Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Aurora Attackers Were Looking For Google's Surveillance Database

Soulskill posted about a year and a half ago | from the go-big-or-go-home dept.

Google 81

An anonymous reader writes "When in early 2010 Google shared with the public that they had been breached in what became known as the Aurora attacks, they said that the attackers got their hands on some source code and were looking to access Gmail accounts of Tibetan activists. What they didn't make public is that the hackers have also accessed a database containing information about court-issued surveillance orders that enabled law enforcement agencies to monitor email accounts belonging to diplomats, suspected spies and terrorists. Whether this was the primary goal of the attacks as well as how much information was exfiltrated is unknown. current and former U.S. government officials interviewed by the Washington Post say that the database in question was possibly accessed in order to discover which Chinese intelligence operatives located in the U.S. were under surveillance."

cancel ×

81 comments

Sorry! There are no comments related to the filter you selected.

First HOSTS! (2, Funny)

Anonymous Coward | about a year and a half ago | (#43789063)

Should have used a HOSTS file for better security.

Google, Big Brother's Helper ? (2, Informative)

Taco Cowboy (5327) | about a year and a half ago | (#43789153)

What they didn't make public is that the hackers have also accessed a database containing information about court-issued surveillance orders that enabled law enforcement agencies to monitor email accounts belonging to diplomats, suspected spies and terrorists.

... and anybody else, as long as the authority can label them "potential threats"

Welcome to 1984, man !!

Re:Google, Big Brother's Helper ? (4, Funny)

ozmanjusri (601766) | about a year and a half ago | (#43789293)

.. and anybody else, as long as the authority can label them "potential threats"

"Diplomats" is a clearly defined set. The set "suspected spies and terrorists" already contains everybody.

Re: Google, Big Brother's Helper ? (0)

Anonymous Coward | about a year and a half ago | (#43789331)

So is that how it works? Government asks for data politely and gets told no. Government then highers third party (scapegoat) country, provides the neccessary tools while turning a blind eye to the "attack". Then anything that was obtained can be perused at their lesiure as "evidence of a computer crime." Whatta scam.

"highering" is right! (1, Flamebait)

girlinatrainingbra (2738457) | about a year and a half ago | (#43789467)

Well, at least they didn't "lower" another country! "Highering" another country to do that work isn't always necessary. Since there are supposedly laws preventing the C.I.A. and N.S.A. from spying on our own countrymen, countrywomen, country-boys-and-girls-and-cats-and-dogs, supposedly there is a "gentleman's agreement" between the brits, israelis, and ourselves to trade info gathered on one-anothers' countrymen [damn those gendered nouns sneak in a lot in english] with the "rival" spy agencies, so that the data gathering is still done with supposedly clean hands. Allegedly. O-m-g, they're tracking what I type...

Re: "highering" is right! (2, Insightful)

s.petry (762400) | about a year and a half ago | (#43789773)

While there may be laws on the books in the US protecting citizens from the CIA, NSA, DHS, FBI, etc...(goddamn long list of Govt. agencies) those laws have been ignored for a dozen years. Because people refuse to see it does not make it go away... It just means people can be Ostriches.

Re: "highering" is right! (2)

ozmanjusri (601766) | about a year ago | (#43790205)

While there may be laws on the books in the US protecting citizens from the CIA, NSA, DHS, FBI, etc...(goddamn long list of Govt. agencies) those laws have been ignored for a dozen years.

How can they be sure you're a citizen if they don't spy on you?

Be reasonable.

Re: "highering" is right! (1)

TapeCutter (624760) | about a year ago | (#43791269)

Good plan, AFAIK they're not tracking ostriches.

Re: "highering" is right! (0)

mt1955 (698912) | about a year and a half ago | (#43789787)

Please mod up! Funny +1

Re:"highering" is right! (1)

Shavano (2541114) | about a year ago | (#43790145)

Since there are supposedly laws preventing the C.I.A. and N.S.A. from spying on our own countrymen, countrywomen, country-boys-and-girls-and-cats-and-dogs, supposedly there is a "gentleman's agreement" between the brits, israelis, and ourselves to trade info gathered on one-anothers' countrymen

What passes as fodder for discussion between intelligent people around here is beyond me.

Re:"highering" is right! (0)

Anonymous Coward | about a year ago | (#43792913)

Since there are supposedly laws preventing the C.I.A. and N.S.A. from spying on our own countrymen, countrywomen, country-boys-and-girls-and-cats-and-dogs, supposedly there is a "gentleman's agreement" between the brits, israelis, and ourselves to trade info gathered on one-anothers' countrymen

What passes as fodder for discussion between intelligent people around here is beyond me.

Hang around a while, you'll catch up.

Re: Google, Big Brother's Helper ? (0)

Anonymous Coward | about a year ago | (#43790083)

So is that how it works? Government asks for data politely and gets told no. Government then highers third party (scapegoat) country, provides the neccessary tools while turning a blind eye to the "attack". Then anything that was obtained can be perused at their lesiure as "evidence of a computer crime." Whatta scam.

No, that's not how it works. Three letter agency issues an NSA warrant and gets whatever they want. You're trying way to hard in your efforts to concoct a nefarious cloak and dagger scandal.
Besides, everyone already is spying on everyone else, and every country on the planet would be interested in that data.

Google the biggest fighter against govt data reque (5, Interesting)

raymorris (2726007) | about a year and a half ago | (#43789761)

The government certainly finds it useful to get search warrants and such to look at suspect's email, including gmail.
That's very much not Google's doing. Google does more than any other company, probably any company in history, to fight against that.
By law, they are required to honor National Security Letters asking them to give up information. Their policy is to refuse to provide the
information, even though the law (since 1978) says they have to hand over the information. Google claims the law is unconstitutional and
therefore void. In Doe versus Ashcroft, the judge agreed. (Courts have gone both ways.)

Just two weeks ago Google filed suit to have these information requests ruled unconstitutional:
https://www.documentcloud.org/documents/680852-googlemotion.html

They are the only company I know of which publicizes how many supeonas and national security letters they get. That itself is thumbing their nose at the
FBI because those letters include a gag order saying Google isn't allowed to talk about them. (Which is why their name wasn't made public in Doe v Ashcroft,
they aren't allowed to reveal the things they revealed in that suit. (It's a pretty safe assumption that Doe was Goog.)

Google has founded an organization to protect their users from such government intrusion and regularly funds other organizations with the same goal.
No doubt, Google wants to HAVE information about you, but they do everything they can to avoid sharing that data with the government, with their
executives actually risking jail time for openly defying the laws requiring them to give up the info. You can't possibly ask them to do more than that.

Occupy Wallstreet (1)

Anonymous Coward | about a year ago | (#43790021)

I basically agree, Google are a victim as much as the ones being spied on are victims, they don't like this, nobody does.

I'm calling the people spied on 'victim' here, because it I don't believe this statement:

"The database included information about court orders authorizing surveillance — orders that could have signaled active espionage investigations into Chinese agents who maintained e-mail accounts through Google’s Gmail service"

Right and why would they use Gmail? I think a far more likely scenario is these orders were used to spy on Occupy Wallstreet protestors and anyone expressing political views. Since this seems to be the pattern with the FBI these days, and I don't see the criminal prosecutions from all this spying, which suggests its not a prosecutable offense like spying, but rather a non-prosecutable offense, e.g. free speech.

It's all too META that a cyber spying by the Chinese on cyber spying by the USA happens to get data on cyber-spies.

Re:Google the biggest fighter against govt data re (-1, Troll)

nazsco (695026) | about a year ago | (#43790895)

You forgot the disclaimer about your employer.

Re:Google the biggest fighter against govt data re (-1, Offtopic)

grumpy_old_grandpa (2634187) | about a year ago | (#43790933)

Sorry to cut your wanking session short, but Google is not your friend. As any business, their primary objective is to line their own and their investor's coffers. It is true that some of their PR campaigns and interests align with the political ideals of the average Slashdot user, but to think they spend time and millions of lawyer money fighting the government for the grater good is rather disingenuous.

As we've seen time and again, any project or effort which does not make enough money will be cut. If they did not benefit from a stance against government surveillance, they simply would not bother. Look no further than their silent nodding towards the CISPA as an example.

Re:Google the biggest fighter against govt data re (0)

Anonymous Coward | about a year ago | (#43791035)


http://en.wikipedia.org/wiki/Operation_Aurora

On February 19, 2010, a security expert investigating the cyber-attack on Google, has claimed that the people behind the attack were also responsible for the cyber-attacks made on several Fortune 100 companies in the past one and a half years.

CISPA was all about sharing security information with other companies. If it were in place at that time, Google could have shared their counter-measures with other companies, vs the attackers using the same hacks against other large American companies.

The anti-CISPA backlash was retarded IMO. It was a different beast compared to SOPA.

Hubris. (1)

TapeCutter (624760) | about a year ago | (#43791339)

but to think they spend time and millions of lawyer money fighting the government for the grater good is rather disingenuous

You don't have a clue what it's like to be a billionaire and even less of a clue as to what motivates them to spend money on lawyers. If it was all about financial reward then google would simply give the government everything they wanted with a minimum of fuss and pay a few PR hacks to explain why the can't "fight city hall". I don't claim to know what their motivation is, however it's obvious there's no financial reward to be had that would outweigh the costs of their self-imposed policy.

Re:Hubris. (1)

grumpy_old_grandpa (2634187) | about a year ago | (#43795265)

Google does have intensives in this matter: User trust. If they lose it, there will be less page views, less ads clicks and less money. Even if the likelihood of any single user being affected by the surveillance laws is small, it's the perception which counts. It's some of the same fear Microsofts plays on with their Scroogled ads.

The reason you don't see other companies take up the surveillance issue in same way, is that they don't stand to lose as much. Microsoft will still sell Windows and Office licenses, Apple will sell fashion accessories.

Re:Google the biggest fighter against govt data re (2)

Xest (935314) | about a year ago | (#43791433)

"As any business, their primary objective is to line their own and their investor's coffers."

This is stupid, whilst it may be true in the majority of cases it's not true in all cases. As much as it may upset your cynical world view there are ethical companies out there and it largely depends on who is running those companies.

Born and bred sociopathic business types like Larry Ellison and Steve Ballmer may not give a damn about anything but profit, and hell, it may even be true of Schmidt but counter-balancing that are people like Sergey Brin who was bought up under the USSR's surveillance state before his parents fled to the US with him and hence has an inherent distaste for this sort of thing.

If you think there aren't ethical people in positions of power or even outright running some businesses then you're just a bitter sad individual pissed off that they've been more successful in life than you and just want at least something to try and make yourself feel superior than them with. It's pathetic.

Re:Google the biggest fighter against govt data re (1)

gl4ss (559668) | about a year ago | (#43791011)

The government certainly finds it useful to get search warrants and such to look at suspect's email, including gmail.
That's very much not Google's doing. Google does more than any other company, probably any company in history, to fight against that.
By law, they are required to honor National Security Letters asking them to give up information. Their policy is to refuse to provide the
information, even though the law (since 1978) says they have to hand over the information. Google claims the law is unconstitutional and
therefore void. In Doe versus Ashcroft, the judge agreed. (Courts have gone both ways.)

Just two weeks ago Google filed suit to have these information requests ruled unconstitutional:
https://www.documentcloud.org/documents/680852-googlemotion.html [documentcloud.org]

They are the only company I know of which publicizes how many supeonas and national security letters they get. That itself is thumbing their nose at the
FBI because those letters include a gag order saying Google isn't allowed to talk about them. (Which is why their name wasn't made public in Doe v Ashcroft,
they aren't allowed to reveal the things they revealed in that suit. (It's a pretty safe assumption that Doe was Goog.)

Google has founded an organization to protect their users from such government intrusion and regularly funds other organizations with the same goal.
No doubt, Google wants to HAVE information about you, but they do everything they can to avoid sharing that data with the government, with their
executives actually risking jail time for openly defying the laws requiring them to give up the info. You can't possibly ask them to do more than that.

they could just move their mail operation overseas with no US operatives.

they do it for taxes already, so why the fuck not...

Re:they could...move their mail operation overseas (2, Interesting)

girlinatrainingbra (2738457) | about a year ago | (#43791135)

Re: they could just move their mail operation overseas with no US operatives.

they do it for taxes already, so why the fuck not...

Hate to break it to you, but they don't really move their money overseas for tax purposes. They only claim to move the money overseas. It's just a sham tax avoidance scheme. See the New York Times article entitled For U.S. Companies, Money âOffshoreâ(TM) Means Manhattan [nytimes.com] :


Apple's $102 billion in offshore profits is actually managed by one of its wholly owned subsidiaries in Reno, Nev., according to the Senate report on the company's tax avoidance. The money is tracked by Apple company bookkeepers in Austin, Tex. What's more, the funds are held in bank accounts in New York.

...

''The offshore companies are a fiction and the statement that the money is offshore is a fiction,'' said Edward D. Kleinbard, former staff director for the Congressional Joint Committee on Taxation. ''What they are asking for is a reward for having gamed the system.''

So they could claim that the servers are the diplomatic property of that imaginary land of Googylvania, couldn't they? Googylvania, that's my name for that concept, see also /. article about Google Island [slashdot.org] . Way, way, way beyond the reach of the USA laws.

But you forget that the point of this is not really to stop servicing the Law Enforcement community of the USA. It's just to put up the pretense of protesting at serving and servicing the interests of the spies and LEOs of the USA: mollify the sheeple customers into believing that "it's the bad old guvviment that's so mean and googa-woogle is so good and on your side, we even pwotest these national secuwity lettews!" Don't fall for it. Google is NOT on your side.

Re:Google the biggest fighter against govt data re (1)

Anonymous Coward | about a year ago | (#43792005)

I've said it before and I'll say it again.

I'm beginning to suspect that Google is actually a front organisation for the Contact division of some race of well-meaning and meddlesome aliens, who are using it to discretely nudge our society onto the path towards peace, freedom and post-scarcity tech-utopia. Eventually, thanks to them, our descendants will be able to take their place among their peers in the stars.

But maybe I've been reading too much Iain M Banks.

Actually I take it back. It's impossible to read to much Iain M Banks.

Re:Google the biggest fighter against govt data re (1)

Raenex (947668) | about a year ago | (#43827949)

Google does more than any other company, probably any company in history, to fight against that.
By law, they are required to honor National Security Letters asking them to give up information. Their policy is to refuse to provide the
information, even though the law (since 1978) says they have to hand over the information. Google claims the law is unconstitutional and
therefore void. In Doe versus Ashcroft, the judge agreed. (Courts have gone both ways.)

http://en.wikipedia.org/wiki/American_Civil_Liberties_Union_v._Ashcroft [wikipedia.org]

"American Civil Liberties Union v. Ashcroft (filed April 9, 2004 in the United States) is a lawsuit filed on behalf of a formerly unknown Internet Service Provider (ISP) owner by the American Civil Liberties Union against the U.S. federal government. In 2010, it was revealed that John Doe was in fact Nicholas Merrill of Calyx Internet Access."

So that was a small ISP owner doing the right thing, not Google. What do you think Google was doing in the meantime, if not complying with those requests? 2013 is very late in the game for Google to be filing lawsuits.

They are the only company I know of which publicizes how many supeonas and national security letters they get.

Again, they started doing this very late in the game. Google gave up information to NSLs and didn't talk about it, just like everybody else. You're a fool if you think otherwise.

Re:Google, Big Brother's Helper ? (0)

Anonymous Coward | about a year and a half ago | (#43789813)

Yeah, man, court's having the authority to make orders for records after a statutorily defined, and constitutionally restricted due process is totally Orwellian.

(WTF?)

Re:Google, Big Brother's Helper ? (2, Insightful)

Anonymous Coward | about a year ago | (#43790167)

Yeah, man, court's having the authority to make orders for records after a statutorily defined, and constitutionally restricted due process is totally Orwellian.

(WTF?)

The FBI can simply issue a National Security Letter, which has no actual review or oversight. You don't have any due process. They are not contestable, and it's illegal to tell anybody including your attorney that you even received one.
Google is, in fact, one of the companies attempting to challenge these letters in court: http://www.wired.com/threatlevel/2013/04/google-fights-nsl/

You want Orwellian, you got something pretty damn close right there.

Re:Google, Big Brother's Helper ? (4, Funny)

FatdogHaiku (978357) | about a year ago | (#43790179)

Welcome to 1984, man !!

If I don't get my 1984 body back then I'm not buying in...

Helpful hint. (5, Insightful)

khasim (1285) | about a year and a half ago | (#43789107)

If you're a spy or diplomat or whatever, don't use Gmail. At the very least it is subject to the US government's laws. Get yourself a secured server somewhere else.

Re:Helpful hint. (4, Funny)

Anonymous Coward | about a year and a half ago | (#43789135)

Helpful hint.
If you are in the spy or terror business, and u use email to communicate, u should look for another line of work.

-HasHie @ trypnet.net

Re:Helpful hint. (5, Informative)

iggymanz (596061) | about a year and a half ago | (#43789213)

nonsense, overt communication of misinformation is a time honored counterintelligence technique. Real messages can also be covertly conveyed in the same channel

Re:Helpful hint. (1)

JustOK (667959) | about a year and a half ago | (#43789681)

that's what they WANT you to think.

Re:Helpful hint. (0)

Anonymous Coward | about a year ago | (#43792931)

that's what they WANT you to think.

If they are so organized and cunning, they want China to think they would store or allow Google to see even some sort of list of suspects they are watching.

This has ramifications.

Illegal surveillance then must happen while all the other cops are forced to jump through hoops.

They are then effectively disinformation for the real CI work.

Re:Helpful hint. (0)

Anonymous Coward | about a year ago | (#43792903)

"nonsense, overt communication of misinformation is a time honored counterintelligence technique. Real messages can also be covertly conveyed in the same channel"

This is very true. They use code talk where they can inject critical issues in otherwise ordinary conversation. Unlike with drug dealers who might just replace the word "cocaine" with "bananas", they learn to put in key issues in everyday conversation while also having simply everyday conversations. They know what a foreign analyst will believe and what they will consider as possibly true at all times. And they constantly exploit that constantly considering themselves under surveillance. When you can not have a clear channel anywhere you talk, it becomes force of habit, but is also training.

Gmail is as fine a service as anywhere. More ubiquitous is a good reason to use it.

If you can make some spy/hacker look like a fool for pursuing you to their bosses (often the game plan), that is one level of success.

If you get a bunch on you, that is also very useful to do.

Being surveilled, getting your system hack and the like is a bad thing in law enforcement. In CI, it is a blast.

The Golden Rule: If they believe you do not know they are spying on you, they will potentially believe anything you say.

So you must always be free to do and say that which would persuade them you truly, deeply believe you are not
being spied on when you know for a fact you are.

Re:Helpful hint. (5, Interesting)

RMingin (985478) | about a year and a half ago | (#43789405)

Steganography plus photos of the "kids".

Last word of every sentence plus a one time pad (NEVER EVER REUSE ONE TIME PADS. IT'S IN THE FUCKING NAME.).

Simple coded phrases that seem innocuous. The garbage can spilled again. You need to stop letting that dog off the leash! I miss you and can't wait to see you next weekend. I want to do dinner at that Szechuan place again, I think it's gotten better.

There are plenty of uses for an email account in intel/cointel. Sending plaintext messages over an uncontrolled service just isn't one of them.

When in the field on an operation without official cover, the agent should assume that all actions and responses are monitored by the local and national cointel groups at all times. Communications should be deniable and overt. Email and public message boards are ideal, as they are fully deniable. The days of taping a tiny cannister full of microfiche to the bottom of a park bench ended forty-plus years ago. It's not hard to run deniable covert operations, you just need to be somewhat intelligent, recruit people who are likewise not stupid or lazy, and NEVER EVER take things for granted or relax.

Re:Helpful hint. (4, Funny)

ebno-10db (1459097) | about a year and a half ago | (#43789473)

Steganography plus photos of the "kids".

Another approach is plain text that's so blatant the eavesdropper will assume no one would be stupid enough to send it seriously. For example: kill moose and squirrel.

Re:Helpful hint. (4, Funny)

SpaceLifeForm (228190) | about a year ago | (#43790073)

Unless the eavesdropper is Rocky or Bullwinkle.

Re:Helpful hint. (1)

PPH (736903) | about a year ago | (#43789917)

Steganography plus photos of the "kids".

Yeah, but in regular e-mails to an address in the PRC intelligence division? Even if they are only about the wife and kids, that's suspicious.

Better to hide the messages in pics of underage teenage girls and post them to 4chan. At least you have a plausible audience in half the male population of China.

Re:Helpful hint. (0)

Anonymous Coward | about a year ago | (#43790245)

The days of taping a tiny cannister full of microfiche to the bottom of a park bench ended forty-plus years ago.

Well ya, nobody uses microfiche any more. You can fit 128 gigs of data on a micro SD chip. Much easier to conceal than film ever was, and so much easier to hide.
Using computers to upload over the internet might seem more anonymous, but you have far more opportunity to leave traces of your activities behind. It's a new tool, but they still use some of the old methods like dead drops when the situation calls for it.

Re:Helpful hint. (1)

umeboshi (196301) | about a year ago | (#43793365)

Jive Miguel
He's in from Bogota
Meet me at midnight
At Mr. Chow
Szechuan dumplings
After the deal has been done
I'm the one

Re:Helpful hint. (3, Interesting)

DNS-and-BIND (461968) | about a year and a half ago | (#43789149)

You'd be shocked at how many people get really offended if you tell them to stop using Gmail. It's like telling someone who likes to bitch about how crap TV is to stop watching - it's just utterly out of the question. You'd think it would be easy to search for "free email provider", go to page 17 of results, and pick some random one. You would also be dead wrong.

Re:Helpful hint. (0)

Anonymous Coward | about a year and a half ago | (#43789751)

But are any of the other free email providers significantly regarding security?

Re:Helpful hint. (1)

bmo (77928) | about a year ago | (#43790545)

No, they think you're an idiot because your tinfoil is so tight that you think that TLAs are interested in personal messages about their kids, or shopping lists for Trader Joe's.

But not only that, if you're worried about security, you don't trust third parties at all to keep stuff private. You encrypt locally and transmit over whatever you want (even shortwave. google "numbers stations"). If you are sending anything over the interbutt, or any other medium, and you are one white persian cat away from being a supervillain and not encrypting, you deserve what happens to you.

Your rant against Google is just idiotic when you look at the bigger picture.

--
BMO

Re:Helpful hint. (2)

Virtucon (127420) | about a year and a half ago | (#43789225)

Uhm, like General Petraeus, former head of the CIA? [networkworld.com]

Seriously, if our head of the top spy agency in this country is that stupid, how stupid do you think the rest of the diplomatic or legislative folks are in DC?

Re:Helpful hint. (1)

Intrepid imaginaut (1970940) | about a year and a half ago | (#43789267)

That trick was originally used by Islamic extremists I believe, so hardly that clever. Seriously though, Gmail? What? Use encrypted morse port knocking on some nothing zombie or something.

Re:Helpful hint. (5, Insightful)

Nidi62 (1525137) | about a year and a half ago | (#43789315)

Uhm, like General Petraeus, former head of the CIA? [networkworld.com]

Seriously, if our head of the top spy agency in this country is that stupid, how stupid do you think the rest of the diplomatic or legislative folks are in DC?

He was a political appointee, what do you expect? He was actually never in any capacity a spy. He was an infantry officer and a teacher more than he was anything else until 2004 and after when he was overall commander of Iraq then Afghanistan. The director of any agency in the US is an administrator above all else.

He is that stupid. And so are most people. (1, Insightful)

girlinatrainingbra (2738457) | about a year and a half ago | (#43789569)

The director of any agency in the US is an administrator above all else. And he didn't really get any on the job training to be a spy. So he believed all the baloney about using "secret gmail tricks" and the "draft folder" with two people logging into the same account to pass messages back and forth. He certainly wasn't going to trust someone else with his sexual escapades and moral turpitude, was he? It's not like your executive administrative assistant, even at the C.I.A., is trustworthy enough to help you out!!! (so unlike being the president and having the secret service boys know who's been [ahem] servicing you and keeping it confidential still yet...)

He is that stupid. And so are most people. Every compu-geek is saying, geee why didn't they use P-geeee-pee or Gee-Pee-Gee or one-time-pads, or steganography in images of zebras!!! And people here think that they're a lot smarter than they really are, or probably are. Perhaps myself included! ;>) But hey, I've still got high school to finish and college to get through... Maybe I'll learn something along the way! We may know tech, but we're likely to bungle up other things on the way...

Re:He is that stupid. And so are most people. (1)

EvanED (569694) | about a year and a half ago | (#43789669)

He is that stupid. And so are most people. Every compu-geek is saying, geee why didn't they use P-geeee-pee or Gee-Pee-Gee or one-time-pads, or steganography in images of zebras!!! And people here think that they're a lot smarter than they really are, or probably are

I believe The Onion had an interesting investigative report [theonion.com] on the topic of that observation applied to national security.

Re:Helpful hint. (0)

Anonymous Coward | about a year ago | (#43793055)

Uhm, like General Petraeus, former head of the CIA? [networkworld.com]

Seriously, if our head of the top spy agency in this country is that stupid, how stupid do you think the rest of the diplomatic or legislative folks are in DC?

He was a political appointee, what do you expect? He was actually never in any capacity a spy. He was an infantry officer and a teacher more than he was anything else until 2004 and after when he was overall commander of Iraq then Afghanistan. The director of any agency in the US is an administrator above all else.

Good point.

When they have as head of FBI or CIA anyone but a seasoned veteran, they are making a poor decision.

Too often Presidents (does not matter who, left or right) tend to put political cronies in these positions. They may do what the President says and being "yes men", but they are not strong enough or experienced enough to actually lead the organization.

Re:Helpful hint. (1)

kilfarsnar (561956) | about a year ago | (#43793063)

Uhm, like General Petraeus, former head of the CIA? [networkworld.com]

Seriously, if our head of the top spy agency in this country is that stupid, how stupid do you think the rest of the diplomatic or legislative folks are in DC?

He was a political appointee, what do you expect? He was actually never in any capacity a spy. He was an infantry officer and a teacher more than he was anything else until 2004 and after when he was overall commander of Iraq then Afghanistan. The director of any agency in the US is an administrator above all else.

Yes, exactly. That's why I roll my eyes whenever I hear, "Well if the head of the CIA can't keep his communications private..." Yeah, he's head of the CIA but it's not like he's trained in espionage. The spooks who do the real work generally don't have their communications compromised.

Encrypt partial webpages (0)

Anonymous Coward | about a year ago | (#43790163)

It shows you that email is watched, if the head of the CIA can't trust email going from point A to point B to be free from surveillance that he relies on creating a draft on Gmail servers, and his GF doing the same. They didn't even trust a dummy GMail to dummy GMail send!

"First, Patraeus set up a dummy account. And second, it's been reported that Petraeus and Broadwell never actually sent any emails to each other. ...
Petraeus would log into said Gmail account, write an email and save it as a draft. Broadwell would then log into that same email account, read the draft, and leave a draft of her own. That way, the two were able to correspond without actually having to send any data from point a to point b."

I think its time we did end to end encrypted email. We could stick the public key (in a public-private key pair) in the unencrypted email the first time you communicate do a key exchange and after that use the key to encrypt.
Webmail too, do the decode in the browser. Mark the section of the webpage that is the email text with a tag and source of that, lookup the key for that tag and decode it in the browser. Notify them of any broken keys are misleading tags.

It's vulnerable to first-key exchange interceptions, but that's all.

Re:Helpful hint. (2)

girlintraining (1395911) | about a year and a half ago | (#43789395)

If you're a spy or diplomat or whatever, don't use Gmail. At the very least it is subject to the US government's laws. Get yourself a secured server somewhere else.

Just them? You'll note it also said suspected spies and terrorists. With "broader definitions" of terrorism coming out every day, and the criteria for being included on a watchlist, paired with these hotlines opening up for anonymous "tips"... pretty much anyone these days can be a suspected spy or terrorist. And being a citizen of the US is very little barrier against invasions of your privacy; They've even talked about revoking citizenship for people simply to avoid any legal hassles.

It might be more accurate to say "If you are writing anything you don't want made public, given to law enforcement, or any of the 170+ governments of the world, don't use Gmail." At least then we'd cover all the bases. :/

Re:Helpful hint. (2)

amiga3D (567632) | about a year ago | (#43789877)

Don't use e-mail. Seriously, how secure is any e-mail server against government surveillance. Maybe using phone modems and sending a message directly computer to computer with full encryption might work. Then maybe not. I'm thinking that if I was involved in something highly illegal my paranoia would jump into overdrive. Given that I'm nobody and have nothing I think I might be safe using Gmail.

Re:Helpful hint. (1)

AmiMoJo (196126) | about a year ago | (#43792275)

Email is a powerful tool so it is undesirable to give it up, especially when securing it isn't that hard. Even Gmail lets you past in encrypted text.

Re:Helpful hint. (3, Insightful)

Jah-Wren Ryel (80510) | about a year and a half ago | (#43789423)

If you're a spy or diplomat or whatever, don't use Gmail. At the very least it is subject to the US government's laws. Get yourself a secured server somewhere else.

You are assuming these people were using gmail for clandestine communications. I'm pretty sure even the most basic opsec training would have covered the "don't use email for secret messages" ruie.

What this looks like is a ruse - agents set up email accounts that are never used for spying purposes but are sufficient to attract exactly the kind of counter-espionage actions of getting the US to spy on the accounts. Then grab the list of accounts the US is spying on because that list is in the hands of google who don't have formal handling procedures for classified information and so are an easy target versus some system behind an air-gap firewall. Tada, now you know which spies have had their covers blown. It doesn't tell you which spies are still safe, but it does give positive confirmation of who has been exposed.

Re:Helpful hint. (2)

PPH (736903) | about a year ago | (#43789855)

Then grab the list of accounts the US is spying on because that list is in the hands of google who don't have formal handling procedures for classified information and so are an easy target versus some system behind an air-gap firewall.

PROTIP: Involving untrained individuals or organizations in intelligence gathering operations is a bad idea. They tend to leak information to either the targets of investigations or third parties with interests in such surveillance.

Re:Helpful hint. (1)

houghi (78078) | about a year ago | (#43794799)

Perhaps they do not want the people who maintain the servers to have access to said data. Perhaps they are real spies and they do think that using spy@example.gov might blow their cover and using a Gmail account will be less suspicious.

Also for others, the content might not be interesting, but the people might be. If one person receive private email from e.g. GayLover@example.com and the like and your country is very panicky about people being gay and in politics, it could be used to look in that direction for the opportunity of blackmail.

And sure, you could use it like a honey trap, but that might fail as well.

There are plenty of reasons they would use a gmail account. I am sure many here use it as well, even though they have their own domain and maintain their own mail server.

Re:Helpful hint. (0)

Anonymous Coward | about a year and a half ago | (#43789539)

I wrote a response to this..that basically said your aluminum foil hat wont protect you. However, the post seems to have disappeared along with my aluminum foil and the hat I made with it.

Please someone let me know if someone see's my hat or cryptography that can't be broken with computing power. Just send me an email through gmail, I'll get in contact with you..well someone will...

Re:Helpful hint. (1)

fuzzyfuzzyfungus (1223518) | about a year and a half ago | (#43789557)

But I hear that Gmail is trusted by the CIA at the highest levels! Who should I trust now???

Re:Helpful hint. (1)

Yvanhoe (564877) | about a year and a half ago | (#43789739)

And if you are the boss of a spy and that this is not part of uour guidelines, just resign. You are a threat to your own country.

Re:Helpful hint. (0)

Anonymous Coward | about a year ago | (#43792975)

You might as well use Google. If you are going out of your way to do spy like stuff, then your blip on the "are they a spy" radar only grows.

The last thing a spy wants to do is stand out. They want to be as normal, as average, as possible. They do not want to be seen as security
conscious.

Spies are not the dudes out there ranting on left or right wing sites. They are not at protests. They are not walking around, looking suspicious,
and eyeing the video cameras.

Moles may be, but that is a different flavor of animal. They usually compensate their guise of normalcy by over extending themselves personally
(Hanssen was extreme in religion and extreme in sex, Ames was routinely filthy, flaunted his wealth from spying, Philby was a drunk who
kept unusually bad company for his role, etc).

A spy should use facebook, gmail, whatever. Whatever anyone else is doing.

G-Men. Gmail. Coincidence? (2, Interesting)

gubon13 (2695335) | about a year and a half ago | (#43789207)

*Cue the dramatic prairie dog*

If someone knows your a spy, why are you there ? (0)

Anonymous Coward | about a year and a half ago | (#43789415)

With Today's technology, and the NSA's level computing power. I first off wonder what you mean by secure server somewhere (keep in mind the server has to be stored and accessed somewhere.. where a server is at can get political.. ) ..

Also if your in the U.S reading your email through the U.S network there's a large chance (in some countries its almost a promise) , high levels of government can read your email even if its stored on a secure server (if they really want to). In some ways using gmail where your less conspicuous and have a large user base to blend into can have its advantages. If you take into account modern data technicians, not having a free email account may also be a sign that your not who you say you are by some computer algorithms(obviously it would have to be correlated with other data points..) ...but I don't feel like wearing a tin foil hat today..knowing who the government is watching though tells you a lot about a government.

The comedy of all this, is theres only a few world powers that have the skill to back people like this and the agenda here is pretty clear( unless Putin is using his ninja powers to try and poison relations..) . The fact that Google servers where hacked in one of the capable countries, makes the whole situation a tad less then dubious.

muahhaa the whole sit ehere is monitored (0)

Anonymous Coward | about a year and a half ago | (#43789419)

and now we know it to be true

"exfiltrate" ??? We've got sum miltary lingo here! (0, Troll)

girlinatrainingbra (2738457) | about a year and a half ago | (#43789503)

"exfiltrate" ??? We've got sum miltary lingo here!

Is this some interesting "in house"/"in country" propaganda being dropped into the USA by our own military's psych ops [wikipedia.org] teams? Who uses a word like "exfiltrate" so often?


Exfiltrate [wiktionary.org] defined as 1. (military) To withdraw troops surreptitiously from a dangerous position [on wiktionary]

Extraction (military) [wikipedia.org] redirected from exfiltrated [wikipedia.org] : In military tactics, extraction (also exfiltration or exfil), is the process of removing personnel when it is considered imperative that they be immediately relocated out of a hostile environment and taken to a secure area.

So is this a "poseur" pretending to use military lingo and add an air of "military intrigue" and "international espionage" to the story, or is it a pretense of a "slip of the tongue" so that people think some military type accidentally let some patois and lingo slip through that identifies the authenticity of this,mein Mann, give this Shizz some street cred in the Hizzouse !!

It's a false flag play on the field! We've got a false flag play on the field! Are there two or three levels of misdirection involved? Place your bets, gentle-people-and-citizens!

Chinese Cyberwar (2, Interesting)

Required Snark (1702878) | about a year and a half ago | (#43789589)

The Chinese government is waging ongoing cyber warfare against the US, and we are loosing the defensive battle.

One of the big problems is that non-governmental organizations that are not part of the defense industry have no legal responsibility to provide security. In fact, there are not even any meaningful federal level guidelines. This is, to a great extent, due to lobbying efforts on the part of entrenched business interests.

http://articles.latimes.com/2012/aug/03/nation/la-na-cyber-security-20120803 [latimes.com]

But theU.S. Chamber of Commerceand other business groups strenuously opposed the measure, condemning it as excessive government interference in the free market and arguing that cumbersome federal regulations could hamper companies trying to defend against cyber intrusions.

Democrats overwhelmingly supported the legislation, but for Republicans, it meant a stark choice between competing constituencies: national security officials and business leaders. Even after the bill's backers made the standards voluntary, the Chamber of Commerce, which spends more on lobbying than any other trade group, opposed it.

On Thursday, the Senate cyber-security bill failed to overcome a Republican-led filibuster. Analysts say the bill couldn't breach a wall of anti-regulatory sentiment that proved resistant to the dire warnings.

The measure fell short of the 60-vote threshold needed to end debate, 52 to 46, with 40 Republicans joined by six Democrats voting in support of the filibuster.

"Rarely have I been so disappointed in the Senate's failure to come to grips with a threat to our country," said Sen. Susan Collins, the ranking Republican on the Senate Homeland Security Committee and one of the bill's chief sponsors, who had tried in vain to sway her GOP colleagues. Just four sided with her.

So the Republicans and the business community put their own short term interests ahead of the security of the United States. They are literally dumber then a box of rocks. Even so, if you listed to Republican rhetoric/propaganda they claim to be only ones who know how to defend the country. It's pathetic and frightening.

Re:Chinese Cyberwar (1)

Anonymous Coward | about a year ago | (#43789887)

They (Chinese) are doing it to themselves. It's quite sad. With all this new found global fortune and fame, they're managing to piss off the very same nations that would make them great allies. It's as though they feel entitled to take their rightful place in the world without their motives being questioned. In reality, they're just burning their social credibility. I know America had a similar attitude towards the british after the revolution, but that at least is rooted in history. But China? WTF did the Western world do to it post cultural revolution? I'm failing to see the real disconnect here; assuming there even was one.

Re:Chinese Cyberwar (0)

Anonymous Coward | about a year ago | (#43790637)

The Chinese government is waging ongoing cyber warfare against the US, and we are loosing the defensive battle.

One of the big problems is that non-governmental organizations that are not part of the defense industry have no legal responsibility to provide security. In fact, there are not even any meaningful federal level guidelines. This is, to a great extent, due to lobbying efforts on the part of entrenched business interests.

http://articles.latimes.com/2012/aug/03/nation/la-na-cyber-security-20120803 [latimes.com]

So the Republicans and the business community put their own short term interests ahead of the security of the United States. They are literally dumber then a box of rocks. Even so, if you listed to Republican rhetoric/propaganda they claim to be only ones who know how to defend the country. It's pathetic and frightening.

Because Republicans believe that in order to defend the country, one must commit Marines to fighting a land war, while using the Air Force to bomb brown people, then send in the Army to defend private contractors. Cyber security is far too nerdy to to considered "national defense". You needs guns and stuff for that.

Next election term, Republicans will again go on about how we need to "get tough" on China while conspicuously leaving out any specifics as to exactly what that means or how it'll be done. Then nothing will get done and we'll read about some other high-profile leak of sensitive engineering documents lifted off a Lockheed or Raytheon server, or compromised intelligence information from a server in Langley or D.C. Rinse, repeat.

Re:Chinese Cyberwar (1)

DNS-and-BIND (461968) | about a year ago | (#43790885)

Hmm, that's odd, according to liberals the entire "Chinese are attacking us" meme is a total myth. It's not happening. It is a convenient boogeyman meant to drive government spending towards the military-industrial complex. So, which one is right?

Re:Chinese Cyberwar (0)

Anonymous Coward | about a year ago | (#43791285)

They both are right and wrong at the same time.

China is attacking us: Correct, but who isnt attacking everyone else, especially in cyberworld.

The big stink is about pushing legislation that will harm Internet freedom and civil rights within the US. Like usual, the US gov't is claiming terrorism (and now cyber terrorism) and demanding that it gives them the right todo watever it wants and erode the Bill Of Rights further. (warrantless surveillance, and all kinds of privacy violations, taking our guns, putting up street cameras, demanding info about u from companies u deal with, etc etc)

Of course making money is part of all this. Every step of the way, they gonna see how they can make money for their friends and contracts and themselves, as well as use any inside info, for "smart" trades. Which side wins, basically determines who & who's friends makes the money, and get the contracts.

- HasHie @ trypnet.net

Re:Chinese Cyberwar (1)

DNS-and-BIND (461968) | about a year ago | (#43791441)

Bill of Rights? Eroding the Bill of Rights is a good thing, the Constitution is outdated. It needs to die, the sooner the better.

Re:Chinese Cyberwar (1)

kilfarsnar (561956) | about a year ago | (#43796295)

Bill of Rights? Eroding the Bill of Rights is a good thing, the Constitution is outdated. It needs to die, the sooner the better.

Shouldn't it be amended? What wrong with the Bill of Rights except that it doesn't go far enough?

Re:Chinese Cyberwar (1)

benjfowler (239527) | about a year ago | (#43791915)

This is terrible. We are letting halfwits, like the current leadership of the /US Chamber of Commerce/ dictate to us how to defend ourselves against our ene

Letting deluded political extremists do this is the height of fucking insanity.

More Helpful Hints (1, Interesting)

Anonymous Coward | about a year and a half ago | (#43789717)

If you're a corporation, don't use Google gmail or docs. Even if Google were somehow more secure than your own IT could be, uploading your company's spreadsheets to Google - whose primary business is selling advertising to your competitors - is a dumb idea.

Traitors At The Top (0)

Anonymous Coward | about a year ago | (#43790039)

The real fear amongst C3I National Security Council is the 'Top.'

I.e. those at the 'Top' have access to the most and timely 'intelligence' and have the greatest potential to gain (money) the most from selective 'disclosure' , i.e. the 'anonymous source', using secure accounts to 'game' the US Treasury and Justice and 'forgery' of a Presidential election.

Ha ha. We are speaking in past tense !

These things have already happened and more will come from the current 'Administration.'

How could they miss it???? (0)

Anonymous Coward | about a year ago | (#43790359)

Looking for the surveillance database...so they were trying to download the entirety of Google then??????

Sensationalism in action (2)

c0lo (1497653) | about a year ago | (#43790967)

TFStory title: "Aurora Attackers Were Looking For Google's Surveillance Database"
TFSummary: "Whether this was the primary goal ... is unknown

Minimal change needed to reconcile the two - "Aurora Attackers Were Maybe Looking At Google's Surveillance Database"

Stuff that matters: there may be something that can be called "Google's Surveillance Database".

Encrypted, no? (0)

WOOFYGOOFY (1334993) | about a year ago | (#43792147)

One imagines that such information is securely encrypted within the database.. no?

Well, call me an elitist jerk, but... (1)

rocket rancher (447670) | about a year ago | (#43792539)

...I'm not real certain that information gleaned from an intelligence operative unprofessional enough to us a gmail account in the clear is really worth the effort.

was the database real and other questions (0)

Anonymous Coward | about a year ago | (#43793183)

What does this say?

China believes they can find real Government spy suspects through Google.

They believe that list would be valid and complete enough to warrant investigation
that was very costly.

They hacked from their home country, instead of hacking through other countries. They
likely had the military mindset. Do not trust systems you do not own and have physical
control over.

They believe the US would have to rely on this sort of surveillance on genuine spies
that China believes are worth them protecting.

They are concerned the US may know of some of their high value spies and may be
watching them. Maybe for their arrest, though how often does this happen. Maybe for
monitoring and disinformation. Is their spy returning information that is valuable,
or maybe even so valuable, it may be too good to be true? Could it be the US knows
they are a spy?

NSL process and Google advertised the Goverment's actions there making Google a target.

How did China hear of the database? Is the database real? If you were government, would
you want such a full database or list to be hackable? Would you want a fake database
out there?

Would you claim "China hacked our spy list database"? If they really did? Would you
hide that information for awhile and let someone else - a vendor, maybe - eventually
leak it to make it look real?

Or would it be business as usual. Somebody did not think through the process. It was
real. People were burdened with busy work and did not think about it. Sure, Government
is serious about protecting counterintelligence and their own spies. But did they think
this through and plan out a course of action?

How did China find the database? Emails in Google? Posts? IM? Internal co-worker?

Good counterintelligence (0)

Anonymous Coward | about a year ago | (#43793243)

A good cointel would be to allow hackers into a database showing assets that you wanted compromised but not the ones you don't.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?