Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Why The USA Hacks
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
2/19/2015 | 9:56:53 AM
Re: We are far better off with these organizations
"who's overseeing the people who are charged with oversight."

That would be both our elected and unelected leaders including the press (The Fourth Estate) and even whisteblowers like Edward Snowden, whether you believe him to be a hero or traitor. Democracy is messy, but transparency is key to making our leaders and decision-makers accountable..
mwallsedgewave
50%
50%
mwallsedgewave,
User Rank: Author
2/18/2015 | 12:34:12 PM
Re: We are far better off with these organizations
Excellent points.  So the key is the right amount of oversight, at the right time.  Historically we see Congressional committees or commissions investigating overreach after something egregious ends up in the media.  We need to stay ahead of potential problems through proactive Congressional involvement.  But there's a catch, what happens if the oversight committees in Congress allow an overreach...who's overseeing the people who are charged with oversight.
BertrandW414
50%
50%
BertrandW414,
User Rank: Strategist
2/18/2015 | 10:55:54 AM
We are far better off with these organizations
We are far better off with these organizations doing what they do, and I believe that the vast majority of their work is honorable, but as they say, power corrupts, and we run into problems when they overreach and justify their actions in the name of National Security - I don't need to produce for you a list of S. American, Central American, and African leaders who were assasinated by the CIA (or those working on behalf of the CIA) to make to wonder if the CIA has ever overreached. Yes, foreign policy can be terribly complex and we now also have the the great advantage of hindsight, and the Americans involved in these projects surely believed that what they were doing was what was best for our country.

As for the CIA not collecting information about U.S. citizens, here is something from a CIA website... "Take, for instance, CIA's Operation CHAOS. The CIA collected substantial amounts of information on domestic dissidents from 1967 to 1973. The Rockefeller Commission deemed the program a violation of the CIA statutory charter."
www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/vol20no2/html/v20i2a01p_0001.htm
GonzSTL
0%
100%
GonzSTL,
User Rank: Ninja
2/17/2015 | 2:44:06 PM
Re: Distrust
@Whoopty: Excellent points, especially in the trust/distrust area. It is very disconcerting to citizens when the government takes on the Big Brother role, specifically with respect to information gathering. The potential for misuse and abuse is simply too great, as we have seen in many not so distant events. Human nature dictates that there will always be people who abuse the information gathered, or the powers bestowed upon them by whatever authority the organization has, with respect to their activities. I would argue that no model is perfect, but in spite of the absence of perfection, we simply cannot do without this operation in place. If one were to apply simple metrics to gauge the effectiveness of this operation, then surely the publicized results will appear to show it as ineffective, as you have pointed out. However, one should also ponder the possibility that positive results may, by their very nature, lend themselves to secrecy, in cases where the perceived threats do not yet realize that they have been already exposed to the operation, thereby rendering the simple metric test relatively invalid. As with any intelligence operation, this particular one evolves with the situation. One can only hope that the evolution is in the right direction, and (ironically) place trust in the administration to lay that proper course.
mwallsedgewave
0%
100%
mwallsedgewave,
User Rank: Author
2/17/2015 | 12:58:33 PM
Re: Distrust
Your points are well taken Whoopty.  

You touched on bad behavior by some of the employees of Government agencies and I agree with the inference that there isnt enough oversight and accountability, particularly with regard to the cases you identified at NSA (I include Mr Snowden in the badly behaving employee category).  Oversight is especially important in organizations that can potentially abuse the public trust.  

To your point about the success of NSA programs, the value of these operations conducted is greater than the specific wins identified by DRNSA.  Presumably, these programs provide enough aggregated data for the US Government to maintain the highest levels of situational awareness across the global cyber environment.  So while the numbers on the scoreboard may not be compelling today, information gathered yesterday may be helping to build a picture that will help stop an event that is planned for tomorrow.

Finally, I completely agree that trust and distrust swing both ways, and the US Government is beginning to understand that concept given the allegations of spying on allies.

Thanks again for the great thoughts!
Whoopty
100%
0%
Whoopty,
User Rank: Ninja
2/17/2015 | 12:32:34 PM
Distrust
I don't think anyone in the public is bothered with the NSA, CIA and other organisations taking part in national defence or even hacking other countries (though it's debateable whether many would agree with hacking allies, like Angela Merkel's phone), the problem comes from the catchall nature of many of the intelligence agencies' schemes and their seeming disinterest in how ineffective it is.

Despite collecting all of the metadata and in many cases the content of conversations, emails and text interactions, the head of the NSA claimed maybe 1-2 terrorist plots had been stopped and even then, that was when combined with traditional policing. 

Surely then this is an ineffective way to combat it? 

On top of that, there's proven instances of it being abused and NSA staffers looking up information on lovers and ex partners. 

Heck, Edward Snowden, a contractor, was able to steal all of this information. How secure can the information the NSA collects on everyone, really be? 

Treating everyone as if they're the enemy engenders distrust and that now swings both ways, because people don't trust their government not to spy on them. 
swreynolds92
100%
0%
swreynolds92,
User Rank: Strategist
2/17/2015 | 12:22:51 PM
Equation Group & the NSA
Give the current revelation of possible ties between the "Equation Group" and the NSA, does your view of why the US hacks change at all?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-45380
PUBLISHED: 2022-01-23
AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_head.php
CVE-2021-46024
PUBLISHED: 2022-01-23
Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required.
CVE-2022-23850
PUBLISHED: 2022-01-23
xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buffer overflow via a crafted EPUB document.
CVE-2021-4103
PUBLISHED: 2022-01-23
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.
CVE-2021-4172
PUBLISHED: 2022-01-22
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.