Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Sunday March 02 2014, @01:30PM   Printer-friendly [Skip to comment(s)]
from the old-crooks-meet-the-new-crooks dept.

AnonTechie writes:

"Schneier: NSA snooping tactics will be copied by criminals in 3 to 5 years. If you thought NSA snooping was bad, you ain't seen nothing yet: online criminals have also been watching and should soon be able to copy the agency's invasive surveillance tactics, according to security guru Bruce Schneier.

'The NSA techniques give about a three to five year lead on what cyber-criminals will do,' he told an audience at the RSA 2014 conference in San Francisco. 'These techniques for exfiltrating data aren't magical, they are just expensive. Everything we know about technology is that it gets cheaper. So the notion of putting up a fake cell tower or wireless access point, of jumping air gaps, you're going to see this stuff it's really just a matter of time.' "

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: -1, Offtopic) by Anonymous Coward on Sunday March 02 2014, @01:31PM

    by Anonymous Coward on Sunday March 02 2014, @01:31PM (#9584)

    Thank you for being a friend
    Traveled down the road and back again
    Your heart is true, you're a pal and a cosmonaut.

    And if you threw a party
    Invited everyone you knew
    You would see the biggest gift would be from me
    And the card attached would say, thank you for being a friend.

  • (Score: 5, Interesting) by jt on Sunday March 02 2014, @01:35PM

    by jt (2890) on Sunday March 02 2014, @01:35PM (#9587)

    The big hitters are doing this stuff already. Fake wireless access points? This has been going on for years. Jumping airgaps? Just bribe/threaten someone on the inside to do it for you; old-school tactics still work in the information age. Custom written malware? Sold to the highest bidder.

    The entire premise, that there is a difference between NSA and organized crime, is of course an entirely different debate.

    • (Score: 3, Insightful) by FatPhil on Sunday March 02 2014, @05:19PM

      by FatPhil (863) <{pc-soylent} {at} {asdf.fi}> on Sunday March 02 2014, @05:19PM (#9667) Homepage
      I thought the NSA were just copying what the cybercriminals were doing?
      --
      Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
      • (Score: 3, Interesting) by jt on Sunday March 02 2014, @06:05PM

        by jt (2890) on Sunday March 02 2014, @06:05PM (#9685)

        I would be deeply shocked if the NSA and their three-letter buddies are not carefully monitoring what the blackhats are doing out in the Real World. They have the advantage that they can take all the public domain techniques, but don't have to give back their own proprietary inventions. Kind of a BSD v GNU arrangement :)

      • (Score: 2) by frojack on Sunday March 02 2014, @09:16PM

        by frojack (1554) Subscriber Badge on Sunday March 02 2014, @09:16PM (#9743) Journal

        I thought the NSA were just copying what the cybercriminals were doing?

        I thought the NSA were cybercriminals.

        But seriously, Bruce Schneier seems to forget that the NSA has the authority to essentially say to ANYONE "these are not the droids you were looking for" and have them go away and be quiet.

        Criminals will never have this leverage. Criminals would never be able to walk into AT&T router farm and have them build a secret room with a fiber direct to their doorstep. Not going to happen on anything even vaguely like the NSA's scale.

        --
        No, you are mistaken. I've always had this sig.
  • (Score: 4, Insightful) by moo kuh on Sunday March 02 2014, @02:08PM

    by moo kuh (2044) on Sunday March 02 2014, @02:08PM (#9600) Journal

    The big difference between criminals and the NSA, is the NSA can get subpoenas and gag orders with the backing of the the resources of the US government. Sure, criminal organizations can intimidate and get some people in high places, but that still doesn't compare to the power and resources of the US government. Even if some of the techniques are copied (or attempted to), I doubt criminals are going to have an army of PhD mathematicians and computer scientists, as well as huge amounts of spare cash, to implement some of these complex techniques and continue to come up with new and better ones. Some of the simpler things the NSA is doing, I would wager are already being done by criminals. I generally agree with Schneier, but in this case I don't

    • (Score: 5, Insightful) by jt on Sunday March 02 2014, @02:23PM

      by jt (2890) on Sunday March 02 2014, @02:23PM (#9605)

      I agree that nobody can compete with the US government in this field, with the possible exception of some other nation states, but the point is that the criminals do not need to compete.

      Academia churns out the new ideas and new concepts all the time. We can all read these, either for free (as it should be) or for the cost of a few journal subscriptions, which is hardly beyond the resources of organized crime. Independent researchers can be hired like any other staff.

      Implementing these publicly-accessible concepts is not trivial, but is generally far easier than creating the ideas and the proofs of concept. Maybe only the US govt has the resources to do the Big Stuff with large-scale traffic redirection and intercept, but maybe organized crime doesn't need this.

      • (Score: 1) by moo kuh on Sunday March 02 2014, @03:17PM

        by moo kuh (2044) on Sunday March 02 2014, @03:17PM (#9625) Journal

        You make some good points, hopefully you get modded up. It is generally true that coming up with the idea and proving it is generally the hard part (not always). On the flip side, now that a lot this is public, organizations can take steps to protect themselves. I will admit I did not RTFA (I came here from /.), but I wonder how many of these exploits are already being used by large criminal organizations and even corporations spying on each other.

        • (Score: 2) by jt on Sunday March 02 2014, @05:58PM

          by jt (2890) on Sunday March 02 2014, @05:58PM (#9680)

          You're right that coming up with the good idea is not _always_ the hard part. Execution is important too, especially in the corporate espionage arena you mention here; organized crime can take risks that BigName, Inc. cannot (not for moral reasons, of course, merely due to practicalities of the cost-benefit analysis of being caught).

      • (Score: 1) by Fnord666 on Monday March 03 2014, @03:34AM

        by Fnord666 (652) Subscriber Badge on Monday March 03 2014, @03:34AM (#9889) Homepage

        I agree that nobody can compete with the US government in this field,

        I second that. When it comes to criminal enterprises, no one can compete with the US government.

    • (Score: 2, Informative) by Anonymous Coward on Sunday March 02 2014, @02:59PM

      by Anonymous Coward on Sunday March 02 2014, @02:59PM (#9621)

      Yeah. How likely is it for the Mob to get a telco to set up a "Room 641A" for them: https://en.wikipedia.org/wiki/Room_641A [wikipedia.org]

      The NSA and FBI can tell telcos and other corps to bend-over at the top levels to do stuff like that. But if the Mafia tried the same thing the telco bosses may have their friends in Government show the Mafia a thing or two about who calls the shots.

      Unless of course it's Russia where the line between the russian mafia and government seems rather blurry to me ;).

    • (Score: 0) by Anonymous Coward on Sunday March 02 2014, @05:54PM

      by Anonymous Coward on Sunday March 02 2014, @05:54PM (#9677)

      I doubt criminals are going to have an army of PhD mathematicians and computer scientists...

      It's the other army most people rightly are much more worried about.

  • (Score: 4, Interesting) by gishzida on Sunday March 02 2014, @02:13PM

    by gishzida (2870) on Sunday March 02 2014, @02:13PM (#9602) Journal

    Schneier showed up at the RSA conference especially with all the noise he's been making about the NSA and Friends. After all RSA did take what is seen as a bribe to make crypto weaker. Giving a talk like that is kinda like "belling the cat" in his own home-- you might be right and you might get away with it but you can pretty well bet that the cat is going to get even some how.

    In "NSA Amerika" cat bells you... and you like it.

    • (Score: 3, Insightful) by FatPhil on Sunday March 02 2014, @02:48PM

      by FatPhil (863) <{pc-soylent} {at} {asdf.fi}> on Sunday March 02 2014, @02:48PM (#9617) Homepage
      Bingo. To be honest I'm a little disappointed. His boycott could have made RSA's reputation weaker. Mikko Hypp&ouml;nen did the right thing.
      --
      Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
    • (Score: 1) by neagix on Sunday March 02 2014, @04:31PM

      by neagix (25) on Sunday March 02 2014, @04:31PM (#9640)

      his point was not that much interesting for me. The same was said for Stuxnet and Flame by their analysts e.g. that soon criminals would start predating the technology and strategy

    • (Score: 0) by Anonymous Coward on Sunday March 02 2014, @06:09PM

      by Anonymous Coward on Sunday March 02 2014, @06:09PM (#9687)

      "Schneier showed up at the RSA conference especially with all the noise he's been making about the NSA and Friends."

      Because over the past several years Schneier has been investing in himself to become a media personality rather than a security professional with anything meaningful to contribute. His income now comes from making appearances at conferences and commenting on cable news channels rather than being a security professional.

  • (Score: 5, Funny) by Nerdfest on Sunday March 02 2014, @05:05PM

    by Nerdfest (80) on Sunday March 02 2014, @05:05PM (#9655)

    Shouldn't the title be "NSA Snooping Tactics will be Copied by other Criminals". And I thought we were stepping up the quality around here :)

    • (Score: 2, Insightful) by Cyberdyne on Sunday March 02 2014, @09:51PM

      by Cyberdyne (403) on Sunday March 02 2014, @09:51PM (#9757)

      It's a shame that this has to be modded funny. People will continue to laugh it off as just a joke, and perpetuate the myth that they're law-abiding.

      • (Score: 2) by Nerdfest on Sunday March 02 2014, @10:23PM

        by Nerdfest (80) on Sunday March 02 2014, @10:23PM (#9780)

        I think the "funny" is for the reference to the editing here (which *is* far better). I don't think anyone around here believe they're law-abiding.

  • (Score: -1) by Anonymous Coward on Sunday March 02 2014, @08:42PM

    by Anonymous Coward on Sunday March 02 2014, @08:42PM (#9728)

    i have the feeling that "well-healed" people don't mind being sn00ped on
    at all. in a way it makes them feel proud, like a child feels proud, when
    a parent shows him/her attention, akin to "look mommy/daddy what i have accomplished".
    or maybe like some people just love to be watched ... why the flashy
    house (dare i say villa), car, boat, girlfriend?
    in the end it is the not-well-healed people who bare the brunt if sh1t goes south.
    they don't have the "connections" and money to get out of a dodgy legal situation ...
    people (working for privat or gloverment) are mostly impressed by "looks" (spelled suits)
    anyways ...

  • (Score: 2, Insightful) by Cyberdyne on Sunday March 02 2014, @09:48PM

    by Cyberdyne (403) on Sunday March 02 2014, @09:48PM (#9755)

    The NSA being cyber-criminals themselves makes this notion of a 5-year lead time nonsensical.

  • (Score: 1) by fatuous looser on Sunday March 02 2014, @10:21PM

    by fatuous looser (2550) on Sunday March 02 2014, @10:21PM (#9776)
    Does this mean that cyber "criminals" will poke into the backbone & rummage around like the NSA does?  Do ya figure the Russians have drilled into the fatpipes yet?  Or are they too slow to figure it out.  Is our vaunted cyber "infrastructure" a Swiss cheese?  Tell me it ain't so, Bruce.
    • (Score: 0) by Anonymous Coward on Sunday March 02 2014, @11:32PM

      by Anonymous Coward on Sunday March 02 2014, @11:32PM (#9822)

      Most likely the Russians already have. The KGB and its successor the FSB have not been slouches in this regard I imagine, and there are plenty of ties between them and the Russian Mafia to be sure. Yeah, our vaunted cyber "infrastructure" has more holes than Swiss cheese, and we have the NSA to thank for that. They have shirked their other, more important duty, which was to secure this infrastructure, at the expense of their mission to spy on the world.