Hacker News Comments on
Sysadmins see evidence that they have been hacked by GCHQ
www.spiegel.de
·
325
HN points
·
0
HN comments
- This course is unranked · view top recommended courses
Hacker News Stories and Comments
All the comments and stories posted to Hacker News that reference this video.⬐ rdlSatellite communications providers, especially those offering L-band (mobile) services, are really the low hanging fruit of the SIGINT world. They're pretty much only used by "interesting" people due to cost, in areas which are inaccessible otherwise (non-permissive to HUMINT, etc.)That they tend to be run by technically incompetent people, using expensive black box hardware they don't understand, and with multiple levels of indirection between end user and the Internet (transponders, ground stations, facilities, virtual network operators, ...) makes it all much more vulnerable.
Combine that with price sensitivity (so subsidized government stuff can be cheaper, and legal expenses unacceptable), and a highly regulated environment (ITAR + various spectrum licensing and launch regimes), and it's a perfect storm.
The only more interesting target would be "satellite comms network dedicated to high value international payments".
(Disclaimer: I started/ran a satellite communications and wireless provider, and worked for or with a bunch of others.)
⬐ jokoon⬐ sauere> They're pretty much only used by "interesting" people due to costCame to say that as well. I don't know the satellite internet business market, but it's obvious that if it's used by individuals in the middle east, it will be an obvious target.
Having a mobile internet connexion in africa can easily draw attention...
⬐ zz1> (Disclaimer: I started/ran a satellite communications and wireless provider, and worked for or with a bunch of others.)Which means you are under active and targeted surveillance. Great to see you put encryption contact info in your profile.
⬐ schoenrdl has a few other fun reasons to have attracted the Eye of Sauron. Like that one time when he was the only inhabitant of an entire country.⬐ zz1You can't just stop after telling that… Only inhabitant of an entire country? How can it be?⬐ rdlhttp://archive.wired.com/wired/archive/8.07/haven.html⬐ schoenOne account is in http://works.bepress.com/cgi/viewcontent.cgi?article=1035&co...You might notice some discussion there of what counts as a country.
⬐ zz1Thank you both!Stellar PCS is a german ISP company that is specialized in bringing internet access to inaccessible regions via satellite. Clients include research stations or oil rigs. In this video you can see a SPIEGEL journalist showing them evidence that the NSA has hacked their network for the first time.⬐ hadoukenio⬐ malandrewClearly it's for counter terrorism, and not corporate espionage /s⬐ zz1⬐ zz1Yes, clearly, yes. Because USA do not have ANY economic interest in Africa and Middle East, and whatever these countries have as a government it doesn't change a thing for them. I mean, it's not like they have oil to sell and can alter the world's economy with a simple statement.⬐ NoneNone⬐ drzaiusapelordThis, as much as the domestic spying stuff bothers me, this uber-left uber-pacifist view of things is asinine. China, Russia, Iran, etc aren't stopping their SIGINT or cyberwarfare programs and neither should we.I also don't care if Germans are our "allies." 9 months ago Russia and Ukraine were best friends, now Russian soldiers are blowing away Ukranian civilians with total impunity. Shit changes. Shit gets real quick. Being at a information disadvantage can lead to serious consquences.
I think we live in a time too used to peace and as we can see from recent events, that time is now over. The far left's obsession with pacifism and the far right's obsession with isolationism are just impractical. This just causes conflicts that need to happen to be put away and ignored which leads to larger conflicts later. For example, the US and Iraq should have worked together when ISIS took Fallujah MONTHS AGO. The US should not have caved into pressure from the EU and Russia to not take out Assad. Instead, we chose the path of politics and sticking our head in the sand and an entire region just became destabilized. On top of it, petty dictators like Putin see our weakness and use it against us by invading his neighbors, knowing he'll only receive a slap on the wrist.
Downvote away, but we need SIGINT, now more than ever.
Article: http://www.spiegel.de/international/world/snowden-documents-...Documents: http://spiegel.de/media/media-34756.pdf http://spiegel.de/media/media-34757.pdf http://spiegel.de/media/media-34758.pdf
Sadly Der Spiegel is not providing https, even if we now know that this means putting your readers security at stake.
This is The Intercept article on this (https, yay!): https://firstlook.org/theintercept/2014/09/14/nsa-stellar/
I'm shocked that they are securing such important routers with a username/password combination like horizon/h0riz0n. Such a system should be protected by public and private keys.⬐ chmod775⬐ staunchAlso they said you'd need to already have access to their network in order to even login with that. So it's apparently only a (albeit weak) second line of defense.⬐ hadoukenioHopefully they changed the passwords before the video went online⬐ zz1⬐ zz1The company is no longer a Stellar's customer (since before the video).⬐ NoneNoneThe password is the user's.⬐ juntoI assumed that this 'customer' was a trojan horse, put there by the NSA.Well, that's what I'd do anyway.
It goes like this - Stellar gets offered a big hosting contract that they aren't going to turn away. They don't do any due diligence on this new customer, and if they did, they probably hit a couple of USG Cayman Islands dead-ends anyway. They install this company's servers inside their own network.
Boom... headshot.
⬐ sentenzaYou are doing something very important here. Many people forget that the guys running the show at the NSA are, in all probability, at least as savvy as any one of us. For this reason, it is always a good starting point to ask oneself "What would I do if I was in their shoes?".A prime example of how this thinking can be applied is the TrueCrypt fiasco. Ask yourself: If you were the group leader at the NSA tasked with TrueCrypt, would you have your undelings doxx the authors? Would you then try to lean on the authors?
If I was a group leader at the NSA, I certainly would.
⬐ junto> Many people forget that the guys running the show at the NSA are, in all probability, at least as savvy as any one of us.Indeed, but I would add that these people are more than just savvy. Many of these people have been picked out because they are smarter than the average bear. They've also be brain-washed into the mold to believe that if you aren't inside, then you are the enemy, or the friend of my enemy, or a potential "task".
Many of these guys (and girls) are converts - young hackers who have been caught hacking and have been given the option to serve jail time or join the cause. Its an easy sell to young impressionable minds who want to be a hacking James Bond.
More importantly, these guys are hacking targets across the world with a remit; a licence to hack if you will. If you or I go out hacking random companies for fun and profit, we'll get a 5am dawnraid knock-knock visit and spend a couple of years 'rooming with Bubba'.
These guys can do what they want without the fear or stress of that 'Sword of Damocles' hanging over their heads. They have a free reign, and they are smart. They also have the feeling that what they are doing is right. That makes them way more dangerous than you or me.
Thanks the hat tip nevertheless. I grew up in a government security type environment. These things rub off on the kids. Somehow you learn to evaluate risk, locations and people very quickly in this kind of environment. I guess it is useful in some ways. It also makes you a constant analyst, which tires the brain somewhat, but you see things that others don't.
The reporter said "Develop and task key engineers" means surveillance but I don't think that's right. Task can be used multiple ways but I think that line is talking about recruiting key engineers as agents, probably using bribery.I could be wrong but I thought Ali had an extremely guilty reaction. As if he was waiting for the reporter to accuse him of being an NSA asset. Which he very well may be.
⬐ rdl⬐ zz1Yeah, that's usually what "develop" means in an intel context. It's "recruit".Although you'd probably start by developing a list of targets, then learning (open source, government records, etc.) as much as possible, then maybe task someone with observing or recruiting.
⬐ zz1⬐ dobbsbobActively perusing their XKeyscore record wouldn't it be to "taks" them?And using TAO?
⬐ colinbartlettImagine how much information they could get on these engineers, who, as foreign nationals, are free game to warrantless surveillance. Facebook photos, emails, Android phone location history, MasterCard records. It would be easy to find something incriminating such as "You were at a hotel room for 4 hours in the middle of the day, how about you help us or we'll tell your wife?" or "You've got $25,000 in credit card debt and we can make that disappear if you change a few config files."This isn't crazy movie stuff, this is exactly how people are recruited.
⬐ zz1Why just "Android phone location history"? Every phone location history. And pictures from that phone, and audio recordings too.⬐ wastedhoursIt's not a flamewar starter, it's using specific examples for a directed point (hence MasterCard and not credit card, Facebook photos rather than photos from any other cloud provider etc...)⬐ colinbartlett⬐ tacotimeCorrect, I was just using a narrative technique, not implying any brands are more susceptible than others.Because android is a google run product/service and it is possible that our government could force google's hand into using it's presumed ability to compromise the security of an Android device via some custom patched system update or something that normally only google would have control over.Because our government may not have that same level of access/power over whatever the Chinese version of Android is.
⬐ hnhahow can the government not do the same to Apple's iOS or blackberry or any other?⬐ zz1Being Canadian, Blackberry isn't on the same level. But yes, clearly iOS is transparent to the NSA.Snowden docs seem to indicate tasked means you task schedule their IP addresses into QUANTUM to wait to be pwned next time they go to Facebook, LinkedIn, YouTube ect.⬐ walshemjOr that you are realy a BND officer and you are dong it for the motherland - The KGB posed as Neo Nazi's to recruit some German spies back in the day.⬐ NoneNone⬐ mkal_tsrSo aside from this video, what concrete proof do you have to make your wildly biased claim that he may be an NSA asset? I love your dripping tone of "I'm not saying he's an asset, but seriously, look at that guilt on his face. Again, not directly saying, but look at him." Maybe you're an NSA asset. You may very well be.Let's keep personal attacks down and talk about the issue at hand rather than go for character assassination.
⬐ rdtscThat is an interesting and chilling read of what is happening. I think in this case the gp post was playing off the colloquial meaning of the trade-craft word "task".In intelligence communities of different countries they use jargon to mean specific things (just like lawyer like to use Latin words). Except in this case it is usually English words that have specified (overloaded) meaning that might or might not retain a relation to the colloquial meaning.
But if we accept the translation and explanation from the video. Then "tasking" meaning to target specifically (focus on on detail so to speak). That is what I got from it.
⬐ NoneNone⬐ colinbartlettThere wasn't any personal attacks or character assassination, he or she was just stating what his or her interpretation of their reactions was.I actually thought the same. I kept thinking the whole point of the clip would be that they would see their own names and how they had been recruited. I, too, thought 'tasked' meant bribed/coerced.
... that's not character assassination, that's just like my opinion, man.
Impressive. However I regret that we don't see when they commented with "Fuck". Not for the word, clearly, but because the face that went with it should have been really powerful.I hope that now sysadmins from all over the world know that they are subject to NSA surveillance. If you are a sysadmin, please read:
https://firstlook.org/theintercept/2014/03/20/inside-nsa-sec...
You could easily be a target for TAO:
http://www.spiegel.de/international/world/catalog-reveals-ns... https://news.ycombinator.com/item?id=6979457
If you are a sysadmin, they are after YOU.
⬐ spyder⬐ WestCoastJustinI think we can see that "Fuck" on their face, just look at the big swallows of the guy and he even says "Oh my god" in the video.Is it really possible to protect yourself and your network from these types of attacks? Any company with sysadmins or internal security teams is extremely out gunned against someone like the NSA (it is almost comical) [1]. From the perspective of a sysadmin, who has worked in startups, small companies, a university, and several government departments, I can firmly tell you that, we are not in the same league! Sure we take the yearly security courses, use best practices, harden machines and infrastructure, but after reading these articles.. we are sitting ducks. If the NSA is in bed with US based network gear providers, they can simply own the network and telecom infrastructure (via build in backdoors), and you do not even know they are there, because they side step the normal exploit channels [2].Probably the best way to describe this, is to compare security and pro sports teams. From what I have read, the NSA is a top tear team winning championships across the globe, with billions in research and development, and thousands of highly trained athletes, living and breathing this day in and day out. Yet, they are matched up against a local beer league who likes to play casually Thursday nights. Who do you think is going to win?
Go read the "A Look at Targeted Attacks Through the Lense of an NGO" [3] paper, then put yourself in their shoes. Think about the IT resources a small NGO with 30-50 employees has. Maybe they have a sysadmin and a helpdesk guy. They are dead meat. The threats are so vast, spear phishing, target malware via MITM attacks, etc. It almost seems hopeless. But it is not just the NSA at the top of the heap, you have lots of foreign governments, which have direct access to your playing field via the internet.
Think about the resources that Google, Facebook, and Apple throw at security, then you see something like Operation Aurora [4, 5]. What chance does an ISP or small business have? None. Personally, it just seems like the entire model is broken. Yet, nothing seems to change, in that we are all just waiting for the next zero day to drop, and the cycle continues. All it takes is one targeted zero day addressed to a normal employee, the attackers gain access to the network, then move laterally [6, 7]. The odds are further stacked, in that you have a top tear team against a targeted employee, who doesn't even know the game.
ps. sorry for the tone of this
[1] https://firstlook.org/theintercept/2014/03/20/inside-nsa-sec...
[2] http://www.theguardian.com/world/2014/aug/13/snowden-nsa-syr...
[3] http://www.mpi-sws.org/~stevens/pubs/sec14.pdf
[4] http://www.wired.com/2010/01/google-hack-attack/
[5] http://en.wikipedia.org/wiki/Operation_Aurora
[6] http://g0s.org/wp-content/uploads/2013/downloads/Inside_Repo...
[7] http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf
⬐ PhantomGremlin⬐ johnchristopher> nothing seems to changeSome might dispute that, but I think you're exactly right in a "big picture" view.
E.g. lets pick on Microsoft because it's such an easy target. Bill Gates announced his company wide security effort in 2002. Yes, twelve years ago. And while security at Microsoft has gotten better, I think Microsoft still has plenty to be ashamed of.
It's the same everywhere else. There's a forest fire raging and people are walking around with super soakers trying to put out spot fires.
Our approach is therefore totally flawed. We need some big picture rethinking of how we are implementing security.
⬐ sramsayOf course, from the standpoint of the NSA, these aren't "attacks" at all. They're the good guys keeping 'merica free.It's just a whole different world.
⬐ final⬐ frozenportFrom the standpoint of the NSA you are the most dangerous adversary in the world. You are the only real danger to the US establishment and no effort will be spared in spying on you.EDIT: thanks Mr krapp.
⬐ krappAdversary. I think the word you wanted is adversary.Your not trying to protect yourself form the NSA. If the US government saw you as a real threat they could walk into your server room and taking the hardware, or launch a drone strike.The real threat is pranksters, disgruntled employees and most importantly criminal enterprises who need to weigh their targets. The relative security of our credit cards in a digital world speaks to the measured success of small time security.
⬐ sobkas⬐ meowface> Your not trying to protect yourself form the NSA. If the US government saw you as a real threat they could walk into your server room and taking the hardware, or launch a drone strike.Unless they want to use your hardware to attack someone else or building a wide dragnet or want to steal corporate secrets or ...
⬐ vidarhFor most of us, the US government can not walk into our server room and take the hardware, nor launch a drone strike, because we're in countries where that would not be a viable approach even if we were high value targets. Much less if we're seen as just "nice to have" to get access to more data.I agree with you, though, that the real threat is not the NSA for most of us. But many of us do have users, and do actually value the privacy of our users (and for those of us in EU countries, we have a legal obligation to safeguard the personally identifiable data we store) and so it is still of interest to learn about what we can do.
For many of us it is also a matter of principle and/or political viewpoints that this surveillance needs to be countered and stopped. If the public is prepared to remain complicit by not voting out the people who continue to deny the existence of these programs and/or continue to refuse to stop them, then we need to seek other alternatives. (Note that I explicitly avoided singling out the US in this part, because I live in the UK: GCHQ is as large and a problem as the NSA, yet the British public appears to not care at all)
⬐ DanBC> For most of us, the US government can not walk into our server room and take the hardware, nor launch a drone strike, because we're in countries where that would not be a viable approach even if we were high value targets. Much less if we're seen as just "nice to have" to get access to more data.Being in a different country didn't help Kimdotcom.
GCHQ is a different problem to the NSA - they appear to try to obey the law but have weak oversight and scrutiny. There are at least some politicians who don't want to give GCHQ more power and who think they need better regulation.
⬐ vidarh> Being in a different country didn't help Kimdotcom.Most of us are not in lines of business that are so easy to cook up excuses for raids about, nor have a past that makes it so easy to try to make us come out looking like Bond villains.
I'm not saying there are not plenty of cases where "just taking the servers" is a viable option. But that does not mean there aren't a lot of us for whom protecting against NSA to the extent feasible is an option that is not ever likely to result in someone raiding our servers.
> GCHQ is a different problem to the NSA - they appear to try to obey the law but have weak oversight and scrutiny
Arguably the NSA tries to come down on the right side of the law too. It's just that they do so by creatively exploiting every available loophole and making use of every possible discretion of their lawyers and lax oversight as well.
I'm not so sure GCHQ wouldn't do the same if their oversight wasn't such a joke that they were found to boast about how weak it is in one of the NSA documents.
It is technically possible, yes, but you need a really good security team as well as security policies that everyone is following. At the very least with a good security team you may be able to notice the malicious activity shortly after you've been breached, even when it's too difficult to prevent the breach from happening at all.This is infeasible for a lot of organizations, unfortunately. And it also becomes much more difficult if your adversary has full control of your DNS servers or can perform a man-in-the-middle due to their backbone Internet access. Something like an Evilgrade (https://github.com/infobyte/evilgrade) attack conducted via an ISP MitM is very hard to detect and prevent, and I suspect NSA uses Evilgrade-like tactics frequently. And if you live in the US it's game over by default, since they can legally send people onsite to compromise you.
⬐ rufugee⬐ Spooky23If the NSA is in bed with US based network gear providersIf ^^that^^ is true, then I'd argue your first sentence is not. There is simply no way to truly protect yourself if the gear manufacturers are complicit.
⬐ finalNot to mention that the government has trusted signing keys and can generate SSL certificates for any site, that your browser and other apps will accept. Combined with control over the Internet level 1 infrastructure makes MITM attacks trivial. Gotta love our brave new fascist state, soon to go global.⬐ coalbee⬐ arde'Not to mention that the government has trusted signing keys and can generate SSL certificates for any site' do you have anywhere I could read more about this?⬐ tacotimewell if you know about this http://en.wikipedia.org/wiki/Certificate_authority and you know about our government's secret subpoenas/courts then you should be able to connect the dots yourself. The fed can (theoretically) force a CA to give up it's keys with a secret court order and the general public may never find out about it.⬐ coalbeeI was under the impression that the CAs only know what public keys where tied to which domain. The CAs shouldn't have the private key... I'll look into it some more.⬐ noinsightThe certificate authority can issue certificates for absolutely anything (any domain) they want and your software will happily claim it's valid if the CA is trusted.That is why the CA-system is a joke, you only need to compromise any of the CA's that are trusted by default to fool all certificate users.
⬐ emikulic⬐ MertsAModulo certificate pinning.I'm sure you probably know most of this but as a brief refresher for other viewers, here's the basic process. So when you want to buy a SSL cert for yourdomain.com you first generate your private key yourself securely on your computer and don't share this private key with any third party ever. You then need to prove that you really are the owner of yourdomain.com and that the new key you just made really is the legitimate key for your site. The way you do this is by creating a certificate signing request that includes your public key and the domain that you want to use that key with. You then need to get a certificate authority to sign a certificate that says that anyone going to yourdomain.com can use your new public key until 2016.The big problem with this is that even though nobody knows your private key, they don't know your public key either, they have to rely on knowing the CA's public key and accept whatever public key they get when they connect so long as the CA says that the key is kosher. So let's say the NSA wants to track what you're doing on yourdomain.com, they just send a secret court order to VeriSign saying that they must turn over their private key that they use to sign certificates because computer security is a terrorist threat. Now they just use their own public key and send you a cert signed by VeriSign saying that the NSA key is the correct key to use. Because the NSA has more or less priviledged network access they can intercept traffic going to the IP address for yourdomain.com and just do a standard MITM but replacing the good SSL cert with their bad one.
What complicates things further is that there are tons and tons of CAs out there that are trusted by default and there's no isolation (AFAIK) such as "only these 10 CAs can sign certs for .com" so when the Iranian government wants to dish out some Orwellian justice on it's citizens they now have that huge mountain of targets to choose from because getting into one CA in the world (like DigiNotar) means that they can essentially break vanilla SSL until that CA's public key is blacklisted and all of the clients are aware of the revocation.
Just as a disclaimer, this was rather simplified but I feel like that's close enough to get the point across.
Hmm. How about having a firewall consisting of two distinct servers placed in series, one made in the US and the other made in China, both running some open-source OS. I know, the surface attack is still huge but at least you are not automatically and completely open to a single three-digit agency.Edit: oh, you'd have to import the Chinese one yourself into the US to make sure it doesn't get its firmware "updated" somewhere in the suppliers chain.
⬐ vidarh> Edit: oh, you'd have to import the Chinese one yourself into the US to make sure it doesn't get its firmware "updated" somewhere in the suppliers chain.Remember the pictures of Cisco gear allegedly intercepted by the NSA on its way out to customers? Unless you carry that router with you on a flight, you have little guarantee other than hoping you're too insignificant for them to pay attention.
⬐ NoneNone⬐ ardeWell, that's exactly what I meant with my edit: carry it yourself so "they" don't get their hands on it. Sorry I didn't make it clear.I agree with you, but like most IT people, you're limiting your scope to technology problems -- the people are the biggest threat.Frankly, you don't have a chance if you're in a business that is valuable to a three letter agency. Even if you do the right things, you have to assume your colleagues are compromised. Look at those Sysadmins in that video -- chances are one or more of them is not only under surveillance, but actively collaborating with NSA or some NSA front.
⬐ atmosxIMHO it can be done, using UNIX-based operating systems and standard open source software, if the infrastructure designer takes security seriously and is committed and knowledgeable.It's NOT the system administrator's work to secure the network. The ISP/minor IT company should have a security engineer to overview the network, although some sys-admins are extremely skilled when it comes to security.
There are so many security layers that can be implemented on a Linux/BSD server that makes the machine virtually un-hackable and IF anyone enters, all bells and whistles could start cheering.
Examples: GRsecurity[1], IPTables[2], Snort[3], chroots (or jails), VPNs, malware scanners (clamav, spamassassin), encryption and what-not.
To me securing linux desktops, especially simple ones (e.g. window manager + basic programs... almost like thin clients) is easy. Securing Windows XP/7/8/etc is extremely tricky BUT can be done.
Once you do all that, I'm 100% that you're going to be one hell of a target for anyone. And you really don't trust your team you can always hire people to test your network's security and improve it.
The most important thing though is having a strict general user policy: What users can and can not do must be crystal clear with no exception. When a 'tiger team' finds a secure network, they usually target the people not the infrastructure.
[1] GRsecurity: https://grsecurity.net/
⬐ None⬐ shawnreillyNone⬐ bashinatorHow would anything you recommend protect you against an attacker who could (for example) have 3G transmitting keyloggers installed in your last shipment of laptops?⬐ atmosx⬐ lawnchair_larryYou choose your hardware carefully and if paranoid enough, you perform statefull packet inspection on your OpenBSD transparent router to know possibly what's the reason/content for every connection. Once you tag those that are standard, you start narrowing things. Again policy is what matters, if you allow torrents you are making your job extremely difficult.I know easier said than done. Writing firewall rules/ confug reporting tools for every computer in the internal part of a network is hard too, that's why almost no one does it.
⬐ bashinator3G keyloggers. Data egress is completely bypassing your network. (There are pwnie express boxes that include a 3G data link for bypassing target networks when sending results back.) I guess you could add physical scans for unauthorized radio transmitters to your security routine. Opsec is hard.⬐ atmosxSure, but that's a physical attack: You need someone to install the 3G Keylogger to your machinery.I was talking on a keyboard-only level, but even that can be largely mitigate with proper policies IMHO.
That said, an insider is an achilles heel for every security scheme out there (e.g. Snowden).
Haha, no. Just no.⬐ erkkieWhile not necessarily technically impossible, it's not plausible due to the asymmetric nature of blanket defense vs a targeted attack. It will always be difficult to protect against motivated targeted attacks.While I believe that nothing is ever 100% secure, I do think it is possible to implement a large range of security layers that protect Infrastructure from all but the most sophisticated attackers (aka state/country funded). The unfortunate truth is that different organizations put different priorities on securing their Infrastructure; Some might be great. Some might be not so great. So in my opinion, it doesn't matter if they have 1000 Engineers or 1 Engineer. If someone puts security higher on the priority list, then things will likely become more secure. The industry as a whole has always seemed to put security on the back-burner. SSL is a good example, released in 1996 (TLS in 1999), but not implemented as an industry best practice (aka standard) until about a decade later. When I watch this video of the Network Engineers (not Sysadmins) reacting to these slides, I get the feeling that security was not a priority. The huge red flag was the password (which was extremely weak, and obviously no two factor authentication), in conjunction with a poor design that would allow a customer enclave to gain access to the providers network (there should have been a DMZ and/or additional security controls). Another red flag; their reaction indicated that they would never have thought that someone would map out their Infrastructure (first slide was their Routing Topology, second was the Network Topology). So I'm guessing they are not security minded, since someone into security would have taken this into account when designing their infrastructure (aka, what data am I letting out of my network?), and expected this to happen. My summary; I see a bunch of Operations guys that got caught with their pants down (no offense intended, I've been there). There is a possibility that this could have been prevented with better policy, stricter policy enforcement, and better infrastructure design. It's also possible there are 10 other poorly implemented aspects of their infrastructure, and if someone wanted to get in, they would. And I guess this is my point; Unless you make it a priority to secure your infrastructure, it probably won't be secure.⬐ meowface⬐ cnvogelI fully agree with your assesment, however>security layers that protect Infrastructure from all but the most sophisticated attackers (aka state/country funded).
I think the OP was specifically talking about defending against highly targeted government sponsored / APT attacks.
⬐ shawnreillyYou're correct, but after watching the video and understanding how their network was attacked (all starting with the customer Router), I've attributed this more towards poor policy/design (which can be exploited by a large range of attackers) vice special information and/or capabilities reserved for state/country funded attackers. But even with this said, I think I get your point (I'm going off on a tangent). My opinion on the matter; All bets are off when it comes to state/country funded attackers. These are the organizations that lead me to my "nothing is ever 100% secure" conclusion. What we've seen insinuates that these level of attackers have access to information and capabilities that your average attacker probably does not have (example; vendor back-doors, compromised certs/keys, black rooms, etc). Unfortunately for us, these do a very good job subverting the current implementation of infrastructure security (which for the most part, is/was designed based on certain levels of trust that may no longer exist). I'm sure the industry will adapt and evolve (as will the attackers).I also think that no organization or individual stands a chance against an NSA class adversary who has decided to own the organization. But keep in mind that most security practices also guard against not-quite-NSA-class attacks and will at least make it a step harder (which of course only means more expensive) for NSA types to attack you.If you try to make your network absolutely NSA proof, you'll become broke trying. But maybe you can make reasonably sure that they will have to sneak in the custom router firmware, or have to bribe two or more engineers, instead of learning the secret passwords through an injected-Facebook-drive-by-download they can pit into their systems for free.
⬐ JoeriYou don't stand a chance against a highly resourceful deliberate attacker, regardless of whether they're NSA or someone else (chinese, non-national, ...). I expect in the coming decade we'll see a digital armsrace which will end up in collective disarmament (through hardware-based security which cannot be bypassed) when it affects business in such a degree that the economy is harmed. There is one global constant in all nations and political philosophies: what is bad for the moneymen gets weeded out.⬐ TeMPOraL⬐ yodsanklaiI guess for nation-state it could end up in a MAD-like scenario. "Because offence is so far ahead of defence, you know we could shut down your power grid if it struck our fancy, and we know you could do the same to us. So how about we all stick to a smaller, tactical-level cyber-ops and call it a day?"Maybe software verification will bring the answer. A lot of research is being done in that field. We're starting to see implementations of small OS, compilers, cryptographic protocols etc... that have been proved correct against some specification/attacker model.⬐ pjc50The technology is outdated, but here's a story of an NGO successfully keeping their comms secret and achieving their political aims: http://www.anc.org.za/show.php?id=4693⬐ zz1As CIA backed companies and PRISM partners Google, Facebook and Apple have no interest and no right to fight NSA surveillance.What do you mean precisely when you say that "sysadmins have tons of stuff going on"?
⬐ sauereWhile small firms might lack the technical expertise or budget to protect themselves, large companies have a different problem.Look at Google, Apple or Facebook. There is just sooooo much different attack space. Thousand of servers, thousand of employees that could be bribed, hundreds of third-party people they rely on (Content Delivery, ISPs, Colocations/Datacenters, Hardware suppliers....). A single NSA-controlled computer in your network is a starting point to take over the rest of the network.
/edit: Even if they straight up tell them they have a "bug" in their network, how the hell would they ever find it? I could be a switch, it could be a VoIP phone, it might have been a software-package that was injected with malicious code _while_ downloading, it could be a RaspberryPi camouflaged as some other device, it could be a employees computer, it could be a network-printer, it could be a hijaked VPN account. It could be anything. I just don't see how there is any way to protect yourself against this, even with a dedicated security team and a big budget.
⬐ scientist1642Could not agree you more.⬐ larrys"Thousand of servers, thousand of employees that could be bribed"A great point but I would argue that there might be enough "n" at a company with only, say, 500 employees.
On a different note, I'm not sure the best angle of attack is to bribe anyone. After all someone bribed is also someone who can disclose info. Or could even get hacked themselves whereby someone else would discover that they are cooperating and release or expose that fact. For many reasons. Could be a roommate, an angry spouse or girlfriend etc. And after all a bribe is also money so there is a money trail if large enough and/or not paid in cash. And some people just like to talk and brag.
Secrecy wise, the less people that they were to involve the less chance of a leak. At least one reason that top secret programs have limited people that even know they are going on, right?
⬐ borplkThey don't have to "bribe" anyone.They can easily plant their own agents inside the company as employees.
("undercover agent" getting a job at the company like a regular person)
I'd be very very surprised if they already haven't done it.
⬐ lawnchair_larry⬐ rdtschttp://gizmodo.com/5586694/the-12th-russian-spy-worked-at-mi...The key to bribery (well, heck the key to keeping members of any "evil" organization's mouths shut), is to find something they are really really embarrassed about, some sexual fetish, something secret about their family. Or, promise to absolutely put them in prison over some crime they committed. For the later, ever better entrap them to commit the crime first and record it. All that coupled with a reward -- if they need money, offer money (maybe in the form of a consulting business in a NSA front company with this purpose in mind).⬐ korzun⬐ mschuster91That's not how bribery works.> is to find something they are really really embarrassed about
I don't think NSA needs to employ high school level tactics.
If they want to pin something, they will. True or not.
⬐ madaxe_again⬐ gcb0Oh boy. Oh yes it is. You don't bribe someone for information unless you have dirt on them, otherwise there's nothing to stop them turning traitor on you. If you don't have dirt on them, you just invent some. Doesn't matter. People don't fact-check - if the media says it, it must be true.⬐ korzun> You don't bribe someone for information unless you have dirt on themThat's not a bribe.
Learn the difference between strong-arm tactics such as blackmail and bribes. Two completely different approaches.
⬐ madaxe_againThe two almost always go hand in hand, unless you're talking about bribing a traffic cop - which we're not.Patronising dickhead.
⬐ korzunTouched a nerve kiddo?Link me to a case where NSA/CIA/FBI blackmailed AND worked with / gave money to an individual at the same time.
⬐ madaxe_againStill a patronising dickhead?The CIA typically recruit through a combination of carrot and stick - i.e. bribery and blackmail.
"Hey dude, let me tell you about this sweet slightly dodgy thing I can get you in on."
... ...
"Oh by the way, I hope you like all that money you made. I work for the CIA. Work with us or go to jail, your call."
More commonly than not it's not about self-preservation, rather protection of loved ones - read up on Operation Mockingbird, which was driven pretty much entirely on this basis - luring journalists in with a subtle bribe hook, then using it to blackmail them.
⬐ korzun> read up on Operation MockingbirdDid you read anything I posted? In what instance was somebody bribed AND blackmailed at the same time during the Mockingbird?
Please go back to Wikipedia and try again.
⬐ NoneNone⬐ madaxe_againNot sure why I'm even engaging with you. Go back to your military contracting job and keep your head down.that was CIA time and they since learned that plain money works best even with the most zealot radical⬐ pinaceaeNo, the key to bribery is that once someone accepts money, you have two hooks in them:1., They are willing to sell you intel for money.
2., You can now blackmail them as they accepted a bribe.
Point 2 is the reason you should never accept bribes when doing business, especially abroad and everyone tells you "it's normal". they're just waiting for a foreigner to get exposed, take your passport and have fun with you. see Russia, etc.
No need to be Macchiavelli.
> After all someone bribed is also someone who can disclose info. Or could even get hacked themselves whereby someone else would discover that they are cooperating and release or expose that fact. For many reasons. Could be a roommate, an angry spouse or girlfriend etc. And after all a bribe is also money so there is a money trail if large enough and/or not paid in cash. And some people just like to talk and brag.The NSA/FBI/DEA can and have used tactics like extortion (e.g. for planted drugs, money laundering charges etc.) to make people cooperate. It's like a bribe just without the risk of exposing.
⬐ Natsu> The NSA/FBI/DEA can and have used tactics like extortionWould you cite sources for that?
⬐ gaadd33Is blackmail good enough? http://www.lettersofnote.com/2012/01/king-like-all-frauds-yo...⬐ mschuster91Add a CIA to this and look at all the black ops they have either admitted or been exposed.If any of the three-letter agencies (or, for that matter, any big govt agency) uses these kinds of tactic, then there is no reason at all to believe other branches of govt refrain from doing the same shit.
Once, a long time ago, that last sentence would make me a tinfoil-hat-wearer... sad that this is not the case anymore.
⬐ NatsuI know what you mean, hence the request.How come Stellar PCS didn't check out the NSA documents that were made public (I assume the documents the journalist is showing them in the video are those public PRISM/snowden/TreasureMap docs) for any hints their operations were compromised ?Just found this https://firstlook.org/theintercept/2014/09/14/nsa-stellar/ which includes more narrative and GCHQ's involvement.
⬐ scintill76⬐ pinaceaeIt does appear they have already been publicized as a target at the end of March this year: "The 26-page document explicitly names three of the German companies targeted for surveillance: Stellar, Cetel and IABG." ... "In the case of Stellar, the top secret GCHQ paper includes the names and email addresses of 16 employees, including CEO Christian Steffen. In addition, it also provides a list of the most-important customers and partners. Contacted by SPIEGEL, Stellar CEO Steffen said he had not been aware of any attempts by intelligence services to infiltrate or hack his company. 'I am shocked,' he said." [0]As far as I can tell, the actual documents were just publicly released today. I suppose the point of the video, as noted by other comments here, is to show real human beings finding their name and email address in a top-secret document directing they be found and "tasked". Most of the filming may have been done back in March, and it seems they were made aware back then, and have hopefully taken steps to re-secure things since then.
I'd be interested in evidence that they should have specifically known about this earlier, though.
[0] http://www.spiegel.de/international/germany/gchq-and-nsa-tar...
⬐ zz1How come so many people are just ignoring all the Snowden files altogether? How come so little people use encryption, after more than a year that we have been told "the good news is, encryption works".Please advocate for change, actively, with the people you interact. GPG, OTR, TextSecure, Redphone, Signal, decentralized services… If they are complicated, set them up yourself. And please, urge your representatives to act!
⬐ pdkl95Unfortunately, some people still don't believe the scope or that the "good guys" would violate the constitution like this ("Just-World Hypothesis"). Others are still using various permutations of the "If you're not doing anything wrong..." nonsense.And at least a few... are collaborators.
As PHK cautioned, the NSA/GCHQ/etc can submit patches or comment in development discussions just like everybody else, and at least some of the suggestions against using proper crypto are intended to keep the internet in plaintext.
If you're a radical, islamist, leftist, etc. then maybe you're a target for NSA, GCHQ.if you're a sysadmin at a telco or infrastructure provider your definitely a target for the NSA, GCHQ.
let that sink in.
infrastructure these days also means AWS, facebook, youtube, twitter. every piece, site, offer that might be used by ISIS, for example.
⬐ andy_pppI'd be really interested to know what they did to get the access. Did this guy have malware installed on his machine? Do we all have Malware installed on our machines? Is there any way to protect yourself from an adversary as powerful and competent as the NSA?⬐ scintill76⬐ jostmeyThe only real proof of "access" I saw, was a single customer's username and password. That could have been obtained through guessing, or compromising that customer. So it seems like cautious and competent engineers aren't necessarily all compromised. I'm open to more evidence though.The other things seemed to be network topology, IP addresses, and engineer lists, which are fairly public.
⬐ andy_pppHis name is on NSA slides, right? He's either working for them or they have his private key. Really how difficult would it be for the NSA to get that if they wanted it?I have no idea but I'm able to believe easily.
⬐ zz1Not just his, but the names of all the company's engineers are on the slides and marked as targeted persons.⬐ andy_pppHere's me thinking I added to the discussion :-D⬐ scintill76Like some others here, I wondered if "task" could mean to recruit.I basically agree NSA could pwn anybody they want, but there are probably other considerations such as how obvious they want to be, whether the target is valuable enough to reveal zero-days nobody else has seen yet, etc. Maybe it's wishful thinking, but I'd like to believe if you don't do things like open unsolicited email attachments, you're still pretty safe.
But, perhaps as the lead engineer of an ISP "interesting" people use, nothing is off the table and he has been pwned repeatedly.
⬐ fossuserI remember reading about one method where they served up their own versions of Facebook when requested from a target from compromised hosts that are near that target as a way to collect credentials.I forget the name of that method, but according to the documents it was used to target sysadmins. Though if you use a password manage with unique passwords for every service that should help protect you.
For more details: https://firstlook.org/theintercept/document/2014/03/20/hunt-...
If I were caught hacking into a private network of computers without authorization even if I had a "good" reason to do so I would be breaking the law and throne in jail. So why is the NSA allowed to do the same?⬐ dredmorbius⬐ kbar13Within the US, the NSA operates with legal impunity. It is beyond the reach of the law. At least so long as it's acting under official mandate -- rogue agents are apparently sanctioned if pursuing information for personal reasons. If caught.Outside the US, NSA operates with the diplomatic and military support of the US. It's not a matter of an individual hacker, but "an international incident" should something arise. There's some risk that an agent or operative (non-agency employee acting on behalf of the NSA) could be caught, but that would vary by field of operations and relations between that country and the US.
⬐ PeterisP⬐ zz1And for such cases as in NSA, where the actions, though technically illegal, were clearly intended by the leadership - "sanction" can easily mean an official written reprimand stating "this is not acceptable", followed by a cash bonus and a promotion.What would happen to you if you were caught collecting e-mails of the whole world? What would happen of you if you were caught stealing documents from your representatives computer?Nothing is happening because the NSA and most representatives are PARTNERS in this crime. You must contact your representative and let him know that you are ready to do anything in order for him not to be reelected if he won't actively ask for justice.
⬐ dj-wonkI am not a lawyer, but https://www.nsa.gov/about/faqs/oversight.shtml mentions Executive Order 12333 and other legal mechanisms.⬐ sauereb-but m-muh terrorism⬐ zo1It's just the tip of the iceberg when it comes to government/private moral duality. As an anarcho-capitalist, I've had to peel back years of this stuff that was forced into my brain since I was small.Most people hold a similar view as you. i.e. "Why is X wrong when people do it, but not when government/government employee does it". However, we anarcho-capitalists, who examine the basis of government in terms universal moral principles, apply this critique to everything a government does.
Your singular question is one of many. And I urge you to explore such questions further, as far as you're comfortable questioning. You'll find that much of what government does is logically inconsistent, even with its own set of defined "morals".
that feel when ~5:15 and the username/password to an account with "deep access to the network" is horizon/h0r1z0n⬐ scintill76⬐ codemacI think it was deep access to one customer's network, and probably their own fault for choosing lame credentials.Any non-flash version of this video?⬐ miduil⬐ dredmorbiusI didn't check the comments first, here's what I found: http://video2.spiegel.de/flash/03/31/1521330_iphone.mp4⬐ hnhayoutube-dl can handle spiegel.de⬐ zz1You can get it in H246 from Vimeo:⬐ codemacAwesome, thank you!Is there an alternate source for the video? I cannot get it to play at all under Linux / Chrome.⬐ sentenza⬐ netherHere it is on Vimeo:Worked fine for me in FF on linux. Might be worth a try in Chrome.
⬐ dredmorbiusVimeo does work for me generally. I can also download it with youtube-dl.There's this great line in Dataclysm (written by the guy who wrote the OkCupid blog) about how the NSA recruited from the best math students at Harvard. "The people spying on us are extremely, extremely smart."⬐ theoh⬐ ck2Don't we generally assume that the NSA hires math guys for math purposes, not surveillance purposes?⬐ serfwell, the scary part is that those maths purposes are being deployed for surveillance reasons. William Binney comes to mind⬐ peterkellyWhat do you think they use the math for?⬐ theohMy point is that mathematicians are not necessarily or even probably a good fit for intelligence analysis ("spying"). I wouldn't describe the stuff NSA mathematicians ostensibly get up to as spying. See this for example: https://www.nsa.gov/careers/career_fields/mathematics.shtmlReminds me of the Google engineer response:⬐ coalbeeWhat about 2048 RSA public key cryptography performed on the application level? Didn't the Snowden leak say the NSA still can't crack 2048?⬐ nanerThis also illustrates the weakness of using just a password for authentication to anything of value.⬐ dmixRequires Flash to watch :\⬐ zz1⬐ zbyCan be done with H264: https://news.ycombinator.com/item?id=8316396This crashes my shockwave flash plugin - should I start to be paranoid?⬐ KeyframeThey must've known?⬐ notastartupThis is the most intense video I ever seen since the Snowden revelations. I could almost feel Ali's feeling of complete violation. This is absolutely chilling material.⬐ thegerman⬐ kelasTo see a fellow german talk in my native tongue about learning that he himself was targeted made this so much more real. We europeans really can't trust the US anymore. It's so sad. I really liked the idea of that place, but who hacks their friends?Enjoyable. A rare opportunity to witness an expression of someone who got p0wned well beyond his level of comprehension. Look how he strokes his pen in disbelief, that poor German dude. "I know those switches", Mein Gott.As of today, there are two kinds of people in the world: those who believe we're still stuck in post-9/11, and those who realised we are now in post-Snowden.
There is a third kind who have Facebook accounts, but those are just the nature's way of saying that Darwin got it right.
⬐ asdfologist⬐ rdtsc> There is a third kind who still have Facebook accounts, but those are just the nature's way of saying that Darwin got it right.Wow, you just trash talked over 1 billion people in one sentence.
⬐ kelas⬐ zz1Trillions of flies can't be wrong - elephant dung is awesome.⬐ ossrealityYou made a good point and then trashed it with a knee jerk reaction. If you think Facebook is one of the bad guys here, you don't really get what's going on.⬐ TeMPOraLFor flies it is, but that doesn't generalize to other species. It's an incredibly stupid adage.⬐ NoneNoneI agree with you and I find this> There is a third kind who have Facebook accounts, but those are just the nature's way of saying that Darwin got it right.
really amusing. But it is really wrong and bad to talk like this. We need those people to understand the issues of surveillance. We won't go nowhere without them, and even if you get ultra-secure, they will always be potential attack vectors. Don't trash them like that, but teach them, instead, how to behave, how to communicate in the post-Snowden era.
⬐ kelas⬐ jp555Desperate trash talk, I agree. Amusing, yes.But really, language breaks down trying to describe the epic scale of a tragedy we are watching from the front row for many years now, one called Facebook.
There is no practical way to tell one billion people that "Facebook" and "surveillance" are synonyms. This is simply too much to bear and process without relevant background and experience. There's no right kind of advice to be given. On top of everything, there will be an immense PR department trying to label your ideas dangerous and sociopathic.
There is no better way to illustrate this effect than Stallman's formidable Facebook crusade:
⬐ zz1Thanks for the link!Did you know credit card companies have been selling the data about what, when, and where we buy everything, and have been doing so for decades?I just don't understand the outrage about collecting data on what happens in the church basement after mass (that's essentially Facebook; who likes who/what, etc) when much more important things have been shared for a lot longer and no one cares.
⬐ kelas⬐ vezzy-fnordSure we all leave footprints with companies we are customers of. But lets talk about intentions for a second.How would you like a credit card company which is selling information about things you really wanted to buy, but never actually did? Books you thought you should read, but never found time for? Who is the girl you fell in love with, but never dared to approach, or got turned down by? How often you're browsing Internet very tired, or drunk? What are you browsing for when you're drunk? What was the sentence you've started typing last night, but never finished?
Who could benefit from buying such information about you, and how? How much of this church basement stuff can be used to influence you in 5 years from now? To affect your career in 15 years from now?
Think how much your shopping mall history from 10 years ago is worth compared to a good educated guess about what is happening inside your head right now.
These are the questions Facebook's resident data miners are routinely answering. This is what Facebook is after, and this is what makes them disgusting.
http://arstechnica.com/business/2013/12/facebook-collects-co...
If you're on Facebook, get out. If you're working for them, quit.
⬐ jp555The credit card company can put together a MUCH more accurate profile of what I value, because it's a profile of what I spend my money on, and not just 10 years ago, but also 10 minutes ago.Facebook can profile as well, but the analogy I like is the magazines I choose to read from the pile in a doctors office waiting room. It's a sliver of a sliver of a sliver of one version of me, that's only relevant in a very narrow sense.
I may "like" something for a whole host of unknown reasons, and likes are not scarce. When I put my money where my mouth is, it carries a lot more weight.
⬐ kelasNo offense, you really seem to make a fundamentally false assumption about what your money has to tell about your inner process.But personalities aside, lets talk mass markets.
Think of a random teenage girl who shopped for Alphabits 4 hours ago, twitted of #mileycirus 40 minutes ago, then started typing a private Facebook message to that bully from school, then took a monthly dose of her brother's ADHD prescription and went postal 2 hours later with the largest shotgun from her dad's attic.
Or maybe she didn't?
As of two hours ago, she still had a chance to become the next Rosa Parks. You don't know that. I don't know that. Mark Zuckerberg knows. Three years later, he wants to sell her profile to her first five potential employers for ten US cents apiece, and probably ruin her life forever.
(I might be exaggerating just a bit for the sake of argument, but God knows how many Stanford graduates on Facebook payroll are looking for much more subtle patterns in her data as I write this)
Good news is that Facebook is doomed. Ephemeral is the new king, guaranteed crypto ephemeral is the next one. No one wants to talk to Zuck when one wants to talk to his girlfriend.
Zuck is simply out of fashion. Somehow, teenagers know better than we do.
⬐ jp555The food I buy, the tools I buy, the clothes I buy, everything I buy, and all the things I don't buy - says a lot more about me than the random posts on Facebook I might Like, comment on, or share. VISA knew I was having a baby a LOT sooner than Facebook. Oh, look she's buying pregnancy tests...You're right that ephemeral is the future, it's also the past and present. Any insight one may surmise from mining Social Data is just as ephemeral.
We live neither in post-9/11, nor post-Snowden. I'd actually trace it more back to post-New Deal, because the NSA has been conducting bulk domestic surveillance ever since its inception (starting with telegraph communications).⬐ kelas⬐ moeIf we were looking for a really striking level of abstraction, we could say surveillance is probably as old as prostitution.But you will agree Snowden did a lot to help general population understand where we are today. Definitely not Kansas, and no other New Deal in sight.
There is a third kind who still have Facebook accounts, but those are just the nature's way of saying that Darwin got it right.That's a non sequitur.
Having a facebook account or not is an almost negligible factor in the grand scheme of things.
The kind of information commonly exposed on facebook can be more conclusively inferred from other information sources.
Do you use a smartphone? Skype? Any search engine?
Does your home internet come out of a plastic router? Do you click on the little lock icon every time you go to a SSL site, to verify the certificate hasn't changed? Do you know the fingerprint of the legitimate facebook SSL certificate?
Think about what any one of the above devices "knows" about you in comparison to what facebook knows about you.
⬐ kelasTrue, true.The only difference is that somehow Google still maintains a straight face telling people they are not guinea pigs in their next study. Zuck never had that option in the first place, their only strategy is to maintain grip on the population at all costs, and no means are too sleazy.
What you want to try is to shut down your Facebook account and check some e-mails they will be sending you for months to come... Prepare for the drama. They will be showing you the cutest photos of your family and closest friends, saying they're all devastated because you've gone antisocial.
Zuck broke our hearts.
⬐ jmgrosenHm, I shut down my account, and I haven't gotten any emails from them... perhaps they've changed?⬐ kelasNo, I doubt they have. What's more likely is that you took an option to to opt-out from any further communication from Facebook, something they reluctantly offered when all attempts to connect with you emotionally failed.This is the right way to do it. Great job Spiegel (or whoever worked on this piece). Putting real people on screen, real faces. Showing emotion, showing them swallowing knots when they see their names on the screen of "tasked" engineers.I think here on HN and other tech and privacy forums we understand what is happening. Unless there is a reporting like this, it will be a bit harder to engage a wide audience. Telling the proverbial grandma about "PRISM" or "they are listening to everyone" is not going to quite work. What works is to do this -- showing one particular grandma with a name, address, life story and showing how maybe her recipe for baking cookies is now logged in Utah's NSA's headquarters in room 5B, on storage node 18Z and so on.
⬐ zz1Produced by Laura Poitras. (just watch it until the end and you'll get the other names)⬐ final⬐ smtddrYeah, I'd bet in a few years the breaks in her car will malfunction or she'll get the wrong drug or murdered some other way.⬐ Ygg2Ten bucks she is "tasked".⬐ NoneNone⬐ srslackPoitras is actually the shadow of this whole story. She was the journalist Snowden reached out to when Greenwald was unresponsive, was there and filmed the first Snowden interviews, was responsible for the Bill Binney story in the NYT a few years back[1] and has been on the US Government shit list for quite a few years[2].[1] http://www.nytimes.com/2012/08/23/opinion/the-national-secur...
[2] https://en.wikipedia.org/wiki/Laura_Poitras#Government_surve...
⬐ zz1And she was the one with a safe copy of the NSA documents once Greenwald disovered his copy was corrupted. That's why David Miranda went to Europe and was detained at Heatrow.⬐ rdtscI think you might have misread what the gp meant by "tasked". It was taken directly from the video. In the video "tasking" meaning being selected, followed (presumably virtually only), monitored and spied on.As extremely anti-NSA & pro-snowden as I am, I can't help but notice that this vid is formatted in a propaganda type way. If I saw a similar vid with this format supporting views that I don't agree with, I would have called it propaganda & FUD-inducing.I'm only in support of this video because so much other evidence has been delivered on this topic before this vid came along.