Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Why The USA Hacks
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
2/19/2015 | 9:56:53 AM
Re: We are far better off with these organizations
"who's overseeing the people who are charged with oversight."

That would be both our elected and unelected leaders including the press (The Fourth Estate) and even whisteblowers like Edward Snowden, whether you believe him to be a hero or traitor. Democracy is messy, but transparency is key to making our leaders and decision-makers accountable..
mwallsedgewave
mwallsedgewave,
User Rank: Author
2/18/2015 | 12:34:12 PM
Re: We are far better off with these organizations
Excellent points.  So the key is the right amount of oversight, at the right time.  Historically we see Congressional committees or commissions investigating overreach after something egregious ends up in the media.  We need to stay ahead of potential problems through proactive Congressional involvement.  But there's a catch, what happens if the oversight committees in Congress allow an overreach...who's overseeing the people who are charged with oversight.
BertrandW414
BertrandW414,
User Rank: Strategist
2/18/2015 | 10:55:54 AM
We are far better off with these organizations
We are far better off with these organizations doing what they do, and I believe that the vast majority of their work is honorable, but as they say, power corrupts, and we run into problems when they overreach and justify their actions in the name of National Security - I don't need to produce for you a list of S. American, Central American, and African leaders who were assasinated by the CIA (or those working on behalf of the CIA) to make to wonder if the CIA has ever overreached. Yes, foreign policy can be terribly complex and we now also have the the great advantage of hindsight, and the Americans involved in these projects surely believed that what they were doing was what was best for our country.

As for the CIA not collecting information about U.S. citizens, here is something from a CIA website... "Take, for instance, CIA's Operation CHAOS. The CIA collected substantial amounts of information on domestic dissidents from 1967 to 1973. The Rockefeller Commission deemed the program a violation of the CIA statutory charter."
www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/vol20no2/html/v20i2a01p_0001.htm
GonzSTL
GonzSTL,
User Rank: Ninja
2/17/2015 | 2:44:06 PM
Re: Distrust
@Whoopty: Excellent points, especially in the trust/distrust area. It is very disconcerting to citizens when the government takes on the Big Brother role, specifically with respect to information gathering. The potential for misuse and abuse is simply too great, as we have seen in many not so distant events. Human nature dictates that there will always be people who abuse the information gathered, or the powers bestowed upon them by whatever authority the organization has, with respect to their activities. I would argue that no model is perfect, but in spite of the absence of perfection, we simply cannot do without this operation in place. If one were to apply simple metrics to gauge the effectiveness of this operation, then surely the publicized results will appear to show it as ineffective, as you have pointed out. However, one should also ponder the possibility that positive results may, by their very nature, lend themselves to secrecy, in cases where the perceived threats do not yet realize that they have been already exposed to the operation, thereby rendering the simple metric test relatively invalid. As with any intelligence operation, this particular one evolves with the situation. One can only hope that the evolution is in the right direction, and (ironically) place trust in the administration to lay that proper course.
mwallsedgewave
mwallsedgewave,
User Rank: Author
2/17/2015 | 12:58:33 PM
Re: Distrust
Your points are well taken Whoopty.  

You touched on bad behavior by some of the employees of Government agencies and I agree with the inference that there isnt enough oversight and accountability, particularly with regard to the cases you identified at NSA (I include Mr Snowden in the badly behaving employee category).  Oversight is especially important in organizations that can potentially abuse the public trust.  

To your point about the success of NSA programs, the value of these operations conducted is greater than the specific wins identified by DRNSA.  Presumably, these programs provide enough aggregated data for the US Government to maintain the highest levels of situational awareness across the global cyber environment.  So while the numbers on the scoreboard may not be compelling today, information gathered yesterday may be helping to build a picture that will help stop an event that is planned for tomorrow.

Finally, I completely agree that trust and distrust swing both ways, and the US Government is beginning to understand that concept given the allegations of spying on allies.

Thanks again for the great thoughts!
Whoopty
Whoopty,
User Rank: Ninja
2/17/2015 | 12:32:34 PM
Distrust
I don't think anyone in the public is bothered with the NSA, CIA and other organisations taking part in national defence or even hacking other countries (though it's debateable whether many would agree with hacking allies, like Angela Merkel's phone), the problem comes from the catchall nature of many of the intelligence agencies' schemes and their seeming disinterest in how ineffective it is.

Despite collecting all of the metadata and in many cases the content of conversations, emails and text interactions, the head of the NSA claimed maybe 1-2 terrorist plots had been stopped and even then, that was when combined with traditional policing. 

Surely then this is an ineffective way to combat it? 

On top of that, there's proven instances of it being abused and NSA staffers looking up information on lovers and ex partners. 

Heck, Edward Snowden, a contractor, was able to steal all of this information. How secure can the information the NSA collects on everyone, really be? 

Treating everyone as if they're the enemy engenders distrust and that now swings both ways, because people don't trust their government not to spy on them. 
swreynolds92
swreynolds92,
User Rank: Strategist
2/17/2015 | 12:22:51 PM
Equation Group & the NSA
Give the current revelation of possible ties between the "Equation Group" and the NSA, does your view of why the US hacks change at all?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-42002
PUBLISHED: 2022-10-01
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.
CVE-2022-39268
PUBLISHED: 2022-09-30
### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end use...
CVE-2022-34428
PUBLISHED: 2022-09-30
Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.
CVE-2022-34429
PUBLISHED: 2022-09-30
Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.
CVE-2022-40923
PUBLISHED: 2022-09-30
A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.