Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Ex-NSA Contractor Gets 9 Years for Retaining Defense Data
Newest First  |  Oldest First  |  Threaded View
tdsan
tdsan,
 User Rank: Ninja
7/27/2019 | 5:00:27 PM
Re: Equity
I agree the only problem I have is the laws are not consistent across the board and people are often prosecuted unfairly because of the Judge's inherent bias. Yes this contractor should get time, but what about the law enforcement officials and government agencies that broke the law with the following:
  • StingRay - illegal remote cell phone tracking tool
  • Prism - dragnet government surveillance system, violates the laws across the globe
  • Pegasys - hacking software used to hack cell phones
  • Facia - cell phone triangulation tool
  • Optic Nerve - yahoo messenger used tool to capture video images
  • Boundless Informant - using tools to extract metadata from various devices
  • XkeyScore - interception data tool that queries information about user data (phone, email, texts, etc)

The problem I have with all of this is that people are constantly breaking the law and no one has been prosecuted, so how can an official be so hard on the public but they are constantly violating the rights of people across the globe, it is just amazing that these things go on and everybody turns a blind-eye.

I don't know anymore.

T
rcash
rcash,
 User Rank: Strategist
7/24/2019 | 10:41:24 AM
Equity
So there is little doubt of wrong doing here, but my quesiton is how this can be effectively prosecuted while other significantly more egregious harms (such as having a private vulnerable email server in a closet) are passed over. Crime is crime, and no one should be above the law, to borrow a phrase.
REISEN1955
REISEN1955,
 User Rank: Ninja
7/23/2019 | 9:05:10 AM
Re: Wow, so who prosecutes the Federal Government
Done - this is far off post subject not funny. 
tdsan
tdsan,
 User Rank: Ninja
7/22/2019 | 4:01:55 PM
Re: Wow, so who prosecutes the Federal Government

Let's back up for a minute, this person was a  NSA contractor who was prosecuted, clear and evident. But what happened to the other situations I named in the message before. For example, William "Bill" Binney (ThinThread), he worked for NSA for almost 30 years, he developed an application called ThinThread, they did not use the application during the 911 attacks. He informed them that of the controls they were taking off, this action of removing the controls would affect the lives of people everywhere in America and beyond. He informed his executive staff members, management, he followed proper protocol. Instead of the group, talking to him and giving him the respect he deserves, they put him in-front of a gun when he tried to tell them that the controls that were in place to protect the rights of American citizens (they continued to violate the law).

Now the other examples I used was basically saying how can this US Atty say something like this with a pompus attitude when they have been violating the rights of American Citizens even now (Illegal Drag Net Surveillance Programs like XKeyScore, Prism, etc.). Is he going to jail because he knows along with Congress that they have been violating the rights of American Citizens, yours and mine?

Don't get me wrong, when the person is wrong and they have violated the rights of Ameircan citizens, then yes, send them to jail. But the Feds are violating the rigths of US citizens right now using the Fisa courts to force companies like Quest, Microsoft, Google, Yahoo, AWS and others by issuing warrants (not one time have they not issued a warrant) under the auspices of National Security. So when are the Feds going to be accountable for their own actions, when are individuals from Congress going to be prosecuted (they were the one's who authorized its purchase and use). When are the deaths of innocent civilans going to be brought to court?

So who is prosecuting the people using mass surveillance to attack and thwart peaceful groups like "Black Lives Matter", "Indian Groups", "Unarmed Black People". When are they going to use the laws to prosecute the "KKK" and "Nazi followers" and the hate groups that are associated with millions of deaths.

So think about that and the other items I mentioned in the passage before. If you are going to do it to one person, then everyone needs to be accountable; if the balance of law is for all people then those same people should be prosecuted as well (General Alexander, Clapper, everyone involved and those who did not do anything about it, foreign and domestic).

T
REISEN1955
REISEN1955,
 User Rank: Ninja
7/22/2019 | 3:32:45 PM
Re: Wow, so who prosecutes the Federal Government
Are you saying he is innocent?  Or wrongly prosecuted?  Because theft of owned propietary data is still theft and there are laws against that - alot of them.  Break one and you have a problem.   This scum kept at it for years and 50 terabytes is huge.  He deserved jail time indeed.    AND this does not strike me as a human rights issue at all.  Not a political one.  Theft of data pure and simple.  High grade security data too.  
tdsan
tdsan,
 User Rank: Ninja
7/22/2019 | 1:44:27 PM
Wow, so who prosecutes the Federal Government

"This sentence, which is one of the longest ever imposed in this type of case, should serve as a warning that we will find and prosecute government employees and contractors who flagrantly violate their duty to protect classified materials," said US Attorney Robert K Hur in a statement.

Interesting that they say this with Prism, XKeyscore, Facia, Informant and other programs that are violating the rights of individuals all across the globe (congress approved this when the budget goes above 3 million dollars, so they knew about it). In America, the federal government has been violating the rights of American Citizens (1st - 5th Amendment rights) from the beginning of time,

I am not sure that I should be surprised but this is amazing he would say something like this. They are taking the lives of innocent personnel around the world when they go after terrorists; what happens to accountability and the value we put on human life. Look at what happened to William Binney (ThinThread), Thomas Drake (TrailBlazer), Kirk Wiebe (Trailblazer and Thinthread) and Edward Snowden (Prism, Xkeystore), they were indicted under the Espionage act and one they are still after (Mr. Snowden).

I have been saying this for years, when are we going to start looking at the injustices that have been going on for years and when is someone going to say, we have been violating human rights and citizens who have nothing to do with terrorist acts (I am not even going to mention what is going on in the US with Indians and African Americans). It is astounding that this continues to happen and we continue to show a blind eye, we see this in our own back yard.

T


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1172
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
CVE-2023-1469
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
CVE-2023-1466
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
CVE-2023-1467
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
CVE-2023-1468
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...