SoylentNews is people
SoylentNews
On Monday, The Washington Post reported one of the most stunning breaches of security ever. A former NSA contractor, the paper said, stole more than 50 terabytes of highly sensitive data. According to one source, that includes more than 75 percent of the hacking tools belonging to the Tailored Access Operations. TAO is an elite hacking unit that develops and deploys some of the world's most sophisticated software exploits.
Attorneys representing Harold T. Martin III have previously portrayed the former NSA contractor as a patriot who took NSA materials home so that he could become better at his job. Meanwhile, investigators who have combed through his home in Glen Burnie, Maryland, remain concerned that he passed the weaponized hacking tools to enemies. The theft came to light during the investigation of a series of NSA-developed exploits that were mysteriously published online by a group calling itself Shadow Brokers.
[...] An unnamed US official told the paper that Martin allegedly hoarded more than 75 percent of the TAO's library of hacking tools. It's hard to envision a scenario under which a theft of that much classified material by a single individual would be possible.
Source:
(Score: 0) by Anonymous Coward on Tuesday February 07 2017, @03:58PM
Circle of trust, right? See that whole thing about making sure users only have rights and accesses they need and not sharing logins and passwords.... that applies only to everyone else. To the authorities that are supposed to be security - they don't have to obey the same plebian rules, since they have to get things done.
(Score: 4, Informative) by driverless on Wednesday February 08 2017, @01:49AM
Didn't we do this one a couple of months ago? The govt is telling us that he may possibly have stolen XYZ, allegedly killed Jimmy Hoffa, and is rumoured to have caused the GFC. If you look at what he actually, provably did, it's that he took some stuff home that he shouldn't have while in all other aspects being a patriotic citizen. Since it looks like the govt is going to have a tough time throwing the book at him as they'd like to, every month or two we get another planted story telling us that he's secretly Doctor Doom, Lex Luthor, and Galactus rolled into one. With all claims prefixed by "allegedly", "apparently", and "may have", sourced to "unnamed officials".
(Score: 5, Insightful) by Anonymous Coward on Tuesday February 07 2017, @04:04PM
This is a real life example of why backdoored encryption is VERY bad idea.
Imagine they had mandated by law that everyone had to use backdoored encryption. The NSA would likely be one of the parties with the master key. Imagine this guy had sold that master key. Now anyone can use the government access to decrypt anything encrypted by law abiding citizens.
(Score: 2) by dyingtolive on Tuesday February 07 2017, @04:15PM
The teenage-nihilist-in-his-thirties part of me that just wants to watch the world burn would be okay with that, actually.
The slightly more mature part of me cringes at the idea though.
Don't blame me, I voted for moose wang!
(Score: 2) by istartedi on Tuesday February 07 2017, @08:35PM
That's because teenage nihilists usually have a negative net worth. Mature adults
usually have some assets.
Appended to the end of comments you post. Max: 120 chars.
(Score: 3, Interesting) by bob_super on Tuesday February 07 2017, @09:44PM
Isn't it wonderful how people are tamed by the idea that they have something to lose (tangible or not)?
(Score: 3, Interesting) by edIII on Tuesday February 07 2017, @09:49PM
Assets are not what make you beholding and slaved to those above.
You were speaking about DEBT.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1) by istartedi on Wednesday February 08 2017, @12:43AM
Huh? First, I didn't mean to imply that assets make you "beholding
and slaved to those above". I see how you might infer that though--people
who have something to lose are "invested in the system". If the country
"goes sour" they may look at what the alternatives are and feel trapped.
Debt is literally the exact opposite of what I said; but I think I can see
how you might have made that inference also--some people have illusory
assets like a house that they actually owe a lot of money on. I think it's hyperbolic
and diminishing the problem of real slaves to use the word "slavery" outright;
but the phrase "debt slave" and "wage slave" is what you're talking about
and it's a real thing.
That's not what I was talking about though. If you have no assets recorded
in a database, if you're living paycheck-to-paycheck or heavily in debt then "watching
it all burn" is appealing. Your debts would be wiped out. OTOH, if you have assets
recorded in databases, then you want those databases to be secure. I wasn't speaking
so much to the social issues of how we feel about the economic system, more to
the consequences of losing data integrity to those at different positions within that system.
Appended to the end of comments you post. Max: 120 chars.
(Score: 0) by Anonymous Coward on Wednesday February 08 2017, @03:57AM
ediii doesn't care what you meant
your words triggered him
so he had to get his generic rant out
(Score: 2) by sgleysti on Tuesday February 07 2017, @06:28PM
This sounds like the plot for a science fiction novel. Does anyone know if such a novel has been written? I would gladly buy a (used) copy.
(Score: 0) by Anonymous Coward on Tuesday February 07 2017, @06:29PM
That is why physical access to the backdoor is requiered. (Device in hand)
Backdoooring thru the internet is bad ... unless the "internet" is proprietary network
extending into your bedroom, toilet ... like maybe those dead-end networks with a
gazillion users (your big enduser serving isps) ... then you are using
"their" device anway ... or rather renting it
(Score: 5, Insightful) by Grishnakh on Tuesday February 07 2017, @04:30PM
This guy never stole any hacking tools. I am 100% sure that the NSA still has all their hacking tools, and has not lost use of them whatsoever. If this guy did indeed make unauthorized copies as alleged, that's all he did: he made copies. The tools are still there.
Unauthorized copying is not stealing, no matter how much some people try to insist that it is. This will never change.
(Score: 0) by Anonymous Coward on Tuesday February 07 2017, @05:19PM
You're playing football on a baseball field.
The problem isn't about piracy. The problem is what the recipient can do with that copy. The right people will be able to reverse engineer how the tools work to circumvent security systems.
(Score: 0) by Anonymous Coward on Tuesday February 07 2017, @05:30PM
reverse engineer what? the tools are INTENDED to circumvent security systems. do you need to "reverse engineer" winamp to listen to an mp3?
(Score: 2, Funny) by Anonymous Coward on Tuesday February 07 2017, @05:46PM
If your copy of winamp came from the NSA, and you're listening to 'DJ Ayatollah - Death to the Great Satan America.mp3' on endless repeat, you might want to be very, very careful about it phoning home.
(Score: 0) by Anonymous Coward on Tuesday February 07 2017, @07:09PM
Dr. Phil!
(Score: 0) by Anonymous Coward on Tuesday February 07 2017, @06:03PM
Well, it is a stolen copy- how about that. You use copy as a noun, but the contractor copied as a verb: he 'duplicated' things. NSA contractors are not to take things out of the office. So any exact copy now residing anywhere the original is not- is theft. Theft of a copy at least.
How about Identity Theft. Is not the original person still walking around, whilst ill-doers act up in their name?
If I duplicated your entire home, family members, bank accounts, memories, and did with them as I will... would you not consider mimicking & tarnishing of your life the 'theft' of your life? Or would you just shrug and say "well that's not the real me".
It's because OF the copied item's capabilities & 'brand association' that it's mere existence is defined by the word STOLEN. A stolen copy.
(Score: 4, Touché) by Grishnakh on Tuesday February 07 2017, @08:44PM
Hey, if you can figure out how to make a duplicate of my bank account, and then spend that money, while my own bank account is unchanged, let me know. I wouldn't be upset about that at all.
And if you can figure out how to duplicate family members, that'd be a real feat too. I wonder if my girlfriend would mind if I had a duplicate of her? A duplicate of myself would be great too: I have more projects than I have time to complete. Two of me could get more stuff done around the house (and keep the girlfriend and her clone satisfied as well...).
(Score: 1, Touché) by Anonymous Coward on Tuesday February 07 2017, @06:07PM
I'm often stuck looking for an everyday example of someone being pedantic. Usually I have to refer to people who insisted that 2001 was the start of the millennium. Now I can also use this narrow-minded view of the word steal. But, keep in mind that, historically, when absolutely everyone uses a word to mean a thing the word didn't originally mean, the word meaning changes. No one throws the pedants a party for being right.
And if you're going to rely on a dictionary definition for your argument, make sure it's true for all cases. According to Merriam-Webster, this can still be defined as stealing:
https://www.merriam-webster.com/dictionary/steal [merriam-webster.com]
Definition of steal
stoleplay \ˈstōl\; stolenplay \ˈstō-lən\; stealing
...
transitive verb
...
2c : to take surreptitiously or without permission (steal a kiss)
...
(Score: 1, Flamebait) by Arik on Tuesday February 07 2017, @08:01PM
If laughter is the best medicine, who are the best doctors?
(Score: 0, Insightful) by Anonymous Coward on Tuesday February 07 2017, @09:46PM
If you're asserting that precision and common sense are mutually exclusive, then I disagree with your premise. My comment was that one can focus on a facet of word meaning unnecessarily, and miss the entire point of an (attempted) discussion.
I am willing to risk the theoretical (but vanishingly small) possibility of a world where communication accidentally becomes impossible as you describe, rather than embrace people who intentionally choose to prevent communication. Particularly those who lord such obstinacy as "intelligence". In fact, there's a word to describe precisely that: https://www.merriam-webster.com/dictionary/pedant [merriam-webster.com]
Definition of pedant
...
2b : one who is unimaginative or who unduly emphasizes minutiae in the presentation or use of knowledge
(Score: 2, Insightful) by Anonymous Coward on Tuesday February 07 2017, @07:16PM
Actually he did. You have to think "outside the box". "Stole" is a different concept here. If you own a specialized software tool and its IP, you're the only one who has it and has the power to do whatever you need done with it. If someone copies it, they too now have that power.
The problem is not the software being copied- it's the theft of the unique power it gives.
(Score: 3, Funny) by istartedi on Tuesday February 07 2017, @08:41PM
Next to a tombstone in the rhetorical grave yard, the soil stirs. An eerie shiver runs down your spine. A cold wind blows. With a moan of desolation the black dirt over the grave cracks open and the gnarled hand of this semantic ghoul rises. Like a snake it darts for your ankles, coils, and grabs. It threatens to pull you in. You whack it with a shovel and run like hell.
Appended to the end of comments you post. Max: 120 chars.
(Score: 1, Informative) by Anonymous Coward on Tuesday February 07 2017, @11:30PM
Unauthorized copying is not stealing, no matter how much some people try to insist that it is.
Okay, so I thought you were wrong in this specific case, but actually you (and I, for that matter) are wrong in the general case. Even unauthorized copying movies is "stealing":
(transitive) To take illegally, or without the owner's permission, something owned by someone else. [wiktionary.org] Did he take it? Yes. Did he have the owner's permission? No.
To take or appropriate without right or leave and with intent to keep or make use of wrongfully [merriam-webster.com]. Did he take it? Yes. Did he intend to keep or make use of it wrongfully? Yes.
You are probably trying to argue that it isn't theft [merriam-webster.com] or larceny [merriam-webster.com]. This is a much stronger case (although I'd argue by definition of a secret, it loses value if it's well known so in his particular case it still is larceny). However, no matter how you look at it, he did steal.
(Score: 1, Insightful) by Anonymous Coward on Tuesday February 07 2017, @07:12PM
Spies ... even less competent than the rest of the government, because there's no oversight.
(Score: 0) by Anonymous Coward on Wednesday February 08 2017, @04:34AM
Maybe its not them, maybe its management like every other industry. Them MBAs sure like to outsource and sub-contract out! Accountability Ninja 101...
(Score: 4, Insightful) by donkeyhotay on Tuesday February 07 2017, @07:44PM
"NSA contractor".
And there you have it. If the data and software is so super sensitive, why are you using contractors?
(Score: 2) by Grishnakh on Tuesday February 07 2017, @08:47PM
Because the federal government hiring and employment system is so broken. If they only allowed federal employees to do the work, they wouldn't be allowed to pay them anywhere near what the private sector pays, so either the jobs would go unfilled, or they'd have to hire incompetents. So they contract it out, and contractors do it for normal (for the industry/job) salaries while some contracting company gets a big cut on top for doing almost nothing.
There appears to be no way to fix this problem.
(Score: 2) by c0lo on Wednesday February 08 2017, @03:59AM
Suggestion: close down NSA, all its problem solved.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by Grishnakh on Wednesday February 08 2017, @03:25PM
WTF? This is the stupidest post I've seen all day. The problem I'm talking about is Federal hiring, not the NSA. The Federal hiring problem spans the entire government. Closing the NSA, or any agency, isn't going to magically make the Federal government adopt sensible hiring and personnel-management practices. It's a problem endemic to the government, and government in general as it's not just the US federal government, it's state and local governments too and foreign ones as well.
(Score: 0) by Anonymous Coward on Wednesday February 08 2017, @11:55PM
Oh, wow. The US govt is the model for the entire world, eh? I wonder how other countries are dealing with it?
(Score: 0) by Anonymous Coward on Wednesday February 08 2017, @03:52AM
And there you have it. If the data and software is so super sensitive, why are you using contractors?
Because, when it comes to trustworthiness, there is functionally no difference.
They all get the same background checks through the same agency.
You are indulging in a correspondence bias. [wikipedia.org]
There are a lot of contractors in government work, so it is unsurprising that the handful that have been caught doing something naughty were contractors.
Let's say there are 1,000 contractors working for the NSA (a very conservative guess) and 2 or 3 (Snowden, this guy and one more for good measure) have walked out with secrets. That leaves 997 who have not, or 99.7% who have obeyed the rules as much as any NSA employee. Furthermore there have been employees like Robert Stephan Lipka [cnn.com] who have done worse.
(Score: 2) by esperto123 on Tuesday February 07 2017, @08:03PM
Because it was not theft, it was a copy! He didn't remove a single item, so nobody could had notice something missing, and unless you monitor every packet in your local network, someone with high privilage access can copy anything at anytime and get away.
(Score: 3, Informative) by butthurt on Tuesday February 07 2017, @08:24PM
He didn't remove a single item [...]
According to the article, a prosecutor is alleging that he did:
Myers said Martin took “many thousands of pages” of classified material as well as 50 terabytes of digital data, much of which has “special handling caveats.”
Of course it's not proven.
(Score: 3, Interesting) by Yog-Yogguth on Wednesday February 08 2017, @01:21AM
Anyone else have the gut feeling that this guy is only being used as a scapegoat/excuse, or nothing but a plain diversion, or some kind of honey trap?
Poor guy if he's telling the truth (being stupid is really easy, but that said this guy was hoarding stupid), or maybe a very lucky guy if he's a scapegoat with a deal where his maximum security isolation takes place on some lovely tropical island, babes, drink, and all expenses included :3
If that wasn't enough this is from WaPo/BezoPress which is funded by the CIA (adds a whole new layer with the potential NSA CIA rivalry/war), the dead tree equivalent of CNN which means it's not to be trusted, and it's reporting about the NSA, which specializes in spying and deception by technical means and shouldn't really have been trusted even before Snowden revealed that they're incredibly untrustworthy and which is one of many (all?) organizations that is not to be trusted either even if they say the sky is blue and you've checked and the sky where you are actually happens to be blue right when they said it (and it's never the same color everywhere at the same time...).
By this point I get the feeling as if I had accidentally and unobtrusively without noticing read a +2 Blessed Spellbook of Levitation since it all feels so incredibly airy and soft and there's so little "there" actually there anywhere :)
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))