I recall how when we had North Korean hacking activities and official attributions people would say, but how do we know it was them and how do we know the government isn’t making things up?
But when someone accuses the US we never add any salt. Not that I don’t think it’s false, it’s just that the lack of consistent skepticism is interesting.
>If I had to wager I'd always bet on national security agency of any powerful country lying, I don't see how anyone could come to another conclusion given their history.
Let's not pretend the FSB and MSS don't also lie constantly. That you're more familiar with the CIA lying is a testament to the free press of the US, not the other way around.
The point of the previous post is that it could easily be another security agency.
I think it’s much more likely for both these orgs to be telling the truth when they’re accusing their enemies of doing bad things than it is when they’re denying that they’ve done bad things themselves. It’s not a simple case of one consistently telling the truth, and the other consistently lying...
So when the CIA tells me some foreign government is doing something bad, I should believe them? Then when the CIA denies they lied about the foreign government was doing something bad, I should ignore them?
Isn’t this kind of begging the question? It’s implicit in your reasoning that the CIA does exactly what I’ve claimed they generally don’t do.
Anyway, the point is that I don’t think you have to dig very deep these days to find plenty of instances of geopolitical power X doing bad things, so I’m not sure why the CIA would bother lying to stir up shit against them when they could tell the truth just as easily, with the same result. This assumes their purpose in releasing any information at all is to influence public opinion, not increase transparency, as the latter would probably mean divulging uncomfortable truths. The former does not—they can release exactly what they want, and no more.
On the other hand, flatly denying you’ve done a bad thing is a form response for governments and corporations (and politicians) at this point, even when it’s risible on its face. If you’re the guy responsible for putting those comms together and you admit wrongdoing, you’re never working in this town again. Simple as that. Deny, deny, deny. Deny everything. (Isn’t that a one-off X-Files title card?)
Has the CIA lied? Absolutely, though I’d guess far more often (orders of magnitude?) by omission than by outright explicit falsehood. The latter goes against the same ass-covering impulse that drives the bullshit denials. My brief comment above is meant to be a general observation on the sorts of public communication games the CIA and similar organizations tend to play, not an absolute truth or bible for living your life.
> So when the CIA tells me some foreign government is doing something bad, I should believe them?
Honestly, yes.
> Then when the CIA denies they lied about the foreign government was doing something bad
When have they done this? A few times probably, but not really a high percentage.
At any rate, P(CIA telling the truth about a foreign govt|foreign govt is doing something bad) is much higher than P(CIA lying about foreign govt|foreign govt is not doing something bad). The rational thing is to put higher weight on such statements than when the CIA is trying to cover their own ass.
There's a difference between them telling what they think is the truth, and them actually knowing something and telling it. The whole "Havana Syndrome" thing might actually be them telling what they think is the truth (Russian/Cuban conspiracy to use secret weapons to give headaches to people), even though it's complete nonsense.
that is to say, when making a statement is personally detrimental to someone, and they make it anyway, that statement should generally be given a higher degree of belief than one that is self-interested.
so in other words, if the CIA denies that they did something bad, you don't necessarily believe that straightaway, because of course they would say that. On the other hand if they do admit they did something bad, then it's OK to believe them in that instance even if they've lied in other instances.
Now of course - in the specific case of the CIA they are a government apparatus, not an independent actor, so the fact that they say (eg) Russia did a bad thing isn't necessarily against their interest, it is in their interest for the US Government to look good and truthful. But as a general rule, it's important to look at the interests in a specific instance to determine rather than just assuming that because an actor lied once that everything they say is suspect.
> think it’s much more likely for both these orgs to be telling the truth when they’re accusing their enemies of doing bad things
That’s... not how that works at all. Disinformation campaigns very frequently include publicly signaling you’ve come to a different conclusion than the real one you’ve come to.
> I'm not sure why you think what I said is incompatible with this.
Because it’s literally the opposite. Misattribution is disinformation 101 if you have a solid source you need to protect.
US finds out China severely compromised a system while pretending to be Russia. The US found this out via a compromised Chinese government asset.
They need to fix the system but don’t want to let on they knew it was China and risk compromising their insider knowledge. Best course is to just say, “we found this that looks like Russia and we fixed it”.
There is no reason to assume a public attribution from an intelligence agency is correct. There are far too many reasons for it to be helpful to lie.
If you already believe the CIA is usually lying, then the accusation "But you believe the FSB!" when the FSB says "The CIA is lying" may be technically true, but meaningless.
Hey, I don't even believe the CIA quite always lies: I'm sure it has sometimes said "The FSB is lying", and I believe that too. Because the FSB is pretty much always lying... Just like the CIA.
I mean would Kaspersky even have a choice not to work with FSB? I mean it is a Russian company , I doubt if anyone other than Putin can naysay FSB dictates.
With Eugene Kaspersky being a graduate of both KGB special school and higher school and later an intelligence officer [1] - no, I doubt that he had a choice or even ever had that question in mind.
It's logical in the context of comments, your parent comment, the parent of that, and up the tree.
Somebody says people are skeptical of attribution to governments outside the US, but not the US. Specifically he says that he does not doubt it was the US.
So yeah, the discussion you're replying to is not just about CIA.
> Let's not pretend the FSB and MSS don't also lie constantly
How do you go from reading "the CIA is lying" to "the FSB is telling the truth"? Do you understand the difference between those statements? Reminds me of a stand up bit, "are you a Jew or an antisemite?"
Using that same logic most statements out of the US corporate InfoSec establishment should be similarly scrutinized.
A whole lot of these outfits are started by former NSA employees, and they love having people that previously worked in US national security on their rooster for the marketing value.
Yet whenever one of these outfits accuses China/Russia/Iran of being responsible for the latest "cyber incident"/"misinformation campaign" these accusations are widely regurgitated without any doubt like some kind of definitive factual truth.
Yet it wasn't until relatively recently that they stopped selling Kaspersky at major retailers. Even if they have an FSB connection they are basically saying, well we now know that company we let get loose on millions of consumer desktops and enterprise/government systems in the US is connected to Russian intelligence. Oops!
The CIA has a budget for lying and cheating that is an order of magnitude larger than anything else other countries have. I always assume that they are doing more damage than what we know about.
I don't think you can, I expect different countries to have a wide variety of intelligence budgets as a percentage of military. But, if you did this anyway for the US and China, you would get 3.1x, closer to 2x than 10x.
You could use investment in companies that the CCP has investment in (and generating revenue for them; which also acts as taking revenue/fuel away from competing government types/ecosystems) as a proxy as well.
I wish we could discuss the malware at hand, and the fascinating world of state sponsored hacking instead of once again devolving into a dick measuring argument about which nations intelligence agency is better.
"There is no such thing, at this date of the world’s history, as an independent press. You know it and I know it. There is not one of you who dares to write your honest opinions, and if you did, you know beforehand that it would never appear in print. I am paid weekly for keeping my honest opinions out of the paper I am connected with. Others of you are paid similar salaries for similar things, and any of you who would be so foolish as to write honest opinions would be out on the streets looking for another job.
If I allowed my honest opinions to appear in one issue of my paper, before twenty-four hours my occupation would be gone. The business of the journalist is to destroy the truth; to lie outright; to pervert; to vilify; to fawn at the feet of Mammon, and to sell the country for his daily bread. You know it and I know it and what folly is this toasting an independent press. We are the tools and vassals of the rich men behind the scenes. We are the jumping jacks, they pull the strings and we dance. Our talents, our possibilities and our lives are all the property of other men. We are intellectual prostitutes." - John Swinton, the former Chief of Staff at the New York Sun, at a toast before the prestigious New York Press Club in 1880
Wouldn't the fact that we know more about the CIA mean that they lie less, since there are verifiable claims to the contrary if they do lie? Like for example how the CIA can't claim it didn't infect Iran with Stuxnet without someone calling BS.
Sure, I dont focus on them because I don't believe that Mossad or MI5 are the reason why my country has been at war my entire adult life, but I have witnessed the NSA and CIA justify those wars-that-arent-really-wars time and time again. How much blood was spilled over the 'yellow cake' line alone? Remember when they lost that ten thousand page report on torture right before it was to be delivered? Or the time they dosed unwilling people with LSD or when they smuggled cocaine and fueled the crack epidemic, or when they...
I probably wouldn't be complaining if I was born in the 1930's, WW1 and 2 were fairly well justified. However what are the current wars even still about? WMD? No, that was a fabrication. Bin Laden? He's long dead. Oil? With fracking, the US has the largest oil reserves on the planet. ISIS? Essentially gone, not much of a threat to US citizens in any case. There was no reason for these wars, there is certainly no reason to let them continue.
It's nearly always about natural resources, just because the US has the largest oil reserves doesn't mean it's going to stop there. And the wars you mentioned are just the boots on the ground (or drones in the air) conflicts. Were still backing coups in Latin America (Honduras, Venezuela, Bolivia) so US friendly governments are put into place that will allow American companies to extract their resources.
> This is useful for trade and military operations.
This has been an unfortunate truth for the US and USSR before it (and other empires before that).
For a depressing insight into how little we have learned, Boys in Zinc
by Svetlana Alexievich is a good read.
Roosevelt won in 1940 in large part because he was running against an interventionist that wanted to join the war alongside the allies, but the US population was either largely against any intervention, or was outwardly pro-Nazi[0]. If it wasn't for Japan forcing our hand, the US would have been perfectly happy profiting from supplying other countries' war efforts, and building up their military while the rest of the world was destroying their own; All while turning a blind eye to the atrocities occurring in Europe and Asia.
During early WWII, prior to Pearl Harbour, the US used to place supplies on the US side of the Canadian/US border.
We'd then "steal" those supplies, thus allowing the US to avoid breaking non-aggression treaties, and (as you mentioned) the ire of some of its citizenry.
Not wanting to spill their blood, not wanting to enter a conflict which (at the time) seemed only to aid old, dying empires (eg France, UK), means the goal in not entering the conflict, was all about profit?
What a twisted viewpoint.
Meanwhile, if the US does enter a conflict, the goal is always claimed by some, to be exploitation.
Thus, whatever the US does, the goal is selfish, evil, cruel? Sure, that sound reasonable, fair.
I cannot find an easy source for the history lesson I learned in school. Take it or leave it as it stands.
I did not say that the only motivation behind the nonintervention was profit, but it would have been one of the results of the policy. Even if true, your unproven claim that we let Canada steal from us does not mean much of America would have happily sat back and profited.
>Thus, whatever the US does, the goal is selfish, evil, cruel? Sure, that sound reasonable, fair.
That is what it means to be an empire. There's no "good" empire, they all exist to prop themselves up to greater heights.
By using "only motivation" in your response, you are indicating you believe it to have been a motivation for non-intervention. It wasn't. At all. Period.
Even if Roosevelt's goal wasn't to sit back and make a profit, he ran on that platform as the country did want that.
You've actually claimed that Roosevelt ran on a platform of "Let's sit back and not do anything, so we can make a profit". Come on! Give it a rest, please!
Further, the average American (re: the voter) didn't give a rat's ass about some corp they worked for, turning a profit thanks to war profiteering. And many Americans even wanted to enter the war! You know how voting works.
On to your other comment.
If there is no "good" empire, then there is no "evil" empire. You cannot remove moral labels on only one side, yet leave them on the other. Ergo, you've essentially stated that Nazi Germany has no justified, negative moral connotation to it?
Sorry, there are empires that revolve around a negative, evil premise. And those which revolve around a positive, good premise. But let's step back from this a bit, and do what some might find sensible.
Look at historical empires, comparatively, and assess the US against them.
Is the US perfect? Certainly not! However, are you? I? Nope.
Yet compare the US to other empires. Especially world spanning empires. Whilst the UK, France, all the way back to Rome, Greece, were not superpowers, they were "known world" spanning. World impacting.
Now assess the policies of these empires. Comparatively? The US is the most benign empire ever. EVER. Assess its strength, versus countries it invades. If the US behaved as the UK, the entire planet would be under its boot! If it behaved as Nazi Germany, can you even imagine?
It sickens me to have to defend the US, for I do indeed know it is not perfect. The US rolls over in its sleep, and crushes parts of Canada's economy. Yet I don't seem to recall post WWII US threatening to invade Canada, if we didn't pass copyright laws it likes. I don't recall the US capturing Iraq, and hauling off "undesirables* to concentration camps by the millions. I don't recall the US invading countries, and maintaining control after the fact -- for hundreds of years.
Oh sure, yes "Well, the US did this, corporate that, it's all for this and that" so what. We're comparing empires here.
So please, show me a world spanning empire, ever, which behaved with as much restraint as the US has. And bear in mind, the US literally could overthrow 90% of the planet in a matter of 20 years.
Just... it sickens me to see the US's own citizens, denigrate her so.
Now... do I respect your desire to reign in the US? Keep it restrained? Under control?
YES! By God yes, I do. But why on Earth make up contrived stuff, like the US was a land of profiteering, sniveling, hand wringing people, staying out of a war because PROFIT.
>indicating you believe it to have been a motivation for non-intervention.
Our first century of nonintervention was unquestionably based on the thought that entangling ourselves in European wars would drain us dry. Saying an element of that doesn't still remain is just incorrect, it is broadly the same idea as "Make America Great Again."
"Much of America" supported it, I never said all.
>If there is no "good" empire, then there is no "evil" empire. You cannot remove moral labels on only one side, yet leave them on the other
Trying to be an empire in itself is evil. Being the "least evil" empire is not something to be proud of.
>Yet I don't seem to recall post WWII US threatening to invade Canada, if we didn't pass copyright laws it likes.
Yet they have done basically that with Mexico and many other South American countries.
>. I don't recall the US capturing Iraq, and hauling off "undesirables* to concentration camps by the millions
Only thousands, while killing many many more.
>. I don't recall the US invading countries, and maintaining control after the fact -- for hundreds of years.
Literally all of America, Puerto Rico, and this ignores that setting up puppet governments and economic domination are also methods of empire building.
>Please stop! Please
No. I see your point of view as accepting the blatant propaganda taught to us our entire life. The US denigrated itself, and just tries to make people think it's noble.
Our first century of nonintervention was unquestionably based on the thought that entangling ourselves in European wars would drain us dry. Saying an element of that doesn't still remain is just incorrect, it is broadly the same idea as "Make America Great Again."
There is a vast difference between "drain america dry" and "stay out of the war to profiteer". Vast. Immense. The motives are entirely different.
I cannot continue this conversation, when you keep making these sorts of assertions. There's no common ground. Nothing we can realistically discuss, for, you aren't even discussing the same things when you reply.
Outside of all of this, bear in mind I'm a Canuck. No, I'm not all "rah-rah America', nor is my viewpoint skewed by propaganda. You guys drive me nuts at times. I frankly view your country as a brother, one I wish well for, yet often sit gobsmacked, and even sad, when you I see how my brother is behaving.
I think you're trying to discuss things, with the view that I'm going to respond to US political talking points. Or perhaps culture viewpoints.
Anyhow.
Have a good one. We're not going to agree here, so there's no point.
>There is a vast difference between "drain america dry" and "stay out of the war to profiteer". Vast. Immense. The motives are entirely different.
Besides the political reason stated for doing so, name one difference. Both involve profiting by staying out of the war, and using that money to further your own ambitions.
We are discussing the same things, you just label them differently than I and think that justifies them. Like claiming the US has never invaded and occupied a country for centuries, as if the First Nations somehow wouldn't count.
Everyone except the final payer (the government, indirectly the people) made profits. Same happens if the supplies and munitions were used instead of stolen. Many people profit along the way, and it is the same today.
Yes, but this does not refute what I said. The parent comment makes it appear as if the motive for staying out of the was was, easy profit. Clearly not so.
Of course you're right about all the stupid wars fought in my parents' lifetimes. It's also true that by the time WWII broke out, it was too late for USA to avoid it, so in a sense it was "justified". I don't find USA's actions in WWI to have been either justified or beneficial to humanity.
Wilson ran for reelection promising not to enter WWI. Upon winning, he immediately broke that promise. When USA entered the war, it had already ground to a stalemate after three years of carnage. The various warring parties had been open to a negotiated peace. As soon as American lives were on the line, France, Britain, and Italy discovered a determination to see the war to its bitter end, which took another 1.5 brutal years and millions more human lives.
Wilson claimed to prefer reconciliation to punishment of Germany, and initially during peace negotiations he reined in the worst French and British excesses. Then he got Spanish Flu, suffered severe mental decline, and functioned as a doormat for the remaining "negotiations". The French and British somehow concocted such draconian penalties that they created brutal fascist dictatorships not only in their enemy Germany but also in their ally Italy. Hitler's and Mussolini's empowerment, not to mention the transfer of Germany's Chinese colony to Japan, guaranteed a conflict like WWII.
To be fair the fracking thing is a last 5 years thing, until about 2-3 years ago the all in cost of fracking wasn't competitive with saudi arabia/iraq.
Almost nothing after WW2 was a reasonable war to be in. Not vietnam, probably not Korea, not Afghans, not Iraq, although I think the limited war in Gulf War 1 was fairly well reasoned.
I don't think this is surprising given globalism and the US. The countries got together and kinda said "hey, instead of having a bunch of armies why don't we just have one big army?" Thought being that countries with big militaries want to use them. So where to put that big military? Across an ocean and away from the first world. I mean that's essentially the super powers theory. It is of course a tricky cost benefit problem because the US spends more money on their military than other countries (and needs to to follow this line of reasoning) while other countries can use that money for other social programs. So that's a big cost. But a big benefit (or maybe a cost) is that the military industrial complex is extremely profitable and has helped the US economically. But of course this leads to the US being the neocolonial power. But we also act like the US is the only one in favor of many of the decisions it has made. The US is the biggest (Western) presence in the Middle East but far from the only.
It is a complex topic that for some reason we don't talk about much. I find the theory really interesting because hind sight we haven't had major wars like we did in the past. But clearly this leaves the US wanting to use its military (though that's the basis of the theory in the first place).
That's kind of nuts. If you want to compare it to the USA you would have to have some reasonable date like starting in 1900, the modern era of history. Things are so very different now than the 1800s but not terribly different than 1900s (as far as interaction and possibility of interaction between countries)
Folks inside the CIA knew that the yellow cake uranium was a lie and at best, did not make any of this knowledge public as the justification for war was coming together. That silence resulted in the loss of at least one hundred and fifty thousand human beings needlessly and a war that has lasted decades.
> the CIA knew that the yellow cake uranium was a lie and at best, did not make any of this knowledge public
?
Isn't that a bit of a... large jump?
Also, do/should intelligence agencies generally come out and make public announcements of intelligence at all? I mean, maybe you can argue they should do that (for the public good), but unless they already do this in similar situations (or are normally instructed to), to show they actually acted in bad faith is going to need a lot more than arguing they didn't explicitly go out of their way to do so.
> Moderate Confidence: Iraq does not yet have a nuclear weapon or sufficient material to make one but is likely to have a weapon by 2007 to 2009. (See INR alternative view, page 84).
> We cannot confirm whether Iraq succeeded in acquiring uranium ore and/or yellowcake from these sources. [...] Intelligence information on whether nuclear-related phosphate mining and/or processing has been reestablished is inconclusive, however.
(To be clear: none of this is to suggest I'm a fan of the entities involved...)
Not defending the cia, but the yellow cake thing was not a lie of commission (arguably a lie of omission): it was very much true in the strictest senses - hussein did have yellow cake and we did not know for sure where it was and he blocked inspectors that he was supposed to let in. but utterly overblown and misrepresented: yellow cake is not that dangerous by itself, hussein had stopped trying to enrich it - and we probably knew that - and it turned out to be exactly where it was last known to be to be under the UN inspections regime.
As they say, technically correct, the best kind of correct.
On the "I have witnessed the CIA justify those wars" comment we have started what 4 wars since Iraq? Every drone strike is justified with intelligence. I can find some YouTube clips later of CIA directors justifying war in Iraq, Afghanistan and Syria if you don't believe me.
> Also, do/should intelligence agencies generally come out and make public announcements of intelligence at all?
They did so pretty frequently during the Trump administration. Whistleblowers spoke up when someone came in claiming to want to end the war on terror, they didn't feel the need to do so in 2001 when that war was getting started.
>That silence resulted in the loss of at least one hundred and fifty thousand human beings needlessly
Just gonna point out that non-Americans are human beings as well, and millions have died - directly as a result of this silence.
The fact that Biden played a key part in enforcing this silence at various stages is particularly galling, and it's beyond fucked-up that he isn't held to account for it.
>Just gonna point out that non-Americans are human beings as well, and millions have died - directly as a result of this silence.
150k is the most conservative estimate I could find for Iraq. US and Iraqi deaths included. Some estimates are in the millions but I try to be as generous as possible to the other side of a argument I am making.
Iraq is not the only country where the Intelligence agencies were up to no good. But no, using American claims from sources linked to people justifying war about fatilities goes beyond being charitable.
>150k is the most conservative estimate I could find for Iraq.
It is the lowest I could find. It also has quite a list of criticisms attached to it.
The Iraq body count project counts more just from reported deaths alone.
I wouldn't be surprised if the ORB study showing in excess of 1.2 million is closest to the truth. especially since it ended in 2006 i think and it's not like people stopped dying since then.
The NIE that the CIA wrote up was declassified. It makes it very clear that they believe with "high confidence" (a very specific term in intelligence which means "we're pretty damn sure, normally enough to start a war over") that Iraq was continuing to make active progress on their nuclear weapons program and delivery systems in contrast to their UN sanctions.
There's been a bunch of opinions since then that they were actually just misrepresented, but their own words from 2002 speak for themselves, IMO.
Ah! It took me a while to get what's going on (I didn't know what INR was!), but I think I finally see what you're saying. I assume you're talking about page 9 [1]. For anyone else interested, here are the relevant quotes I can find:
> Iraq is continuing. and in some areas expanding, its chemical, biological, nuclear and missile programs contrary to UN resolutions.
> If left unchecked, [Iraq] probably will have a nuclear weapon during this decade. (See INR alternative view at the end of these Key Judgments.)
> [State/INR Alternative View] The activities we have detected do not, however, add up to a compelling case that Iraq is currently pursuing what INR would consider to be an integrated and comprehensive approach to acquire nuclear weapons. Iraq may be doing so, but INR considers the available evidence inadequate to support such a judgment.
So basically the CIA is saying:
- The INR (separate agency) doesn't believe this is enough to start a war over.
- The other agencies (presumably including CIA) do.
However, their justifications in the bullet points seem to rely on a fair bit of speculation about motivations behind things, not as much actual concrete evidence as you'd hope. Whereas the INR evaluated the same evidence and said they aren't confident enough in this yet.
OK, so I'm with you here so far. Now the question to me is: did the CIA really lie here, or did they (and other agencies) really fail at their job? If it was a lie, are we using that to mean a falsehood, or does it refer to omission of critical information that they were reasonably confident about? On the face of it, it looks like they really just failed spectacularly, not that there was malice per se, but I don't have more details. (Though I guess that means we should listen more to the INR in the future?)
I've come to a conclusion that, from the evolutionary standpoint, lying (and stealing) is one of the most important forms of the intelligent behavior. We see it in the animal world, so this unavoidably should be seen as such in the world of humans...
Surely no-one believes the CIA always behaves ethically. Especially after the post-9/11 kidnap, torture and murder rampage. Perhaps you meant a lot of people question if the CIA ever behaves ethically.
> If I had to wager I'd always bet on the CIA lying...
If an idea is reasonably feasible, I just assume someone, somewhere is already doing it.
The practical benefit is lowering my cognitive overhead, transaction costs.
Instead of guarding against every possible attack vector, I take basic precautionary measures, and then decide if any action is worth the risk, knowing full well it'll likely go terribly wrong.
So I always wear a mask, use a password wallet, drive just under the speed limit. Etc. It's habit, routine. Then when I step outside my personal safety bubble, it's an affirmative choice.
Well spies are professional liars. I guess it's just as hard for them to not bring their work to home (country) as it is for professional boxers not to keep practicing their job on their spouse.
Literally all China and Russia have to do is get a bot that acts like you and all discourse gets screwed. We're idiots but it's like clockwork and we always fall for it. The IRC is dumbest but most effective organization in the history of state craft.
Intelligence is as much about focusin and finding as it is about distraction and deception.
There's absolutely no morals or ethics at the means level. That's not a judgement. The fact is, the driver is the ends. Meet the objective by (nearly) any means necessary.
The CIA, NSA, etc. will - and have - say pretty much anything. That's their job. But why people liken them to some holy higher power is beyond me. Maybe it's a result of the IC's own disinformation? Ironic but fitting.
Because the entire goal is to promote skepticism about the USA while remaining as mum as possible on Russia and China. In the case of Russia, it’s not a secret that they try to disrupt and divide the states via internal conflicts so they can take over if we decline because of it. Here is just one example:
We also know that hundreds of thousands of foreign-sponsored accounts on Twitter, Reddit, Facebook, etc, have been banned over the years. (Please fact check by googling!)
Here's an example that in major parts contributed to a civil war going on to this day: The existence of a US military operation that manipulates social media trough sock-puppet accounts [0] was revealed around the same time Syrians were riled up to regime change trough.. social media [1].
Said social media presence kept announcing "Days of Rage" protests in Syria which initially no Syrian even showed up to.
These operations predate anything noteworthy Russia did on the same front, as most of that only started in the wake of the Ukraine revolution, which also saw plenty of blatant US interference [2]. Back then Russia was diplomatically very vocal about how unprecedented the foreign interference in Ukraine was.
What followed was St. Petersburg troll farms heavily targeting the US.
> We also know that hundreds of thousands of foreign-sponsored accounts on Twitter, Reddit, Facebook, etc, have been banned over the years. (Please fact check by googling!)
How many domestic sponsored accounts have been banned? Zero, which means that on US based social media these kind of outfits are fighting with a heavy home game advantage [3], yet in most of these places that never comes up, it's always "Look out for the Russian/Chinese propagandist!", just like you are doing here. Which usually ends up targeting skeptical people not wholeheartedly endorsing the "Good vs Evil" narrative and not any actual propagandists.
> How many domestic sponsored accounts have been banned?
The Smith–Mundt Act makes it illegal to distribute propaganda where it may be consumed by a primarily US audience.
Also from just a practical investment perspective, creating a bunch of sock puppets on Reddit to try and influence the opinion of Putin doesn't make sense. r/Russia for example only has 150k subscribers and most of the posts are in English.
You would need to ask WeChat, VK, Weibo, Douyin, and OK for transparency reports on how many state-sponsored accounts they have terminated.
> The Smith–Mundt Act makes it illegal to distribute propaganda where it may be consumed by a primarily US audience.
That hasn't been true for nearly a decade as the Smith-Mundt act was "modernized" in 2012 to allow for exactly that [0].
Even when it was in effect, I doubt anybody was seriously trying to abide by that. The closest thing to practically doing that would have been to completely skip on the English language, which I seriously doubt they did.
I put that denial into the very same camp as the NSA denying spying on American citizens: They say it because they are supposed to say that and admitting to it would put them in a world of trouble trough open admission of guilt.
> Also from just a practical investment perspective, creating a bunch of sock puppets on Reddit to try and influence the opinion of Putin doesn't make sense.
It makes a lot of sense, not just to manufacture consent, but also trough the fact how the US is the literally largest culture exporter on the planet. US social media isn't just populated by Americans: Facebook, Reddit, Twitter and whatnot are by now overwhelmingly used by international audiences.
Sure, there are countries that try to ban these platforms, but that doesn't stop the USG from still trying to get something going [1]
> You would need to ask WeChat, VK, Weibo, Douyin, and OK for transparency reports on how many state-sponsored accounts they have terminated.
But none of these are in any way widely used outside of their respective countries, their very limited reach and lack of language diversity, makes them inherently inferior to the globally dominating US social media platforms.
Yet that's where the "opinion wars" are won, where the international Overton window is defined: On the global stage, not on comparatively obscure domestic platforms.
That is not at all what the modernization act did. It allows Voice of America and other clearly government owned media outlets to also broadcast in the United States. Independent fact checkers agree [0].
The "opinion wars" in the US are won on what you consider to be the dominant social media networks. Again, if you want to convince a bunch of people to overthrow Putin, those daily active users are on VK - not Facebook.
But you literally can't use a lack of evidence of US influence on US social networks as proof that it is happening. Your second link plainly states that the US created an entirely new social network to try and influence Cuba, they didn't do it on Instagram. Hold yourself to a higher standard.
They agree on a very different question. Even if we want to reframe it as an allegedly completely harmless "VoA can now broadcast to Americans!", the embezzles the fact that outlets like VoA/Radio Liberty&co. are very much the US equivalent to a Russia Today.
With the difference how their US versions have been broadcasting globally, completely unopposed, for literally decades. Yet whenever RT is linked anywhere it doesn't take long for somebody to go "That's Russia bad/propaganda/all lies!", usually derailing the discussion from the actual topic.
> Again, if you want to convince a bunch of people to overthrow Putin, those daily active users are on VK - not Facebook.
You also want to dampen any criticism, propaganda is not just a game of offense, it's also one of defense [0]
That's where it's really helpful to have more than just two eyes, like Five Eyes [1]
> Your second link plainly states that the US created an entirely new social network to try and influence Cuba, they didn't do it on Instagram.
Cuba actively blocks Internet traffic when it's convenient to them [2], Instagram can't sidestep that, SMS can [3], it can even reach people that still only have dumb phones, something quite relevant back in 2012.
Meanwhile all you people stoking nationalist fervor keep the global population of generally-well-meaning humans divided and hating each other instead of uniting into a whole that demands a better life for everyone. Please stop.
Russia has been pretty damn effective at this. (I took note of this when moderating r/europe on reddit when things started churning in ukraine)
China on the other hand not so much.
I might go trough the effort of finding them again but someone here shared some American studies that showed china initially didn't really have such a presence of bots and the like on twitter, fb, etc like Russia at that point (i think around 2016 or 2017) but there were notable networks of bots targeting chinese people with anti china stuff.
A second study showed that i think 3 years later China had also gotten into this but that it was comparatively small scale and notably incompetent.
It's pretty easy to spot Russian/Chinese trolls on facebook. I've seen tons of it on conservative news feeds. Just find a ridiculous statement and trace back to the source. Usually they have public facing feeds to maximize propaganda and it's so blatantly obvious it usually makes me giggle.
They are just as blatant on liberal news feeds but don’t seem blatant to liberals just like the blatant ones on conservative feeds don’t seem blatant to conservatives.
>But when someone accuses the US we never add any salt. Not that I don’t think it’s false, it’s just that the lack of consistent skepticism is interesting.
This thread also isn't full of calls for sanctions against the US or talk of overthrowing the government.
I don't actually doubt many of the reports claiming North Korea or whoever were behind some attack, I know they are likely engaging in such activities. I just don't think the evidence is convincing enough to use as a casus belli or similar reason to take our own malicious actions. I would take a similar stance with this CIA malware, but nobody here is calling for punishment based on it.
There's a difference between Microsoft or Google or Symantec coming out and saying 'this was NK malware' and the CIA or NSA or FBI saying 'this was NK malware' - people would be more inclined to believe the former rather then the later, even though we would still have to imagine that it's possible they are saying this because of CIA/FBI/NSA influence.
Likewise, Kaspersky is more believable than if the FSB came out with this story, even if we must be cautious that it could be an FSB story.
It's human nature to give things that fit your preconceived notions and biases the benefit of the doubt over those that don't, even when you're aware of this effect. The best we can do is try to be cognizant of it and be really self-critical about our knee-jerk reactions.
Assuming it was said by someone fin the USA, there's also utility in this framing. Remaining critical of your own government is pretty healthy for a democracy.
The Broadcom link in the posted tweet records [some of?] their reasoning. Things like very North America specific strings, activity happening M-F for certain things (compilation, etc), capability (access to zero days implying deep pockets to buy said zero days), and breadth of target, etc.
That said - it ABSOLUTELY BOGGLES MY MIND that, if these are not leaked, but rather recovered from attempted attacks, how are _any_ valid timestamps and strings not randomized as part of the build process!? I'm not saying it refutes or confirms, I'm just wondering - how difficult is it to read an ELF | PE and remove / change those things, and if it's as easy as I'm thinking, why would you not do so? Or replace with preprocessor directives that you could setup to random values for production builds to use strings and timestamps that indicate some other entity? All of this seems straightforward to me, like, could do via shell scripting or python. Is there a valid reason to leave this stuff in? Are we seeing some low priority work that the TLA wants to leak to show that they're out there and capable?
> Or replace with preprocessor directives that you could setup to random values for production builds to use strings and timestamps that indicate some other entity?
They do, except they're not random. Check out the CIA Vault 7 leaks from a few years ago. They purposefully leave trails that point to other countries including using foreign languages for variable names/comments.
> “[D]esigned to allow for flexible and easy-to-use obfuscation” as “string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop.”
> The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, — but there are other possibilities, such as hiding fake error messages.
Ah OK good, thanks for the link. Right, this seems like something _I_ could probably handle with a weekend or two's worth of research (meaning it's pretty simple because I'm no hacker).
And Broadcom _does_ note that they associate with Vault7 group via the whole picture, but it's weird they present the strings and dates data without noting that it would be trivial to fake, and don't give any specificity to the other data points.
I guess for this type of work the only thing you _really_ have is the code's intent, if you can figure that out.
Seems reasonable to assume that a government saying "it wasn't us" or "it was them" is a heavily politically-motivated statement, not a strictly technical one. Regardless of it being accurate or not - there are reasons to keep quiet even if there's conclusive proof.
This is a case of a third party saying "we think it was probably X". You can't rule out other motivations here either, but there's a fair bit more room for it to be less politically motivated.
The existence of their insane levels of funding and well known history of coups, lies, dirty tricks, and mass murder makes it extremely easy to believe US intelligence is capable of deploying computer bullshit lol. Of course, if there is credible evidence exhonorating them we can look at that.
Until a few years ago, I was skeptical that North Korea had the technical expertise to pull off some of the hacking that was being attributed to them. In the past 5+ years, however, it's become increasingly clear that they have a well funded and dedicated team of competent hackers.
The NSA and CIA, on the hand, are always assumed to have some of the best hackers in the world. So when I read that some huge exploit with multiple complex 0-days chained together has been discovered, and it's being attributed to the USA and/or Israel, I usually assume that's true because very few other countries have the ability to pull it off.
North Korean cyber capabilities were likely heavily thwarted for a long time by the fact that the United States could observe all the traffic entering and exiting the country.
As a result they operate units completely overseas. North Korean students launch attacks from Indian Universities. They have networks of individuals that spend all day cashing out ATMs in Malta. The Chilbosan Hotel in Shenyang, China is a front used by the RGB as a forward base for cyber operations.
Given the public image of North Korea is one of a time capsule from the 60s I think it's more a case that the North Korean effort is considered inadequate or incapable, whilst the US TLAs have virtually limitless resources.
> Not that I don’t think it’s false, it’s just that the lack of consistent skepticism is interesting.
It's not genuine skepticism. It's people on social media wanting Internet points for pointing something out. It's devil's advocates and "well akshully..." people just saying something to make a point. People don't do it on CIA stories because it's not honest skepticism in the first place. It's not fun when the sarcastic and cynical responses make you even more jaded about your own country.
Likewise, Kaspersky always seems to ferret out CIA activities quite frequently; but never seems to get the same kind of discoveries on his own countries hacking exploits and activities.
I mean is this unexpected or even being argued here? This is the same case regardless of home country. Of course they would focus on CIA or NSA exploits
I'm sure the intended purpose is to vent frustrations, but maybe also to make aware those who've turned their eye from the US's terrible tyrannical and oppressive nature at home and abroad in favor of tribal political trivialities.
It's not an incorrect statement either. I'd put the US up there with China, Russia, Big Tech, and the UN for forces of evil in the world right now.
Yes, subjective. But here's my belief and how I believe it applies.
I believe evil is the abandonment of reason in any way. Instigation of force or coercion is an un-reason-able act no matter whether done by an individual or group of people.
Currently the US is engaged in numerous instigative forceful and coercive acts.
Further, much of what the US does would not be possible without people abandoning their own reasoning for the fallacy of authority. Here I do not mean appealing to authority, but instead `following orders` without consideration to one's own responsibility to also not instigate force/violence/coercion.
We could go down the path listing instigative acts of the US, but I believe most reasonable people know that the US is engaged in a number of these acts and would prefer it wasn't.
The people who define it differently than you also use reason -- just a different line of reasoning. This is the entire issue with the phrase to begin with, there's no universal definition of what it means. It assumes a shared value system.
Almost everyone who fights anyone else believes that they are right and has a reason for it.
> This is the entire issue with the phrase to begin with, there's no universal definition of what it means. It assumes a shared value system.
True it's not precise language and maybe could have been better, but I think that would require a much larger post. Still I agree with it based on my value system.
> Almost everyone who fights anyone else believes that they are right and has a reason for it.
Sure, but at least my value system will have me not only not instigating a fight, but actively avoiding people that do.
For clarity, I _never_ attempt to avoid a well reasoned argument. You've made good points, and I thank you for doing so. :)
So, Vichy France? This is the type of stance that only makes sense in a world with no evil in it; do you believe that the US was wrong to fight the Nazis in the 1940s, for instance?
Vichy France was an ally of Nazi Germany that was betrayed.
>do you believe that the US was wrong to fight the Nazis in the 1940s
I did not say we should never fight, just not instigate. If not questioning the official narrative, it takes little effort to see that the US entered into WW2 defensively.
> On December 8, 1941, the United States Congress declared war (Pub.L. 77–328, 55 Stat. 795) on the Empire of Japan in response to that country's surprise attack on Pearl Harbor the prior day.
On 11 December 1941, four days after the Japanese attack on Pearl Harbor and the United States declaration of war against the Japanese Empire, Nazi Germany declared war against the United States,
Admittedly I don't believe the official narrative, and I also advocate for intellectual self defense.
For example, the US entered into WW1 after instigating the sinking of the lusitania.
> whether or not the passenger ship Lusitania was carrying munitions and therefore a legitimate target when it was sunk by a German submarine in May 1915 – has been solved in the affirmative by newly released government papers.
Not rar-rar we did the right thing in preemptively striking against `evil`.
I didn't want the US to enter Iraq to take out terrorists (that were never proven associated to Sadam), I didn't want the US to enter Libya to overthrow a ruler that wouldn't obey world trade systems rules, I didn't want the US to intervene in the Syrian civil war, and I don't want the US doing regime change in Belarus right now. https://congressionaldish.com/cd229-target-belarus/
I think this strays from the original topic but why do you believe that? What makes you think the US is more evil then say, North Korea, China, or Russia?
There are several criteria by which one might say that, and I'll offer one example. The evil done by Russians, Chinese, and Koreans has mostly been done to other Russians, Chinese, and Koreans. (There are exceptions, e.g. China's treatment of Vietnam, but that rather underscores the point I'm making.) USA, on the other hand, in addition to its centuries-long record of brutal colonialism and racial apartheid in North America, has a similar record of brutality throughout Latin America, Southeast Asia, the Middle East, and Africa. It would not be irrational to consider the global export of violence to be worse than its domestic use.
The last round of skeptics were skeptical of Russian hacking, and were shouted down for asking for more evidence then "experts agreed". They're either still around lurking or have just moved on. No one wants to post just to get down voted or shadow banned.
One reason would be the capability. There's no doubt that there are US citizens able to produce complex software including malware. Same could be said about China or Russia. But when it comes to North Korea, I really have doubts about their IT competence. Sure, they probably have some good programmers able to create ordinary IT systems. But working on edge of current technologies - that's what I have my doubts about.
Well, by comparison, Iran is very competent at cyber but they keep getting their uranium centrifuges hacked. North Korea, on the other hand, already didn't get hacked, and built the bomb.
They have a lot less money than South Korea, and their political system is...what it is...but I don't see any reason a North Korean can't study just as hard as a South Korean and achieve similar results.
I think people confuse North Korea's suffering with weakness. I'll grant that there is a lot of hunger, but the mission from the beginning, of the guerrilla fighters who now run the country, was sovereignty at all costs. And I'd say purely in terms of sovereignty North Korea is doing remarkably well.
Iranian getting their centrifuges hacked probably has to do more with geography than cyber. Israel is a powerful ally. I would compare South Korea more to a US protected country than to an ally. Given the dynamics with China, the Asian region is "less controllable" than Persia.
Their biggest trading partner uses them as an attack dog to do the things they don't want to be directly associated with. It isn't unreasonable that it was given to them.
* CIA malware is discovered by a (Russian) Security company and they release a report about it.
* CIA malware discovered a year or more ago by a (Russian) security company and they tell the CIA about it and the CIA asks them to wait 1y+ to release the report, and they obliged.
I think they're suggesting that a Russian security service (FSB?) might have asked Kaspersky to sit on it until the time was right. I don't think they were referring to the CIA, since yeah, that wouldn't make much sense.
Occam's razor hardly ever applies to stuff like this (news in the intelligence space) because deception is the whole game. A tendency to believe simpler explanations is something they exploit.
I think Occam's razor is often misapplied in this way. It's for explaining natural phenomena, not for surmising the intent of an intelligent entity with an incentive to deceive.
The difference is that there is no new informational knowledge coming out from the East Europe affair. It's just matching expulsion numbers, but none of the parties (or the general public) learned anything new (as with this disclosure).
Now compare it to how fast US intelligence analysts are. They may conclude who is behind attack in a matter of days. (For example, recent solarwinds attack)
Using inductive reasoning, they're probably still deploying first-stage malware en mass that activates under certain network conditions. Truly scary stuff.
We're lucky that we can still catch some of them now. The current status of closed CPUs running proprietary firmware talking with closed chipsets running proprietary firmware blobs would make trivially easy to move the malware injection to the iron level for agencies funded by governments. Once they accomplish it, detecting their spyware using software, at any privilege level, will become impossible.
I fear the scenario in which magic packets with a signature that turns off detection in network hardware (proprietary firmware) and interfaces (again, proprietary firmware) can directly instruct a system (proprietary firmware) unbeknownst to the user; it seems impossible today, however all it takes is having enough closed software and firmware so that a covert channel can be created from the CPU to the external world. Governments have enough funds and motivation to tell most network iron manufacturers to produce hardware according to some additional specifications.
It's not impossible but it's complicated and the more complicated the harder to it is to keep secret. It's easier to just amass exploits for use when needed.
right, that's why there is no need for all the elaborate schemes proposed by the shameful Bloomberg "Big Hack" conspiracy. Doing so would be a) stupid and b) cost a bomb.
for plausible deniability and to be able to reuse the same attack vector over and over, it's cheaper to just intercept shipments and install/modify what they need:
Sorry for being a bit late for the reply, however just suppose that enough resources are used to "convince" hardware manufacturers to add a small code change to their firmware such as "if a packet contains this exact magic word, don't count it and pass it on along with the payload, and possibly send a copy to this other address, again without counting it" where "counting" means also not signaling it is going through the hardware: no management interface would see it, and LEDs on network hardware panels wouldnt even blink.
In other words, to actually see that packet one would have to be on the other side.
Admittedly it's absurdly complicated to do that at global level, but let's say someone in the right place manages to do that, the next level would be doing the same at iron level on computers, so that each subsystem can talk with others and the external world without administration tools noticing, because it's all done through a covert channel set up by closed software. That would be the perfect weapon to build pervasive surveillance that no security software at any privilege level, not even debuggers, would detect.
The only way to find something fishy is going on would be to sniff inter-chip communications locally and set digital analyzers on network cables with appropriate software. Network analyzers could fail if they use the same network chipsets, as would do a normal packet monitor.
Two weeks ago, the NSA accused the Russian SVR (intelligence agency) of exploiting vulnerabilities in US networks and suggesting that they were behind the SolarWinds compromise[1].
Now, Kaspersky (which is suspected to be affiliated with Russian intelligence - possibly unwillingly) claims to have found CIA malware (effectively "burning" it, if it's real).
The timing does not seem to be a coincidence. Tit-for-tat?
The Bloomberg articles are definitely the closest I've seen coming to substantive evidence, that is for sure.
I do, however, think that there is a big difference between being "affiliated with Russian intelligence" and providing an anti-DDOS service to the FSB, which is what this article is discussing, and really all it gives evidence for. Kapersky also provided services to the US intelligence services, I don't think it would be described as "affiliated with American intelligence."
Have you ever been in a wildly corrupt and centralised country? That frame of reference changes everything about what you just said - ie there are no “FSB contractors” that could possibly be independent under an authoritarian frame of reference.
This is not compelling evidence - the contractor had the "upload suspicious files" flag on and it uploaded flagged malware - this is consistent with pretty much every AV I've ever heard of and not evidence of a "Russian plot."
I would like to point out that a russian security company almost certainly has ties with the russian government. Particularly a very large, well respected one. It would be like accusing oracle or amazon of having ties with the US government.
This is a very good point, and stands in stark contrast with no management or employees of FireEye or CrowdStrike ever being associated with FVEY intelligence services.
Nope, it's ONLY the evil Russians. The naïveté of non-Westerners is sometimes astonishing.
> the malware samples appear to have been compiled seven years ago, in 2014
So it was possible then to analyze the metadata of the files and determine when the malware was made/compiled? That seems like bad OPSEC. If I was CIA I would be rigorous in modifying and faking when certain files were last modified or created, and possibly stripping other damaging metadata (if it's incriminating enough). This is basic metadata hygiene employed by journalists, whistleblowers etc
Often it's a massive team with people of very varied programming skills. The core exploit might be some super high tech, hand coded in assembly rootkit, but then the remote control stuff might ends up being some badly written powershell script or multi-megabyte dot-net, java or python binary pulling in every library under the sun.
There's a fantastic example of this from fall of 2019. China was using an iPhone 0day which was extremely complicated to do internal surveillance, and the C2 for it was happening over http.
It seems like this is simply the approach of any coder who's just trying to get X done without worrying about maintaining stuff. Academic code is often "crap" and it's written by smart people but smart people only concerned about getting the algorithm implemented.
Which is say to say, no one yet come up with an approach that combines "fast to write, fast to run, and easy to maintain".
I always wonder. The CIA/NSA must essentially target the big Amazon, google and microsoft clouds to get blanket access to everything running and stored there. Seems like a no brainer from their standpoint.
I’d say the likelihood of an American Big Tech without CIA covert operatives working there is essentially zero, even if there’s no direct cooperation. It doesn’t make sense to not utilize some of your most valuable assets.
Back in the 70s to 90s the CIA had presidents of Mexico as operatives (see LITEMPO). So, I wouldn't be surprised that nowadays some high level people at Google, Microsoft, etc are CIA assets.
From another point of view, we can see American Big Tech and CIA (and some other agencies) as the two faces of a same coin : america leadership, as usa are raising their power from economical and cultural supremacy over other country. I may have a blurry foreigner (french) view on your country, but I really see this intrication as real and substential as it was in URSS. In a much robust way, of course, making your country so powerfull.
Yes. Although with Google and other tech giants, they have good security, but really bad privacy. So there is little chance of your Google searches being leaked onto some shady darkweb forum, but a better chance it is being leaked to NSA etc. Also haven't you heard about NSLs[0] & Prism[1]?
It should noted that they can also assign agents to work at these firms or recruit existing employees, so they have a broad pallet to deal with. And a given person working for the secret agencies might not have to do more than turn a blind eye to something once in a while.
However, these large firms have enterprise-wide security and too many people would notice the vacuuming of data for this to be done by single agents. So that would require secret court order and secret laws, as we know existed a few years ago.
So no doubt you have some level of secret agency access but exactly how much is difficult to say. Remember these are companies operating globally and it's in their interests to not be seen as mere extension of US intelligence and foreign policy but at the same time these agencies can very persuasive, etc. etc.
The other part was "Do what we tell you, or you'll be Joe Nacchioed"
In a 2013 interview, Marissa Meyer made it abundantly clear this is why Yahoo "voluntarily" joined PRISM. One can assume the rest were similarly influenced.
I may have missed it in the article, but as a sysadmin, i’m trying to figure out what I should do. It appears the CIA has created malware. I assume, if they have exploited some hole, others will too.
While I appreciate the heads up, Can anyone offer suggestions on how to mitigate this malware? What do I do? Do I have to rely on Kaspersky?
Almost all government created malware uses 0days that they've kept back or held back from public disclosure, so there's nothing really you can do (aside from waiting for disclosure). That's the point of a CIA hack isn't it?
If there's something you can do, then they've failed at their job, and it's time for hiring the next batch of developers (yes these are developers with a paid day job - to make malware for the CIA).
In university, most computer science or computer engineering students had to make a choice whether to work for the country's security agencies and/or the military industries (via internships, being recruited, or just plain applying to government/pentagon/fbi/cia/nsa/csis jobs, etc), and that's their choice to make.
From the government's point of view, it's no different than recruiting soldiers for the Army/Navy/Marines. If they couldn't train you to their standards for basic fitness and basic shooting skills, they've failed and you'd probably wash out from infantry school.
The other thing you could do is to contribute to initiatives that do specific research into looking for vulnerabilities. It's no guarantee that you'll find the same vulnerabilities that the CIA is exploiting though, or you might find entirely other ones that they've been using for other exploits.
The only thing you can truly do is look for anomalies in network traffic, processes, files, etc. This malware is not immune to that unless it has features specifically to hide from monitoring tools.
Even then there will almost always be evidence if you log network traffic. But obviously this is very difficult.
> Even then there will almost always be evidence if you log network traffic.
You'd need to know what to look for though. It was shown that the CIA can hide its communication in metadata of legitimate traffic which is then recovered at intermediate hops to the target. So, do you know precisely what an innocent DNS packet looks like to detect this anomaly?
>do you know precisely what an innocent DNS packet looks like to detect this anomaly
Wouldn't an abnormal amount of DNS data also stand out? I assume for this to work they'd still have to send a lot of data unless they're willing to wait for half an eternity.
Just curious, since I hadn't heard of this before.
If you want to be protected from the US made malware you do not go to US antimalware vendor. If you want to be protected against Russian malware you do not get antimalware from Russia.
> Kaspersky said that while it has not seen any of these samples in the wild, they believe Purple Lambert samples “were likely deployed in 2014 and possibly as late as 2015.”
You don’t do anything because you are not the target. It’s never been seen in the wild.
Rather than try to protect yourself from this, I personally would just live in a constant state of fear and paranoia. Maybe join a social group who can help you through it, like the Targeted Individuals club?
I always wonder where EU fits into the malware scene. We already know which countries have these kind of espionage tools: US, Russia, China, North Korea, Israel.
So is EU really that ethical to not engage in these kinds of moves? Or they are smart enough not to get discovered? Or somebody here will point out that I'm just not up to date?
Europe's malware industry has mostly been legalised in the name of fighting (narco)terrorists and pedos:
E.g. on this "legalized" end of the spectrum Netherlands, Italy, UK, Germany, Switzerland, France, all have _very_ active companies and strong talent pool for offsec skills and what is "legal malware" (Bundestrojaner varieties like Mini/Mega-Panzer, etc).
ETSI in France works hard so that the term "malware" doesn't even enter language (instead it's middleboxes like eTLS or standards covering the framework of Lawful Interception). The countries listed have strong relation between offsec vendors and consultants and the IC. E.g. Kudelski Security in Geneve prides itself on breaking phones, supplying tooling and a lab to Europol. HackingTeam, Gamma International, EncroChat, Sky ECC, Vupen, ... = all European.
The EU countries which have (some) talent but lack the jobs are often "painted as corrupt" backwaters where "everyone is a criminal[1]", usually cover the rest.
>"While an initial analysis did not find any shared code with any previously-known malware samples, Kaspersky has recently re-analyzed the files and said it found that “the samples have intersections of coding patterns, style and techniques that have been seen in various Lambert families.”
To the writers of these things:
In the future, would you kindly NOT name your malware after terms in Physics:
So, to summarize, according to Kaspersky, the West creates malware, and according to Mandiant, North Korea and Russia create malware. What a great discovery !!
American software has been under "boycott" since PRISM - it's kinda getting old. Additionally I feel that people are bit tired of USA's evilness and the results of it are not so apparent but we hear of chinese protesters disappearing every week.
Is there any reason to believe that unsupervised hidden criminals in the public employ have ever done anything to decrease or ameliorate "jealousy and suspicion"? To the contrary, one finds they have inspired massive amounts of both.
Not sure it's really meaningful to simply say they're a "Russian company". More specifically, they're a company that has been accused of cooperating with the FSB in attacks against the US government.
Role reversal: If a US antivirus company's heuristic and file analysis uploaded a trove of russian zero-day exploits they are using against their adversaries, you better damn well believe they're going to hand that over to the CIA/NSA and the CIA/NSA may weaponize them against our adversaries.
When it comes to US crafted malware, I trust the Russians in detecting it and telling the world more than I would any US-based company.
Or: "they're a company that has been accused without evidence of cooperating with the FSB in attacks against the US government by US entities aligned to the US-based actors that they have exposed".
That isn't true. This "without evidence" shit is rather silly when it comes to top-secret sources and methods. Blow decades of work and risk getting people killed to Prove that an ex-KGB officer helps an authoritative regime thats known to poison its enemies. People said the same shit about Huawei, then all the KPN shit.
The problem with that is that those agencies also lie all the time. You can't have your cake and eat it too with a just trust us attitude and also make stuff up when it's convenient.
"We'll know our disinformation program is complete when everything the American public believes is false." - William J. Casey, former CIA Director
That said, I think the safest default assumption is both that any large national intelligence agency lies all the time, and also that any entity that a national intelligence agency has the means and motive to compromise is probably compromised. So Kaspersky is probably an FSB asset (but so too is Amazon a CIA/NSA asset) but the CIA is probably lying 99% of the time too.
You're talking about an entity with the ability to fake any evidence that they would be able to provide you. So no matter what "evidence" they provide you would still need to make a choice to believe them.
I find it interesting that this and a few other investigations have been released around times of great geopolitical tensions related to Russia. I think there are legitimate questions as to how/where this activity was observed and what led them to investigate it.
Personally, I don't know how closely they coordinate with Russian intelligence services, but some of the samples they get and the background/context they get can only be obtained if you are very close to the investigation. The way they phrase things like "we found this in a multi-engine scanner" raise the hair on the back of my neck, since I work in malware analysis and you don't just run across these types of samples by chance. They are either doing IR for organizations that were targeted (which you would just mention), or they are getting tipped off on where to look.
Whether or not this is intentional, or just happens to be a coincidence, it is something to be aware of.
Examples of suspicious timing: Flame paper released while there were massive protests in Russia around 2012, Regin/Equation Group/Duqu 2.0 paper released during Ukranian invasion circa 2014/15, and now this paper also released while tensions in Ukraine are ramping up and after the fallout from the SolarWinds stuff.
I think it would be less suspicious if places like Sputnik (a known propaganda arm of Russia) didn't immediately start pushing a specific narrative when Kaspersky has these malware releases.
I think you make a valid point here - there are not a lot of companies willing to expose something like this. Even less so second time around.
[meta] I would REALLY love for people down-voting something
to explain why they do this. Maybe as HN feature for the first 200 downvotes, you have to reply to the post or upvote one below that explains it...
Dude, it is well known that US is the single most powerful cyber warfare practitioner. They even had a few very successful operations in Iran and may be in China and Russia (you can guarantee that those countries won't disclose the incidents).
TBH, one should be happy that US possess such power. US might be biased, but the country is at least rational.
> Dude, it is well known that US is the single most powerful cyber warfare practitioner. They even had a few very successful operations in Iran and may be in China and Russia (you can guarantee that those countries won't disclose the incidents).
I don't follow that logic:
>
>1: The US is the single most powerful cyber warfare practitioner
>
>2: Successful operations in Iran, China and Russia
>
>3: But those countries won't disclose such incidents
About eighty years ago, the US assembled the top minds of nuclear physics, and the US military knew the potential of creating a weapon out of physics, then BOMB. Now the situation is the same, it's reasonable to think the US is the most advanced nation in cyber weaponary.
Things were different in the era immediately after WW2 and now. Power and wealth is distributed amongst more countries now. The US cannot do much with the Taiwan situation for example.
Recorded Future = CIA? Solely based on them taking money from IQT?
IQT funds a ton of different companies, it doesn't make them fronts for the CIA. Cloudera, FireEye and a ton of others have taken money from IQT, it doesn't make them propaganda.
>Cloudera, FireEye and a ton of others have taken money from IQT, it doesn't make them propaganda.
Though I won't say for sure that Recorded Future is CIA propaganda, there are obvious reasons why the CIA would fund a software development or computer security company besides propaganda. For what other reason would they fund a media company?
Recorded Future isn't a media company... They are a threat intel/osint/reporting platform.
TheRecord is essentially their blog/news site, just like ThreatPost is Kasperskys blog/news site. Just like I wouldn't consider Kaspersky a media company, just like I wouldn't consider Recorded Future to be a media company.
Why would I trust politicized Russian company about such thing? Few years ago it had a scandall where it was discovered that their own tools were injected with spi malware.
https://careers.kaspersky.com/
Your comment makes no sense. If it were russian malware it would be outed by counterparts in a second. Still ZERO evidence, just FUD. I would also prefer to have FSB malware, just because their power is limited.
Well they have been outed as working with the FSB. You know it randomly uploads files to be analyzed and those files have been found in the poccession of the FSB right?
The fact that they can determine all this from some binary is amazing. Security researchers really are techno-archaeologists.