November 13, 2017

"The leaks have renewed a debate over whether the N.S.A. should be permitted to stockpile vulnerabilities it discovers in commercial software to use for spying..."

"... rather than immediately alert software makers so the holes can be plugged. The agency claims it has shared with the industry more than 90 percent of flaws it has found, reserving only the most valuable for its own hackers. But if it can’t keep those from leaking, as the last year has demonstrated, the resulting damage to businesses and ordinary computer users around the world can be colossal. The Trump administration says it will soon announce revisions to the system, making it more transparent."

From a NYT article, "Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core/A serial leak of the agency’s cyberweapons has damaged morale, slowed intelligence operations and resulted in hacking attacks on businesses and civilians worldwide."

22 comments:

tim in vermont said...

The Patriot Act should be repealed, or radically modified to limit the threat to abuse of the NSA by political actors.

Wince said...

Instant karma's gonna get you.

Mike (MJB Wolf) said...

Like Andrew McCarthy said, the FBI has had 15 months to look at the NSA equipment and they still are stumped about who hacked us. On the other hand, the FBI never got to examine the DNC servers yet assure us that "Russia hacked the DNC." This tells me we will never solve either of these mysteries to an extent that we could trust the "reporting" about it.

Michael K said...

The incompetence of the Obama regime, and the possibility that they had malice toward Americans, while de minimis, is not impossible, has left us with a Chinese national database administrator for the Office of Personnel Management of the DOD and the surveillance cameras for sensitive locations that are Chinese made.

Is there anything the Democrats did not sell out ?

traditionalguy said...

Knowing what people did last summer and keeping the secret for considerations is the art of governance. The FBI has been kept in business by that power for 80 years. The CIA has been out of control since Eisenhower's days. That the NSA now does it too is an over lap, but that means the Pentagon can defend us from those crooks if they go wild. The trouble is Obama spent 8 years sabotaging our military in 100s of ways, and Trump needs some time to rebuild it.

pacwest said...

"malice toward Americans, while de minimis"

de minimus, my ass.

Michael K said...

"Trump needs some time to rebuild it."

The destruction of the military academies is going to be very difficult to correct, They have been compromised by the admission of unqualified blacks and woman who know they do not have to follow the Honor Code.

The letter by the former West Point professor shows the deep rot that will take years to correct.

The hate crime hoax at the Air Force Academy shows it too is compromised and in the same way..

The Naval Academy has already had its scandal four years ago, and the recent series of ship disasters suggests the rot has spread to the active duty navy.

Training in the Navy has deteriorated and I wonder how much has been due to "Diversity training" as opposed to ship handling training.

For example: [I]n USS John S. McCain, which had recently received the IBNS upgrade, the consolidated manning and training impact assessment provided to the ship ahead of her last modernization period omitted training requirements for enlisted rates that stand watch at the helm.

The ship’s commanding officer had no control over this and the decisions behind this omission are not reported. However, the ship’s lack of knowledge was repeatedly pointed out and the ship’s commanding officer got the blame. Who cancelled the training? No one is saying.


The captain, of course, got the blame. The Navy is also rotten to the core.

I don't know if this is fixable.

Left Bank of the Charles said...

It’s the old problem of relying too much on offense when they should be playing defense.

buwaya said...

This practice is quite dangerous strategically.
Though it may benefit US intelligence work a bit, it endangers US infrastructure, such as the telecom industry and utilities.

Leaving open vulnerabilities unpatched means that bad actors, especially foreign governments with the resources to find these things themselves, can discover them and exploit them, maybe for years. While US intelligence knows about them and lets it happen.

The safest thing to do is patch immediately. The strategic risk is not worth the tactical benefit.

Michael K said...

"The safest thing to do is patch immediately. The strategic risk is not worth the tactical benefit."

The safest thing to do is to stop buying compromisable technology from China. Revive our technology industries, not just design teams but manufacturing.

I don't know if that is possible anymore.

Seeing Red said...

What difference, At at point does it matter?


We are using CHICOM MADE security cameras at some of our bases and at least 1 embassy.

Michael K said...

"We are using CHICOM MADE security cameras at some of our bases and at least 1 embassy."

Yes. That was my point and it will not be easy to restore security,

It's amazing that this stuff has been done but we have had a regime that either did not care or was actively weakening our national security.

The Democrat Russian scare is a cover operation.

Ray - SoCal said...

Trump has the right people in charge of DOD, but fixing it will take time.

Most important for a strong military is a strong economy, and Trump is making progress on that.

Hari said...

The only thing the NSA has that has been able to keep secret are all of Hillary's emails.

buwaya said...

China is the world leader in security cameras, and a great deal more.

Btw, if you want an interesting lens for your Sony, Fuji or Olympus/Panasonic camera, check out Chinese CCTV products. Cheap as dirt and lots of fun.

Michael K said...

"Trump has the right people in charge of DOD, but fixing it will take time."

They may have to close the military academies to start with. Give all the current cadets scholarships for Gender Studies or African American Studies programs and start over with white males who want to fight wars.

It won't happen, of course.

Martin said...

Democrats really do seem to have a problem with cyber security. It's as if they don't care, except to cover up their errors after the fact.

We will be years cleaning up the mess throughout the government and much of the economy, most of which was avoidable with some serious attention to security ca. 2010.

Big Mike said...

@Ray, there are at least a dozen nominations for senior DoD positions that are deliberately being held up by John McCain, apparently out of a sense of pique at Donald Trump. So, yes, Trump has the right people in place at DoD, but no, Trump does not have all the people he needs.

Big Mike said...

@Martin, do not confuse the expertise Barack Obama imported from Silicon Valley for his campaigns with any overall tech savvy on the part of Democrats as a party. The scary thought is whether the Republicans are necessarily any better.

Anonymous said...

@Michael K The US military is forced to undergo periods of unpreparedness on a regular basis it seems. Post WWII we were completely unprepared for the Korean incursion thanks to extreme budget cutting. Post WWI we were never going to have to go to war again and if FDR had not begun to prepare us in '38 or so ( I am no FDR fan) we might never have been able to enter the war in Europe. You just heard the Hue '68 book. If you combine that with McMaster's "Dereliction of Duty" you will be easily convinced that our senior military was in terrible shape in the 60's right into the 70's. You are correct that the condition of the military in this country is dependent on the level of responsibility and understanding of the civilians in government. Obama was, indeed, a disaster, I am not sure that Clinton was much better. Since the 60's the Dems have been hard put to support the military, particularly after so many who had served in WWII left office. Today they have little concept of what is necessary to protect the country. Unfortunately the same can be said for many Republicans. One can only hope that the ship collisions will serve as a wake up call. Certainly the news in the summer of 2016 that most of the Air Force and the Marine Corps air wing were operating at less than 50% readiness did not seem to move the needle very much.

Anonymous said...

The message in all of this is that we can not "contract out" our own defense. There are no Hessians for hire these days to keep the peace.

The Godfather said...

Do you remember back in the Carter Administration the US was building a new embassy building in Moscow, and the Soviets were building a new embassy building in DC? We discovered that the Russian contractors for the US embassy building were working for the KGB and were installing listening devices all over the building. So we forced the Soviets to remove all that stuff, and until we were satisfied they had done so, we wouldn't let them occupy their new embassy in Washington.

That was during the CARTER Administration, so we're confident that the Soviets did what they promised to do, right? They wouldn't dare piss off Jimmy, would they?

The "new" Soviet embassy in DC was on Wisconsin Avenue (I don't know if there's a newer one somewhere else; I don't live in DC anymore), right at the top of the hill above Georgetown. People say (I wouldn't know) that the Russians can pick up signals from Foggy Bottom (State Department) and the Pentagon from there.