zlacker

[return to "Inside the NSA's War on Internet Security"]
1. dmix+Y5[view] [source] 2014-12-28 22:16:53
>>Fabian+(OP)
This would be a good time to wait and let security professionals analyze the documents and take what you read in this article lightly, as I've found a number of sensationalist examples.

For example, they claim Canada is monitoring hockey sites:

> Canada's Communications Security Establishment (CSEC) even monitors sites devoted to the country's national pastime: "We have noticed a large increase in chat activity on the hockeytalk sites. This is likely due to the beginning of playoff season," it says in one presentation.

But if you look at the actual slide https://i.imgur.com/2GO8H6L.png, it is clearly a fake sample report of what a real one might look like. It even uses the name 'Canukistan' as the country name.

There are 44 slide decks, one of the biggest leaks so far. It will take time to make sense of the noise. And any misinformation from reporting by non-technical journalists doesn't help the cause.

◧◩
2. glitch+6g[view] [source] 2014-12-29 02:31:30
>>dmix+Y5
If I didn't know that the government is manipulating social media all the time, I totally would not think you're a shill trying to discredit these news reports by claiming that Jake Appelbaum is a non-technical journalist.

* Revealed: US spy operation that manipulates social media (http://www.theguardian.com/technology/2011/mar/17/us-spy-ope...)

* How Covert Agents Infiltrate The Internet To Manipulate, Deceive, And Destroy Reputations (https://firstlook.org/theintercept/2014/02/24/jtrig-manipula...)

◧◩◪
3. teduna+lo[view] [source] 2014-12-29 07:11:52
>>glitch+6g
So what you're saying is that Canada really is monitoring hockey fans in Canukistan?
◧◩◪◨
4. nsansa+5p[view] [source] 2014-12-29 07:42:00
>>teduna+lo
What he's saying is: We are being pushed into a total surveillance state without a democratic vote, which means it is not normal to say "don't worry, go back to sleep" unless you're being paid to say that.

(But I guess you knew that already.)

◧◩◪◨⬒
5. teduna+Bs[view] [source] 2014-12-29 09:35:40
>>nsansa+5p
I don't think dmix was quite saying "go back to sleep." My concern is that "The NSA also has a program with which it claims it can sometimes decrypt the Secure Shell protocol (SSH)." (something I'm very much interested in) is in the very next paragraph. And still part of the "Hockey sites monitored" section (why??).

Do I take the ssh claim seriously? Do I just pretend the hockey monitoring paragraph isn't there?

Perhaps I should read the source for myself. http://www.spiegel.de/media/media-35515.pdf

Alas, there's very little in the way of detail. There's exactly one slide (19) dedicated to ssh, which says it can "potentially recover usernames and passwords." That would adequately describe a simple mitm attack where somebody either accepts an unknown server key or uses a client that doesn't even check (e.g. Prompt for iOS). Slides 35 and 36 mention ssh and decryption, but it sounds like they're talking about further processing after decryption. How is that decryption being done?

[go to top]