Endpoint //

Privacy

Richard Clarke: Foreign Governments Not So Surprised by US Snooping

50%
50%

Former White House cybersecurity advisor Richard Clarke thinks foreign governments' outrage about American cyber-snooping is largely an act being put on for the benefit of political and economic agendas.

Comment  | 
Print  | 
Comments
Threaded  |  Newest First  |  Oldest First
DarkReadingTim
50%
50%
DarkReadingTim,
User Rank: Strategist
3/27/2014 | 10:33:14 AM
Why is the NSA's activity such a surprise to anyone?
I'm amazed at the strong reaction to the NSA's surveillance activity, which has always been vast and deep. The NSA has been doing deep surveillance for many years. In fact, it used to be that all telecom carriers were required to have a presence in Jessup, Md. -- providing an easy location for the NSA to listen in.
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
3/27/2014 | 2:52:02 PM
Re: Why is the NSA's activity such a surprise to anyone?
Well Tim we must distinguish two aspect:

I agree with Richard Clarke, foreign governments are not surprised by US snooping because almost every state is developing its surveillance programme, more or less efficient. China, Russia and many other countries are investing to improve cyber capabilities on both defensive and offensive perspective. Suverillance and monitoring are common practices, they are the essential part of every cyber strategy, necessary to protect homeland security.

The extension of NSA activity, despite US isn't the unique government with a so aggressive cyber espionage programme, is embarrassing. US Governments has spied also on allies and it has arranged hacking campaigns (see FoxACID and TURBINE) to hack foreign enterprises like Huawei and Siemens. 

Frankly, it is gone too far ... it's policy will damage US IT industry

 
tmccreight
50%
50%
tmccreight,
User Rank: Apprentice
3/27/2014 | 10:43:48 PM
Why is the NSA's activity such a surprise to anyone?
I agree with Richard's comments and his insight into the drivers behind some of the comments from foreign states.

I remember working on CALEA projects (there's an oldie for you) back in the 90's that caused concern wtih so many people, yet proved invaluable when we provided assistance to intelligence agencies in North America.  I understand and appreciate the difficult position Western nations are in - they don't want to let potential intelligence go undetected, but must also face harsh criticisms when they 'invade' the personal electronic space of citizens (both foreign and domestic).  I don't envy the daily decisions these folks make, but I can say I've seen the benefits of that information.
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance Writer,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16470
PUBLISHED: 2018-11-13
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
CVE-2018-16471
PUBLISHED: 2018-11-13
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to a...
CVE-2018-6980
PUBLISHED: 2018-11-13
VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they...
CVE-2018-17614
PUBLISHED: 2018-11-13
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client prior to V2.7. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from th...
CVE-2018-8009
PUBLISHED: 2018-11-13
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.