Using their extraordinary resources to educate industry and peers to improve the state of the art should be a main operating procedure for a gov funded security organization.
I think the NSA is also behind the EDP Audit, Control and Security Newsletter. I was once invited to contribute a paper but had to cancel because I get a little loopy sometimes.
There is the CIA World Fact Book. The CIA also has an online library that I haven't really looked into other than that someone posted a link to some advice for intelligence analysts, on the general topic of avoiding personal bias.
entertainmentliason@ucia.gov will send you real spy stories that you may Feed The Monster, that is, write movie or TV scripts.
Both the CIA and NSA have "For Kids" sections for those of our younguns who want to grow up to be spies.
One of my very best friends is an FBI agent. A former girlfriend endangered national security by listing her work address on our alumni website; she's heavily into math and there aren't many reasons one receives mail at Ft. Meade. That's what post office boxen are for.
My second cousin Glenn Thobe speaks better Russian than Vladimir Lenin. Because he had "some connections in the State Department" he was permitted an unescorted five-month visit to the Soviet Union at a time when the Commies feared the Free World far, far more than we feared them - and for good reason.
Glenn is a soft-spoken, quiet, good-looking guy, he was young at the time so I expect the Soviet chicks were hurling themselves at him like beached whales.
He is also a physicist and an electrical engineer. If you want to win a Cold War when it suddenly grows Hot, you want lots of Physicists and Electrical Engineer but then Uncle Sam launches an Intercontinental Ballistic Vegetarian who doesn't even have a driver's license because he prefers public transport.
There are several other contractors that were involved in the creation of the Puppet modules but those are the top two contributors probably. In fact, I'm pretty sure I was asked to contribute the Puppet module I hacked a year ago or so to the project but with a casual search I didn't see any commit by myself.
I had no idea that NSA had anything to do with this project is the thing. I just thought it was a project to standardize deployments of projects for DoD IC systems using modern configuration management tools, specifically Puppet.
The technology transfer project is fun. If you read the document from March 2015, they released a list of patents which can be licensed and used by US gov and companies.
Or... by a large number of countries for free, where the US patents do not apply.
That's a huge amount of repositories. I've been reading through the descriptions of a few and so far it's hard to gauge what this thing is in its entirety (or maybe I'm just too tired).
After working with their OWF I'm skeptical that this will be anything better than commercial but I'll keep an open mind and continue looking through docs. If anyone has a better summarization that would also be helpful (because apparently I haven't figured it out yet).
Aims to avoid duplication of effort for govt agencies.
The US National Security Agency has offered up one of its cyber security tools for government departments and the private sector to use freely to help counter threats and raise their security posture.
The systems integrity management platform - SIMP - was released to the code repository GitHub over the weekend.
SIMP helps to keep networked systems compliant with security standards, the NSA said, and should form part of a layered, "defence-in-depth" approach to information security.
NSA said it released the tool to avoid duplication after US government departments and other groups tried to replicate the product in order to meet compliance requirements set by US Defence and intelligence bodies.
"By releasing SIMP, the agency seeks to reduce duplication of effort and promote greater collaboration within the community: the wheel would not have to be reinvented for every organisation," the NSA said in a release.
Currently Red Hat Enterprise Linux versions 6.6 and 7.1 and CentOS versions 6.6 and 7.1-1503-01 are the only supported operating systems for SIMP.
The NSA, which has in recent years faced heat over its mass surveillance and bulk data collection activities as exposed by former contractor Edward Snowden, has increased its efforts to share its technology in recent months.
It recently debuted its 'technology transfer' program, which aims to further the development of new capabilities and technologies within both government and the private sector.
The program allows the NSA to offer internally-developed technology to industry and researchers. It has so far opened up a range of products in eight categories spanning networking, optics, processing, security, and microelectronics, among others [pdf].
Director of the program, Linda Burger, said the open source method of "transferring technology from the federal laboratory to the marketplace is extremely efficient".
“The open source community can leverage the work that NSA has produced, and the government can benefit from that community’s expertise and perspective. It’s a win for everyone – and for the nation itself," she said in a statement.
Despite the secrecy of its intelligence gathering work, the NSA has a history of producing and publishing security-related work, and holds annual competitions that seek to find the best cybersecurity papers.
The spy agency’s trusted systems research group has also produced a hardened, mandatory access control architecture called Security Enhanced Linux that has found its way into several distributions, as well as Google’s Android mobile operating system, FreeBSD, and Oracle’s Solaris.
> produced a hardened, mandatory access control architecture called Security Enhanced Linux
Selinux was published ~17 years ago. They're really trying with the PR, but it would be easier if they actually continued contributions comparable to their budget...
I applied for the US Air Force Cyber Command in 2008. While there is no way I could get a clearance I hoped to work in a purely defensive position.
At the time every branch of the military wanted its own computer security force; eventually they were unified under the Joint Forces Cyber Command, which is under the Stategic Command (STRATCOM); the Strategic Command is the joint successor to the Strategic Air Command.
(The military is heavily into the word "Joint". I cannot possibly speculate as to why.)
Each branch has its own force, MARFORCYBER for the Marines and so on.
They are all based in Ft. Meade however Ft. Meade really isn't that big. I expect they just use Ft. Meade to receive snail mail, but if you look up its Zip Code at http://www.usps.com/ in bright red text the resulting page says "The Postal Service does not deliver mail to Ft. Meade" but then provides the Zip Code.
(At least it did last time I checked.)
Also at Ft. Meade and open to the public is the National Cryptological Museum. You can see stuff like a U-2 and a real Enigma machine there.
I watched some recruiting videos when I applied to the USAF Cyber Command; one of pointed out that cell phones are not permitted in secure areas because they have a maintenance mode that enables The Phone Company to listen in without your knowledge. Have A Nice Day.
> (The military is heavily into the word "Joint". I cannot possibly speculate as to why.)
Joint refers to a multibranch organization. The Joint Forces Cyber Command, for example, doesn't belong to a specific branch, but employs multiple branches. The commander can be Air, Army, Navy, or Marine. When any two branches work together it becomes joint.
I do understand that the Marine Corps was created because the Navy wasn't having a whole lot of luck with attacking the Barbary Pirates on land, so the Navy delivered the Marines to Tunisia or Morocco or what have you then the Marines dealt with the pirates after going ashore in a Ground Effect Vehicle.
I have only been aboard just one of my father's boats, the USS Springfield in Gaeta, Italy in 1970 and '71. I clearly remember this huge battleship but when I visited in 1997 what I expect was the same kind of ship looked more like a canoe.
I think the Springfield was either a Light Cruiser or a Missile Cruiser but Dad never made a whole lot of sense when he tried to explain things verbally.
Anyway I don't recall ever seeing any Marines there in Gaeta.
I do understand that in These Modern Times the United States Marine Corps jets around aboard Virgin Air.
I imagine Marines will be deployed at least on Naval vessels with combat or combat support missions. I imagine Marines fly missions from aircraft carriers alongside Navy pilots, albeit fewer. And, land-based research or other commands (like the previous poster had mentioned) will still have Marines -- it's more than just a large infantry unit.
Back in the day one of JFK's more-insightful aids was pictured in Time (or maybe Life) magazine while holding a handbag that contained a document whose "TOP SECRET ULTRA" stamp was clearly visible.
The United States Congress swiftly outlawed the expression "TOP SECRET ULTRA" then replaced it with something but I will never know because that classification is itself TOP SECRET something-or-other.
After the dust settled from the document-stamping party the Director of the NSA dropped a dime to JFK's insightful aid to thank him for setting The American Taxpayer back a quarter-million dollars.
New rubber stamps, see.
Just now I looked up the United States Marine Corps Forces Cyber Command only to find that it's know known as the United States Marine Core Forces Cyberspace. Each branch seems to have its own take on how to take on America's enemies by dropping too many documents on Mom's iMac thereby running it completely out of "gigabytes".
Mom and I failed to have a meeting of the minds until she came up with "gigabytes". It is of no use to point out that she really means "storage" so I just say "gigabytes" when I talk shop with my mother.
Doubtlessly widespread unemployment would result in the Congressional Districts where rubber stamp factories may be found were our Joint Forces not to adopt new names every time three sane men simultaneously saw the very first crescent moon after the new moon.
any hacker who supports the NSA or GCHQ is a traitor to the hacker culture and to the human race. these disgusting people must be stopped. the americans and british geopolitical meddling made their own enemies which they implore you to give your freedoms up for (or did, your freedoms are gone right about now) - the NSA and GCHQ need to be completely abolished and the money put into sustainable communities and fuck their terrorist mindset bullshit ideology. they create the fucking terrorists not us. ahem :)
I don't understand the weird disconnect between HN and the intelligence community. It's almost the perfect job for a 'hacker' type: work with cutting edge technology and thousands of other incredibly intelligent people to try and out-think adversaries to gain access to their resources. You get to build defensive and offensive software to attack computer systems, and actually use it, something that would get you arrested if you did it personally. This was why I loved penetration testing, and an obvious extension of financial security would be working in national security. Yet somehow, these guys are 'evil' now, notwithstanding the IRA and otehrs in the UK, the 9/11 and 7/7 attacks, and so on - those were all perpetrated by _actual_ evil people, who deserved to be investigated and followed and found. And, looking at the leaked documents, there is a huge amount of auditing and checking - don't do this, because it's illegal, don't search for that because it's against the law - not the wild west free-for-all that people seem to imagine.
Anyway, if I could get a clearance, I'm sure I'd love working for GCHQ or SIS in the infosec arena, as would most hackers. The cognitive diasonance is strong in many people!
This one sided view of their marketing pitch is exactly what's wrong with them and, to some extent HN in general, in it's Californian money & tech bubble...
Seen from the outside, this kind of tech-trip-before-thinking-globally, or solutionism, is why people are upset, and rightly so. Snowden has shown, as many others have before and after, that they spy for economic and political gain against ally, they don't even respect local American's laws and could hardly be described as democratic or even accountable.
I'm not saying there isn't a need for law enforcement or surveillance, but it has to be accountable, targeted and justified. Not simply a secret digital war machine disguised under the "omg, everything is now terrorism! Save the children! --fox" and cool marketing to entrap the young mind and throw them away once their time has passed...
I wish I would want to work there, IF and only IF, they would fix all those issues.
In the mean time, yes, they are an enemy of democracy, and a very hypocritical one at that.
The public servants that work there deserve to be put to work for the greater good.
The NSA peed in their own pool. At one point in my life I would have found it really cool to do security work for the NSA or a defense contractor, but as their despicable behavior comes into light more and more, I can no longer say I'd have been proud to have worked there.
Its gotten to the point where if I saw "worked for the NSA" on someone's resume as a recent employer, I'd have serious questions about their ethical compass and why they chose to work for such a notorious organization. There are plenty of other more reputable opportunities to do security research and ops.
I love working as a NK scientist. We get to work with some of the smartest people pushing the bounds of science to help good people. Any harm is only done to bad people who deserve it (and we are sure because we are the good guys and they are the bad guys). Who would be against it?
(Note: not actually a NK scientist doing human experimentation.)
I know what Gladio was, the NATO stay-behind operation in Italy. However the argument that something happened once therefore it is happening all the time is pretty flawed. Nobody would ever suggest that the existence of Gladio means that flase-flag operations are standard practice or the default mdoe of operation for the IC.
But without any sort of oversight, accountability, or really any of the sort of mechanisms that should be in place for this to be considered an agency of a functional democracy, we have to assume that if they have the ability to do it with a very low chance of getting caught, and they've already done it in the past, there's a fairly good chance they're doing it again.
We won't assume they are 100% still doing it, but there is a significant non-trivial probability that they are, and in what we like to call a democracy, this is very very wrong.
about as far off as you could get, i was entirely serious, and it appears quite a few people agree with me. the smiley face was to indicate the controversial nature of the subject matter and the fact that i am now on a list and the death squads will be round shortly :) atb.
oh come on, to think this exclusive to the UK and the US is incredibly naive. To think it hasn't gone on since the beginning of government, all governments.
Dismantling them won't do a damn thing, they are a product of the political system we have, not the cause. Get rid of one letter agency and another will appear. If have to go for the cause
In order to hate you have to separate out the US and UK because if you admit that the whole West is working together then you have to hate the whole West, and that would be stupid.
And yet, despite realizing that, some people think "well, I'll just arbitrarily limit my hate to the US and UK then" and not reconsider whether the original premise makes any sense.
Seriously, I hate how shrill stuff like this is automatically upvoted. It seems no one wants to have a mature view of what SIGINT means in the information age and in the age of endless cyberwar and terrorism. Thus far the view is "Lets let the Russians, Chinese, Iranians, etc do whatever they want (including invading their neighbors and annex lands), but if the US does anything, then we will only criticize them!" Uh okay.
That not intellectual or sophisticated. Its kiddie outrage politics designed to garner upvotes.
shill kiddy what? i am an actual person, and that is my actual opinion. when i first wrote it, i thought fuck this account im going to get thrown off for this. but i wanted to say it because thats what i think. stick that in your pipe and smoke it.
kinda extreme. Most of them probably go there for employment opportunity, nothing to do with whatever ideology. Calling them names just sound so immature and unprofessional at best.
The area would turn into Detroit, businesses would leave en masse or close down. I'm talking on the order of 150k people losing their job either immediately or when the govt. contractor they work for shuts down.
You wouldn't want to buy a house in the area at that point.
yes im sure there are some very nice very unconscious people working for GCHQ and NSA. wasnt particularly having a go at the pawns. i know tho that they believe they are really doing essential work. they would have to.
I don't know about the work quality they have. I would expect they are highly bloated like any other big corps. I think the general feelings toward NSA or GCHQ should be directed at upper management who play games without accountability. Even though I do not disagree with their intention - which I do believe they are also trying to solve problems at hand, their approaches and lack of insight in technology can be damaging.
I find people criticize government without a good understanding on how it works. A cumulative resentment due to lacking of actual person(s) to blame. Criticisms without better solutions and intention to help are just as lame as those incompetent upper managers trying to solve problems by repeating mistakes in the past.
How many friends of yours were blown up by IRA or shot by the UVF? How many people lost arms and legs at Omagh? Sustainable communities would be great. Let's start by helping Hezbollah build co working spaces in Beirut. Maybe the next Twitter is just waiting to be created by former Shia militias. The next time ISIS cut off a head or Islamists kill someone like Theo Van Gogh for doing nothing more than making a movie, we should instead offer to build them a community garden and start a bike share program.
Joking aside, the naivety of your comment is striking and reveals an exceptionally ignorant view of the world.
The NSA and GCHQ certainly aren't perfect and politicians with their abuses don't help things, however those organizations have saved more people than you'd know and they are the reason we don't have 9-11s each week. Why do you think Osama Bin Laden's network was so ineffective in doing anything after 9-11? They could barely communicate. Bank accounts, cell phones, other electronic communications were nearly all off limits to Bin Laden's organization. Don't you think that is ISIS had the chance, they'd bomb downtown San Fransisco?
I disagree with warrantless surveillance; I also disagree with police brutality; that doesn't mean that I want to eliminate the police. The world is full of bad people, evil people, monsters; serving single origin coffee and installing more windmills isn't going to change that.
As far as being a traitor to hacker culture, grow up. You sound like ZeroCool or some other such childish caricature. Hacker culture is that of exploration, discovery and creation. It's about freedom. It isn't about anarchy or destroying the establishment. It certainly isn't about being a 21st century Neville Chamberlain. It's about standing up for what's right and speaking out against what's wrong -- and working to fix it.
The NSA isn't perfect. The government isn't perfect. That doesn't mean we throw them out because they aren't working as well as they should.
That's putting it very lightly. In many ways, they're doing the opposite of what they're supposed to.
Sometimes software is so broken that it's impossible to repair and throwing it out and starting new is the best way to go. It's the same with organizations and governments.
Obviously his comment was not very well thought out or supported by much of anything, and so warranted criticism, but lets not be blind to the substance behind his sentiment.
The IRA and UVF, Hezbollah etc all have something in common. That is that they are responses to actions primarily done by imperialistic actions of other countries (the UVF was the counter to the IRA which was a response to British actions, while Hezbollah was largely a response to Israel's invasion of Beruit in 82 and America's support afterwards).
ISIS was largely trained in Jordan and sent into Syria to topple Assad by the US, (despite the fact this has been covered up really well), and when they failed they shifted into Iraq and are performing the great task of keeping Iraq in a state of chaos.
So first of all, lets stop pretending like the IRA, UVF, Hezbollah, or ISIS can be summarized so simply.
That's not to justify them or whitewash their actions either though, I was shocked when I learned that the total deaths in the UVF/IRA conflict (which the Brits characteristically love to downplay by calling it "The Troubles") were close to 6,000 and that total casualties were close to 50,000. Those are number comparable to the first years of the US invasion of Iraq.
So you're right that having naive ideas about community with such entities are dangerous, the real issue is that it is often the actions of the Imperialistic countries such as the US and UK that have caused many of these organizations to exist at all.
So while creating a bike share program with ISIS is obviously a stupid thing to do, how about we stop funding "moderate rebels", overthrowing democratically elected governments because we don't like them, and generally supporting imperialism abroad?
Don't get me wrong, after spending years after I left Iraq for the last time trying to understand why we were there in the first place, I cam to the conclusion that we have strategic objectives in the ME and the invasion/occupation were essentially good covers for accomplishing these goals, I think there is plenty of room for debate about these strategic objectives, but the problem is that no one actually discusses these Realpolitik motives or goals in any way that is meaningfully representative of a Constitutional Republic or of a Constitutional Monarchy.
"however those organizations have saved more people than you'd know and they are the reason we don't have 9-11s each week." This is simply an assertion that even the former director of the NSA couldn't even back up when asked how many plots had been foiled.
"Don't you think that is ISIS had the chance, they'd bomb downtown San Fransisco?" Only if the Joint Chiefs Approved and it could be used to further some other goal. Remember that ISIS is largely a UK/US/Israeli/Jordanian/SA created organization. The details of compartmentalization and usage of proxies like this could be a thesis paper in itself, so I'll just assume you would contest this but it doesn't change the fact of the matter.
"The world is full of bad people, evil people, monsters; serving single origin coffee and installing more windmills isn't going to change that."
No but the cessation of bombing and fucking up those peoples countries would sure be a good start. Look, I'm a warrior. I'm a combat vet who spent most of my time in Iraq in Anbar province and on the Syrian border, and you know what? If a bomb or a misplaced shot killed my mother, my sister, my child, or my brother, I'd be the first in line to attack the invaders. I was the invader, but it wasn't until after that I started to ask the big questions, and while I certainly wasn't going to let a Republican Guard get me or my buddies, it doesn't stop me from understanding the "enemy".
"It's about freedom."
Exactly, and the imperialist nation-states are generally the antithesis to freedom accross the board. I could fill up a page with atrocities, coups, and revolutions brewed up by them so they could get a better business deal.
"The NSA isn't perfect. The government isn't perfect. That doesn't mean we throw them out because they aren't working as well as they should."
Don't get me wrong, I don't think we should completely get rid of them either, but for me, the point is that they are increasingly blatant in the unconstitutional actions. Lets not forget that military members, the POTUS, and congress/senate all swear an oath, an oath to protect and defend THE CONSTITUTION of the United States, from all enemies, foreign AND DOMESTIC.
For me, the realization is that the greater constitutional threat to America is the domestic ones, and they aren't wearing Thwab's, they wear suits and ties and mostly live in DC and on Wallstreet. They are more our enemy than the ones we were sent over to fight under false pretences and in unconstitutional means. These people subvert our constitution, undermine national sovereignty, and have corrupted almost every branch of government, either due to money, power, or blackmail and general corruption. All while our justice system is increasingly revealed to be farcical. And you know what? Without justice, there can be no peace.
So get off your high horse, because to me it looks like you are the one with the "exceptionally ignorant view of the world.".
well, i thought quite a lot of people here would already know quite a lot of this. thankyou for writing that :) operation northwoods i think is a good documented example of how we are treated. as is the chemical weapons testing your government did on you and probably still does. theres also documented proof of the uk government testing various chemicals out on us lot. these are the kind of people we are dealing with.
there will be no progress without an overthrow of the politic-financial complex and the various institutions that have built up around this mess, creating perpetual wars that will never be won, bumbling around the middle east causing far more harm than good and breaking the god damn internet.
once you understand the extent of the meddling, i dont think you would be saying this stuff. maybe you just havent researched what these people get up to as much as me. any hacker knows that the extent of illegal breakage caused by these two organisations is colossal and outrageous. its amazing they then have the gall to prosecute kids for hacking and give them ridiculous sentences for tapping on a keyboard with morally upstanding motives (thinking of these anonymous kids here)
what i mean about sustainable communities is that we need to focus on human well being, not external conflict. its not some simplistic stereotypical hippy ideal about coffee, its a direct result of coming to an enlightened awakening that capitalism has FAILED. if you cant see it by now in the corrupt casinos (financial markets) and destructive globalist corporations which dominate our world and politics then it is you that are naive my friend.
i do believe there is a certain element to hacker culture that is intrinsically opposed to what these organisations are doing, because of the curiosity of the mindset, they are not ready to just accept a piece of information on face value. they are critical thinkers. a lot of hackers dont just swallow the brainwashing, 911 repeating, terrorist bullshit mindset, what you dont seem to ask yourself at any point is 'what caused these people to be annoyed at your country in the first place' - and i think you will find its to do with your foreign policy on israel and the fact you / we go around the world bombing the crap out of people. see when you stop killing people then their family wont come back to try to kill you, its a really simple concept, which im amazed you didnt consider :)
It would be interesting if there is an intentional hidden vulnerability within the code that NSA could use as a backdoor into companies that end up implementing the tool into their system.
See? They're not evil at all! It's just like Microsoft. Opensourcing stuff proves they are good now. They're going to be the organisation we all love. You'll see. /s
