Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Why The USA Hacks
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
2/19/2015 | 9:56:53 AM
Re: We are far better off with these organizations
"who's overseeing the people who are charged with oversight."

That would be both our elected and unelected leaders including the press (The Fourth Estate) and even whisteblowers like Edward Snowden, whether you believe him to be a hero or traitor. Democracy is messy, but transparency is key to making our leaders and decision-makers accountable..
mwallsedgewave
50%
50%
mwallsedgewave,
User Rank: Author
2/18/2015 | 12:34:12 PM
Re: We are far better off with these organizations
Excellent points.  So the key is the right amount of oversight, at the right time.  Historically we see Congressional committees or commissions investigating overreach after something egregious ends up in the media.  We need to stay ahead of potential problems through proactive Congressional involvement.  But there's a catch, what happens if the oversight committees in Congress allow an overreach...who's overseeing the people who are charged with oversight.
BertrandW414
50%
50%
BertrandW414,
User Rank: Strategist
2/18/2015 | 10:55:54 AM
We are far better off with these organizations
We are far better off with these organizations doing what they do, and I believe that the vast majority of their work is honorable, but as they say, power corrupts, and we run into problems when they overreach and justify their actions in the name of National Security - I don't need to produce for you a list of S. American, Central American, and African leaders who were assasinated by the CIA (or those working on behalf of the CIA) to make to wonder if the CIA has ever overreached. Yes, foreign policy can be terribly complex and we now also have the the great advantage of hindsight, and the Americans involved in these projects surely believed that what they were doing was what was best for our country.

As for the CIA not collecting information about U.S. citizens, here is something from a CIA website... "Take, for instance, CIA's Operation CHAOS. The CIA collected substantial amounts of information on domestic dissidents from 1967 to 1973. The Rockefeller Commission deemed the program a violation of the CIA statutory charter."
www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/vol20no2/html/v20i2a01p_0001.htm
GonzSTL
0%
100%
GonzSTL,
User Rank: Ninja
2/17/2015 | 2:44:06 PM
Re: Distrust
@Whoopty: Excellent points, especially in the trust/distrust area. It is very disconcerting to citizens when the government takes on the Big Brother role, specifically with respect to information gathering. The potential for misuse and abuse is simply too great, as we have seen in many not so distant events. Human nature dictates that there will always be people who abuse the information gathered, or the powers bestowed upon them by whatever authority the organization has, with respect to their activities. I would argue that no model is perfect, but in spite of the absence of perfection, we simply cannot do without this operation in place. If one were to apply simple metrics to gauge the effectiveness of this operation, then surely the publicized results will appear to show it as ineffective, as you have pointed out. However, one should also ponder the possibility that positive results may, by their very nature, lend themselves to secrecy, in cases where the perceived threats do not yet realize that they have been already exposed to the operation, thereby rendering the simple metric test relatively invalid. As with any intelligence operation, this particular one evolves with the situation. One can only hope that the evolution is in the right direction, and (ironically) place trust in the administration to lay that proper course.
mwallsedgewave
0%
100%
mwallsedgewave,
User Rank: Author
2/17/2015 | 12:58:33 PM
Re: Distrust
Your points are well taken Whoopty.  

You touched on bad behavior by some of the employees of Government agencies and I agree with the inference that there isnt enough oversight and accountability, particularly with regard to the cases you identified at NSA (I include Mr Snowden in the badly behaving employee category).  Oversight is especially important in organizations that can potentially abuse the public trust.  

To your point about the success of NSA programs, the value of these operations conducted is greater than the specific wins identified by DRNSA.  Presumably, these programs provide enough aggregated data for the US Government to maintain the highest levels of situational awareness across the global cyber environment.  So while the numbers on the scoreboard may not be compelling today, information gathered yesterday may be helping to build a picture that will help stop an event that is planned for tomorrow.

Finally, I completely agree that trust and distrust swing both ways, and the US Government is beginning to understand that concept given the allegations of spying on allies.

Thanks again for the great thoughts!
Whoopty
100%
0%
Whoopty,
User Rank: Ninja
2/17/2015 | 12:32:34 PM
Distrust
I don't think anyone in the public is bothered with the NSA, CIA and other organisations taking part in national defence or even hacking other countries (though it's debateable whether many would agree with hacking allies, like Angela Merkel's phone), the problem comes from the catchall nature of many of the intelligence agencies' schemes and their seeming disinterest in how ineffective it is.

Despite collecting all of the metadata and in many cases the content of conversations, emails and text interactions, the head of the NSA claimed maybe 1-2 terrorist plots had been stopped and even then, that was when combined with traditional policing. 

Surely then this is an ineffective way to combat it? 

On top of that, there's proven instances of it being abused and NSA staffers looking up information on lovers and ex partners. 

Heck, Edward Snowden, a contractor, was able to steal all of this information. How secure can the information the NSA collects on everyone, really be? 

Treating everyone as if they're the enemy engenders distrust and that now swings both ways, because people don't trust their government not to spy on them. 
swreynolds92
100%
0%
swreynolds92,
User Rank: Strategist
2/17/2015 | 12:22:51 PM
Equation Group & the NSA
Give the current revelation of possible ties between the "Equation Group" and the NSA, does your view of why the US hacks change at all?


News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...
CVE-2021-3197
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.