The only rational response to this is deep, deep skepticism.
In the old days of the USSR, while very difficult, it was at least conceivable that you could just fly to moscow and see if they were eating their children there or burning priests or god knows whatever else.
There was a natural limit to the deception that could occur and further a normal person could make conclusions about the things they saw with their own eyes.
Now, the enemy that "we have always been at war with" is a completely isolated (and economically trivial) state that virtually nobody travels to and who is attacking us with secret cyber weapons that only a domain expert with highly specialized experience could even recognize, much less qualify.
And the people that are telling us are those same people that are, or are not, secretly recording all of our conversations.
There's not one little thing there you could take at face value.
I share your skepticism as well, but I wouldn't be too dismissive of North Korean Cyber capabilities either. They do have a specialized cyber warfare unit, handpick and train their soldiers extremely intensively (https://www.theguardian.com/technology/2014/dec/02/north-kor...). Their performances in other international competitions, like the International Math Olympiad (https://www.imo-official.org/country_team_r.aspx?code=PRK), also indicates that they have the ability to do so if they wish to.
Developing cyberwarfare capabilities seems like a relatively low cost (compared to developing ballistic missiles at least), low risk investment, with a potentially large payoff, so I would be surprised if they didn't try to develop these skills.
Of course, all evidence tying N.Korea to this specific attack is circumstantial and almost impossible to definitively prove unless they admit it and show proof themselves.
Regarding "Their performances in ... International Math Olympiad": they were disqualified many times. I was at IMO in Istanbul in 1993 and they were disqualified, becuase they cheated (their official translator provided them solutions to the problems and it was discovered). So it may be possible that these "performances" don't indicate any such ability...
It is my understanding that plenty of people do not believe North Korea cheated in 2010 (and also, plenty of people believe that other specific teams have cheated in specific years). Furthermore, it is my understanding that the North Korean team leader in recent years has not seen the problems before the contest (relying instead on the South Korean translation of the problems), thus removing the most obvious mechanism of cheating. Unfortunately, I do not know of a public source of this information and accordingly I have not verified it myself.
For that you need intellectuals, and the NK systems killed most of them, and is not tuned to produce new ones. It's very hard to destroy criticism and grow people who can think.
To me 'intellectual' conjures an image of highfalutin college academics - that sort of rigor has not been linked to offensive security, historically. If a rag-tag group like Anon or curious but intelligent teenagers can exploit systems, so can a North Korean cyber-division. If you are suggesting that intelligence has been purged out of the North Korean gene pool, I have a bell-curve to show you.
Do you really think that technical proficiency requires "intellectualism" as it's normally understood? Because I sure don't. How many developers have you known who were extremely fascinated by the narrow details of a technical problem, and utterly uninterested in the wider application and impact of their work? I've worked with more than a few who fit that description.
Intellectual just mean people that use their intellect a lot. It's not limited to debating and philosophy. And mathematician is an intellectual.
And yes, somebody who has the skill to craft a very low level yet highly flexible malware requires skill that goes beyong copy/paste from stackoverflow.
This is an incredible oversimplification(at best) which does not hold as-is.
I know enough math people who are ABYSMAL at coding due to the differences between domains and the constraints that shaped their way of thinking, and a lot of linguists who are surprisingly good at it due to just that.
Italian major CS minor here:
Not good at math (working on it) but good at programming (full time salaried job with good pay doesn't mean I'm good at it but it'd about the only credential I have) (also working on it).
I dismissed programming as a freshman because I was so bad at math in high school. Turns out my high school teachers were very bad teachers (shocking when they're paid so little, who would've thought? ) I learned Italian fluently, spent a few years overseas immersing myself in it, came home and had a rough time finding my passion. Took a gap year and messed about with some online coding classes (code academy) and realized I loved it. It felt like a new language that instead of being expressively emotional it was a way to express logic and rules. I like logic and rules.
So I completed the minor +4 higher level classes and taught myself mobile development. No regrets... Besides not going into it as a major maybe.
Most of the North Korean people are starving most of the time - where are they practicing programming on, blackboards? The economic situation is VERY similar to Cuba before US lifted the embargo. Has any one of you heard famous hacking group originated from Cuba?
It doesn't directly, but it indicates that the nation has an ability to create a pipeline to identify and train talented students for a high-performance intellectual pursuit if they wish to.
>that only a domain expert with highly specialized experience
Correct me if I'm wrong, but WannaCry isn't highly sophisticated. It weaponizes already known vulnerabilities to exploit soft targets on a large, but unsophisticated scale (because most of the victims are soft targets in terms of computer/network security). Ransomware is not a new idea either. Combining these things (known exploits, soft targets, ransomware) doesn't require genius or _highly_ specialized domain knowledge, hard to acquire intelligence or huge amounts of resources (labor or money). Any state capable of consistently spending a couple million dollars per year on a team for offensive security operations could, I suppose, pull this off.
Indeed, especially given that it takes so little information to fool such a metric. I'd go so far as to say that it's almost guaranteed that another nation state or even dedicated group of individuals could feasibly do it.
There's just too little information to work off when all you have are a few binaries - with functions that can be trivially copied and modified at a binary level or reverse engineered and recompiled to similar binaries combined with some VPN IP addresses and a few assorted bits of information about attack patterns which are trivial to copy if anyone else has witnessed the attacks. I'm surprised intelligence agencies are asserting this kind of thing publicly with any level of confidence and it makes me worried that it's only going to be used to rationalize war efforts.
It's not clear that all the intelligence agencies have are binaries. They are in the business of collecting intelligence after all. It's completely possible for instance that they have an informant, have hacked the hackers computers, have access to very detailed network data allowing them to trace back where the malware is communicating to (not just the first hop), etc.
On the flip side they also have a history of lying, and could well be motivated to say this in the absence of such reliable evidence (or even evidence suggesting something else).
> Now, the enemy that "we have always been at war with" ... is attacking us with secret cyber weapons that only a domain expert with highly specialized experience could even recognize, much less qualify.
WannaCry is a wormable implementation of a leaked NSA exploit. Maybe not "trivial", but this wasn't exactly Stuxnet.
I frankly don't share the knee-jerk skepticism of many in this comment section, and certainly not based on the DPRK's alleged incompetence : this attack is well within their capability.
Friends of mine have been to North Korea, one of them to teach for a quarter at PUST (so not as a tourist). By their telling, even with a constant military guard, it is about as poor as we've been told. Of course, my friend did not see slave labor or criminal camps, but then flying to Moscow wouldn't let you tour gulags either. Some Americans do "tour" the North Korean prison system, just like with the Soviet one back in the day, and their experiences seem similar. Seems unlikely that they eat children, though, and I'm not sure I've heard anything about priest burnings their, though of course religion is mostly banned. This is of course a personal take and using sources you don't have access to—so use however much salt you feel necessary—but it seems that most assessments of life inside North Korea by international organizations are pretty on-the-mark.
What did anti-Soviet propaganda "take wrong"? Even after reading Bukowski, Solzhenitsyn, and the Black Book of Communism, I find it hard to imagine an atrocity which communists didn't commit.
And not as isolated incident of abuse of power, usually on a mass scale. They liked their genocides like they liked their mines and factories -- huge.
Not to mention the economic system of constant shortages where you had to bribe everyone, including the meat store clerk.
Yes, definitely Bukowski the dissident. Although I would highly recommend both And the Wind Returns... and Factotum.
There is this very telling scene in And the Wind Returns... where people peruse Lenin's works on the toilet (to then use as toilet paper because there was a shortage of course) and afterwards discuss what they read. It leads to never-ending arguments because the collected Lenin's writings were so contradictory, everyone found something different.
> They liked their genocides like they liked their mines and factories -- huge.
Wut? How many huge genocides exactly did the Soviets commit? As in killing off entire ethnic groups? I can't really name any, although I can definitely name at least one that Americans committed, but we usually don't like to talk about that.
The Soviets mostly didn't target ethnic groups. They killed a large number of people, but it wasn't along ethnic lines. (which isn't to say they didn't kill ethnic groups, but most of the killing was other Russians)
It's good to have some skepticism, but I wouldn't underestimate North Korea's technical capabilities. After all they have been able to build an atom bomb, that's an accomplishment that is far more complicated than writing a computer worm.
Creating a nuclear explosive is more of a routine engineering challenge, rather than intellectual. Any nation with (1) 1950s-level engineering capability and (2) money or will can do it.
To badly paraphrase a Manhattan Project scientist, from memory: "there are lots of ways to create a nuclear explosion and no matter which one we try they all seem to work"
Miniaturised nukes are much, much more complicated and seem to require 1990s+ levels of physics, computer modelling and engineering.
It's not that they wouldn't be able to. It's that proving it was them is damn near impossible. The claim that it's DEFINITELY THEM is just so hard to put any real substance behind that it just appears to be fictitious. The amount of proof that you could find in a single binary is very limited, and even that stuff could be faked on purpose. To say that it must, 100%, without a doubt, be of North Korean origin is about as foolproof as any other conspiracy theory.
> The only rational response to this is deep, deep skepticism.
Do you apply the same statement to all world religions? At least that would be consistent, but it is also starting out of the gate with a very hefty dose of hubris.
It is more reasonable to respond to the article as, just some for-profit paper's entertainment piece. It's reasonable to assert that claims made without evidence can be dismissed without evidence. It's reasonable to criticize the U.S. government for an excess of secrecy, an overuse of classification.
In 1959 the DoD had 12 meter resolution spy satellites. And 0.6 meter resolution spy satellites by the early 1980's. Those captures were never released nor leaked to the public contemporaneously, it would be decades before it was declassified and released.
But let's take your "only rational response" is skepticism, and apply binary logic to the outcomes just to keep it simple: you believe the report is 100% true, you believe the report is 100% false. Let's take the false case. That necessarily commits you to the NSA being either incompetent or malevolent. If the NSA, with its vast resources, is engaging in either gross negligence or is malevolent, that means contemplation of the higher likelihood of deaths of millions: negligence or malevolence does not reduce the risk of death, for sure. And now you're confronted with rebel's dilemma as NSA is a domestic threat.
What you do by saying the only rational response is skepticism, is commit yourself, morally and ethically, to arriving at certainty. Not hand waving that the burden is on others. You just placed the burden on yourself.
Well that and what is the point if it were actually true?
The NSA oops dropped a ton of cyberweapons on the streets and they would have gotten away with it, if not for those meddling kids .. kims .. well. Of course not, some other meddling kids would have wreaked havoc abusing the dangerous tech they didn't secure.
Whose fault is this really?
The damage was done the moment they lost control of that software. It could have been North Korea, some criminal gang, scriptkiddies, another country ... and that's bad and they'd be bad. But if you're a country that got hit by this ransomware you're not thinking "ow darn those North Koreans at it again" you know very well it was the NSA's fuckup, and if it hadn't been NK, someone else would have caused a large amount of damage using that tech in one way or another. They've been warned about the dangers of their inability to keep cyberweapons secure for years.
Maybe from within the US for those who are somehow still rooting for the NSA, pointing fingers at one of the usual suspects is ... satisfying? But from outside it just looks childish. What I'm seeing is other people doing the cleanup, dealing with the aftermath, and what's the NSA doing? Fingerpointing. What does this gain anyone?
not to mention the recent leaks that show it's possible for the CIA (or for that matter, any advanced intelligence agency) to "fake their tracks" and blame cyber attacks on other countries
So, very cut down, you're saying that the US are implicating North Korea because they know they can, because they think that "normal civilian joes" don't know anything about NK?
I'de say it's highly likely too, but what we need to find out is why would the US deep-state do this? Is there a specific motive for the US deep-state haphazardly implicating NK, other than, just maybe, the NSA got their hands on some evidence that we aren't aware of?
- NK is developing longer-range ICBMs, and relations with the US have been deteriorating; recently, in response to a Trump tweet, NK threatened to drop a nuke on NYC [1]. Nobody in the administration is going to complain if NK takes a propaganda hit.
- The NSA has been taking a lot of blame for WannaCry, and pointing fingers at NK diverts some of that blame.
OK, so I know this is going to come up in the comments, but this is not remotely a baseless allegation. The Lazarus group (one of the names for the DPRK-associated APT group) is somewhat well known and is quite sophisticated. This is the same group that hacked Sony a few years back. And to preempt people who are going to chime in with "Sony was just some insider leaking data" there is extensive evidence showing it was the work of a previously unidentified APT group. See here: https://www.operationblockbuster.com/wp-content/uploads/2016...
I can't comment about specifics linking WannaCry to the Lazarus group, but that seems to be the consensus in the security community.
DISCLAIMER: I worked with the people who wrote that report
>In its blog post, Kaspersky acknowledged that the repetition of the code could be a "false flag" meant to mislead investigators and pin the attack on North Korea. After all, the WannaCry authors cribbed techniques from the NSA as well. The ransomware leverages an NSA exploit known as EternalBlue that a hacker group known as Shadow Brokers made public last month.
>Kaspersky called that false flag scenario "possible" but "improbable."
This is more a standard disclaimer of any intelligence analyst than a serious qualification in this case. When trying to attribute something that allows easy copycats, an investigator will obviously constantly be thinking "is this clue genuine or intentionally placed to suggest a different origin"? And without an incredible amount of evidence, it's hard to definitively say certain malware or tools were written or used by a particular entity.
Yeah, I don't know. People tend to believe the narrative story they want to believe. When someone claims "the Russians" hacked the DNC and other operatives, there is very little "false flag" ("how do you know it really was the Russians?") claims (and for good reason), but when something does not fit their belief systems then it's "oh, false flag" despite reputable researchers putting their reputation on the line.
The DNC hack is self-consistent and aligned with known motives of suspected actors, so the public sees a false flag as possible but improbable. WannaCry came seemingly out of nowhere using a mixed bag of tricks from unfamiliar actors... absent context, the public will entertain any explanation.
That's a logical and plausible explanation for rational thinkers --I don't think I'm going out on a limb saying if it fit people's narrative preference, they'd say that "it fit too well", how can the Russians, so capable, leave so obvious trails, it must have been the Ukranians (or some other realistically unlikely but fitting a narrative).
The N Korea thing was the same even under Obama (the Sony hack) people wanted to believe the US was just trying to make the N Koreans "look bad" or create excuses for something (as if N KOrea needed any help in that regard).
In that link they only raise doubts about Lazarus being behind WannaCry, not Lazarus being associated with the DPRK. And the Kapersky researchers' quote says that this being a false flag is "possible" but "improbable"
What would a "hard link" be? A signed confession from the head of the DPRK military? Under the circumstances, barring classified intelligence (like the NSA may have), we are as sure as we can be.
I don't know - isn't this an issue with the erosion of trust towards the administration and "domain experts", something they can only blame themselves for?
More importantly, why do you want people to be convinced of this? What difference does it make? If it is used as some sort of justification for (more?) economic sanctions or an attack, then I don't think any realistic hacking attempt is going to be enough. If you just want this attributed to NK, what is the point? If people don't know enough about the situation to be sure, and they have no trust in any authority on the subject, then the way forward would be for an authority to build up trust with those people and then claim it is attributed to NK.
I don't see false flag being reasonable in this case.
The public sentiment gains from drumming up a case against NK aren't measurably enhanced by this enough to justify the effort. I wouldn't think. But one never knows.
I heard that the DPRK was definitely involved, but that they involved themselves at a later point in the publicity over the attack, and that it the original attack was initiated by disparate individuals only loosely cooperating.
Not to disparage your points on the Lazarus group. I've heard the same about their sophistication. I know next to nothing about the WannaCry attack besides the tragedy of the NHS succumbing to it.
Oh I don't know. It's only hearsay. But when it comes to hacks of this scale that initiated with spearfishing, I think a reasonable assumption is bored children... or man-children.
It also makes some practical sense, as NK regime has little in the way of hard foreign currency and bitcoins would be a great source of untraceable unsactionable income. Their previous adventures in illegal activities (counterfeit bills, meth, prostitution and slave labor) show they are not above deviousness to achieve stable income for the Kim state.
Why not? It just has to be more than they invested in this attack.
It's not going to single-handedly pull the country out of recession, but it is probably the best utilisation of those computer-skilled individuals who developed it.
It is. They probably hoped for much more but sanctions by nearly all states in the world mean that North Korea desperately needs FX reserves. For a state where very few people have access to material that US$ can buy, a few hundred k$ can be a lot of money.
The same way N. Korea does everything overseas, foreign agents and "diplomats" that act couriers. China would be the obvious conduit as bitcoin is widely accepted there.
North Korea has the world's #2 and #3 economies next door, and both increasingly like Bitcoin. China has a significant appetite for Bitcoins, even more so with the capital controls now in place. That's a pretty easy black market trade.
I'd venture to say #3 has no love lost for N Korea so highly doubt #3 would look kindly at aiding and abetting N Korea. #2 is rather frustrated with the DPRK regime and have tightened commerce with the regime.
By cash do you mean physical money, like coins and notes, or liquid amounts in a bank account? The problem is physhcal money is not a good way to move large amounts around, and most bank accounts have a great deal of oversight.
No-one cares about $75 being used to buy heroin on The Silk Road, but people will notice $75,000,000 being moved - and Bitcoin is not anonymous either, merely psuedonominous.
So this 'quite sophisticated' group suddenly became completely inept. Who the hell do NSA take us for? There are no specifics just copypasta and diversion. Oh yeah this thread is full of it. Consensus! BS more like. pure, unadulterated, prairie fresh by the shit-ton.
I am curious about how big these groups are? 10-100-1000 people? Seems like a lot of stuff has to come together for a "win". It's hard to imagine experts sitting around the whole day finding this motivating work.
Please re read your post considering your tone and level of snark. I had actually flagged it on this basis. But i guess as you are a moderator this won't have done anything.
Though the hackers raised $140,000 in bitcoin, a form of digital currency, so far they have not cashed it in, the analysts said. That is likely because an operational error has made the transactions easy to track, including by law enforcement.
As a result, no online currency exchange will touch it, said Jake Williams, founder of Rendition Infosec, a cybersecurity firm. “This is like knowingly taking tainted bills from a bank robbery,” he said.
Could anyone give some more details about this?
Does a trustworthy bitcoin mixer exist? Would the attackers be able to use it to launder the coins?
EDIT: Does anyone know anything about the operational error mentioned in the article?
The coins are easy to track, but that's the default for bitcoin. Mixing the coins should restore anonymity in most cases, right? And at that point it would be possible to move the coins back to an exchange, or sell them on localbitcoins.
On the other hand, have the exchanges blacklisted most of the large mixers? It seems like it should be theoretically possible to track whether coins have been mixed. Then exchanges could simply close any account that receives significant sums of tumbled coins.
For example, bitmixer.io holds ~1000 BTC reserve for mixing, which is currently worth ~$2.5 million. So ~60 BTC could be safely mixed over a few days.
Decent mixers:
bitmixer.io (bitmixer2whesjgj.onion)
Bitcoin Fog (foggedddxlunnaaa.onion)
Helix (grams7enufi7jmdl.onion/helix/light)
I'm not aware that exchanges have blacklisted any mixers. There has been talk of blacklisting stolen Bitcoin, but I don't believe that's been done either.
Or just convert it to an anonymous cryptocurrency, say, Monero or ZCash. No need to trust these mixers (which can take your coins and have been shown to be reversible in the past) anymore.
There is also TumbleBit (https://github.com/BUSEC/TumbleBit), which looks interesting.
I've used them for years. They've been slow a few times, but I've never lost anything.
There are persistent hater threads on Bitcoin Forum, however. And they've gotten some bad PR from some major Bitcoin thefts. Also, the Sheep Marketplace owner did screw up by mixing 96000 BTC in one go. But that still wasn't how he got pwned.
It is more accurate to say that the point of Bitcoin is everyone has perfect information about how much money everyone has and who they transact with. The hackers are free to send the stolen money to someone else with no central authority to stop them, but an exchange is likely to reject that because they deal with fiat and therefore have to meet certain legal and ethical standards.
The hackers can still spend the money on something else provided the other party doesn't hold themselves to the same standards.
There are dealers and exchanges who abide by regulation in one or more countries, and some that don't.
It's also public record where transactions travel on the blockchain, so if it was ever noted what address the funds entered, I imagine it could prove difficult to dilute the transactions enough that the ledger wouldn't be accepted as proof. But I'm just speculating on that last bit.
Of note: The Shadow Brokers hinted at the same thing a few weeks back.
"In May, No dumps, theshadowbrokers is eating popcorn and watching "Your Fired" and WannaCry. Is being very strange behavior for crimeware? Killswitch? Crimeware is caring about target country? The oracle is telling theshadowbrokers North Korea is being responsible for the global cyber attack Wanna Cry. Nukes and cyber attacks, America has to go to war, no other choices! (Sarcasm) No new ZeroDays."
I'm not sure how much that adds though because at the time of them writing that, there was a lot of speculation online that it was NK based on some shared code. That argument was baseless, the amount of shared code was far too small and trivial to possibly be used for attribution, but it more easily explains why they bet on NK than having an inside track to an NSA investigation.
I am not at all impressed with this article, it strikes me as another piece that simply summarizes information leaked by the US government or someone at one of the intelligence organizations.
They say "the NSA has linked the North Korean government..." then tell us the assessment was not made public, that it is inconclusive, and that the NSA has declined to comment. "One agency..." supposedly has a "building block for this assessment but they are not named. I understand that the government would like to protect their sources, but I don't think we should simply take them at their word. In my opinion, this piece is doing exactly that. What little concrete data I've managed to gather is all circumstantial, I've seen nothing that point to any sort of technical "smoking gun".
Maybe I am paranoid, but my concern is that this finger pointing at foreign governments does nothing but generate fear. When the legislature finally introduces a bill to defeat encryption across the board, they'll have widespread support and everyone who argues against it will be painted as some kind of imbecile. All of the sudden, the largest tech companies in the country will be accused of wanting to aid and abet North Korea and Russia.
And security doesn't materially improve. The assessment Reality Winner released isn't much better than these articles, but at least it's more straightforward and the means to the end were clearly disclosed. Yet no one is talking about putting training in place at the companies involved (to defeat phishing or social engineering attacks via phone or email) or source code audits (even private is better than nothing). It's infuriating.
It's ~impossible to prove who's behind any attack these days given code-reuse, false flags & TOR. Anyone who claims to be able to do it reliably, is bullshitting you and likely has an agenda.
Not really. Very few attacks dedicate enough effort to evasion or anti-forensics to be completely untraceable.
There are plenty of things that get reused such as public keys that can be reliably tied to a group. There are also many private indicators that are not released to the general public Discovering who funds that group or where they operate from can be tougher, but APT groups are trackable.
Re-using a public key seems like an incredibly basic mistake.
How is the chain of custody for digital evidence handled by intelligence agencies and 3rd party researchers? Are there higher standards with regard to digital evidence? It seems to me that with digital evidence, ultimately you at least have to trust the investigatory agency at hand. But we're past that, because a huge number of Americans like myself will never trust any information from the US government.
> A number of unique characteristics in the note indicate it was written by a fluent Chinese speaker. A typo in the note, “帮组” (bang zu) instead of “帮助” (bang zhu) meaning “help,” strongly indicates the note was written using a Chinese-language input system rather than being translated from a different version. More generally, the note makes use of proper grammar, punctuation, syntax, and character choice, indicating the writer was likely native or at least fluent. There is, however, at least one minor grammatical error which may be explained by autocomplete, or a copy-editing error.
No native Chinese speaker would unintentionally make such mistakes. Any decent Chinese pinyin input method would have corrected that typo mistake, not to mention handwriting methods. Also, it is highly unlikely to miss a letter when typing Chinese pinyin, unless the person have been pronouncing it wrongly and is unaware of the mistake.
> The text uses certain terms that further narrow down a geographic location. One term, “礼拜” for “week,” is more common in South China, Hong Kong, Taiwan, and Singapore; although it is occasionally used in other regions of the country. The other “杀毒软件” for “anti-virus” is more common in the Chinese mainland.
No, "礼拜" is used interchangeably across China and it is one of the standard translations of days of the week. And "杀毒软件" is the default translation of antivirus in Google translate.
I am not saying that the person behind the note is not Chinese. It's just the poor analysis in this article makes me both want to laugh and cry as a native Chinese speaker. The bottom line is, I would not trust a report on Chinese linguistic analysis by three non-native Chinese speakers.
It's this lack of follow through which burns me in regard to these investigations.
> The two Chinese ransom notes differ substantially from other notes in content, format, and tone. Google Translate fails in both Chinese-English and English-Chinese tests, producing inaccurate results that suggests the Chinese text was likely not have been similarly generated by the English text.
Really? Did Flashpoint even compare English to Chinese samples from the many professional human-based translation services online or was Google Translate their sole source of testing?
> Perhaps most compelling, the Chinese note contains substantial content not present in any other version of the note, is lengthier, and differs slightly in format.
Hmm. That again suggests it may have been interpreted by a human. Although why immediately assume it's one of the authors? A human-based translation service could yield the same results...
Yeah. You are right about that. So I am not ruling out the possibility that someone who mispronounces the word was the author.
Still the odds are low, considering this is a common phrase and he/she has likely made similar mistakes before (zh -> z) and taken some corrective actions to prevent future typos.
The job of NSA is getting easier by the day. Blame it on the boogeyman du jour and have the media present it to the masses as ironclad evidence. What happened to the actual, you know, national security? You can't have it without working on preventive measures. How about we start with something tangible, like government infrastructure, power grid, etc, and make them darn near impenetrable. Think you could do that, NSA?
> Blame it on the boogeyman du jour and have the media present it to the masses as ironclad evidence
It says right in the article that the assessment was "issued internally last week and has not been made public". Until it's made public, it's unreasonable to expect them to provide evidence.
> government infrastructure
That's not really their responsibility
> power grid
That's the private sector's job. Congress has to yell at the industry to get them to do it[1]. Yet they still fail [2].
I don't trust the NSA either, but come on, be reasonable. If everyone just rambled incoherently, they would overshadow the legitimate complaints.
It has been "made public", since we, the public, are talking about it here. If it was some BS government agency, I'd assume the leak wasn't intentional, but with NSA I choose to assume otherwise, for obvious reasons.
>> that's not their responsibility
Then what the fuck are my taxes paying for? Weaponized zero days that leak out from there on a regular basis? Mass wiretapping? Undermining democratically elected government?
I don't want to write off everyone working for the NSA as liars, but NK seems like a good scapegoat. Why would we believe anything the NSA says/reports? They took our trust with our privacy.
Similarly, I don't doubt that the NSA has the ability to attribute an attack to an attacker. What I doubt is that the NSA has the ability to tell the truth in public.
The NSA having the information leaked is more beneficial than saying it directly. If at any point something shows it clearly wasn't North Korea, the NSA can claim they have made not official statements and the leak was using bad information. But if such information doesn't come out, then we get what we currently have, which is the public having been informed that North Korea is responsible. What more could the NSA have asked for? Well maybe North Korea directly claiming responsibility, but besides for that.
Very possible, but any refusal/dissuasion against considering such possibilities can equally serve propaganda. This observation is no more profound than the insight that advertising is usually trying to get you to buy something.
The idea that the US needs to actively spread propaganda about North Korea is pretty ridiculous. You are aware that they have been sending missiles on a regular basis and inviting criticism from pretty much everyone.
Who exactly is pro-North Korea that the US is trying to sway ?
While I don't think this is the case here, specifically, propaganda isn't always about swaying people from anti- to pro-; it could be for swaying people from "they are bad, but not that dangerous" to "they are dangerous enough that we should intervene with force"
Right. Watching the Noam Chomsky documentary, Manufacturing Consent, on YouTube really opened my eyes to this phenomena. Based on what I have observed recently, I think the decision was made some time ago on this, and we're being told what to think.
It's good to be skeptical but I think when you have preponderance of evidence in one way, it's not unreasonable to reach a conclusion. Remember Noam was the same guy who for political reasons did not want to believe Pol Pot was mowing through millions despite large amounts of information filtering out of the country corroborating the atrocities others claimed were taking place.
Additionally, there is no need to "manufacture consent" as only a very small minority would object to any action against N Korea at this point in time.
If the best criticism of Chomsky is from 40 years ago, and about Pol Pot - a person Chomsky believes is a mass murderer, I think Chomsky is doing quite well.
> Additionally, there is no need to "manufacture consent" as only a very small minority would object to any action against N Korea at this point in time.
>If the best criticism of Chomsky is from 40 years ago
He's a politically, nay, ideologically motivated individual --i.e. he presents his version of a story to which there could be multiple sides with multiple interpretations, but his is "right".
You can witness the same again when he more recently shrugged off 9-11 because he said, oh, well, the US committed similar atrocity by bombing a pill factory in the Sudan. He can be downright intellectually lazy when it's opportune.
Oh, and he also sympathized with Milosevic. Why? Oh, well, because he saw him as the one guy in the Balkans who was anti-American. Yup, he sympathized with Milosevic. that's your Chomsky.
>Consent has already been manufactured!
If you call that manufactured consent then that term has lost all meaningful distinction.
> You can witness the same again when he more recently shrugged off 9-11 because he said, oh, well, the US committed similar atrocity by bombing a pill factory in the Sudan.
Citation required. As far as I remember, he clearly called 9/11 an atrocity, how is that shrugging it off? If you provide a citation with a link, explaining exactly what you mean, I can comment further.
> Oh, and he also sympathized with Milosevic. Why? Oh, well, because he saw him as the one guy in the Balkans who was anti-American.
> He's a politically, nay, ideologically motivated individual
> He can be downright intellectually lazy
> He also sympathized with Milosevic.
Ad-hominem is all well and good, but is there any specific objection that you have to any claim by Chomsky. The only specific objection anyone has is that he did not fully believe the scale of atrocities by Pol Pot as reported by US authorities in 1975. Reports that he subsequently accepted - Chomsky later stated, "I mean the great act of genocide in the modern period is Pol Pot, 1975 through 1978 - that atrocity - I think it would be hard to find any example of a comparable outrage and outpouring of fury."
It is hard to take any criticism of Chomsky seriously if it always devolves to comments about what kind of person he is and what he always likes to think, instead of specific objections to any claim he has made.
This is Chomsky's take, what is your specific objection?
https://www.samharris.org/blog/item/the-limits-of-discourse
> Or take the destruction of the Al-Shifa pharmaceutical plant in Sudan, one little footnote in the record of state terror, quickly forgotten. What would the reaction have been if the bin Laden network had blown up half the pharmaceutical supplies in the U.S. and the facilities for replenishing them? We can imagine, though the comparison is unfair, the consequences are vastly more severe in Sudan. That aside, if the U.S. or Israel or England were to be the target of such an atrocity, what would the reaction be? In this case we say, “Oh, well, too bad, minor mistake, let’s go on to the next topic, let the victims rot.” Other people in the world don’t react like that. When bin Laden brings up that bombing, he strikes a resonant chord, even among those who despise and fear him; and the same, unfortunately, is true of much of the rest of his rhetoric.
> Though it is merely a footnote, the Sudan case is nonetheless highly instructive. One interesting aspect is the reaction when someone dares to mention it. I have in the past, and did so again in response to queries from journalists shortly after 9-11 atrocities. I mentioned that the toll of the “horrendous crime” of 9-11, committed with “wickedness and awesome cruelty” (quoting Robert Fisk), may be comparable to the consequences of Clinton’s bombing of the Al-Shifa plant in August 1998. That plausible conclusion elicited an extraordinary reaction, filling many web sites and journals with feverish and fanciful condemnations, which I’ll ignore. The only important aspect is that single sentence—which, on a closer look, appears to be an understatement—was regarded by some commentators as utterly scandalous. It is difficult to avoid the conclusion that at some deep level, however they may deny it to themselves, they regard our crimes against the weak to be as normal as the air we breathe. Our crimes, for which we are responsible: as taxpayers, for failing to provide massive reparations, for granting refuge and immunity to the perpetrators, and for allowing the terrible facts to be sunk deep in the memory hole. All of this is of great significance, as it has been in the past.
> Unfortunately, it is not a thought experiment. It happened. The only inaccuracy in this brief account is that the numbers should be multiplied by 25 to yield per capita equivalents, the appropriate measure. I am, of course, referring to what in Latin America is often called “the first 9/11”: September 11, 1973, when the U.S. succeeded in its intensive efforts to overthrow the democratic government of Salvador Allende in Chile with a military coup that placed General Pinochet’s brutal regime in office. The goal, in the words of the Nixon administration, was to kill the “virus” that might encourage all those “foreigners [who] are out to screw us” to take over their own resources and in other ways to pursue an intolerable policy of independent development. In the background was the conclusion of the National Security Council that, if the US could not control Latin America, it could not expect “to achieve a successful order elsewhere in the world.”
>> If you call that manufactured consent then that term has lost all meaningful distinction.
> I mentioned that the toll of the “horrendous crime” of 9-11, committed with “wickedness and awesome cruelty” (quoting Robert Fisk), may be comparable to the consequences of Clinton’s bombing of the Al-Shifa plant in August 1998
There is still a moral difference: Al-Qaida tries to kill as many american civilians as they can. The US doesn't try to kill as many arab civilians as they can.
> The only inaccuracy in this brief account is that the numbers should be multiplied by 25 to yield per capita equivalents, the appropriate measure. I am, of course, referring to what in Latin America is often called “the first 9/11”: September 11, 1973, when the U.S. succeeded in its intensive efforts to overthrow the democratic government of Salvador Allende in Chile with a military coup that placed General Pinochet’s brutal regime in office.
I'm trying to imagine what Chomsky would have said if the US had supported a coup against Hitler, a democratically elected socialist leader in an alliance with russia, before the second world war.
There would have been a civil war in germany, and even the right side of it would have mistreated some prisoners, caused some collateral damage, like every side in every war.
Like Hitler, Salvador Allende was democratically elected, but he was turning Chile into a dictatorship. Chile's Parlament literally wrote a letter to Pinochet asking for the coup.
> There is still a moral difference: Al-Qaida tries to kill as many american civilians as they can. The US doesn't try to kill as many arab civilians as they can.
Terrible argument. Consider several events from Al-Shifa bombing, bombing of Nagasaki etc. targeting a purely civilian population to achieve political and military goals.
> I'm trying to imagine what Chomsky would have said if
Criticisms of Chomsky would be taken far more seriously if it did not involve imagining things Chomsky would have done in imaginary scenarios. He has been active for 50+ years, why don't you just point out any particular claim by Chomsky that you disagree with? He has published copiously over 50 years!
> Salvador Allende was democratically elected, but he was turning Chile into a dictatorship
Upon assuming power, Allende began to carry out his platform of implementing a socialist programme called La vía chilena al socialismo ("the Chilean Path to Socialism"). This included nationalization of large-scale industries (notably copper mining and banking), and government administration of the health care system, educational system (with the help of a United States educator, Jane A. Hobson-Gonzalez from Kokomo, Indiana), a programme of free milk for children in the schools and shanty towns of Chile, and an expansion of the land seizure and redistribution already begun under his predecessor Eduardo Frei Montalva,[31] who had nationalized between one-fifth and one-quarter of all the properties listed for takeover.[32] Allende also intended to improve the socio-economic welfare of Chile's poorest citizens;[33] a key element was to provide employment, either in the new nationalized enterprises or on public work projects.[33]
The rate of inflation fell from 36.1% in 1970 to 22.1% in 1971, while average real wages rose by 22.3% during 1971. Minimum real wages for blue-collar workers were increased by 56% during the first quarter of 1971, while in the same period real minimum wages for white-collar workers were increased by 23%, a development that decreased the differential ratio between blue- and white-collar workers’ minimum wage from 49% (1970) to 35% (1971). Central government expenditures went up by 36% in real terms, raising the share of fiscal spending in GDP from 21% (1970) to 27% (1971), and as part of this expansion, the public sector engaged in a huge housing program, starting to build 76,000 houses in 1971, compared to 24,000 for 1970.[41] During a 1971 emergency program, over 89,000 houses were built, and during Allende’s three years as president an average of 52,000 houses were constructed annually.[42] Although the acceleration of inflation in 1972 and 1973 eroded part of the initial increase in wages, they still rose (on average) in real terms during the 1971–73 period.[43]
As further noted by Ricardo Israel Zipper,
"By now meat was no longer a luxury, and the children of working people were adequately supplied with shoes and clothing. The popular living standards were improved in terms of the employment situation, social services, consumption levels, and income distribution."[40]
Throughout this presidency racial tensions between the poor descendants of indigenous people, who supported Allende's reforms, and the white elite increased.[65]
The United States opposition to Allende started several years before he was elected President of Chile. Declassified documents show that from 1962 through 1964, the CIA spent $3 million in anti-Allende propaganda "to scare voters away from Allende's FRAP coalition", and spent a total of $2.6 million to finance the presidential campaign of Eduardo Frei.[23][24]
The possibility of Allende winning Chile's 1970 election was deemed a disaster by a US administration that wanted to protect US geopolitical interests by preventing the spread of Communism during the Cold War.[73] In September 1970, President Nixon informed the CIA that an Allende government in Chile would not be acceptable and authorized $10 million to stop Allende from coming to power or unseat him.[74] Henry Kissinger's 40 Committee and the CIA planned to impede Allende's investiture as President of Chile with covert efforts known as "Track I" and "Track II"; Track I sought to prevent Allende from assuming power via so-called "parliamentary trickery", while under the Track II initiative, the CIA tried to convince key Chilean military officers to carry out a coup.[74]
Additionally, some point to the involvement of the Defense Intelligence Agency agents that allegedly secured the missiles used to bombard La Moneda Palace.[75] In fact, open US military aid to Chile continued during the Allende administration, and the national government was very much aware of this, although there is no record that Allende himself believed that such assistance was anything but beneficial to Chile.
During Nixon's presidency, United States officials attempted to prevent Allende's election by financing political parties aligned with opposition candidate Jorge Alessandri and supporting strikes in the mining and transportation sectors.[76] After the 1970 election, the Track I operation attempted to incite Chile's outgoing president, Eduardo Frei Montalva, to persuade his party (PDC) to vote in Congress for Alessandri.[77] Under the plan, Alessandri would resign his office immediately after assuming it and call new elections. Eduardo Frei would then be constitutionally able to run again (since the Chilean Constitution did not allow a president to hold two consecutive terms, but allowed multiple non-consecutive ones), and presumably easily defeat Allende. The Chilean Congress instead chose Allende as President, on the condition that he would sign a "Statute of Constitutional Guarantees" affirming that he would respect and obey the Chilean Constitution and that his reforms would not undermine any of its elements.
Track II was aborted, as parallel initiatives already underway within the Chilean military rendered it moot.[78]
The most prominent United States corporations in Chile before Allende's presidency were the Anaconda and Kennecott copper companies and ITT Corporation, International Telephone and Telegraph. Both copper corporations aimed to expand privatized copper production in the city of El Teniente in the Chilean Andes, the world's largest underground copper mine.[81] At the end of 1968, according to US Department of Commerce data, United States corporate holdings in Chile amounted to $964 million. Anaconda and Kennecott accounted for 28% of United States holdings, but ITT had by far the largest holding of any single corporation, with an investment of $200 million in Chile.[81] In 1970, before Allende was elected, ITT owned 70% of Chitelco, the Chilean Telephone Company and funded El Mercurio, a Chilean right-wing newspaper. Documents released in 2000 by the CIA confirmed that before the elections of 1970, ITT gave $700,000 to Allende's conservative opponent, Jorge Alessandri, with help from the CIA on how to channel the money safely. ITT president Harold Geneen also offered $1 million to the CIA to help defeat Allende in the elections.[82]
After General Pinochet assumed power, United States Secretary of State Henry Kissinger told President Richard Nixon that the United States "didn't do it", but "we helped them...created the conditions as great as possible". (referring to the coup itself).[83] Recent documents declassified under the Clinton administration's Chile Declassification Project show that the United States government and the CIA sought to overthrow Allende in 1970 immediately before he took office ("Project FUBELT"). Many documents regarding the United States intervention in Chile remain classified.
US installing a dictator to prevent dictatorship in a democracy has to be the most insane arguments that I keep seeing that makes me question the entire education system!
> US installing a dictator to prevent dictatorship in a democracy has to be the most insane arguments that I keep seeing that makes me question the entire education system!
It worked though. Chile is a democracy now, no communist country is.
Chile was a democracy and US helped overthrow the democracy and install a dictatorship. The citizens managed to resist and recover their democracy after 20 years at a great cost to the country's poor and privatization of Chiles public mineral wealth. Also known as Chiles 9/11. What exactly "worked" here?
Also, are you seriously suggesting that no former communist country is a democracy now? How is this completely random false statement relevant to this discussion?
There was lots of skepticism but in the end because of lack of good humint a lot of weight was placed on his behavior (his continued pretense/bluffing for the purpose of not disclosing weakness to Iran), the international community with the US at the lead reached a faulty conclusion.
With regard to DPRK S Korea has great humint and we have multiple defectors corroborating each other (whereas Iraq there was basically one guy feeding intelligence services lies) so I would say it's not the same.
In addition, the regime provides all the evidence necessary (not just boastful claims) we sample the atmosphere as well as have seismometers corroborating their claims of nuclear development. There is no question as toward their progress nor their intentions.
"the international community with the US at the lead reached a faulty conclusion"
Mistakes can happen and be forgiven but deception is seldom forgotten. It didn't go down quite so innocently as you portray. It appears painfully obvious that there were/are many parties with economic and other interests who were behind what turned into a giant expensive catastrophe and killed hundreds of thousands. No one has even been reprimanded much less punished. A lot of them are still around trying to beat war drums for Syria. Trust was broken. The effects of that will go on for a long time and they aren't good.
re. North Korea
"There is no question as toward their progress nor their intentions."
Fully agree. Very much unlike Iraq (or even less Iran and Syria) NK is truly dangerous and leaving them to continue their present course doesn't seem wise.
Supporting almost no military adventures the US has engaged in over the last 30 years I would fully support any action necessary against NK. But hopefully it doesn't come to that.
It's a shame someone has been calling wolf every few years for economic gains and now when a real wolf is at the door lots of people won't listen. Look at the comments on this thread. People don't trust. And with very good reason. But in the case of NK I think they are mistaken. If there is a place a germ or technology comes out of that kills half the globe it will be there. ISIS are a bunch of circus clowns in comparison.
There is lots of blame to go around with re Iraq. Our intelligence, Saddam himself (calling a bluff he could not possibly win, the cat-mouse game, in addition to just being a tyrant), opposition, Shiites, many western countries (but curiously Russia opposed) etc.
It may not seem like it from the way I write, but I was utterly devastated when the congress approved the plans. But I take one incident at a time. I try not to color unrelated things.
I Can see how saddam's brand of pan-Arab socialist nationalism combined with Iraq's oil wealth could be irksome in some circles.
Don't get me wrong, I believe that NK presents a real and present danger. A continuous stream of bellicose rhetoric combined with progress on ICBMs and a current nuclear + LEO satellite = EMP capability troubles me. I don't deny the facts there. A change of course seems perfectly reasonable, necessary, and prudent. I will celebrate liberty for the North Korean people, and Kim's return to dust. My feeling is that the least palatable options to thinking and feeling human beings are the most probable at this point (for various reasons), hence the need for the narrative.
It just seems to me like a bug in our democracy that we don't get a clear accounting, representation, and participation in grave decisions like these, and I hope someday that bug gets patched.
So it's not North Korea testing ballistic missiles capable of destroying Tokyo, Seoul, Hawaii etc. Or the fact that they are actively developing nuclear weapons capable of hitting anywhere in the US.
No it's not billions of lives that are the impetus to use force. Rather it's the huge sum of a few million dollars worth of Bitcoins i.e the cost of one of their more expensive bombs.
US, Russia, and China have ballistic missiles capable of destroying all the cities you mentioned and some more. And what are you going to do about them?
All this talk of "North Korea may have missiles that can hit us!" is getting tiresome and, frankly, worrisome. The only reason people talk about North Korea and, say, not Russia is that the US can preemptively attack North Korea and they can do nothing about it.
Everywhere you live, your place can be incinerated in 30 minutes if one or another national leader decides to push the red button. And it has been like that for ~50 years. Deal with it, and if anybody feels extra warlike and feels like they have to invade yet another country to save the civilized world from WMDs, remember Iraq.
You are both entirely logical and entirely foolish. The DPRK is dangerous and may make our lives materially worse even if they never detonate a nuke in a city.
So the logic conclusion for you is not that North Korea did this who has no foreign currency and minimal income. But rather it was the NSA who is bankrolled by the US government and who will be receiving additional funds in the upcoming budget process.
One of those groups has the funding and experience to create malware that finds its way into 150000 computers. This group already monitors billions of other devices.
The other is an isolated nation that's decades behind on technology, only recently building weapons that can compete on a global scale, and struggles to feed its starving population.
It wouldn't be the first or even hundredth time that the US gov did something shady and pinned it on an enemy. It's less about the money and more about justifying their expanding powers.
I don't know who did it. I'm just saying it's not a stretch to accuse the NSA given their history with hacking tools becoming public and the Snowden leaks.
To use the revenue generating argument from the OP article as a good indicator of the author is weak at best.
And what has the US been doing for the last 50 years exactly ? If not dropping missiles and bombs on civilian populations abroad under the pretence of "spreading democracy" and "stopping terrorism"
Among other things, yes. I'm fairly sure you'd rather live in the US than North Korea, though. And I say that as someone who's not American and has a very dim view of capitalism and imperialism.
1) The US does not actively target civilians. That's a war crime. There are incidental deaths absolutely but if the US was intentionally trying to cause mass deaths they would simply drop a nuclear bomb a few more times.
2) What does this have to do with spreading propaganda, cyberattacks or North Korea ?
Re (1), it is worth noting that the GP didn't say the US was actively targeting civilians. The GP said "dropping missiles and bombs on civilian populations abroad". You are in agreement with that multilevel nonsense.
Btw I'm not defending NK and their government nor am I saying that it's heaven on earth, but a bit of balance and fair treatment doesn't hurt sometimes.
Well they refuse to bend to your will so you desperately need a way to portray them as the ultimate enemy to justify the use of force against them as someone mentioned in the comments up above.
This sounds to me like the internet version of "Iraq has weapons of mass destruction, we absolutely must obliterate them to protect our freedoms", yeah right.
lol yeah, the whole "It's the <russians|iranians|chinese|koreans|syrians|insert nation we desperately want to destroy because they don't subscribe to our bellicist agenda>" is getting very boring very quickly.
There's that little part where they claim to be dedicated to helping keep our information systems secure, while they simultaneously stockpile zero day exploits and work behind the scenes to subvert and weaken encryption practices.
The NSA has always been a mix of offense and defense.
You can argue that balance has tilted inappropriately in recent times (I do), but that's different from any sort of indication they'd misattribute something like this.
A lot of smart North Koreans study abroad, especially in China. There are smart people all over the world, don't underestimate them just because they were born in some awkward country.
1) It saddens me that a nuclear bomb in the hand of a dictator basically means that no one will come help you out. The revolution has to come on the inside. Many dictatorship or empire might still be standing had they had their hand on one.
2) For a country so isolated and brainwashed, how can they train and develop the talent needed for complex hack like that? It seems it would require quite a complete education system. Does NK have a full proper education system?
It's not nuclear bomb that is the biggest concern in Korea conflict (as of now, North Korea's nuclear capabilities are more of show-off kind, not real, tactical threat), but the insane numbers of conventional artillery in range of Seoul(0) that can turn it to rubble in few hours in case of war.
I donno, from a technical standpoint it never seemed to me like WannaCry was extremely complicated. I actually described a Ransomware with a very similar crypto scheme on here not that long ago [0], and I don't have tons of crypto experience past taking a class on it in college. With that said I'm sure there are other ransomwares out there that already do something very similar (or even the same).
The more complicated part was the propagation via the exploit, but at the same time the exploit was already out in the open. That was part of the reason it only infected old or non-updated machines. So still not easy, but a good chunk of the initial work was done for them.
The major concern for the US military when attacking North Korea was not nukes, but military hackers inside a bunker disrupting everything. There probably is a lot of know-how there. The Sony hack was also attributed to North Korea.
The NSA developed the exploits that WannaCry was based on. The NSA lost control of its weapon (EternalBlue) in the Shadow Brokers leak and the world suffered economic damage as a consequence.
The NSA doesn't seem interested in switching to a more defensive role where they will inform software makers of the security problems they find. Instead they seem intent on maintaining offensive capability by seeking out, cataloging, exploiting, weaponizing, and keeping silent about the software security flaws they discover.
To be fair, the NSA was never given the mission to take on that defensive role you state. Their mission includes the defense of classified systems. Defense of any other systems is not their responsibility.
The offensive capability you state is part of their mission and is what NSA was created for.
> The NSA was never given the mission to take on that defensive role you state.
It's both. James Clapper (https://en.wikipedia.org/wiki/James_Clapper), former director of national intelligence, says the NSA has a review process to decide whether or not to disclose vulnerabilities to software vendors. Nothing in their mission prevents them from doing it. They're choosing not to do it.
Look at the slogan on the NSA's website (https://www.nsa.gov/): "Defending our Nation. Securing the Future". It's difficult to say with a straight face that they are defending the nation when they are willingly leaving domestic networks open to attack from zero days.
The NSA says (https://www.nsa.gov/what-we-do/) national decision makers "Must be able to outmaneuver those who would do us harm in cyberspace." How are you outmaneuvering anyone when you allow systems to remain open to harm?
Strategically there is sometimes advantage in not letting the enemy know what you know (how you define enemy is another question, but it's reasonable to observe that we have antagonistic relationships with some countries). The alternative is a siege mentality. If you systematically throw up defences ASAP every time you discover a vulnerability, and an enemy discovers a vulnerability but does observe any defensive preparations, the enemy now knows that they have an operational advantage over you and is incentivized to deploy it for maximum effect.
Obviously this is only a thumbnail sketch rather than an exhaustive exploration of strategy. But it's a subject I read and think about a good deal. Pretty much every military thinker through history has emphasized the value of surprise and the ability to set the tempo of battle.
Maybe credibility is not the best choice of word, but you could make an argument for "trustworthiness". In other words, the question is not so much the NSA's competence as their good intentions.
I'm liable to believe The Grugq, Marc Rogers and Peter Singer [0].
I've never heard of novetta before, and have no particular reason to doubt them, but I will say that this looks more like promotional material than anything else.
Why go on people's word when the evidence is right there! There were public keys used for encryption in the Sony hacks that were reused from other attacks years before.
Also, Operation Blockbuster was a joint action, taken on by Novetta, Kaspersky Lab, Symantec, and others
I wasn't aware of North Korea generally being blamed for cyberattacks.
It sure does fit with them needing foreign currency in the wake of the collapse of the Kaesong project and a freezing of relations with ASEAN countries.
'''You aren't in control at any level of your government. You can elect representation, but fuck them, and fuck you. We run the show around here and we do as we please.'''
The long term cost of this implication, to the organization, to the government, to society in general is more than if he just presented power points of the secret plans on YouTube.
Well that's it then, one lie ends everything. I had a program crash on me once, never used it again.
I'm being flippant but while I wouldn't advise you to trust the NSA it's equally foolish to assume an antagonistic posture towards it forever more in everything. Military forces sometimes kill innocent people which is terrible, and even worse than lying, but you don't see any country deciding not to have one, for reasons that I hope are obvious.
We live in a very imperfect world and it's not obvious how to rid ourselves of war, militarism, greed and so on because of the perverse economic incentives that prevail at this time in history. So I feel we should be very skeptical of our institutions, but not to the point of perversity or reflexive rejection thereof, which would make us as easy to manipulate as reflexive approval.
When a known liar says X, it means they've calculated that saying X is a good move in whatever game they're playing. This tells us little about whether X is the case. I mean, if they've since made a credible effort to restore their reputation somehow, we may start to give their pronouncements some direct weight in our own models of the world, but until then, why would you? This is beside any matter of morality.
Because it would be irrational to assume that they lie all the time. You are right that they've calculated it to be a good move, but good moves are not universally applicable.
You should definitely give lower weight to the statements of an actor with a record of being untruthful - we could get into discussing how Clapper is no longer at the NSA and that equating the NSA with his statements to Congress is a fallacy of composition, but let's go with the idea that the NSA as an institution is rather untrustworthy. What I'm arguing against is reflexively reducing that weight to zero, which I claim is irrational.
Morality is something that is important in decision-making, but extremely distracting in analysis, so I ignore it when trying to figure out what people are doing or whether they're truthful.
I wonder where hacking becomes an act of war vs a mere annoyance. Where is the red line? Shutting down a power plant? Shutting down hospitals? Disrupting a nuclear weapon factory? Any of these, if done with conventional weapons, would clearly constitute an act of war. But it seems that no one seems ready to take any action even when the aggressor is clearly identified.
One could argue: great, it means less wars, let's not overreact over a few bits flipped in a machine. I'd argue the contrary. If countries do not respond militarily to hacking aggressions, it will only make them escalate with increasingly serious consequences (disrupting hospitals to me is already a pretty severe consequence). There needs to be some form of accountability.
> As a result, no online currency exchange will touch it, said Jake Williams, founder of Rendition Infosec, a cybersecurity firm. “This is like knowingly taking tainted bills from a bank robbery,” he said.
This is incorrect - crypto exchanges have had no problem cashing in bags of dyed notes before, e.g. the coins from the Bitfinex hack. They really just do not care.
While any sort of attribution claim should be taken with a lot of skepticism I wouldn't at all be surprised if it was NK. They routinely engage in behavior that keeps the region from getting too stable. The asymmetric nature of cyber-warfare is a perfect fit for them.
It is so incredibly stupid that some people actually buy such bullshit, that I'm impressed from the makers of this propaganda. I never could assume total idiocy in my fellow human beings, but I stand corrected.
In the old days of the USSR, while very difficult, it was at least conceivable that you could just fly to moscow and see if they were eating their children there or burning priests or god knows whatever else.
There was a natural limit to the deception that could occur and further a normal person could make conclusions about the things they saw with their own eyes.
Now, the enemy that "we have always been at war with" is a completely isolated (and economically trivial) state that virtually nobody travels to and who is attacking us with secret cyber weapons that only a domain expert with highly specialized experience could even recognize, much less qualify.
And the people that are telling us are those same people that are, or are not, secretly recording all of our conversations.
There's not one little thing there you could take at face value.