank: Strategist
2/19/2015 | 9:56:53 AM
Re: We are far better off with these organizations
"who's overseeing the people who are charged with oversight."

That would be both our elected and unelected leaders including the press (The Fourth Estate) and even whisteblowers like Edward Snowden, whether you believe him to be a hero or traitor. Democracy is messy, but transparency is key to making our leaders and decision-makers accountable..
mwallsedgewave
mwallsedgewave,
 User Rank: Author
2/18/2015 | 12:34:12 PM
Re: We are far better off with these organizations
Excellent points.  So the key is the right amount of oversight, at the right time.  Historically we see Congressional committees or commissions investigating overreach after something egregious ends up in the media.  We need to stay ahead of potential problems through proactive Congressional involvement.  But there's a catch, what happens if the oversight committees in Congress allow an overreach...who's overseeing the people who are charged with oversight.
BertrandW414
BertrandW414,
 User Rank: Strategist
2/18/2015 | 10:55:54 AM
We are far better off with these organizations
We are far better off with these organizations doing what they do, and I believe that the vast majority of their work is honorable, but as they say, power corrupts, and we run into problems when they overreach and justify their actions in the name of National Security - I don't need to produce for you a list of S. American, Central American, and African leaders who were assasinated by the CIA (or those working on behalf of the CIA) to make to wonder if the CIA has ever overreached. Yes, foreign policy can be terribly complex and we now also have the the great advantage of hindsight, and the Americans involved in these projects surely believed that what they were doing was what was best for our country.

As for the CIA not collecting information about U.S. citizens, here is something from a CIA website... "Take, for instance, CIA's Operation CHAOS. The CIA collected substantial amounts of information on domestic dissidents from 1967 to 1973. The Rockefeller Commission deemed the program a violation of the CIA statutory charter."
www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/vol20no2/html/v20i2a01p_0001.htm
GonzSTL
GonzSTL,
 User Rank: Ninja
2/17/2015 | 2:44:06 PM
Re: Distrust
@Whoopty: Excellent points, especially in the trust/distrust area. It is very disconcerting to citizens when the government takes on the Big Brother role, specifically with respect to information gathering. The potential for misuse and abuse is simply too great, as we have seen in many not so distant events. Human nature dictates that there will always be people who abuse the information gathered, or the powers bestowed upon them by whatever authority the organization has, with respect to their activities. I would argue that no model is perfect, but in spite of the absence of perfection, we simply cannot do without this operation in place. If one were to apply simple metrics to gauge the effectiveness of this operation, then surely the publicized results will appear to show it as ineffective, as you have pointed out. However, one should also ponder the possibility that positive results may, by their very nature, lend themselves to secrecy, in cases where the perceived threats do not yet realize that they have been already exposed to the operation, thereby rendering the simple metric test relatively invalid. As with any intelligence operation, this particular one evolves with the situation. One can only hope that the evolution is in the right direction, and (ironically) place trust in the administration to lay that proper course.
mwallsedgewave
mwallsedgewave,
 User Rank: Author
2/17/2015 | 12:58:33 PM
Re: Distrust
Your points are well taken Whoopty.  

You touched on bad behavior by some of the employees of Government agencies and I agree with the inference that there isnt enough oversight and accountability, particularly with regard to the cases you identified at NSA (I include Mr Snowden in the badly behaving employee category).  Oversight is especially important in organizations that can potentially abuse the public trust.  

To your point about the success of NSA programs, the value of these operations conducted is greater than the specific wins identified by DRNSA.  Presumably, these programs provide enough aggregated data for the US Government to maintain the highest levels of situational awareness across the global cyber environment.  So while the numbers on the scoreboard may not be compelling today, information gathered yesterday may be helping to build a picture that will help stop an event that is planned for tomorrow.

Finally, I completely agree that trust and distrust swing both ways, and the US Government is beginning to understand that concept given the allegations of spying on allies.

Thanks again for the great thoughts!
Whoopty
Whoopty,
 User Rank: Ninja
2/17/2015 | 12:32:34 PM
Distrust
I don't think anyone in the public is bothered with the NSA, CIA and other organisations taking part in national defence or even hacking other countries (though it's debateable whether many would agree with hacking allies, like Angela Merkel's phone), the problem comes from the catchall nature of many of the intelligence agencies' schemes and their seeming disinterest in how ineffective it is.

Despite collecting all of the metadata and in many cases the content of conversations, emails and text interactions, the head of the NSA claimed maybe 1-2 terrorist plots had been stopped and even then, that was when combined with traditional policing. 

Surely then this is an ineffective way to combat it? 

On top of that, there's proven instances of it being abused and NSA staffers looking up information on lovers and ex partners. 

Heck, Edward Snowden, a contractor, was able to steal all of this information. How secure can the information the NSA collects on everyone, really be? 

Treating everyone as if they're the enemy engenders distrust and that now swings both ways, because people don't trust their government not to spy on them. 
swreynolds92
swreynolds92,
 User Rank: Strategist
2/17/2015 | 12:22:51 PM
Equation Group & the NSA
Give the current revelation of possible ties between the "Equation Group" and the NSA, does your view of why the US hacks change at all?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file