Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:Good reason to spend a trillion of public money (Score 1) 71

AC if any nation is that good, nothing useful would be recovered by consultants able to freely talk to the press. Smart enough to get in, stay in, but details of entry left all over to find?
So what is the story going to be? A super power with super skills that have never been caught in the past decades got detected by consultants talking to the media this one time?
Or an ip range and tool set was left all over the network to be recovered later.... that conveniently points straight to another nation via method and ip range in the open and the domestic press got told about.
That nation with the super skills to get in, to get the data over time, stay totally undetected in real time, but lacked the most basic skills to cover its own path in and out?
If such an advance adversary is really detected no mention is made in the press of the investigative methods. Most advance nations like to keep that for their own security services investigations secure.
i.e. if its real no ability to just go running with the worlds media about tool sets and methods discovered ....

Comment Re:Absolute Nonsense (Score 1) 71

The world now knows of efforts like QUANTUMSQUIRREL https://en.wikipedia.org/wiki/... that would give any friendly or other nation, its staff, ex staff and former staff the "skills" to become any ip range for any reason.
Just use the right tools, time of day and the perfect ip will always be stumbled upon by consultants to run to the press with.

Comment Re:How were the servers accessed? (Score 2) 237

Down the list:
An insider walks it out and the hint about another nation is the pre placed cover story that holds thanks to fragments left for any teams looking over systems later.
The insider is fully protected and pre placed cover story holds for decades.
So many people and other nations are discovered have had physical and network access that a short list of skilled nations is selected from and thats the presentable story.
A person or group uses a list of common tools and finds a huge number of other nations and people are also accessing the data. A trail is created to what is expected.
A smaller power or allied nation with insider help feels the need to see the material released and uses advance methods to ensure a common adversarial nation gets the full blame. i.e. they have their own virtual methods like QUANTUMSQUIRREL https://en.wikipedia.org/wiki/...
Fragments of past tools, ip ranges, time of day would not be left by any advanced nation or other method. Someone created a trail, wants the trail to be found or understood the result would be great cover.

Comment All vs self redaction (Score 3, Interesting) 159

Long term a full release helps historians, authors, bloggers and any interested people fill in the redacted material after 30 years of official gov releases in some nations.
A limited, self censored release over years by a subset of the press seems useful in the short term to sell content but long term its all the information in its full context that helps.
A full release also prevents any questions surrounding members of the press who claim to be experts in certain areas and then only publish fragments on what they feel they understand or want write about for domestic consumption. That can be very limiting for any future historians and can result in a very small sub set of diverse material been covered many times.
Eg a group of journalists only feel comfortable about releasing material about corruption in a few nations... and hold back all the other interesting material as they see it as outside the help they can request from their own gov and mil contacts.
Members of the press then publish the same story with a few local twists or focus on a name in decades old material on advice of their legal departments.
A searchable full release is also good for details like format, dates. Names that did not hold a position that year, fonts, jargon that could point to alterations, self censorship, missing material, a limited hang out https://en.wikipedia.org/wiki/... .

Comment Re:This won't last long (Score 1) 59

The units will be watched, tracked and mapped. Even if the path taken has some random times and path changes built in per patrol, the locals will soon note the abilities and limitations.
After that comes a well funded intelligence sniffer to find out how much is an internal dumb database of possible maps or daily changes by human control and a burst of real time commands.
Any US command and control communications will undergo a full reverse engineering. The main question will be how much hardware crypto was allowed to be placed in each unit at that price point. Will the US allow any crypto to fall into the wrong hands per patrol or keep the device useless if lost? Some optics, a CPU a map, with data sent back..vs a full crypto package rolling around outside just waiting to be exported for a reward...
A dedicated effort to clone and offer back fake video, audio and motion detection, inject a halt command or induce a service fault on all local devices.
If that crypto effort fails, just flood and over power the command signal and see how the remote unit reacts - a shut down and wait for recovery, a rapid and very direct return to home, recovery or loss of control and the drone defaults to an anti tampering, avoid capture command?
Thats why most smarter nations use dedicated human special forces teams to watch over their bases 24/7 over any useful distances.
It seems the US did not learn much from Vietnam and has a lot of "locals" around its bases.
If your going to build any base in country, keep all locals a long way away... special forces are great for that every night.

Comment Re:No back-doors to my personal devices (Score 1) 254

NSA, GCHQ and other US federal law enforcement agencies have had no issues with any US private sector devices sold or consumer grade crypto created and used over the decades.
Generations of satellite phones, cell phones, mobile computing devices got collected on without any effort as sold to the global public.
Now state and federal law enforcement want the same tech. The way in was never an issue. Presenting the product in open court was the real question. The NSA and GCHQ did not want that kind of skill set presented to the world. State and federal law enforcement just thought of the next case and did not want to know about the reality of global collection going dark thanks to methods been presented in open court.
All devices are open to different levels of the UK and US governments, just the cost of total collection is now so low that every sector of US law enforcement now expects the same network and per device access. When that method goes to open court, will users habits change to not having a cell phone on them and collection reverts to on site collection or following people with teams.
How many teams and shifts of 6 or 9 staff do most nations have per interesting person with the skills and cover stories to enter every part of a city to keep a person in sight?

Comment Re:No such thing as Apple-only backdoor (Score 1) 254

Re "Making encryption standards so weak so that the company/person writing the software, can bypass them, is the very definition of a back door."
A few nations lost their cell networks.
SISMI-Telecom scandal https://en.wikipedia.org/wiki/...
Greek wiretapping case 2004–05 https://en.wikipedia.org/wiki/...–05
Weak crypto just allows a lot of different groups to get the same total network access that only law enforcement thought it had.
Every phone then becomes open and trackable to anyone with the skills or cash.

Comment Re:How were crimes solved before cell phones? (Score 1) 254

Informants, undercover work with large teams, making deals with people in jail, prison or who had been in the prison system still wanted to earn cash.
The budgets for overtime and the funding of undercover skill sets have now been offered to consultants and contractors renting phone tracking and data recovery systems.
The idea that every person of interest has a phone on, a live mic in range of all conversations, has a gps device near them, takes video and images of all their friends for real time collection or later examination has become sold to US law enforcement officials by contractors.
Track the all movements, listen in, review details into a shared federal, private sector and state database, build a case with with logs and recordings.
Contractors often have their origins in signals intelligence and that is what they are going to sell back to the US gov once in the private sector.
What interesting person would meet any one with any powered phone on them?
Who would drive a car or truck with gps collecting its location, a microphone built in by the private sector that can be turned on by law enforcement?
Having a gps and mic ready cell phone with a sealed in battery in an area understood to be under constant law enforcement surveillance?

Comment Re:Tor's fatal flaw (Score 1) 45

Nations can now afford to reconcile most of their users internet patterns over time. If that fails, just induce random network drops to see who falls off the network over a few 10's, hundred or 1000 interesting users per city and provider.
If most of a nations users are just surfing, using web 2.0, doing other tasks, getting a short list of people who went looking for software would not be too hard.

Comment Re:Wireless range (Score 2) 85

The device range is tested, tuned, looked for, amplified by another device to just outside the building.
Collection is then just a local device away e.g. UK spied on Russians with fake rock http://www.bbc.com/news/world-... "contained electronic equipment and had been used by British diplomats to receive and transmit information".
Thats how the range problem is never an issue. The real trick is getting nations, people, groups to use and trust leaky fully imported wireless devices.

Comment Re:Can we ever really know? (Score 1) 694

A lot of ex staff, former staff are floating around will skill sets from their days with spoofing systems like QUANTUMSQUIRREL
https://theintercept.com/document/2014/03/12/nsa-gchqs-quantumtheory-hacking-tactics/ i.e. become any ip range globally.
Re "A good hacker wouldn't be found at all, and a really good hacker would cover their own tracks and leave a trail that makes it look like it came from" All the West is presenting to the media is existing traces of expected files, data sizes, IP addresses, timezones, code, a VPN service.. that any other interested nations experts could ensure got used and then left to be found by experts to mask their own access. Attribution due to expected tools used is great cover.
Changes to how US tax payers support and funding NATO, other 5 eye nations could have induced a new version of the classic British Security Coordination https://en.wikipedia.org/wiki/... or any other advanced NATO nation could have attempted the same.
Most smarter nations would just use a very local front group, cult to ensure a domestic trail that ends with a left or right feel to the classic insider or person with local insight if they work on political actions in another nation. No trial back. A domestic issue, the press gets the results.

Comment Re:the phone may not always be in possession phone (Score 1) 147

Biometrics is just another big lump of code down a network that a brand hopes the consumer's hardware created and that no other party has, can recreate, or become, capture and use.
Still the same networks, a consumer OS that is wide open, a few extra trusted chips sold to anyone and some data set created by a user of interest.
A better way is for real world use would be https://en.wikipedia.org/wiki/...
The change seems to be that the old idea was the that phone would be a text device that gets a message from a cell tower.
The phone is now the device requesting and using both messages on the same device or the via same network.
More data via a well understood biometric chip is just another set of data to capture, but for the user something they think is safer.
Once such data is captured, is been traded or sold, a user is left with few ways to just alter or create their own trusted, unique future access.

Comment Re:Tor's fatal flaw (Score 1) 45

Recall the origins and past funding of Onion routing https://en.wikipedia.org/wiki/... i.e. US needed a system that would allow US backed and funded dissidents globally to network for color revolutions https://en.wikipedia.org/wiki/... and other long term political NGO work.
5 eye nations did not seem to be very upset with its spread and use with systems like Tempora https://en.wikipedia.org/wiki/.... Federal funding at a police level in the US to track users goes from success to success even on low budgets per case.
For Onion routing to work well a lot of consumers need to be using the networks to hide the few "dissidents" globally.
Given all the low cost police work that makes it to court, tracking users is now less hard work. Collect it all is now in the hands of anyone or nation or cult or faith or brand with a limited federal police budget.

Slashdot Top Deals

Backed up the system lately?

Working...