Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Thursday March 13 2014, @11:42PM   Printer-friendly
from the is-this-confirmation-not-revelation dept.

fliptop writes:

"Last year it was reported the NSA spends millions to purchase 0-day exploits. But what do they do with the exploits they've purchased? On Tuesday, NSA chief nominee US Navy vice admiral Michael S. Rogers

'...gave a vague outline of rules the spy agency has for handling such flaws, which includes an internal 'adjudication process' for determining whether to let the vendor of an affected product know about it; or just keep it under wraps for spying'.

Now there's word that documents leaked by NSA whistleblower Edward Snowden show they're using automated systems to infect computers that reduce the level of human oversight in the process:

'The implants being deployed were once reserved for a few hundred hard-to-reach targets, whose communications could not be monitored through traditional wiretaps. But the documents analyzed by The Intercept show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes previously handled by humans. The automated system - codenamed TURBINE - is designed to 'allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.'

Sounds like the wicked offspring of Skynet and George Orwell."

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by moo kuh on Thursday March 13 2014, @11:48PM

    by moo kuh (2044) on Thursday March 13 2014, @11:48PM (#16131) Journal

    1. develop product.
    2. forget bounds checking in an obscure code branch
    3. sell flaw to nsa.
    4. profit!

    • (Score: -1, Flamebait) by Anonymous Coward on Friday March 14 2014, @12:16AM

      by Anonymous Coward on Friday March 14 2014, @12:16AM (#16137)

      nsaoylentnews.org is NSA

    • (Score: 2) by githaron on Friday March 14 2014, @02:30PM

      by githaron (581) on Friday March 14 2014, @02:30PM (#16394)

      You forgot 5. Fix the exploit the next day. After all, they only paid for a 0-day exploit.

  • (Score: 5, Funny) by The Grim Reefer on Friday March 14 2014, @12:29AM

    by The Grim Reefer (1451) on Friday March 14 2014, @12:29AM (#16139)

    At this point can we simply call him Edward Snowden? I don't think anyone on this site, or the internet for that matter, really needs the prefix "NSA wistleblower" to know who this is. I'm sure he'd like to have that dropped too as it's a constant reminder that he will probably never come home again. Or is there some other Edward Snowden that we may confuse him with? Maybe the NSA won't allow the prefix to be dropped. Perhaps we can abbreviate it to "Wb." Like we do with Mr.and Mrs.?

    • (Score: 2) by mtrycz on Friday March 14 2014, @09:25AM

      by mtrycz (60) on Friday March 14 2014, @09:25AM (#16243)

      While it might sound, yes, redundant at this point, it's better to leave it in, than to leave information and context out.

      Maybe you remember the story about Amber Alerts? I don't want to google or wiki it, just to have an idea if the article I'm reading is relevant (to me) or not; it really misses the point.

      --
      In capitalist America, ads view YOU!
  • (Score: 5, Interesting) by mrkaos on Friday March 14 2014, @01:02AM

    by mrkaos (997) on Friday March 14 2014, @01:02AM (#16143)

    The only thing that stops me from doing wrong is knowing it is wrong. Whilst the NSA buys 0-day exploit that profit blackhats here I am busy trying to patch the holes.

    Way to go guys, while we're here trying to build something there is a government department busy poking holes in it and helping the bad guys tear it down. It's not that I don't know what you are doing, it's just that my main focus is to maintain uptime.

    Thanks for making my job harder.

    --
    My ism, it's full of beliefs.
  • (Score: 5, Insightful) by Geezer on Friday March 14 2014, @10:21AM

    by Geezer (511) on Friday March 14 2014, @10:21AM (#16263)

    I read TFA just after seeing Zuckerberg's recent comments about NSA transparency vs. the public "believing the worst" about government behavior.

    I'm inclined to believe the worst about anything to do with the Machiavellian shadow government that revolves around the intelligence community.

    Dwight Eisenhower and John F. Kennedy both knew and feared the monster that Allen Dulles built. Their successors became ever-more complicit and servile.

    What is the ethical professional response to a threat with the unlimited technical, financial, and political resources of a rogue US Government? This is not a rhetorical question. I want to know.

    • (Score: 2) by tangomargarine on Friday March 14 2014, @03:58PM

      by tangomargarine (667) on Friday March 14 2014, @03:58PM (#16469)

      It's not paranoia if they really are out to get you. And every day it gets harder for me to deny that the government isn't really out to get us.

      --
      "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
  • (Score: 2) by tangomargarine on Friday March 14 2014, @03:55PM

    by tangomargarine (667) on Friday March 14 2014, @03:55PM (#16467)

    Since Soylent is still pretty new, I feel like I should drag out one of my old Slashdot complaints here...

    Can anyone give me a good reason why we must continually refer to exploits as "zero-day"? I feel like 90% of the ones mentioned in articles are zero-day to begin with, in which case it would make me want to punch things less if we just assumed that they all were zero-day and mentioned it if they WEREN'T.

    Especially considering that in an ideal world with competent developers and effective authority hierarchies, the number of NON-zero-day exploits active at any given time should be pretty low to begin with, as the software will be well-tested and, when an exploit is found, promptly addressed.

    --
    "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
    • (Score: 2, Insightful) by krishnoid on Friday March 14 2014, @05:02PM

      by krishnoid (1156) on Friday March 14 2014, @05:02PM (#16509)

      Can anyone give me a good reason why we must continually refer to exploits as "zero-day"?

      Because on the first day, it's already too late [youtube.com].

      • (Score: 2) by tangomargarine on Friday March 14 2014, @07:57PM

        by tangomargarine (667) on Friday March 14 2014, @07:57PM (#16602)

        I know what the term means. That's not an argument. If you read my comment, you'd see that I'm arguing it's largely redundant and we should stop applying the descriptor.

        --
        "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
        • (Score: 1) by krishnoid on Saturday March 15 2014, @12:25AM

          by krishnoid (1156) on Saturday March 15 2014, @12:25AM (#16705)

          True, in a perfect world, software quality would take precedence over hitting marketing targets or meeting budgets. I have to disagree that most defects are zero-day; the ones that seem to make the news the most are:

          • immediately-exploited defects
          • exploits against defects reported to a company without any acknowledgement on their part

          It wasn't intended as an argument, although in retrospect, the provided link may not have had the intended effect of diminishing your desire to punch babies.

          • (Score: 2) by tangomargarine on Saturday March 15 2014, @04:32PM

            by tangomargarine (667) on Saturday March 15 2014, @04:32PM (#16868)

            I have to disagree that most defects are zero-day; the ones that seem to make the news the most are:

            Yeah, that was kind of my point.

            --
            "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"