Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday March 16 2015, @02:08PM   Printer-friendly [Skip to comment(s)]
from the likely-but-not-proven dept.

All of you knew that it could only get worse:

Kaspersky malware probers have uncovered a new 'operating system-like' platform that [they claim] was developed and used by the National Security Agency (NSA) in its Equation spying arsenal. The EquationDrug or Equestre platform is used to deploy [an estimated] 116 plug-in modules to target computers that can siphon data and spy on victims. So far, only 30 modules have been identified.

"It's important to note that EquationDrug is not just a trojan, but a full espionage platform, which includes a framework for conducting cyber-espionage activities by deploying specific modules on the machines of selected victims," Kaspersky researchers say in a report.

The article goes on to explain that Kaspersky further believes that the software is part of the "NSA's campaign to infect hard disk firmware". There is considerably more detail in the article.

I think I am going to get my old manual typewriter out of the garage, get a new ribbon, use U.S. Mail instead of e-mail, and buy more ink for my fountain pens.

Related Stories

Kaspersky Lab Exposed U.S. Military "Slingshot" Malware 18 comments

US officials: Kaspersky "Slingshot" report burned anti-terror operation

A malware campaign discovered by researchers for Kaspersky Lab this month was in fact a US military operation, according to a report by CyberScoop's Chris Bing and Patrick Howell O'Neill. Unnamed US intelligence officials told CyberScoop that Kaspersky's report had exposed a long-running Joint Special Operations Command (JSOC) operation targeting the Islamic State and Al Qaeda.

The malware used in the campaign, according to the officials, was used to target computers in Internet cafés where it was believed individuals associated with the Islamic State and Al Qaeda would communicate with their organizations' leadership. Kaspersky's report showed Slingshot had targeted computers in countries where ISIS, Al Qaeda, and other radical Islamic terrorist groups have a presence or recruit: Afghanistan, Yemen, Iraq, Jordan, Turkey, Libya, Sudan, Somalia, Kenya, Tanzania, and the Democratic Republic of Congo.

The publication of the report, the officials contended, likely caused JSOC to abandon the operation and may have put the lives of soldiers fighting ISIS and Al Qaeda in danger. One former intelligence official told CyberScoop that it was standard operating procedure "to kill it all with fire once you get caught... It happens sometimes and we're accustomed to dealing with it. But it still sucks. I can tell you this didn't help anyone."

This is good malware. You can't expose the good malware!

Related: Kaspersky Claims to have Found NSA's Advanced Malware Trojan
Ties Alleged Between Kaspersky Lab and Russian Intelligence Agencies
Kaspersky Willing to Hand Source Code Over to U.S. Government
Kaspersky Lab has been Working With Russian Intelligence
FBI Reportedly Advising Companies to Ditch Kaspersky Apps
Federal Government, Concerned About Cyberespionage, Bans Use of Kaspersky Labs Products
Kaspersky Lab and Lax Contractor Blamed for Russian Acquisition of NSA Tools


Original Submission

Ties Alleged Between Kaspersky Lab and Russian Intelligence Agencies 37 comments

Recently, we have reported several claims (here, here, and here) made by the Russian security software manufacturer Kaspersky Lab that they have discovered 'evidence' of NSA involvement in malware. Now, Bloomberg claims that the Moscow-based computer security company has effectively been taken over by the FSB. Company founder Eugene Kaspersky was educated at a KBG-run school, which was never a secret, but the new report describes a much more current and intimate connection.

Kaspersky Lab is denying the allegations, as one might expect, and counter with the statement:

It's not as though the US has clean hands in all of this. The CIA has funded the development of security software firms like FireEye, Veracode, and Hytrust though its In-Q-Tel investment fund, and American firms have been noticeably silent when it comes to investigating suspected US state-sponsored malware.

We are unlikely to hear the truth from either side, nor should we realistically expect a confession from the NSA or the FSB. Nevertheless, it is possible that the security industries on both sides are 'guilty' of looking after their respective government's interests and what we are seeing is just another day in the world of intelligence collection and cyber-security, the world of claim and counter-claim.

[Editor's Comment: Typo fixed at 15:39 UTC]

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Informative) by ikanreed on Monday March 16 2015, @02:18PM

    by ikanreed (3164) on Monday March 16 2015, @02:18PM (#158364) Journal

    We'll go through your underware drawer to make damn sure of that fact.

    • (Score: 0) by Anonymous Coward on Monday March 16 2015, @05:28PM

      by Anonymous Coward on Monday March 16 2015, @05:28PM (#158471)

      I'm so stealing that quote...

  • (Score: 2) by MichaelDavidCrawford on Monday March 16 2015, @02:27PM

    by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Monday March 16 2015, @02:27PM (#158368) Homepage Journal

    It seems to me that the way an HD firmware hack would have to work, is by replacing some part of a well-known operating system.

    So it should be straightforward to defeat it by using full-disk encryption; one would want to perform the encryption on a known-good disk, then use dd to transfer the image to the OS drive.

    --
    Yes I Have No Bananas. [gofundme.com]
    • (Score: 2) by datapharmer on Monday March 16 2015, @02:33PM

      by datapharmer (2702) on Monday March 16 2015, @02:33PM (#158371)

      It is unlikely this would be helpful as the password on FIPS drives is essentially just used to unlock the real key which is stored on the drive. If you are infecting the hardware you can just wait until after the drive is unlocked to insert your poison pill. I think a better defense would be to use very new technologies that they might not have an infection vector for yet and hope to stay ahead of their development curve but even that is a questionable tactic given their infiltration of manufacturing and trade organizations. Typewriter or punch cards might be the better option.

      • (Score: 2) by kaszz on Monday March 16 2015, @02:45PM

        by kaszz (4211) on Monday March 16 2015, @02:45PM (#158377) Journal

        If the malware inside the harddisk controller inside the drive doesn't have any influence of the data sent to and from the host it will essentially be toast. And of course no key should be stored on the drive. So when the malware alter the data transferred from the platter to the host, decryption will sense bad checksum and alert the operator. Or even correct it on the fly..

        The next step is to prevent the computer from accessing the harddrive controller in a malicious way so it can't be infected either.

      • (Score: 0) by Anonymous Coward on Monday March 16 2015, @02:57PM

        by Anonymous Coward on Monday March 16 2015, @02:57PM (#158386)

        For all your encryption needs just use systems that aren't attached to the Internet.

        • (Score: 2) by kaszz on Monday March 16 2015, @03:26PM

          by kaszz (4211) on Monday March 16 2015, @03:26PM (#158410) Journal

          Malware can still find its way through USB-memories, silently enabled WiFi, acoustic link etc..

        • (Score: 2) by Dunbal on Monday March 16 2015, @05:24PM

          by Dunbal (3515) on Monday March 16 2015, @05:24PM (#158470)

          If they want to know what you're doing, they can read your keystrokes AND your monitor output through your power cable.

          • (Score: 2) by Geotti on Tuesday March 17 2015, @03:44AM

            by Geotti (1146) on Tuesday March 17 2015, @03:44AM (#158719) Journal

            Just use a netbook [instructables.com] (the big case should be the battery for weeks of uptime).

      • (Score: 0) by Anonymous Coward on Monday March 16 2015, @03:02PM

        by Anonymous Coward on Monday March 16 2015, @03:02PM (#158390)

        Typewriter or punch cards might be the better option.

        Old school, 'ey? This [wikipedia.org] is what I first programmed with.

      • (Score: 2) by zeigerpuppy on Tuesday March 17 2015, @01:16AM

        by zeigerpuppy (1298) on Tuesday March 17 2015, @01:16AM (#158678)

        I was wondering along similar lines, whether using ZFS would help.
        ZFS generally tries to get low level (block) access to the drive and it does consistency checks via checksums on blocks read and written.
        I think with ZFS it would be hard to inject data unless the software was also faulty.

        • (Score: 2) by wantkitteh on Tuesday March 17 2015, @05:28AM

          by wantkitteh (3362) on Tuesday March 17 2015, @05:28AM (#158749) Homepage Journal

          Elsewhere in these comments, I've theorised on the infection method having to support the file system (and encryption method) of any drive it infects to make sure it'll maintain integrity after the change in reported drive geometry. ZFS won't make any difference as far as detected the problem goes, but it's advanced features would certainly make it more of an engineering challenge to implement this malware on and it's not exactly the most used FS in the world - certainly as far as desktop systems go - so I'd certainly say a system booting from ZFS would be near the bottom of the list when considering likelihood of infection at a later date. Damnit Apple, why did you have to cancel ZFS support?

      • (Score: 2) by wantkitteh on Tuesday March 17 2015, @05:22AM

        by wantkitteh (3362) on Tuesday March 17 2015, @05:22AM (#158745) Homepage Journal

        If you consider how a piece of malware like this would actual infect a system, it's pretty obvious that the OS is booted and the encryption key has been entered prior to the HDD firmware being subverted. The malware that annexes this storage area will have to deal with adaptations to the file system to maintain system integrity. Given the level of sophistication in play here, I don't think it's too much to expect full-drive encryption techniques to be subjected to the same kind of integrity preservation techniques - there's a good chance this all would have been discovered earlier if infected systems with encrypted drives started falling over and dying for no reason.

    • (Score: 3, Insightful) by Gravis on Monday March 16 2015, @04:12PM

      by Gravis (4596) on Monday March 16 2015, @04:12PM (#158432)

      there is no need for the average joe to be concerned about an NSA RAT (Remote Administration Tool) ending up on your drive. i've read up on what Kaspersky has found and it seems hdd/ssd firmware hacks are only used for important targets, so for now, you should be more concerned about getting struck by a lightning bolt. unless you are in the middle-east to far-east, there is almost no chance of them going after your computer. the RATs Kaspersky has found are Windows programs, Mac OSX programs and PHP code injections. it seems terrorists are a very windows centric crowd, dont use windows.

      what the average joe should be concerned about is the NSA weakening encryption standards and closed source software. closed source software far more likely to have a built-in backdoors, security vulnerabilities and actually be malware. you should however avoid running PHP code on anything because PHP is a security nightmare. scripting in general is a security threat due to the possibility of injecting code but PHP takes the cake. open source doesn't have perfect security but at least with open source you can make a secure system.

      • (Score: 1, Insightful) by Anonymous Coward on Monday March 16 2015, @05:05PM

        by Anonymous Coward on Monday March 16 2015, @05:05PM (#158460)

        > so for now, you should be more concerned about getting struck by a lightning bolt.

        But now that the means has been exposed, its going to end up in a rootkit and pretty soon all of us will have to worry about it.
        That's the problem with the NSA - the best defense is not a good offense because a good offense teaches all the bad guys how to attack the weakest among us.
        Instead of exploiting this, they should have designed a fix for it and given it away to all disk manufacturers.

        > unless you are in the middle-east to far-east,

        In which case you should be more concerned about getting struck by a drone strike

        • (Score: 0) by Anonymous Coward on Wednesday March 18 2015, @03:59AM

          by Anonymous Coward on Wednesday March 18 2015, @03:59AM (#159187)

          +1 Insightful

      • (Score: 3, Insightful) by Anonymous Coward on Monday March 16 2015, @05:48PM

        by Anonymous Coward on Monday March 16 2015, @05:48PM (#158479)

        That is a very short sighted reaction you have there...

    • (Score: 0) by Anonymous Coward on Monday March 16 2015, @05:00PM

      by Anonymous Coward on Monday March 16 2015, @05:00PM (#158459)

      How do you intend to boot from a fully encrypted disk?

      The bootloader has to be in the clear, and that is were the firmware hack can insert its own code.

      • (Score: 0) by Anonymous Coward on Monday March 16 2015, @05:50PM

        by Anonymous Coward on Monday March 16 2015, @05:50PM (#158481)

        From a floppy disk... duh!

      • (Score: 2) by MichaelDavidCrawford on Monday March 16 2015, @10:14PM

        by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Monday March 16 2015, @10:14PM (#158604) Homepage Journal

        You would only need the HD for files that change.

        --
        Yes I Have No Bananas. [gofundme.com]
        • (Score: 0) by Anonymous Coward on Monday March 16 2015, @10:48PM

          by Anonymous Coward on Monday March 16 2015, @10:48PM (#158616)

          Do you think the firmware on a DVD drive can't be infected?

    • (Score: 3, Interesting) by wantkitteh on Tuesday March 17 2015, @03:07AM

      by wantkitteh (3362) on Tuesday March 17 2015, @03:07AM (#158706) Homepage Journal

      You misunderstand on a few levels here. Firstly, the firmware alters the reported geometry of the drive, portioning off a piece of the drive that no OS will even know exists. Without repairing the drive's firmware, it cannot be cleaned up under any circumstances because the drive doesn't even let on that this storage area even exists any more. Secondly, this is not an active attack vector - it's a secondary tool for creating persistent storage that will survive a nuke and pave, will never be subjected to inspection by any AV or security systems, and will only be accessed by other segments of the malware family.

      Imagine - every username and password combination ever entered on your laptop is squirreled away by this malware. Your admin does a nuke & pave prior to deploying a new OS image, oblivious to the fact the image is already compromised. The malware checks and finds this hidden storage area and already knows who the laptop is used by, what your username and password are, where you like to go for breakfast, what the last thing you bought from Amazon was....

  • (Score: 5, Informative) by GungnirSniper on Monday March 16 2015, @02:29PM

    by GungnirSniper (1671) on Monday March 16 2015, @02:29PM (#158369) Journal

    The US Postal Service scans and stores all To and From addresses, [consumerist.com] so it's not all that safer. They will eventually have the technology to read inside nearly everything without opening it. [usatoday.com]

    How much longer before tin foil hats are needed to keep them from scanning us for pre-crime?

    • (Score: 1, Insightful) by Anonymous Coward on Monday March 16 2015, @05:09PM

      by Anonymous Coward on Monday March 16 2015, @05:09PM (#158465)

      > They will eventually have the technology to read inside nearly everything without opening it.

      As that's the stereotypical case of an expectation of privacy, that's going to require a warrant. Not even a gray area on that one.

      > How much longer before tin foil hats are needed to keep them from scanning us for pre-crime?

      That is one giant leap to go from x-ray scanning text on paper to 'pre-crime' - like a crazy mad-libs level of logic.

      • (Score: 4, Interesting) by HiThere on Monday March 16 2015, @05:46PM

        by HiThere (866) on Monday March 16 2015, @05:46PM (#158476) Journal

        Legally you may have a point. In practice federal agents have intercepted and opened mails before now without a warrant. (Yes, it was in time of war, but that just means "sufficient political pressure".)

        And are you really willing to believe that if they were doing it for awhile before anyone found out about it, that those who committed the felony would be punished? How about those who induced it? These days (perhaps always, but the evidence is ambiguous) the government is only restrained by what they have the power to do, not by what they have the right to do. This is partially because the governmental system is systematically biased such that the only ones who achieve power are those who desire it to an unreasonable degree.

        --
        Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
        • (Score: 3, Interesting) by Ryuugami on Monday March 16 2015, @07:44PM

          by Ryuugami (2925) on Monday March 16 2015, @07:44PM (#158541)

          Yes, it was in time of war, but that just means "sufficient political pressure".

          Ah. War on Drugs, War on Terror, War on Copyright Infringement, War on the Neighbors Dog...

          --
          If a shit storm's on the horizon, it's good to know far enough ahead you can at least bring along an umbrella. - D.Weber
        • (Score: 0) by Anonymous Coward on Monday March 16 2015, @08:02PM

          by Anonymous Coward on Monday March 16 2015, @08:02PM (#158549)

          > In practice federal agents have intercepted and opened mails before now without a warrant.

          No. Not "in practice." In very rare and limited circumstances.

          And while I agree those circumstances are bullshit, to generalize from that to a standard practice is also a huge leap.

          Could we get a sense of proportion around here? Please?

          • (Score: 0) by Anonymous Coward on Wednesday March 18 2015, @04:05AM

            by Anonymous Coward on Wednesday March 18 2015, @04:05AM (#159190)

            Citation?

      • (Score: 2) by Anal Pumpernickel on Monday March 16 2015, @08:30PM

        by Anal Pumpernickel (776) on Monday March 16 2015, @08:30PM (#158562)

        As that's the stereotypical case of an expectation of privacy, that's going to require a warrant.

        The NSA's mass surveillance already violates the constitution. Do you honestly think they care?

        • (Score: 0) by Anonymous Coward on Tuesday March 17 2015, @12:22AM

          by Anonymous Coward on Tuesday March 17 2015, @12:22AM (#158655)

          Seems like they care very, very much.
          Else they wouldn't have gone to such great efforts to hide its existence and then to pretend it didn't violate the constitution.

          • (Score: 2) by Anal Pumpernickel on Tuesday March 17 2015, @01:22AM

            by Anal Pumpernickel (776) on Tuesday March 17 2015, @01:22AM (#158680)

            They don't care that they violate the constitution. They care about the outrage that may ensue once they're found out, and the fact that there will be lawsuits (that might fail).

            So what we get is a situation where they hide all their unconstitutional activities until we discover them somehow, and then maybe the courts tell them to stop in the unlikely event that they feel like stopping them from violating the constitution.

  • (Score: 1, Informative) by Anonymous Coward on Monday March 16 2015, @02:39PM

    by Anonymous Coward on Monday March 16 2015, @02:39PM (#158374)

    Where your neighbors will regularly get your mail and you get theirs. Same address for 15 years and USPS still won't compare the number on the house to the number on the mail. Absolutely not trusted and not dependable to deliver mail.

    • (Score: 2) by CoolHand on Monday March 16 2015, @03:29PM

      by CoolHand (438) on Monday March 16 2015, @03:29PM (#158412) Journal

      We got my ex-wife's mail the other day (to my address). I've been divorced for over fifteen years, and live over an hour away from her (and the town where she has always lived). Obviously some billing company deduced she must live at my house from some document where I was guarantor on our kid's medical bills or something, but one would think that USPS could use it's vast database for good and actually throw a red flag on that sort of thing.

      --
      Anyone who is capable of getting themselves made President should on no account be allowed to do the job-Douglas Adams
      • (Score: 0) by Anonymous Coward on Monday March 16 2015, @04:17PM

        by Anonymous Coward on Monday March 16 2015, @04:17PM (#158434)

        That's just the USPS doing their job and delivering mail to their destinations. However (and I'm not the original commenter) I've had all sorts of situations where I get my neighbor's mail and they get my mail. Happens quite often. The USPS is incompetent though, perhaps to their credit, it usually happens when a relief delivery person who's new is relieving the regular worker for whatever reason. and there were many instances where I sensed the regular USPS delivery person snooped in our mail as well (ie: opened confidential envelopes to see what's inside).

        but if they lose an important package, and it has happened to me more than once, don't expect them to compensate you for their mistakes or to even make a modest effort to recover your lost goods if you call them about it. I think their biggest problem is not the fact that they make mistakes, we all make mistakes, it's how poorly they handle those mistakes. They have an attitude, they don't make any effort to correct their mistakes or compensate you at all for them (they could offer you some free stamps or something), they act like they don't really care, etc... If this were a private business, with their poor customer service, they would have been out of business a very long time ago.

      • (Score: 1, Insightful) by Anonymous Coward on Monday March 16 2015, @05:19PM

        by Anonymous Coward on Monday March 16 2015, @05:19PM (#158467)

        Let me get this straight.

        You got mail addressed to a name other than yours, but delivered to the correct address on the envelope and you think the USPS should have delivered it to the "correct" address in another town based just on the name on the envelope?

        WTF the man? The chance of that ever working correctly, much less reliably, is about nil.

        If you want mail addressed to her at your house to be sent to her at her house, then explicitly file a change of address form with the USPS. For the first year they will forward it and after that they will just shitcan it. They will also tell all of their commercial rate shippers about the change of address.

        • (Score: 2) by CoolHand on Monday March 16 2015, @07:00PM

          by CoolHand (438) on Monday March 16 2015, @07:00PM (#158520) Journal

          But there is no change of address. She has never lived there. I know, historically, this is not something USPS has done (verifying legitimate recipients at their addresses). However, I'm just saying that it would be a nice "feature" to have an "authorized recipients" list, so I could stop getting junk mail delivered to my house from non-legitimate recipients. It just seems to me to be a simple way for USPS to increase their service level to help retain users in a digital world. I can easily reject non-legitimate email, so why not non-legitimate snail-mail?

          --
          Anyone who is capable of getting themselves made President should on no account be allowed to do the job-Douglas Adams
          • (Score: 1, Insightful) by Anonymous Coward on Monday March 16 2015, @08:08PM

            by Anonymous Coward on Monday March 16 2015, @08:08PM (#158551)

            > But there is no change of address.

            You want the USPS to keep track of who lives where?
            Because junk mail addressed to the wrong recipient is such a huge problem.

            You have soooo not thought this through.

            > I can easily reject non-legitimate email, so why not non-legitimate snail-mail?

            Because you can look INSIDE the mail and decide to reject it based on the content, not on the recipient.

    • (Score: 2, Touché) by Anonymous Coward on Monday March 16 2015, @06:57PM

      by Anonymous Coward on Monday March 16 2015, @06:57PM (#158519)

      Same address for 15 years and USPS still won't compare the number on the house to the number on the mail.

      Time for "Inverse Hanlon's Razor"! Have you ever considered that such a gross level of incompetence cannot but be by design? If all the mail carriers that have ever been on your route have done the same thing, not only design, but conspiracy! And I don't know if you can see this, but the one common factor here is, you! Are you rude to mailpersons? Are you rude to government employees in general? Are you opposed to public employee unions? Do you live in Wisconson and is your name "Scott Walker"? Do you bark and/or bite?

      If the answer to any of these questions is "yes", we may have identified the problem: it's you.

    • (Score: 2) by mendax on Monday March 16 2015, @07:20PM

      by mendax (2840) on Monday March 16 2015, @07:20PM (#158528)

      Absolutely not trusted and not dependable to deliver mail.

      Oh, I don't know about that. I write real letters to several correspondents every week, more or less. I've had very little trouble with my letters getting there or them getting to me. Because some of my correspondents are prisoners (I encourage everyone to write prisoners, BTW), I've had more trouble with prison authorities in getting my letters delivered than I've had with the U.S. mail. Having said that, the last letter I lost from a correspondent was due to my own disorganization. I cleaned my office and found an unopened letter that fell on the floor and got covered up with other crap.

      --
      It's really quite a simple choice: Life, Death, or Los Angeles.
    • (Score: 1) by darnkitten on Tuesday March 17 2015, @03:49PM

      by darnkitten (1912) on Tuesday March 17 2015, @03:49PM (#158919)

      Fedex and UPS are no better--at some point in the past 15 years, they switched my entire block from "Ruby Street" to "Ruby Road" in their database ("Ruby Road" is in the next town). We've tried everything from filing change-of-address forms (including with USPS) to physically going in to outlets, stores or drop points and attempting to correct them there. No one seems to have the ability to change the addresses back.

      It plays "merrie hell" with computer packing for deliveries--after a while the drivers just learn to hold out the block's worth of packages, (until they switch drivers or routes)--they aren't allowed to submit address corrections, though they have the direct knowledge.

      Not only that, the wrong addresses get into the commercial databases and my bank and others occasionally "correct" the address I've given them to match the incorrect one in the database-- my record shows that I've moved from "Ruby Street" to "Ruby Road" and back several times in the past decade while living in a single house.

  • (Score: 0) by Anonymous Coward on Monday March 16 2015, @02:40PM

    by Anonymous Coward on Monday March 16 2015, @02:40PM (#158375)

    We're going to have to rewrite the platform. Contractors don't do this for free, and yes the broken window fallacy applies. This is terrible.

    This may mean diverting money from defensive operations or even from some other agency like NASA, NOAA, or the NSF. Well that is probably a given anyway due to Snowden.

    • (Score: 2) by kaszz on Monday March 16 2015, @02:47PM

      by kaszz (4211) on Monday March 16 2015, @02:47PM (#158378) Journal

      Rewrite what platform? You have to explain further what you mean to make sense..

      • (Score: 1) by albert on Monday March 16 2015, @04:23PM

        by albert (276) on Monday March 16 2015, @04:23PM (#158437)

        Gee, not even reading the summary these days? The new 'operating system-like' platform which is a full espionage platform according to the summary.

        • (Score: 2) by kaszz on Monday March 16 2015, @09:56PM

          by kaszz (4211) on Monday March 16 2015, @09:56PM (#158594) Journal

          Why should we rewrite it?

          • (Score: 2) by fleg on Tuesday March 17 2015, @03:47AM

            by fleg (128) Subscriber Badge on Tuesday March 17 2015, @03:47AM (#158721)

            i think the OP was speaking as a member of the NSA.

            • (Score: 0) by Anonymous Coward on Wednesday March 18 2015, @04:13AM

              by Anonymous Coward on Wednesday March 18 2015, @04:13AM (#159193)

              Agreed.

  • (Score: 0) by Anonymous Coward on Monday March 16 2015, @02:54PM

    by Anonymous Coward on Monday March 16 2015, @02:54PM (#158383)

    Just hand deliver everything.

    • (Score: 2, Funny) by Anonymous Coward on Monday March 16 2015, @03:16PM

      by Anonymous Coward on Monday March 16 2015, @03:16PM (#158401)

      Dead drop encrypted micro sd cards. Never underestimate the bandwidth of a station wagon full of encrypted micro sd cards.

      • (Score: 2, Funny) by DECbot on Monday March 16 2015, @06:04PM

        by DECbot (832) on Monday March 16 2015, @06:04PM (#158489) Journal

        I see that you're carrying and few exobytes of data, may I see your ISP certification? That sort of bandwidth is reserved only for licensed ISPs. You have filled out your paperwork and submitted to the black box inspection, right? Sir, your papers please...

        --
        cats~$ sudo chown -R us /home/base
  • (Score: 2) by zafiro17 on Monday March 16 2015, @02:59PM

    by zafiro17 (234) on Monday March 16 2015, @02:59PM (#158388) Homepage

    ... but you realize of course the US Mail is probably being searched and quantified too. There's almost no escape. There has to be some other platform for communication, but what we're calling the Internet is starting to look a little long in the tooth. It smells like old milk.

    --
    Dad always thought laughter was the best medicine, which I guess is why several of us died of tuberculosis - Jack Handey
    • (Score: 0) by Anonymous Coward on Monday March 16 2015, @03:17PM

      by Anonymous Coward on Monday March 16 2015, @03:17PM (#158402)

      Fountain pens?

      If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.

      - Cardinal Richelieu

    • (Score: 3, Interesting) by Phoenix666 on Monday March 16 2015, @04:52PM

      by Phoenix666 (552) on Monday March 16 2015, @04:52PM (#158455) Journal

      Burning Ft Meade and Washington DC to the ground might help.

      --
      Washington DC delenda est.
    • (Score: 2) by mendax on Monday March 16 2015, @07:25PM

      by mendax (2840) on Monday March 16 2015, @07:25PM (#158533)

      Oh, it is to a point. Envelopes are photographed front and back. That's been going on for quite a while. But the technology to read what's in an envelope without opening it is a long way away. And there are low-tech ways of ensuring that an envelope is not opened without it being detected. Ever heard of Scotch tape? It cannot be removed without damaging the envelope in some way.

      --
      It's really quite a simple choice: Life, Death, or Los Angeles.
      • (Score: 2) by Geotti on Tuesday March 17 2015, @03:58AM

        by Geotti (1146) on Tuesday March 17 2015, @03:58AM (#158725) Journal

        Ever heard of Scotch tape? It cannot be removed without damaging the envelope in some way.

        Hope you're not betting too much money on that one. Temperature changes (heating/freezing) is one of the simpler solutions.

        • (Score: 2) by mendax on Tuesday March 17 2015, @04:52AM

          by mendax (2840) on Tuesday March 17 2015, @04:52AM (#158737)

          Well, I read about the use of scotch tape for that purpose in a book written by an MI5 spook about 30 years ago. Perhaps it depends upon the brand. I still have the book but I'm not likely to read it again any time soon.

          --
          It's really quite a simple choice: Life, Death, or Los Angeles.
        • (Score: 2) by wantkitteh on Tuesday March 17 2015, @05:05AM

          by wantkitteh (3362) on Tuesday March 17 2015, @05:05AM (#158741) Homepage Journal

          Something along these lines would be good: Label Lock [labellock.com]

  • (Score: 0) by Anonymous Coward on Monday March 16 2015, @03:02PM

    by Anonymous Coward on Monday March 16 2015, @03:02PM (#158391)

    Great place to start for my new security company.

    Using their own tools to protect the public against them.
    Good for penetration testing.

    • (Score: 0) by Anonymous Coward on Monday March 16 2015, @03:20PM

      by Anonymous Coward on Monday March 16 2015, @03:20PM (#158405)

      uggc://jjj.xrearyzbqr.vasb/sbehz/

      • (Score: 2) by kaszz on Monday March 16 2015, @03:30PM

        by kaszz (4211) on Monday March 16 2015, @03:30PM (#158413) Journal

        Dude, that's above export grade! Beware of all the black hel1copterz ;)

      • (Score: 2) by NotSanguine on Monday March 16 2015, @03:44PM

        uggc://jjj.xrearyzbqr.vasb/sbehz/

        That's too easy. When you use this method, you have to use *double* encryption or it just won't work!

        --
        No, no, you're not thinking; you're just being logical. --Niels Bohr
  • (Score: 2) by stormwyrm on Monday March 16 2015, @03:50PM

    by stormwyrm (717) on Monday March 16 2015, @03:50PM (#158421) Journal
    Maybe it's time to start using that deck of playing cards the way Neal Stephenson and Bruce Schneier showed us [schneier.com].
    --
    Numquam ponenda est pluralitas sine necessitate.
  • (Score: 0) by Anonymous Coward on Monday March 16 2015, @03:55PM

    by Anonymous Coward on Monday March 16 2015, @03:55PM (#158424)

    FTFA: "Sponsored Link: Take a free Trial of Microsoft Azure"

    • (Score: 2) by Ryuugami on Monday March 16 2015, @07:49PM

      by Ryuugami (2925) on Monday March 16 2015, @07:49PM (#158544)

      Well, I guess now we know what the platform in question is called :)

      --
      If a shit storm's on the horizon, it's good to know far enough ahead you can at least bring along an umbrella. - D.Weber
  • (Score: 4, Insightful) by Covalent on Monday March 16 2015, @04:25PM

    by Covalent (43) on Monday March 16 2015, @04:25PM (#158440) Journal

    Seriously, encryption is not perfect. There are flaws and back doors and problems. But if we had a critical mass of people encrypting everything they did, it would at least slow the NSA down. It's like civil disobedience: 100 people protesting in the streets about an injustice is an inconvenience. 100,000 people protesting in the streets about an injustice costs businesses time and money. Change usually follows.

    Until you can get a lot of people to change their behavior as a result of spying, the NSA will continue to wipe their asses with the 4th amendment.

    SO...encrypt everything. Not because you have something to hide, but because we have something to hide.

    --
    You can't rationally argue somebody out of a position they didn't rationally get into.
    • (Score: 0) by Anonymous Coward on Monday March 16 2015, @05:42PM

      by Anonymous Coward on Monday March 16 2015, @05:42PM (#158473)

      100,000 people protesting is also called an uprising and frequently (and rather successfully) countered with a military farce or martial law... just in order to protect 'democracy' and 'freedom'.
      Be prepared to be boarded citizen...

      • (Score: 2) by Ryuugami on Monday March 16 2015, @07:53PM

        by Ryuugami (2925) on Monday March 16 2015, @07:53PM (#158546)

        military farce

        Not sure if typo or intentional, but I like it.

        --
        If a shit storm's on the horizon, it's good to know far enough ahead you can at least bring along an umbrella. - D.Weber
    • (Score: 2) by kaszz on Monday March 16 2015, @10:14PM

      by kaszz (4211) on Monday March 16 2015, @10:14PM (#158605) Journal

      Encrypt feature movies and cat video with serious encryption and the mass will follow. Don't forget the social media site thing..

    • (Score: 0) by Anonymous Coward on Wednesday March 18 2015, @04:33AM

      by Anonymous Coward on Wednesday March 18 2015, @04:33AM (#159203)

      > SO...encrypt everything. Not because you have something to hide, but because we have something to hide.

      er, SO...encrypt everything. Not because you have something to hide... ...because it never evens gets to the point of that question being right to ask. ...because they don't have the right since we didn't each individually give it to them first. ...because mass surveillance is wrong in principle. ...

      FTFY.

  • (Score: 1, Interesting) by Anonymous Coward on Monday March 16 2015, @08:41PM

    by Anonymous Coward on Monday March 16 2015, @08:41PM (#158565)

    http://soylentnews.org/article.pl?sid=15/03/12/088223 [soylentnews.org]

    This just removes the Ars level of clickbait that they had added in. It eventually links to the exact same story.

    The article is interesting. However, it should have been linked into the original one.

    • (Score: 2) by wantkitteh on Tuesday March 17 2015, @03:11AM

      by wantkitteh (3362) on Tuesday March 17 2015, @03:11AM (#158707) Homepage Journal

      I posted the original story, I don't read El Reg - too childish, reading that site for any length of time just tires me. And don't get me started about Orlowski...