« RECIPE FOR DISASTER: How supporting Syrian rebels put US foreign policy into disarray | Main | "Germany's Merkel sees need to cooperate with Russia on Syria" J Post »

12 September 2015

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Lars

You have hammered that nail well, TTG. My only disagreement, as a Floridian, would to keep them out of the Everglades. There are enough problems there already.

Jeffliss

"We've been peeping in your window every night for years, and you STILL aren't in love with us?" -- NSA

Peter

It's not only the people data stuff. China has logically mapped all our key infrastructure, and are dumping Worms, Trojans and such quietly waiting inside the networks, just logging observations of what does what to whom, waiting for the voice of the master.

mbrenner

Just two points as addenda.

1. The readiness of these public servants to take complete liberty (license) to pronounce and condemn in vituperative language is facilitated, in part at least, by the abdication of responsibility by the President. All he has done for the past six years encourages this arrogant attitude and removes inhibitions. By all reports, John Brennan was the agent who first exercised a Rasputian influence on Obama - exploiting the man's gullibility and instinctive deference to established authority.

2. As to the prospects of the Chinese learning with exactitude what we are thinking and planning, I am somewhat less troubled. Think of ISIL/Iraq/Syria/Yemen/KSA. There is no evidence of any coherent thinking at all or reasoned strategy. Beijing's search for them will lead either to mistaken conclusions or a state of disorientation that mirrors our own.

Nightsticker

TTG,

"Ubiquitous encryption is the answer, not the problem."

You are absolutely right.

My 3rd career, for the past,soon to be, 20 years, has been as a Systems
Engineer/Architect(Cryptology)with a major engineering company.

I was still in the Bu during the first of the "Crypto Wars" during which
the Bu and the several other 3 letter agencies waged war against
American civil liberties and industry.The Bu did not even have the satisfaction of being the "evil genius" behind this attempt; it had the more contemptible role of "lawn jockey"/bum boy/fall guy for a more technically savvy crowd.Fortunately the outcome then was a good one. The technical arguments of the best academic crypto minds and wide based concerns over electronic freedom beat back the IC/LE assault.

One of the [probably didn't really happen] stories they used to tell in
those days was of the Bu in the early 1950's testifying about the negative
effect on law enforcement of the proposed National Interstate Highway System " first thing you know them bank robbers gonna be racing cross state lines
in stolen automobiles at high speeds, we ain't never gonna catch them. Won't
be a bank or car in America ever safe again".

Nightsticker
USMC 65-72
FBI 72-96

Medicine Man

TTG: I think a little more respect for gators and pythons is called for. It is deeply ironic this crew asking us in earnest "where's the trust?"

Peter

Nightsticker, the current running jokes at work are "sub it out to the Chinese, they know our system better than we do" and "why install back doors when the widows are open"

ex-PFC Chuck

More like sharing the view point of the physician during your colonoscopy.

ex-PFC Chuck

Private sector security consultant Lauren Weinstein had a post on his blog yesterday on the inter-agency unintended comedic irony show. Near the end of his screed on the arrogance and incompetence at all levels of government he drops money sentence: "The technical reality is that the kinds of encryption backdoors you want cannot be made secure and would themselves represent horrific security risks." Which pretty much sums it up.

http://lauren.vortex.com/archive/001123.html

MRW

Nightsticker, what do your acronyms mean? I wouldn't bother to ask if your comment was ignorable.

Nightsticker

IC- Intelligence Community

LE- Law Enforcement

https://www.schneier.com/crypto-gram/archives/2015/0815.html#2

The above URL leads to an easy to read explanation of why
government backdoors are not only bad science but bad policy.

MRW

Then, of course, the admin blamed the Russian government in August, 2014 for hacking 75 million-plus banking customers...'because it was so sophisticated'. This past July the FBI arrested the real perps: two Israelis, and two 20/30-something American-Israeli frat brothers based out of Florida. It's anyone's guess whether Israel will extradite the two Israelis, though they have been asked.

My question is who has confirmed that it was the Chinese Government that did the unencrypted OPM heist?

If NSA can't catch these domestic cyber terrorists, operating right under their noses, what good are they? No wonder the American public treat them with derision; $75 billion plus a black budget can't defeat four hackers, or catch some low-level Chinese employee working with an unencrypted system..

The Twisted Genius

MWR,

I, too, do not accept our government's claims simply because it says it is so. However, I have been convinced by sources and evidence outside of our government that the Chinese government is the ultimate culprit. I have witnessed drug-addled teens orchestrate the take down of major national ISP just for shits and grins. I've also had to warn that smug SOB Alexander that kids owned a number of his routers and switches when he was at INSCOM. His people in the much vaunted Information Domination Center couldn't see it. So yes, i am aware of what nongovernmental hackers are capable of doing and what governments can do to stop them. Nevertheless, ubiquitous encryption will go a long way to address the problem.

Ishmael Zechariah

"Attackers successfully compromised U.S. Department of Energy computer systems more than 150 times between 2010 and 2014, a review of federal records obtained by USA TODAY finds."
http://www.usatoday.com/story/news/2015/09/09/cyber-attacks-doe-energy/71929786/

Yep. Having more back doors will certainly make us all more secure.
I truly cannot decide if these folks are as delusional as they seem to be in my coordinate system-or if they are so crafty that they appear to be delusional.
Ishmael Zechariah

The Twisted Genius

Lars and Medicine Man,

You're both right. I should be a little more respectful of gators and even pythons and not wish such a vile plague on the swamps of Florida. Maybe Clapper, Comey and the rest of their kind will stick their heads so far up their arses that they'll disappear in little puffs of black smoke.

gemini33

I would like to award this post a Pulitzer Prize.

Head and shoulders above that thing we usually give the prizes to -- the thing we call the media, which is particularly freakish this weekend btw.

mbrenner

I sense that what is of greatest importance in these remarks by directors of our security-intelligence apparatus is what it conveys in the way of attitude rather than any specific plans they may have for more intrusive surveillance. As for the latter, these men who are so obviously mediocre in talent and ambition are capable of only modest damage. Moreover, neither they nor the organizations they head have demonstrated much in the way of sheer competence at their trade.

Yet, the arrogance and contempt for the citizenry, for the law, and for the constitution (as well as implicitly for the President) are breathtaking. Even J. Edgar Hoover in his heyday would never dare say in public the things these men do so cavalierly. They are setting a tone, they are redefining in drastic ways the limits of the acceptable, and they are conjuring a fictive world of threat that could conceivably pave the way for far more dangerous people. Those types would find willing accomplices in the self-important and self-righteous blowhards who were up there on the platform. The world has seen this before.

The Twisted Genius

Pete,

I always thought of Chertoff as the Crypt Keeper. I remarked about this similarity at several inter-departmental meetings only to be shooshed by fearful underlings. No sense of humor whatsoever.

gemini33

Skeletor

Will

http://www.usatoday.com/story/money/2015/07/21/jpmorgan-chase-hack-arrests-israel-florida/30469203/

Will

I've always thought that was one of Obama's likability problems- Too darn skinny. People like their leaders fleshed out and avuncular. That's my theory and I"m sticking to it.

MS2

Thank you, this is what needs to be emphasized. I would go farther and say that rather than "conceivably" paving the way for some future rotten bunch, they are in fact paving a way, and then the question becomes just how long until a rotten bunch gets its hands on the levers, whether from within or without the de jure government. Only someone with no knowledge of history would press forward assuming that organization integrity will be maintained forever.

DeWitt

I'm in total agreement with what has been said here, but I am wondering about how the predictive AI model would work. Given that the decision-making at this level is so thoroughly corrupt, self-serving and completely at odds with the stated mission, the model would have to essentially account for non-logical logic.

The depressing thought is that cynicism is unbounded, think about what we've all had to endure since the Shoe Bomber was elevated to super-terrorist threat status, and what Cherthoff was able to bank off the Rapiscan scam. Oh yes, who is the newest member of the Cherthoff Group team? General Hayden, of course. The cynical mind says we are resigned to pay twice for every cyber-attack in the future - once in direct consequence, and the other to pay the bill for whatever profitable scheme the Cherthoffs et al can dream up in response; Cyber-disaster capitalism is the new self-licking ice cream cone.

The Twisted Genius

DeWitt,

The AI I am familiar with has proved quite adept in accounting for non-logical logic and the darker quirks of human behavior.

robt willmann

The disclosure that the Office of Personnel Management and its treasure trove of information had been penetrated, or "hacked", or compromised, and that the penetrators had gotten a lot of information and data out of it was bad enough. But what really was astonishing was that the system, including the part involving "security clearances" and the like, was connected to the outside world and, apparently, to the Internet! Access did not appear to occur through the old serial line into the phone system and to a bank of modems at the OPM, so it must have been tied to the Internet.

It seems obvious that if you have a computer or local computer network that you want to be secure, you do not connect it to the public switched telephone network or to the Internet. To solve a lot of the problem, they can disconnect the system from the outside and, if they are going to use computers, they use only a local area network. Still remaining are the issues of the old "Tempest" standards to prevent the picking up outside of the electronic emissions from the equipment and cables that go through the walls, a Faraday Cage, and all that jazz.

If they insist on using computers and not paper, they can hire William Binney, whose business after his resignation from the NSA was torpedoed by the Department That Calls Itself Justice, which included, unfortunately, involvement by the FBI. Being a mathematician, code breaker, analyst, systems developer, people manager, and Patriot, he could go a long way to cleaning the mess up.

But that will not happen.

It took a long time for the director of the department, Katherine Archuleta, an Obama political worker, to leave. She is to be replaced by Beth Cobert, the Office of Management and Budget deputy director for management. Apparently, Ms. Cobert worked for a long time at McKinsey and Company, a "management consulting" firm. One thing that means is that she believes in hiring "consultants". Outside private companies for a fee, of course.

And speaking of outside companies, I saw Ms. Archuleta in a Congressional hearing on this say that the contractor involved was not going to be fired. I do not remember the name, but this article from June of this year talks about that issue, and that another company, Imperatis, f/k/a Jorge Scientific Corp., got a "sole source" contract to develop a new "database environment" for the OPM--

http://fcw.com/articles/2015/06/24/house-oversight-opm.aspx

The least they can do is to follow Mr. Binney's advice and encrypt files on a standalone computer not connected to the network, before putting the files on a connected machine for transfer.

The comments to this entry are closed.

My Photo

February 2021

Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28            
Blog powered by Typepad