AnonTechie writes:
"Schneier: NSA snooping tactics will be copied by criminals in 3 to 5 years. If you thought NSA snooping was bad, you ain't seen nothing yet: online criminals have also been watching and should soon be able to copy the agency's invasive surveillance tactics, according to security guru Bruce Schneier.
'The NSA techniques give about a three to five year lead on what cyber-criminals will do,' he told an audience at the RSA 2014 conference in San Francisco. 'These techniques for exfiltrating data aren't magical, they are just expensive. Everything we know about technology is that it gets cheaper. So the notion of putting up a fake cell tower or wireless access point, of jumping air gaps, you're going to see this stuff it's really just a matter of time.' "
(Score: -1, Offtopic) by Anonymous Coward on Sunday March 02 2014, @01:31PM
Thank you for being a friend
Traveled down the road and back again
Your heart is true, you're a pal and a cosmonaut.
And if you threw a party
Invited everyone you knew
You would see the biggest gift would be from me
And the card attached would say, thank you for being a friend.
(Score: 5, Interesting) by jt on Sunday March 02 2014, @01:35PM
The big hitters are doing this stuff already. Fake wireless access points? This has been going on for years. Jumping airgaps? Just bribe/threaten someone on the inside to do it for you; old-school tactics still work in the information age. Custom written malware? Sold to the highest bidder.
The entire premise, that there is a difference between NSA and organized crime, is of course an entirely different debate.
(Score: 3, Insightful) by FatPhil on Sunday March 02 2014, @05:19PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 3, Interesting) by jt on Sunday March 02 2014, @06:05PM
I would be deeply shocked if the NSA and their three-letter buddies are not carefully monitoring what the blackhats are doing out in the Real World. They have the advantage that they can take all the public domain techniques, but don't have to give back their own proprietary inventions. Kind of a BSD v GNU arrangement :)
(Score: 2) by frojack on Sunday March 02 2014, @09:16PM
I thought the NSA were cybercriminals.
But seriously, Bruce Schneier seems to forget that the NSA has the authority to essentially say to ANYONE "these are not the droids you were looking for" and have them go away and be quiet.
Criminals will never have this leverage. Criminals would never be able to walk into AT&T router farm and have them build a secret room with a fiber direct to their doorstep. Not going to happen on anything even vaguely like the NSA's scale.
No, you are mistaken. I've always had this sig.
(Score: 4, Insightful) by moo kuh on Sunday March 02 2014, @02:08PM
The big difference between criminals and the NSA, is the NSA can get subpoenas and gag orders with the backing of the the resources of the US government. Sure, criminal organizations can intimidate and get some people in high places, but that still doesn't compare to the power and resources of the US government. Even if some of the techniques are copied (or attempted to), I doubt criminals are going to have an army of PhD mathematicians and computer scientists, as well as huge amounts of spare cash, to implement some of these complex techniques and continue to come up with new and better ones. Some of the simpler things the NSA is doing, I would wager are already being done by criminals. I generally agree with Schneier, but in this case I don't
(Score: 5, Insightful) by jt on Sunday March 02 2014, @02:23PM
I agree that nobody can compete with the US government in this field, with the possible exception of some other nation states, but the point is that the criminals do not need to compete.
Academia churns out the new ideas and new concepts all the time. We can all read these, either for free (as it should be) or for the cost of a few journal subscriptions, which is hardly beyond the resources of organized crime. Independent researchers can be hired like any other staff.
Implementing these publicly-accessible concepts is not trivial, but is generally far easier than creating the ideas and the proofs of concept. Maybe only the US govt has the resources to do the Big Stuff with large-scale traffic redirection and intercept, but maybe organized crime doesn't need this.
(Score: 1) by moo kuh on Sunday March 02 2014, @03:17PM
You make some good points, hopefully you get modded up. It is generally true that coming up with the idea and proving it is generally the hard part (not always). On the flip side, now that a lot this is public, organizations can take steps to protect themselves. I will admit I did not RTFA (I came here from /.), but I wonder how many of these exploits are already being used by large criminal organizations and even corporations spying on each other.
(Score: 2) by jt on Sunday March 02 2014, @05:58PM
You're right that coming up with the good idea is not _always_ the hard part. Execution is important too, especially in the corporate espionage arena you mention here; organized crime can take risks that BigName, Inc. cannot (not for moral reasons, of course, merely due to practicalities of the cost-benefit analysis of being caught).
(Score: 1) by Fnord666 on Monday March 03 2014, @03:34AM
I second that. When it comes to criminal enterprises, no one can compete with the US government.
(Score: 2, Informative) by Anonymous Coward on Sunday March 02 2014, @02:59PM
Yeah. How likely is it for the Mob to get a telco to set up a "Room 641A" for them: https://en.wikipedia.org/wiki/Room_641A [wikipedia.org]
The NSA and FBI can tell telcos and other corps to bend-over at the top levels to do stuff like that. But if the Mafia tried the same thing the telco bosses may have their friends in Government show the Mafia a thing or two about who calls the shots.
Unless of course it's Russia where the line between the russian mafia and government seems rather blurry to me ;).
(Score: 0) by Anonymous Coward on Sunday March 02 2014, @05:54PM
It's the other army most people rightly are much more worried about.
(Score: 4, Interesting) by gishzida on Sunday March 02 2014, @02:13PM
Schneier showed up at the RSA conference especially with all the noise he's been making about the NSA and Friends. After all RSA did take what is seen as a bribe to make crypto weaker. Giving a talk like that is kinda like "belling the cat" in his own home-- you might be right and you might get away with it but you can pretty well bet that the cat is going to get even some how.
In "NSA Amerika" cat bells you... and you like it.
(Score: 3, Insightful) by FatPhil on Sunday March 02 2014, @02:48PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 1) by neagix on Sunday March 02 2014, @04:31PM
his point was not that much interesting for me. The same was said for Stuxnet and Flame by their analysts e.g. that soon criminals would start predating the technology and strategy
(Score: 0) by Anonymous Coward on Sunday March 02 2014, @06:09PM
"Schneier showed up at the RSA conference especially with all the noise he's been making about the NSA and Friends."
Because over the past several years Schneier has been investing in himself to become a media personality rather than a security professional with anything meaningful to contribute. His income now comes from making appearances at conferences and commenting on cable news channels rather than being a security professional.
(Score: 5, Funny) by Nerdfest on Sunday March 02 2014, @05:05PM
Shouldn't the title be "NSA Snooping Tactics will be Copied by other Criminals". And I thought we were stepping up the quality around here :)
(Score: 2, Insightful) by Cyberdyne on Sunday March 02 2014, @09:51PM
It's a shame that this has to be modded funny. People will continue to laugh it off as just a joke, and perpetuate the myth that they're law-abiding.
(Score: 2) by Nerdfest on Sunday March 02 2014, @10:23PM
I think the "funny" is for the reference to the editing here (which *is* far better). I don't think anyone around here believe they're law-abiding.
(Score: -1) by Anonymous Coward on Sunday March 02 2014, @08:42PM
i have the feeling that "well-healed" people don't mind being sn00ped on ... why the flashy ... ...
at all. in a way it makes them feel proud, like a child feels proud, when
a parent shows him/her attention, akin to "look mommy/daddy what i have accomplished".
or maybe like some people just love to be watched
house (dare i say villa), car, boat, girlfriend?
in the end it is the not-well-healed people who bare the brunt if sh1t goes south.
they don't have the "connections" and money to get out of a dodgy legal situation
people (working for privat or gloverment) are mostly impressed by "looks" (spelled suits)
anyways
(Score: 2, Insightful) by Cyberdyne on Sunday March 02 2014, @09:48PM
The NSA being cyber-criminals themselves makes this notion of a 5-year lead time nonsensical.
(Score: 1) by fatuous looser on Sunday March 02 2014, @10:21PM
(Score: 0) by Anonymous Coward on Sunday March 02 2014, @11:32PM
Most likely the Russians already have. The KGB and its successor the FSB have not been slouches in this regard I imagine, and there are plenty of ties between them and the Russian Mafia to be sure. Yeah, our vaunted cyber "infrastructure" has more holes than Swiss cheese, and we have the NSA to thank for that. They have shirked their other, more important duty, which was to secure this infrastructure, at the expense of their mission to spy on the world.