A TOP-SECRET document dated February 2011 reveals that British spy agency GCHQ, with the knowledge and apparent cooperation of the NSA, acquired the capability to covertly exploit security vulnerabilities in 13 different models of firewalls made by Juniper Networks, a leading provider of networking and Internet security gear.
The six-page document, titled “Assessment of Intelligence Opportunity – Juniper,” raises questions about whether the intelligence agencies were responsible for or culpable in the creation of security holes disclosed by Juniper last week. While it does not establish a certain link between GCHQ, NSA, and the Juniper hacks, it does make clear that, like the unidentified parties behind those hacks, the agencies found ways to penetrate the “NetScreen” line of security products, which help companies create online firewalls and virtual private networks, or VPNs. It further indicates that, also like the hackers, GCHQ’s capabilities clustered around an operating system called “ScreenOS,” which powers only a subset of products sold by Juniper, including the NetScreen line. Juniper’s other products, which include high-volume Internet routers, run a different operating system called JUNOS.
The possibility of links between the security holes and the intelligence agencies is particularly important given an ongoing debate in the U.S. and the U.K. over whether governments should have backdoors allowing access to encrypted data. Cryptographers and security researchers have raised the possibility that one of the newly discovered Juniper vulnerabilities stemmed from an encryption backdoor engineered by the NSA and co-opted by someone else. Meanwhile, U.S. officials are reviewing how the Juniper hacks could affect their own networks, putting them in the awkward position of scrambling to shore up their own encryption even as they criticize the growing use of encryption by others.
The headquarters of Juniper Networks in Sunnyvale, Calif., on Jan. 1, 2014.
Photo: Kris Tripplaar/Sipa USA/AP
“The threat comes from Juniper’s investment and emphasis on being a security leader,” the document says. “If the SIGINT community falls behind, it might take years to regain a Juniper firewall or router access capability if Juniper continues to rapidly increase their security.”
The document, provided by NSA whistleblower Edward Snowden, shines light on the agencies’ secret efforts to ensure they could monitor information as it flowed through Juniper’s products, which are used by Internet providers, banks, universities, and government agencies. It notes that while Juniper trails its competitors, it is a “technology leader” with gear “at the core of the Internet in many countries,” including several deemed to be high priority from a spying perspective: Pakistan, Yemen, and China.
“Juniper technology sharing with NSA improved dramatically to exploit several target networks”
Asked about the document, GCHQ issued a boilerplate response asserting that the agency does not comment on intelligence matters and complies with “a strict legal and policy framework.” The NSA could not immediately respond Tuesday. Juniper sent a written statement saying the company “operates with the highest of ethical standards, and is committed to maintaining the integrity, security, and quality of our products. As we’ve stated previously … it is against established Juniper policy to intentionally include ‘backdoors’ that would potentially compromise our products or put our customers at risk. Moreover, it is Juniper policy not to work with others to introduce vulnerabilities into our products.”
Juniper’s prominence and ubiquity similarly helped draw attention to the more recent hacks against the company, which first came to light Thursday, when the California firm revealed it had discovered “unauthorized code” in ScreenOS enabling two major vulnerabilities. One, first present in an August 2012 release of ScreenOS, could allow access to encrypted data transmitted over VPNs. The other, first surfacing in a December 2014 ScreenOS release, allows an attacker to remotely administer a firewall, thus leading to “complete compromise of the affected device,” according to Juniper. The vulnerabilities remained in versions of ScreenOS released through at least October of this year.
It is the earlier vulnerability, potentially allowing eavesdropping on VPNs, that has generated vigorous online discussion among computer security experts. Some, like Johns Hopkins professor Matthew Green and security researcher Ralf-Philipp Weinmann, have said that an attacker appears to have subverted a backdoor shown, in previously disclosed documents from Snowden, to have originated with the NSA. Specifically, the attacker seems to have tampered with a 32-byte value used to seed the generation of random numbers, numbers that are in turn used in the process of encrypting data in ScreenOS. ScreenOS uses the value as a parameter to a standard system for random number generation known as Dual Elliptic Curve Deterministic Random Bit Generator. The default 32-byte value in this standard is believed to have been generated by the NSA. Juniper said, in the wake of the Snowden revelations about the standard, that it had replaced this 32-byte value with its own “self-generated basis points.” So the attacker would have replaced Juniper’s replacement of the NSA 32-byte value.
Matt Blaze, a cryptographic researcher and director of the Distributed Systems Lab at the University of Pennsylvania, said the document contains clues that indicate the 2011 capabilities against Juniper are not connected to the recently discovered vulnerabilities. The 2011 assessment notes that “some reverse engineering may be required depending on firmware revisions” affecting targeted NetScreen firewall models. Blaze said this points away from the sort of ScreenOS compromise behind the more recent Juniper vulnerabilities.
“With the [recently discovered] backdoor, a firmware revision would either have the backdoor or it wouldn’t, and if it was removed, they’d have to do a lot more than ‘some reverse engineering’ to recover the capability,” Blaze said. “My guess from reading this is that the capabilities discussed here involved exploiting bugs and maybe supply chain attacks, rather than this [recently discovered] backdoor.”
Blaze said the exploit capabilities in the 2011 document seem consistent with a program called “FEEDTROUGH,” first revealed in a 2007 document published alongside an article in German newsweekly Der Spiegel.
Even if it outlines capabilities unconnected to the recently discovered Juniper hacks, the 2011 GCHQ assessment makes clear that the author was interested in expanding the agencies’ capabilities against Juniper. “The vast majority of current Juniper exploits are against firewalls running the ScreenOS operating system,” the author wrote. “An effort to ensure exploitation capability” against Juniper’s primary operating system, JUNOS, “should bear fruit against a wide range of Juniper products.”
The document suggests that the intelligence agencies successfully used the security holes they identified in Juniper’s devices to repeatedly penetrate them for surveillance, stating that “Juniper technology sharing with NSA improved dramatically during [calendar year] 2010 to exploit several target networks where GCHQ had access primacy.”
The assessment also notes that, because Juniper is a U.S.-based company, there is both “opportunity and complication” in targeting its technology. “There is potential to leverage a corporate relationship should one exist with NSA,” it says, adding: “Any GCHQ efforts to exploit Juniper must begin with close coordination with NSA.”
It further states that GCHQ has a “current exploit capability” against 13 Juniper models, all of which run ScreenOS: NS5gt, N25, NS50, NS500, NS204, NS208, NS5200, NS5000, SSG5, SSG20, SSG140, ISG 1000, ISG 2000. It reveals that the agency was developing an additional surveillance capability to hack into high-capacity Juniper M320 routers, which were designed to be used by Internet service providers.
“The ability to exploit Juniper servers and firewalls,” the document says, “will pay many dividends over the years.”
“In a year-long study, The Washington Post found that the kind of incidents that have ignited protests in many U.S. communities — most often, white police officers killing unarmed black men — represent less than 4 percent of fatal police shootings.”
http://www.washingtonpost.com/sf/investigative/2015/12/26/a-year-of-reckoning-police-fatally-shoot-nearly-1000/
Hmm, imagine that. Now maybe Juan can write a one-sided piece about the other 96%…
A patriotic pseudonym pretending institutionalized racism doesn’t exist and sporting particular prejudice against JT on its sleeve, everywhere it goes. Hmmm, imagine that.
No, it’s more of a gay slur, Ms. nfjtakfa…
And, they (establishment Democrats and Republicans) call Trump a fascist (and maybe so if taking his words at face value) when they are the actual fascists (where corporate/state merge) like in the case of NSA and Corporate IT companies.
Glenn and everybody, a sidebar story: Bowe Bergdahl’s attorney is alleging his court-martial is going forward because of political pressure. While the decision by command authority to convene a court-martial is at the option of the chain of command, it’s supposed to be an objective process, but, as those of us who follow Chelsea Manning’s case, it seems prone to tampering. In this case, from Congress, although last I looked the command chain answered to the Commander in Chief.
It’s especially remarkable when compared to other cases arising in the theater of war.
http://www.democracynow.org/2015/12/24/top_military_lawyer_army_bowed_to
Hey, have any of you lawyerly-types here have a chance to watch “Making a Murderer” yet on Netflix? I’d like to hear some opinions on what was presented, and the outcome.
(I know it’s about a poor white male getting screwed by ‘The Man’, and many of you will have no interest because of that irrelevancy in today’s uber-liberal-only concerns, but ‘justice for all’ still maters, doesn’t it?)
Try reading “The Count of Monte Cristo” or :Les Miserables or Joan of Arc this has been going on for a long long time.I am not a lawyer my take is his lawyers (when he got out the first time) did not realize how dangerous it is to rock that very fragile public trust of the police and Justice system.The whole system could collapse very easily and quickly(as there are many,many people who already know and critical mass is anyones guess)The Justice system could not and would not allow this.Allowing those vile vile people with too many secrets to be brought down was not going to happen and to be proven bastards a second time NEVER.
@Benito
wasn’t that the argument against gays in the military?
Makes one wonder what percentage of government purchased Juniper routers run JUNOS versus the intentionally more vulnerable ScreenOS?
And maybe, because of Big Brother, firewalls in general should now be renamed something more accurate like – glory holes.
Great article, Good People!
And of course, this always begs the question, for what purposes?
To date, the incredibly perverted strategy of the USA in the Middle East is to aid the Sunni extremists — this Christmas of 2015, the major outfit protecting Christians and Jews in Syria and Lebanon is the Hezbollah? Yup, the Hezbollah!
While the Amerikan gov’t supports the head-choppers of Saudi Arabia in Yemen, and with ISIS or ISIL, and the Sunni extremists against Assad (worked just fine when Carter and Reagan did it in Afghanistan, didn’t it — how many secularists were murdered there, thanks to Amerikan support???)!
Do not agree with the pro-Wahabist and pro-Salafist (Sunni extremists) support of present and past Amerikan administrations — completely perverted and anti-American!
Time to bring this muther down!
uk_naziland; this is where usa learned its dirty tricks from …after all!
Fucking the ‘system’ is all about profits for the elite & death-culture for the citizens or willing victims in wars for the pomp & ceramony of the crying rich people. Who aferwards sip fizz on the beach decrying the enemy that their hands have created to kill british troops abroad. It’s all one massive cluster fuck & too know the truth is a real burden.
Do the math – NSA has moles in JNPR CSCO etc What about the “unknown unknown” backdoors – to use a Rumsfeldian term. Same goes for CURRENT CIA prisons that are dkdk.
Hi guys!
Please help me understand the problem here.
We help the Brits all the time, and they also help us most of the time, except on that one solitary occasion that their parliament refused to help us bomb Syrian folks. But given our magnanimity, I don’t see any great problems helping the Brits, the Cannucks, the Aussies and the Kiwis in stuff they are themselves incapable of doing. We have the same relationship with those folks that the Saudis have over the Muslim world – Leaders! Sometimes we even help the Nazis, but that’s becoming a problem these days. So this kind of altruism is not something new to us. Please explain the problem here, or else I cannot appreciate your concern regarding what you have tried to convey by this article.
“We have the same relationship with those folks that the Saudis have over the Muslim world – Leaders!”
——–
Anti Saudi sentiments in the Muslim world have grown leaps and bounds over the years.
All Leaders are facing the same problem. This is one of the job hazards of leading, and that’s the primary reasons we have to keep listening to what the people are saying.
Hopefully it will subside soon, inshalla.
Merry Christmas.
My assessment is that the anti Saudi sentiments are deep and will last a long time.
Merry Christmas to you and your loved ones.
Yes, I agree with your assessment. It was uncharacteristic of the Pakis and the Indonesians to openly declare that they were not informed about being included in moderately good Team Saudi that was declared to fight the moderately bad terrorists. This defiance is without precedence and is an embarrassment for the entire Muslim fraternity, whether moderate or not. The low price of crude oil maybe to blame. We have also seen our side of the story when earlier the Brits voted to keep out of the Syrian bombing plan, but now they have fallen in line.
You forgot the Jews:
“NSA shares raw intelligence including Americans’ data with Israel”
Secret deal places no legal limits on use of data by Israelis
• Only official US government communications protected
• Agency insists it complies with rules governing privacy
• Read the NSA and Israel’s ‘memorandum of understanding’
http://www.theguardian.com/world/2013/sep/11/nsa-americans-personal-data-israel-documents
Well, if we can share all our personal data with the North Koreans and the Chinese folks, then what’s the problem sharing it with a few Jews?
Because the Chinese and North Koreans are not helping al-Qaeda and ISIS/Daesh terrorists, while the Israeli government, IDF and Israeli intelligence are:
Jerusalem Post via United Nations (December 2014)
Source:
? http://www.jpost.com/Middle-East/New-UN-report-reveals-collaboration-between-Israel-and-Syrian-rebels-383926
Highlights:
? http://s4.postimg.org/f0h5ep531/The_Intercept_JPOST_Highlights_Screen_Capture_1.png
Jerusalem Post via Wall Street Journal (March 2015)
Source:
? http://jpost.com/Middle-East/Report-Israel-treating-al-Qaida-fighters-wounded-in-Syria-civil-war-393862
Highlights:
? http://s4.postimg.org/ytt97eigt/The_Intercept_JPOST_Highlights_Screen_Capture_2.png
Daily Mail Online Embedded (December 2015)
Source:
? http://www.dailymail.co.uk/news/article-3315347/Watch-heart-pounding-moment-Israeli-commandos-save-Islamic-militants-Syrian-warzone-risking-lives-sworn-enemies.html
Highlights:
? Too many quotables to fit into Twitter-sized 1024×512 graphic, like the JPost graphics linked above
Jews are good people. Can’t say that about Koreans and Chinese.
Like us, the Jews are only helping the moderately good terrorists and not the really bad ones. Right now the good terrorists have all taken a break to distribute goodies dressed as Santa.
The ? before each link should have shown up as right-pointed triangular shaped arrows, like this:
http://s27.postimg.org/b0j1uy9yr/The_Intercept_Triangular_Shaped_Arrow.png
Down your nose.
Putting a bad cop in prison protects citizens for the six minutes it takes to hire another one. Then what?
Look farther.
ScreenOS is low-hanging fruit, imho. The real prize is JUNOS. It powers everything relevant to Juniper’s portfolio, whereas ScreenOS and the SSG/ISG lines it powers is being left to die on the vine. From a network engineering perspective, it’s the right move, as JUNOS is far superior a networking OS than ScreenOS ever was.
The problem is that there is so much SSG and ISG still out there in the wild, and orgs keep buying it, so Juniper is foolish to not sell it. In fact, the SRX line, intended to replace the SSG/ISG lines, was a flop on first introduction to the market years ago, further reinforcing SSG owners that their stuff was the right stuff. Years later SRX is a wonderful product line, SSG has gone nowhere, and governments are hacking it to bits.
The problem is really the market… it needs to get off the old stuff. Maybe this will serve as a wake-up call.
Cisco appliances are NSA friendly out of the box.
Yeah, NSA-friendly companies seem to be spared from criticism
Oracle’ Larry Ellison has been even boasting about the NSA using them as their favorite DBMS (which I doubt)
RCL
I don’t doubt it, for one reason: If you take into account the expense of licensing Oracle DB products, and take into account the habit at both the federal and state level of going with the most expensive solution possible just so that they can ask for (and get) more the following fiscal year, then it makes sense that NSA would have went with Oracle. Of course, they could have just as easily adapted PostgreSQL to their needs, though to what degree?
At the same time though, it would be also just as unsurprising if the NSA contracted the development of their DB system-software privately, particularly through a 3rd party contract handled by In-Q-Tel (https://en.wikipedia.org/wiki/In-Q-Tel), or one of the other vendors that work exclusively with the IC.
It appears GCHQ/NSA have been busy as elves … but Santa’s VPN knows if they’ve been naughty or nice.
The GCHQ and NSA don’t report to elected officials – many of those have stated they are kept in the dark about surveillance programs. But of course, some secretive entity is overseeing and directing the spying agencies. Maybe it’s Santa Claus.
His disregard of the Fourth Amendment is legendary – he surreptitiously breaks into private residences and, so far as I know, has never produced a single warrant. So I doubt that he would balk at unauthorized access to your computer, at least not on constitutional grounds.
It’s not as if he even attempts to hide his surveillance activities. He circulates propaganda jingles claiming that “He sees you when you’re sleeping. He knows when you’re awake. He knows if you’ve been bad or good…”
But I don’t have any definitive proof. So I’m appealing to anybody who does, to step forward as a whistleblower.
Cool!
Finally, surveillance that doesn’t impact the Muslims.
Could be a problem with the whistleblowers.
The last one ended up in the land of ice and snow learning how to spell tundra in Russian.
Rumour has it Santa has a special built “hut” for the next.
Santa runs a protection racket and they should get him on Rico but all the witnesses clam up omerta style, nothing sticks, its like he has the goods on all the right people.
The loyal and ancient order of elfs have always been suss and the devil only knows what the Fat Man and the green ones talk about.
Interesting note : no elf has ever given evidence except in the Reindeer V Reindeer case. Jest cant wait for the time limit to run down on that sealed section.
SecureDrop @ benitoe *SANTA, TOP SECRET STRAP1
[redacted] … “so be good for goodness sakes”!
*SANTA, TOP SECRET STRAP1
Yes, I have long noted that Santa Claus is a front for conditioning the populace to accept overt surveillance with punishment and rewards for approved behaviour. And a Merry Christmas to you and to all a good night.
quote”But I don’t have any definitive proof. So I’m appealing to anybody who does, to step forward as a whistleblower.”unquote
When a child discovers Santa Claus doesn’t exist, and later as an adult, discovers the mythical Santa Clause, notwithstanding Christ’s birth, was perverted by Capitalists to utilize “Christmas” as a ruse to increase consumerism at the end of the year, it still amazes the extent to which the forces of Legal Imperialist’s Capitalism use psychology as a propaganda tool to further their greed as well as pervert the real purpose of Christmas. To this extent, Benito is a consummate expert.
As for NSA’s complicity in this plot via it’s role to legitimize the yearly departure of Santa Clause on his journey from the North Pole, fascism has succeeded beyond it’s wildest dreams.
All I can say is human nature is corrupt to it’s core, to which gave rise to Barnum’s best known axiom. On the other hand, Jesus weeps at it’s demise in my namesake.
That comment was delightful.
That would be me, the Director of National Intelligence: http://www.dni.gov/
;-)
Here
Mr Greenwald,
Any and all docs regarding security vulnerabilities need to be released ASAP. It is a matter of personal and national security. I hate to see what else you have been sitting on that all the while has been denying us the rights to privacy.
The sequence seems to be:
1)NSA proposes a crypting scheme with possible NSA known backdoor
2)Juniper uses it with a possibly different backdoor,
3)and then feeds the output thru another algorithm which designed to block 2)
except that
4)the code for 3) is faulty and never used .. so putative backdoor in 2) might still exist
5)In 2012, backdoor in 2) is closed and replaced with a third backdoor
6) In 2014 yet another backdoor is added thru subversion of password check for ssh connections. 2) is left unchanged.
Very few have mentioned 7) that the attackers in 5) and 6) had access to Juniper code repository to push the patches out to so many machines
sidd
It appears NSA intends to undermine whatever remaining credibility may be vested in the security reputation of US technology manufacturers.
That these companies may continue diligent efforts to evade unseen attacks from *somebody* is no absolute assurance to buyers of these products that some unseen attacks are successful.
It can also be argued that continuing obsession by three-letter agencies of government has substantially displaced their previous attention to fundamental police work, which may require leaving an air conditioned office to hit the streets and talk to people.
We’ve seen a failure to pay attention even to warnings issued by other national police agencies about possible threats. Tech is cool. Basic sleuthing isn’t. So the argument now runs that only tech can successfully detect threats — which is surely true if agencies emphasize only tech.
The original story of the compromise of Juniper systems said the Chinese created their own back door and it was done through a firewall. But if say Russia and China use our back doors that the NSA is responsible for, wouldn’t Russia and China not want Snowden to complain about NSA eavesdropping? I’m confused. And yes, I have mused many times myself as to whether or not the CIA, the NSA, and the FBI do a lot of spying for unfriendly countries unknowingly.
““The threat comes from Juniper’s investment and emphasis on being a security leader,” the document says. “If the SIGINT community falls behind, it might take years to regain a Juniper firewall or router access capability if Juniper continues to rapidly increase their security.””
How comforting to read this insanely neutral yet aggressive language directed at people other than environmental/pacifist activists and victims of genocide.
Setting up a listening box running FreeBSD even before the network traffic hits your network routers is easy.
Better yet, setting up one of its networking connections (not even registered by the OS) as a one-way relay for a pass through direct cable. The end of the pass-through cable will need some minor physical tinkering in order to sever their two-way functionality. This way you can have a device just fielding all that data with an IO FS that can only append data (not delete, edit it, which could be even coded in the hard drive’s middleware) so that you are physically unable to alter logs … and then compared logs will give you a very easy way to notice when someone has hacked into your networks and now exactly when and what they did, from where and how …
Easy! So easy, that the NSA will not like this at all!
The NSA also “donated” Security-Enhanced Linux
https://www.nsa.gov/research/selinux/
https://www.nsa.gov/research/selinux/faqs.shtml
I haven’t heard anything about it yet
How nice to hear that. Again, the Internet, Web has been the greatest case in point exemplifying Murphy’s Law. Now as some sort of extension of that law they are playing “I spy” ;-)
Not that far behind it seems:
https://en.wikipedia.org/wiki/Juniper_Networks
By 2001 it had a 37 percent share of the core routers market, challenging Cisco’s once-dominant market-share.[3][4]
I keep saying that we should:
* take networking libraries outside of the kernel
* totally separate input from output capabilities in operating systems
* setup “networking users”
* run all processes in jails
* never give remote users root access (totally ondo such protocols)
…
A la Michelangelo creation of man, you can only do important stuff from an account that must login locally. Technical people say, you can’t fix idiocy (“you can’t patch stupid”), mindlessness; so, never, ever give anyone remote access to your internal boxes. Period!
OK, that part of the article doesn’t make sense. -truly- “random numbers” cannot be “generated” by computer software, because software is a syntactic device. If you want random numbers you will have to use optimally various devices reading some analog signals with some mutiplexing of their signals, say an antenna receiver just getting all the EM data they can get in as many channels as possible, the noise from the outside traffic, the noise from a busy, loud office … then segment and sequence, mixed all those channels (for which you may then use a computer which key is self fed from those channels as well) and get hash from that …
All those “32, 64, 128, 256-byte” keys should finally go to the garbage bin or, better yet, send them all to the NSA.
They even have a “‘default’ 32-byte value” … Great Lord!
RCL
Not long ago SCSI drives had jumpers to exclusively enable reading (or writing?) on them.
You can remove all reading capabilities and alter writing in the Linux or FreeBSD kernels to only append data to a file (or data base) a la: fp = fopen(“filename.dat”, “a”);
RCL
It’s really important this information is made public and I am glad for the opportunity to learn more.
But the Empire just shrugs it off and seems hardly effected.
This site reminds me sadly of Bill Moyers who slaved away for years in his little corner of PBS exposing and explaining and interviewing and having almost no impact.
Forefathers fought and died rather than live under tyranny. Current gen has no clue, maybe when their rights are totally gone. Seems like it’s up to the next gen I guess. “Legalize the constitution”
Ryan & Glenn: Please don’t identify these desk jockeys and computer hacks as “spies”, as it is an insult to those who have risked their lives in the spy profession. The ones you have writen about are nothing but cowards.
So, the living proof that one agency of the USG can infiltrate and hack another agency of the USG. Interesting. I’m positive the heads of these other USG agencies would like to learn what the NSA is doing to infiltrate and use surveillance for what end of their lives. Not.
Of course, unbeknownst to some people here, the entire landscape of the .1% has already been described and documented in detail by Catherin Austin Fitts. Should you decide to descend into the rabbit hole..I warn you.. you will NEVER come out the same person you were when you went into it.
http://www.dunwalke.com/
Rabbit hole, indeed. Thanks for this.
Nasty little creeps.
How do they rationalize doing that which clearly affects their own privacy, and that of their own families.
So very similar to the fervor which entire nations displayed in supporting leaders who had no qualms whatsoever in doing whatever it took to annihilate entire races.
With the exception of halfhearted objection, from just a few senators, I believe Orwells vision is now reality, with unbridled surveillance enveloping the entire planet, eternal warfare with changing alliances, and a working class so subjugated, they have lost the will to resist.
If the charlatan Hillary becomes the next President, it’s game over.
If an HRC presidency means “game over,” what does a Trump presidency represent?
hi Nate, i’m glad you asked.
… the choice between Hillary and Trump represents perfectly well the view the rest of the world has of the USA.
the view from outside looks like this : extremist warmongers … racist elites … hypocrites …
Don’t forget the fascist American zombies who will vote for Democrats and Republicans.
They’re not innocent either.
Roger that. And, like something within the event horizon of a black hole, unable to escape the predicament of being trapped in a two party system that is really only one party. Always these people couch the choice as between Hillary and X, where X = an unpalatable republican, or Bernie and X, where the unfounded hope is that Bernie will suddenly become dovish and the democrat wing will see the light and align behind him. Never do they envision the possibility of a third way, to sap the strength of the Party by electing someone outside it, allowing it to convulse and implode. Would it be ugly? Indeed. But far better than the second choice, which is revolution.
Case in point, recent Spanish elections!
Dear Three/Four Letter US Constitutional Rights Violating Agencies,
I would suggest you stop wasting your time and effort on Information Technology hacks and spying, and instead hang out on Facebook.
Rumor has it that religious extremists might shoot some people in SoCal (Don’t panic, that’s a common abbreviation for Southern California).
Good Luck, Cheers, etc.
@thelastnamechosen: I continue to work in the industry in part because the more I learn, the better I can be at not getting screwed by any of the clowns referred to above.
The Writing on the Wall
The more you know about computers the more the government wants to hack/own/exploit you.
The government didn’t just kill the computer industry by removing trust, but who in their right mind would want to work in this field. You would be more responsible as a parent to encourage your children to play football as a career choice. The best you can hope for is that they are so bad they don’t get to play.
We now have the spectacle of the government encouraging women to become programmers so they can turn around and spy on them. Hey ladies, join a gym so we can put hidden cameras in the showers. Somehow this is called feminism.
Also what was the point on sitting on this information?
Once the logic was offered that by revealing this kind of info, people might think that other products are safe.
Talk about closing the backdoor after the horses are gone.
——-
It’s all right, I love you.
https://soundcloud.com/destroyerband/times-square
https://soundcloud.com/ironandwine/the-trapeze-swinger
https://soundcloud.com/toomuchforhead/without-you-lapalux
https://soundcloud.com/asthmatickitty/sufjan-stevens-christmas-unicorn
Right! Yet, it is up to us to fight back their b#llsh!t on all fronts. In that sense they have made life for us more “interesting”.
RCL
We all can see the results of different agencies “conflict of interest” issues on an increasing basis on how much is disclosed publicly. Anytime a system is hacked, we just have to take their word that they’re telling the truth. So do systems companies work with the govt or set their own agendas of which the govt finds weaknesses. This seems to set up an arms race to stay ahead of the hackers. Which hackers to keep out is the problem. Maybe a de’tant of sorts can be worked out between the business and govt in which they’re not fighting each other. If not, then an escalation of conflicting parties results(like now). Citizens though, need to be able to use encryption technology to protect their own property. The govt intrudes plenty as is and I see no reason to hand over more access freely. The FBI and other agencies have an endless stream of discourse to give up more access to our one systems, it will never be enough. What killed me the other night before the debate was an add for a secure Blackberry, then the candidates encouraging no encryption for us!!! See conflict of interest!! We need our property to be safe , but big systems do too and whose to determine this? An open ended crux… to be determined. I’ll be interested to see the outcome.
M8 you could have released this ages ago. If it’s safe to release it, please just release it ASAP. No need for you to decide what’s “interesting” for us!
When you leak documents to use, we’ll be sure to adhere to your demands for how they get released.
With these documents, you’re not the source. Our actual source had very clear demands for the framework for our reporting, and they are the exact opposite of what you want. Guess whose preferences will prevail?
If he wanted all the docs indiscriminately uploaded to the internet, he could have done that himself. That’s exactly what he didn’t want.
I agree with everything you wrote.
Still, this is obviously following, not leading. The only thing that changed is that someone else reported it first.
And the sitting on things until someone else reports them has already been done by the NY Times–big time. Hell, they may even have a patent.
Thank you for taking the time to reply. I respect your wish to honour your agreement with your source. But I object to one key point in your argument.
I am not asking you to upload everything indiscriminately, but rather to release everything that is safe to release.
I am aware that Edward Snowden does not want everything indiscriminately posted to the internet and that he said he could have done that himself. I agree with both of you there.
What I don’t believe he could have done himself is vet the entire archive first and omit key information and documents accordingly. Do you happen to know your source’s attitude to this position?
Please don’t conflate this position with that of “uploading it all indiscriminately”, to which Edward has already responded. They are very different.
Glenn I have to start out by saying that I admire your courage for exposing the NSA for criminals that they are. But the question that I have in regards to the Snowden files is: What exactly is “the framework for our reporting”?
Given that either you and Edward Snowden have known for some time that Juniper’s networking equipment has been compromised and potentially any entity using a network with their routers have been vulnerable to interception, how do you justify not letting all involved with this little secret a little sooner?
Hillary Clinton is correct. Backdoors represent security risks, since leaving them open allows unsavory actors to sneak in. So the answer is to replace them with a front door.
A front door means the company itself collects the unencrypted data, using whatever means are at its disposal. Then the government simply asks them to turn over the data. This allows companies to design their own flaws into the encryption, and to change them periodically to stay ahead of malicious third parties. In other words, there should be a full working partnership between the NSA and the companies which provide them with electronic communications and data.
In the current system, as is now all too unfortunately apparent, companies that find their systems have been compromised don’t really know if the culprit is a good or bad actor. This leads to confusion and misunderstandings. However, it’s ultimately just part of the learning process as the US government extends its control over the global communication system. The new CISA bill, providing legal immunity to companies which work at the behest of the US government, is the first step in this process.
Lesson learned.
For those individuals already believing they’re a Truman Show, Duce, The Intercept often teaches a lesson learned regarding communications very similar to one gleaned from playing Global Thermonuclear War (WarGames), “The only way to win is not to play.” Some of us carefully approach every exposure to “their” tech now as if it’s ALL their tech, as if Orwell’s predicted future is here, and don’t complain Big Brother’s somehow won if you modify behavior – because that’s already true too unless you’re a braindead zombie. I trust most large corporations only a micron or two more than the State itself because in most cases I can decide not use their products, while the State never lets me just quit paying for their criminal foreign policy or bombs killing women, children – and doctors. That might blow their whole non-socialist collectivism meme that we’re somehow all responsible for the criminal actions of leaders because, you know, we supposedly elected them.
Duce, if I am parsing your point right, a “front door” approach would not work for products sold to, say, Pakistan. That last thing those kinds of folks would like to do is directly “ask” companies in those countries or their “secret services” to broker such things for them.
They can’t afford thinking, making sense of things. They “must” play “God”.
RCL
quote”In other words, there should be a full working partnership between the NSA and the companies which provide them with electronic communications and data.”unquote
Beano dude .. even using the far ends of satire belies your true faith in the power of propaganda by draping ever more blankets of obfuscation over continuous observations of current events with cleverly designed landmines of language to skirt the real truths and solutions.
I don’t know who you work for..but I DO know this. You are my enemy.
Clueless
Dear hellfire:
Neuroscientists say that having a sense of humor is a sign of a healthy brain.
Even Dante made people who lost their sense of humor dwell in the nastier, hotter circles of hells even nastier than where he housed politicians ;-)
You have to read il Duce’s very sharp and to the point comments with the right mindset.
Even if at times they viscerally irk some people, I may not be the only one here who reads il Duce’s comments before reading the actual articles.
Probably, il Duce is not for everyone.
RCL
It’s not that easy. First you have to get on a waiting list. You can do this by calling your local DHS office, and telling them to add your name to ‘The List’.
As a past purchaser of Netscreen firewalls I have only one comment to make: my next purchase will be of Chinese products. I don’t know if they will be any more secure, but the US government and IT industry needs to understand and accept that this behaviour is counterproductive. (See Schneier and co’s “Keys under doormats” for details). It’s truly hard to believe the prosperity that America is PISSING AWAY with these stupid, misguided policies.
that was a cheap, odd joke or self-promotion, right?
we keep complaining about “the players”, when what we have to do is change the game.
RCL
From “Wired”, yesterday — and article by Kim Zetter:
“Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA”
http://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/
and this is even more interesting!
// __ Some Analysis of the Backdoored Backdoor (by Ralf-Philipp Weinmann)
http://rpw.sh/blog/2015/12/21/the-backdoored-backdoor/
RCL
One can only wonder whether they would have been able to prevent the Boston Marathon bombing, or the San Bernardino shootings, or Paris, or London, or Mumbai, had they been looking at potential terrorists instead of hacking legitimate companies and collecting grandma’s metadata.
Thanks for the reminder that despite the heroic act of Edward Snowden, nothing has changed.
Exactly! And of course this has only furthered the trajectory since Bush Snr declared the “New World Order”, that was always about power of the establishment, and to maintain their corrupt and cozy racket.
I find it interesting that when people mention terrorist attacks, they reflexively do not mention attacks in the Muslim countries, though they’ve had a lot more attacks than the non-Muslim majority countries.
You mentioned Mumbai, but did not mention Peshawar.
Things that make one go “Hmmm!”
Thank you. We should not forget Peshawar and so many other places where even children are afraid of playing outdoors because of drones. Children, some of whom will certainly outgrow that fear into hate …
We will have to keep making this point for even people that hang out here to get it. I don’t think that 24b4Jerr’s point is unhelpful, intended to be disrespectful to ours. It is just how their minds is framed, how they talk.
When gringos call the U.S. (their own country) “America” (which even Canadians find funny) or call their own baseball series “‘world’ series”, they talk like that because this is what they have heard and used, they don’t talk like that to be offensive to other people, but to other people that apparently harmless term when they start using and meaning it like: “America for Americans” (we own the whole continent and do as we please in the name of “freedom” and “democracy” …) then people who know and think for themselves start finding that “American” term insulting.
U.S. citizen who have traveled through the rest of the continent learn real fast to say they come from “los estados unidos” or “los estados” or “el norte” … they realize how self-ridiculing that “american[o|a]” sounds.
Of course, in World History classes they are not taught the meaning of that term, what USG does to other people.
And by the way “Peshawar” is kind of new. They have been doing the same thing to Latin American countries ever since even if, at least the bombings, with somewhat less intensity.
RCL
My intent was not to be exhaustive, but rather illustrative. Your criticism smacks of the political correctness that afflicts discourse here, where each example of wrongdoing must include every possible permutation and combination of race, ethnicity, gender and GOK what else. The entire point of my post was to criticize the so-called intelligence services for their penchant for collecting ever more data, and subverting both our rights and security, rather than doing the jobs they are supposed to be doing. Sorry if I offended you.
BTW 24b4Jerr was a double typo.
BTW also the subject of the article was subversion by the GCHQ and NSA, and not US aggression and neocolonialism toward the rest of the western hemisphere. If you followed my posts, you would know that I am highly critical of the influence of corporations in US foreign policy, going back all the way to that paragon of pretentiousness, the Monroe Doctrine.
I did not think that your intent was to be exhaustive, and I did anticipate your response. However, it’s extremely rare that Muslim cities that have suffered far more terrorist acts are mentioned in the same breath as Western cities and Mumbai. Just a few nights ago, CNN had a one-hour bit on Mumbai, and Western media and politicians have often mentioned it and have even marked its anniversary.
But the Muslim cities and victims are just shrugged off.
There’re reasons why that is, but it’s quite possible that you meant no disrespect to the Muslim victims of terrorism, which are in much greater numbers than the non-Muslims.
But I do hope that the next time, you mention Mumbai, you’ll add Peshawar and a couple of other Muslim cities.
If you do, then my reply to your comments has served its purpose.
Thanks,
The Americans appeared in 1776 after rejecting the name colonists and called themselves the United States of America.
Nothing funny about it.
The Canadians remain colonists.:)
Your work is so important. Please keep it up as long as you can!
Yes uncle Sam,go prosecute hackers (anonymous, Kevin & their ilk). But when it comes to govt goons sabotaging (and infecting with malware) company’s products the NSA bastards get a free pass.
With every revelation from the Snowden files, we keep asking ourselves how low can our Govt go?
Pretty goddamn low! Just more proof the laws don’t apply to ‘the club’.
nice reporting
Any information on what “CT Broker” is?
Unless Snowden or someone else leaks it, I doubt we ever will. Seems like a codename for a country.
We have met the enemy and he is us.
If you identify with your enemies then I suppose you are your enemy.