[HN Gopher] Kaspersky believes it found new CIA malware
___________________________________________________________________
Kaspersky believes it found new CIA malware
Author : arkadiyt
Score : 390 points
Date : 2021-04-28 15:20 UTC (7 hours ago)
(HTM) web link (therecord.media)
(TXT) w3m dump (therecord.media)
| squarefoot wrote:
| We're lucky that we can still catch some of them now. The current
| status of closed CPUs running proprietary firmware talking with
| closed chipsets running proprietary firmware blobs would make
| trivially easy to move the malware injection to the iron level
| for agencies funded by governments. Once they accomplish it,
| detecting their spyware using software, at any privilege level,
| will become impossible. I fear the scenario in which magic
| packets with a signature that turns off detection in network
| hardware (proprietary firmware) and interfaces (again,
| proprietary firmware) can directly instruct a system (proprietary
| firmware) unbeknownst to the user; it seems impossible today,
| however all it takes is having enough closed software and
| firmware so that a covert channel can be created from the CPU to
| the external world. Governments have enough funds and motivation
| to tell most network iron manufacturers to produce hardware
| according to some additional specifications.
| f430 wrote:
| not convinced. since its the CIA, I trust them they are doing
| it for a good cause.
| trampi wrote:
| you forgot /s
| f430 wrote:
| not needed. if this was FSB or PSB then...
| 2OEH8eoCRo0 wrote:
| It's not impossible but it's complicated and the more
| complicated the harder to it is to keep secret. It's easier to
| just amass exploits for use when needed.
| kossTKR wrote:
| Why is this impossible today?
|
| Isn't this exactly what Intel's "Management Engine" and AMD's
| "Platform Security" is?
|
| Bonus question, does apples new MX chips have an equivalent
| backdoor?
| jimmyed wrote:
| Aside: Kaspersky is a Russian company.
| the_duke wrote:
| Which makes them one of relatively few companies in this space
| that would publicly expose CIA ops.
|
| It's definitely reasonable to be sceptical here, but that goes
| both ways.
| tandr wrote:
| I think you make a valid point here - there are not a lot of
| companies willing to expose something like this. Even less so
| second time around.
|
| [meta] I would REALLY love for people down-voting something
| to explain why they do this. Maybe as HN feature for the
| first 200 downvotes, you have to reply to the post or upvote
| one below that explains it...
| yeah666 wrote:
| Aside: therecord.media is CIA propaganda.
| https://gcn.com/articles/2010/07/29/inqtel-google-fund-web-a...
| genmud wrote:
| Recorded Future = CIA? Solely based on them taking money from
| IQT?
|
| IQT funds a ton of different companies, it doesn't make them
| fronts for the CIA. Cloudera, FireEye and a ton of others
| have taken money from IQT, it doesn't make them propaganda.
| boomboomsubban wrote:
| >Cloudera, FireEye and a ton of others have taken money
| from IQT, it doesn't make them propaganda.
|
| Though I won't say for sure that Recorded Future is CIA
| propaganda, there are obvious reasons why the CIA would
| fund a software development or computer security company
| besides propaganda. For what other reason would they fund a
| media company?
| hctaw wrote:
| Whose products are sanctioned against use in US government
| systems because of ties to Russian intelligence services.
|
| But you should take both these statements with a grain of salt
| when either side of the field stands to gain (or lose)
| something.
| kube-system wrote:
| Not sure it's really meaningful to simply say they're a
| "Russian company". More specifically, they're a company that
| has been accused of cooperating with the FSB in attacks against
| the US government.
|
| https://en.wikipedia.org/wiki/Kaspersky_bans_and_allegations...
|
| Whatever the case, it's probably wise to take their statements
| with some skepticism of bias in this regard.
| throwaway210222 wrote:
| Or: "they're a company that has been accused without evidence
| of cooperating with the FSB in attacks against the US
| government by US entities aligned to the US-based actors that
| they have exposed".
|
| FTFY.
| viro wrote:
| > without evidence of cooperating with the FSB
|
| That isn't true. This "without evidence" shit is rather
| silly when it comes to top-secret sources and methods. Blow
| decades of work and risk getting people killed to Prove
| that an ex-KGB officer helps an authoritative regime thats
| known to poison its enemies. People said the same shit
| about Huawei, then all the KPN shit.
|
| Link: https://www.bloomberg.com/news/articles/2017-07-11/ka
| spersky...
| thatguy0900 wrote:
| The problem with that is that those agencies also lie all
| the time. You can't have your cake and eat it too with a
| just trust us attitude and also make stuff up when it's
| convenient.
| HideousKojima wrote:
| "We'll know our disinformation program is complete when
| everything the American public believes is false." -
| William J. Casey, former CIA Director
|
| That said, I think the safest default assumption is both
| that any large national intelligence agency lies all the
| time, _and also_ that any entity that a national
| intelligence agency has the means and motive to
| compromise is probably compromised. So Kaspersky is
| probably an FSB asset (but so too is Amazon a CIA /NSA
| asset) but the CIA is probably lying 99% of the time too.
| seppin wrote:
| People still don't understand the fundamentally different
| rules that Russian or Chinese companies operate under.
| They cannot refuse government requests, for anything.
| throwaway210222 wrote:
| > This "without evidence" shit is rather silly when it
| comes to top-secret sources and methods.
|
| "We lie, we cheat, we steal". Literally from the mouth of
| the guy who ran it to your ears.
|
| I'm not sure how you find these source legitimate sans
| evidence, other than possibly they are you team.
|
| PS. Doesn't make the other jerks legitimate either.
| viro wrote:
| > sans evidence
|
| You're talking about an entity with the ability to fake
| any evidence that they would be able to provide you. So
| no matter what "evidence" they provide you would still
| need to make a choice to believe them.
| kube-system wrote:
| I used the word "accused" intentionally. My pointing out a
| potential bias here is not a diminishment of anyone else's
| potential bias.
| Yizahi wrote:
| It is now. After decades of state lying "russian" has a well
| defined meaning now.
| torpid wrote:
| Role reversal: If a US antivirus company's heuristic and file
| analysis uploaded a trove of russian zero-day exploits they
| are using against their adversaries, you better damn well
| believe they're going to hand that over to the CIA/NSA and
| the CIA/NSA may weaponize them against our adversaries.
|
| When it comes to US crafted malware, I trust the Russians in
| detecting it and telling the world more than I would any US-
| based company.
| genmud wrote:
| I find it interesting that this and a few other investigations
| have been released around times of great geopolitical tensions
| related to Russia. I think there are legitimate questions as to
| how/where this activity was observed and what led them to
| investigate it.
|
| Personally, I don't know how closely they coordinate with
| Russian intelligence services, but some of the samples they get
| and the background/context they get can only be obtained if you
| are very close to the investigation. The way they phrase things
| like "we found this in a multi-engine scanner" raise the hair
| on the back of my neck, since I work in malware analysis and
| you don't just run across these types of samples by chance.
| They are either doing IR for organizations that were targeted
| (which you would just mention), or they are getting tipped off
| on where to look.
|
| Whether or not this is intentional, or just happens to be a
| coincidence, it is something to be aware of.
|
| Examples of suspicious timing: Flame paper released while there
| were massive protests in Russia around 2012, Regin/Equation
| Group/Duqu 2.0 paper released during Ukranian invasion circa
| 2014/15, and now this paper also released while tensions in
| Ukraine are ramping up and after the fallout from the
| SolarWinds stuff.
|
| I think it would be less suspicious if places like Sputnik (a
| known propaganda arm of Russia) didn't immediately start
| pushing a specific narrative when Kaspersky has these malware
| releases.
| FpUser wrote:
| And this of course means that CIA does not make malware.
| justicezyx wrote:
| Dude, it is well known that US is the single most powerful
| cyber warfare practitioner. They even had a few very successful
| operations in Iran and may be in China and Russia (you can
| guarantee that those countries won't disclose the incidents).
|
| TBH, one should be happy that US possess such power. US might
| be biased, but the country is at least rational.
| avaldes wrote:
| > Dude, it is well known that US is the single most powerful
| cyber warfare practitioner. They even had a few very
| successful operations in Iran and may be in China and Russia
| (you can guarantee that those countries won't disclose the
| incidents).
|
| I don't follow that logic:
|
| > >1: The US is the single most powerful cyber warfare
| practitioner
|
| > >2: Successful operations in Iran, China and Russia
|
| > >3: But those countries won't disclose such incidents
|
| So how you can be so sure about point 1?
| sschueller wrote:
| So? Doesn't make their claim anymore invalid.
|
| You might as well say they are an AV firm and there is a
| conflict of interest just by saying there is some x malware.
|
| Either way they need to proof it.
| [deleted]
| phendrenad2 wrote:
| Is there a link to any actual posts or blog by Kaspersky on the
| matter? This seems to be missing from their official
| communications...
| hoppyhoppy2 wrote:
| The link is included in the article ("Kaspersky's full
| description is below, from its <link>quarterly APT
| report</link> released today.")
|
| The linked article's url is https://securelist.com/apt-trends-
| report-q1-2021/101967/ , which is from a site called
| "SECURELIST by Kaspersky".
| kureikain wrote:
| How do they release malware in to the wild? Inject some
| application? Run google ads and point traffic to these?
| hilyen wrote:
| We need to end all secret gov agencies. They are out of control &
| happily stomping out liberties without discretion.
| INTPenis wrote:
| Sure, as soon as we end all jealousy and suspicion in the human
| race. Glhf
| jmann99999 wrote:
| I may have missed it in the article, but as a sysadmin, i'm
| trying to figure out what I should do. It appears the CIA has
| created malware. I assume, if they have exploited some hole,
| others will too.
|
| While I appreciate the heads up, Can anyone offer suggestions on
| how to mitigate this malware? What do I do? Do I have to rely on
| Kaspersky?
| stagger87 wrote:
| Rather than try to protect yourself from this, I personally
| would just live in a constant state of fear and paranoia. Maybe
| join a social group who can help you through it, like the
| Targeted Individuals club?
| FpUser wrote:
| If you want to be protected from the US made malware you do not
| go to US antimalware vendor. If you want to be protected
| against Russian malware you do not get antimalware from Russia.
|
| So pick your poison.
| [deleted]
| ronsor wrote:
| Solution: Install US and Russian antiviruses simultaneously.
| FpUser wrote:
| Won't it led to an instant annihilation?
| barkingcat wrote:
| Almost all government created malware uses 0days that they've
| kept back or held back from public disclosure, so there's
| nothing really you can do (aside from waiting for disclosure).
| That's the point of a CIA hack isn't it?
|
| If there's something you can do, then they've failed at their
| job, and it's time for hiring the next batch of developers (yes
| these are developers with a paid day job - to make malware for
| the CIA).
|
| In university, most computer science or computer engineering
| students had to make a choice whether to work for the country's
| security agencies and/or the military industries (via
| internships, being recruited, or just plain applying to
| government/pentagon/fbi/cia/nsa/csis jobs, etc), and that's
| their choice to make.
|
| From the government's point of view, it's no different than
| recruiting soldiers for the Army/Navy/Marines. If they couldn't
| train you to their standards for basic fitness and basic
| shooting skills, they've failed and you'd probably wash out
| from infantry school.
|
| The other thing you could do is to contribute to initiatives
| that do specific research into looking for vulnerabilities.
| It's no guarantee that you'll find the same vulnerabilities
| that the CIA is exploiting though, or you might find entirely
| other ones that they've been using for other exploits.
| chelmzy wrote:
| The only thing you can truly do is look for anomalies in
| network traffic, processes, files, etc. This malware is not
| immune to that unless it has features specifically to hide
| from monitoring tools.
|
| Even then there will almost always be evidence if you log
| network traffic. But obviously this is very difficult.
| MauranKilom wrote:
| > Even then there will almost always be evidence if you log
| network traffic.
|
| You'd need to know what to look for though. It was shown
| that the CIA can hide its communication in metadata of
| legitimate traffic which is then recovered at intermediate
| hops to the target. So, do you know precisely what an
| innocent DNS packet looks like to detect this anomaly?
| hnarn wrote:
| >do you know precisely what an innocent DNS packet looks
| like to detect this anomaly
|
| Wouldn't an abnormal _amount_ of DNS data also stand out?
| I assume for this to work they 'd still have to send a
| lot of data unless they're willing to wait for half an
| eternity.
|
| Just curious, since I hadn't heard of this before.
| staticassertion wrote:
| While I have no information to share on this specific malware,
| here is the NSA's TAO Chief on what makes their jobs harder:
|
| https://www.youtube.com/watch?v=bDJb8WOJYdA
| anoraca wrote:
| Why would you rely on a company that is banned?
| https://www.nextgov.com/cybersecurity/2019/09/us-finalizes-r...
| wil421 wrote:
| > Kaspersky said that while it has not seen any of these
| samples in the wild, they believe Purple Lambert samples "were
| likely deployed in 2014 and possibly as late as 2015."
|
| You don't do anything because you are not the target. It's
| never been seen in the wild.
| athrowaway3z wrote:
| Any concrete info on the 'magic packet'?
| j3th9n wrote:
| You probably have to think of something like port knocking:
| https://en.wikipedia.org/wiki/Port_knocking
| reedjosh wrote:
| Yes, I would love to know what they were triggering on.
| brummm wrote:
| I always wonder. The CIA/NSA must essentially target the big
| Amazon, google and microsoft clouds to get blanket access to
| everything running and stored there. Seems like a no brainer from
| their standpoint.
| cyberlab wrote:
| Yes. Although with Google and other tech giants, they have good
| security, but really bad privacy. So there is little chance of
| your Google searches being leaked onto some shady darkweb
| forum, but a better chance it is being leaked to NSA etc. Also
| haven't you heard about NSLs[0] & Prism[1]?
|
| [0] https://en.wikipedia.org/wiki/National_security_letter
|
| [1] https://en.wikipedia.org/wiki/PRISM_(surveillance_program)
| joe_the_user wrote:
| It should noted that they can also assign agents to work at
| these firms or recruit existing employees, so they have a broad
| pallet to deal with. And a given person working for the secret
| agencies might not have to do more than turn a blind eye to
| something once in a while.
|
| However, these large firms have enterprise-wide security and
| too many people would notice the vacuuming of data for this to
| be done by single agents. So that would require secret court
| order and secret laws, as we know existed a few years ago.
|
| So no doubt you have some level of secret agency access but
| exactly how much is difficult to say. Remember these are
| companies operating globally and it's in their interests to not
| be seen as mere extension of US intelligence and foreign policy
| but at the same time these agencies can very persuasive, etc.
| etc.
| sascha_sl wrote:
| Or they just ask, which is essentially how prism already worked
| for user data.
| hu3 wrote:
| They just ask: https://www.bbc.com/news/technology-51207744
| reedjosh wrote:
| Yeah, I highly doubt there's any targeting there. The big
| tech Co.s are practically fronts for the US Gov.
| noir_lord wrote:
| > Yeah, I highly doubt there's any targeting there. The big
| tech Co.s are practically fronts for the US Gov.
|
| https://en.wikipedia.org/wiki/War_Is_a_Racket (1935).
|
| History doesn't repeat but it does rhyme.
|
| It seems to be the natural state that centres of power co-
| operate with each other lest they lose their power.
|
| Churches with Kings, Corporations with Government.
| boston_clone wrote:
| Didn't some PRISM documents show that Google's internal use
| of TLS 1.2 was blocking a more widespread collection of data?
|
| I'll see if I can find the slide that articulated the issue.
| caeril wrote:
| That was part of it.
|
| The other part was "Do what we tell you, or you'll be Joe
| Nacchioed"
|
| In a 2013 interview, Marissa Meyer made it abundantly clear
| this is why Yahoo "voluntarily" joined PRISM. One can
| assume the rest were similarly influenced.
| oefrha wrote:
| I'd say the likelihood of an American Big Tech without CIA
| covert operatives working there is essentially zero, even if
| there's no direct cooperation. It doesn't make sense to not
| utilize some of your most valuable assets.
| xtracto wrote:
| Back in the 70s to 90s the CIA had _presidents_ of Mexico as
| operatives (see LITEMPO). So, I wouldn 't be surprised that
| nowadays some high level people at Google, Microsoft, etc are
| CIA assets.
| mhh__ wrote:
| Similarly, the KGB (as later exposed by VENONA) had their
| fingers in extremely sensitive pies during the early cold
| war period.
| Pompidou wrote:
| From another point of view, we can see American Big Tech and
| CIA (and some other agencies) as the two faces of a same coin
| : america leadership, as usa are raising their power from
| economical and cultural supremacy over other country. I may
| have a blurry foreigner (french) view on your country, but I
| really see this intrication as real and substential as it was
| in URSS. In a much robust way, of course, making your country
| so powerfull.
| d33lio wrote:
| AV company known to have ties to russian intelligence flagpoles
| when it thinks it found traces of US intelligence... color me
| surprised...
| bpolovko wrote:
| Why would I trust politicized Russian company about such thing?
| Few years ago it had a scandall where it was discovered that
| their own tools were injected with spi malware.
| https://careers.kaspersky.com/
| fouric wrote:
| Two weeks ago, the NSA accused the Russian SVR (intelligence
| agency) of exploiting vulnerabilities in US networks and
| suggesting that they were behind the SolarWinds compromise[1].
|
| Now, Kaspersky (which is suspected to be affiliated with Russian
| intelligence - possibly unwillingly) claims to have found CIA
| malware (effectively "burning" it, if it's real).
|
| The timing does not seem to be a coincidence. Tit-for-tat?
|
| [1] https://www.nsa.gov/News-Features/Feature-Stories/Article-
| Vi...
| stunt wrote:
| But CIA developing malware isn't news to anyone. How is this a
| tit-for-tat then?
| fallingknife wrote:
| The tit-for-tat goes the other way:
|
| 1. expose malware the CIA doesn't want exposed
|
| 2. get accused by the CIA of being in bed with the Russians
|
| "working for the Russians" is the go to baseless political
| smear these days
| sophacles wrote:
| I would like to point out that a russian security company
| almost certainly has ties with the russian government.
| Particularly a very large, well respected one. It would be
| like accusing oracle or amazon of having ties with the US
| government.
| varjag wrote:
| Kaspersky himself is a 1987 KGB school alumni. The
| naivete of Westerners is sometimes astonishing.
| caeril wrote:
| This is a very good point, and stands in stark contrast
| with no management or employees of FireEye or CrowdStrike
| ever being associated with FVEY intelligence services.
|
| Nope, it's ONLY the evil Russians. The naivete of non-
| Westerners is sometimes astonishing.
| parineum wrote:
| The "well respected" part of that has partly to do with
| no evidence of them being partial.
|
| If they were known as a kremlin puppet, they wouldn't be
| respected.
| fallingknife wrote:
| Ok you're right. I didn't know they were based in moscow.
| I tend to dismiss "The Russians" claim out of hand now.
| marcosdumay wrote:
| Well, at least for once the general public wins. Let's hope
| they fight more this exact way, and less on every other way.
| fallingknife wrote:
| Interesting. But if you had cited "my ass" as a source it would
| be more reliable, because the NSA is probably better at lying.
| ARandomerDude wrote:
| The parent commenter was sourcing "the NSA accused..." with
| the accusation, not making a claim as to whether the
| accusation was true.
| gowld wrote:
| Interesting in light of the recent comments on HN that
| therecord.media is (partly) funded by the CIA.
| alert0 wrote:
| The author is one of the highest signal accounts I follow on
| Twitter. He seems to want to report on everything. [1] Also,
| relevant thread. [2]
|
| 1. https://twitter.com/campuscodi/status/1387026165597151234
|
| 2. https://twitter.com/riskybusiness/status/1387194016790323200
| cyberlab wrote:
| > the malware samples appear to have been compiled seven years
| ago, in 2014
|
| So it was possible then to analyze the metadata of the files and
| determine when the malware was made/compiled? That seems like bad
| OPSEC. If I was CIA I would be rigorous in modifying and faking
| when certain files were last modified or created, and possibly
| stripping other damaging metadata (if it's incriminating enough).
| This is basic metadata hygiene employed by journalists,
| whistleblowers etc
| hugh-avherald wrote:
| Maybe it's less suspicious to have benign metadata than no
| metadata.
| cyberlab wrote:
| Yeah, which is why I suggest faking metadata than simply
| stripping it. There are anti-forensic tools for doing that.
| londons_explore wrote:
| Don't overestimate government coders skills...
|
| Often it's a massive team with people of very varied
| programming skills. The core exploit might be some super high
| tech, hand coded in assembly rootkit, but then the remote
| control stuff might ends up being some badly written powershell
| script or multi-megabyte dot-net, java or python binary pulling
| in every library under the sun.
| Godel_unicode wrote:
| There's a fantastic example of this from fall of 2019. China
| was using an iPhone 0day which was extremely complicated to
| do internal surveillance, and the C2 for it was happening
| over http.
| distribot wrote:
| What is a C2?
| scottyah wrote:
| Command & Control
| https://en.wikipedia.org/wiki/Command_and_control
| hello333 wrote:
| command and control i think
| GraemeMeyer wrote:
| Command and control
| [deleted]
| joe_the_user wrote:
| It seems like this is simply the approach of any coder who's
| just trying to get X done without worrying about maintaining
| stuff. Academic code is often "crap" and it's written by
| smart people but smart people only concerned about getting
| the algorithm implemented.
|
| Which is say to say, no one yet come up with an approach that
| combines "fast to write, fast to run, and easy to maintain".
| asimpletune wrote:
| I think it was based more on when the samples were found
| cyberlab wrote:
| Yet the samples retain their original creation date?
| techrat wrote:
| The year was given. Suppose it was found as early as 2014
| on a device that had since been retired. That's one way to
| ballpark its creation year.
| Sunscratch wrote:
| "Kaspersky believes it found new CIA malware"... being itself
| russian FSB malware...
| Dolores12 wrote:
| Your comment makes no sense. If it were russian malware it
| would be outed by counterparts in a second. Still ZERO
| evidence, just FUD. I would also prefer to have FSB malware,
| just because their power is limited.
| viro wrote:
| Well they have been outed as working with the FSB. You know
| it randomly uploads files to be analyzed and those files have
| been found in the poccession of the FSB right?
| efnx wrote:
| So this was deployed in 2014 and we're just connecting all the
| dots now? It really makes you wonder what's being deployed at the
| moment.
|
| The fact that they can determine all this from some binary is
| amazing. Security researchers really are techno-archaeologists.
| mc32 wrote:
| I recall how when we had North Korean hacking activities and
| official attributions people would say, but how do we know it
| was them and how do we know the government isn't making things
| up?
|
| But when someone accuses the US we never add any salt. Not that
| I don't think it's false, it's just that the lack of consistent
| skepticism is interesting.
| boomboomsubban wrote:
| >But when someone accuses the US we never add any salt. Not
| that I don't think it's false, it's just that the lack of
| consistent skepticism is interesting.
|
| This thread also isn't full of calls for sanctions against
| the US or talk of overthrowing the government.
|
| I don't actually doubt many of the reports claiming North
| Korea or whoever were behind some attack, I know they are
| likely engaging in such activities. I just don't think the
| evidence is convincing enough to use as a casus belli or
| similar reason to take our own malicious actions. I would
| take a similar stance with this CIA malware, but nobody here
| is calling for punishment based on it.
| cyberlurker wrote:
| Yea, I cautiously share this viewpoint. I don't want a
| cyber "Remember the Maine! To hell with Spain!" event.
|
| https://en.m.wikipedia.org/wiki/USS_Maine_(1889)
| tck42 wrote:
| The Broadcom link in the posted tweet records [some of?]
| their reasoning. Things like very North America specific
| strings, activity happening M-F for certain things
| (compilation, etc), capability (access to zero days implying
| deep pockets to buy said zero days), and breadth of target,
| etc.
|
| That said - it ABSOLUTELY BOGGLES MY MIND that, if these are
| not leaked, but rather recovered from attempted attacks, how
| are _any_ valid timestamps and strings not randomized as part
| of the build process!? I'm not saying it refutes or confirms,
| I'm just wondering - how difficult is it to read an ELF | PE
| and remove / change those things, and if it's as easy as I'm
| thinking, why would you not do so? Or replace with
| preprocessor directives that you could setup to random values
| for production builds to use strings and timestamps that
| indicate some other entity? All of this seems straightforward
| to me, like, could do via shell scripting or python. Is there
| a valid reason to leave this stuff in? Are we seeing some low
| priority work that the TLA wants to leak to show that they're
| out there and capable?
| fit2rule wrote:
| The hex dumps are the front-line in cyber war. You're
| supposed to see those strings.
| cronix wrote:
| > Or replace with preprocessor directives that you could
| setup to random values for production builds to use strings
| and timestamps that indicate some other entity?
|
| They do, except they're not random. Check out the CIA Vault
| 7 leaks from a few years ago. They purposefully leave
| trails that point to other countries including using
| foreign languages for variable names/comments.
|
| > "[D]esigned to allow for flexible and easy-to-use
| obfuscation" as "string obfuscation algorithms (especially
| those that are unique) are often used to link malware to a
| specific developer or development shop."
|
| > The source code shows that Marble has test examples not
| just in English but also in Chinese, Russian, Korean,
| Arabic and Farsi. This would permit a forensic attribution
| double game, for example by pretending that the spoken
| language of the malware creator was not American English,
| but Chinese, but then showing attempts to conceal the use
| of Chinese, drawing forensic investigators even more
| strongly to the wrong conclusion, -- but there are other
| possibilities, such as hiding fake error messages.
|
| https://www.mintpressnews.com/wikileaks-reveals-marble-
| proof...
| tck42 wrote:
| Ah OK good, thanks for the link. Right, this seems like
| something _I_ could probably handle with a weekend or
| two's worth of research (meaning it's pretty simple
| because I'm no hacker).
|
| And Broadcom _does_ note that they associate with Vault7
| group via the whole picture, but it's weird they present
| the strings and dates data without noting that it would
| be trivial to fake, and don't give any specificity to the
| other data points.
|
| I guess for this type of work the only thing you _really_
| have is the code's intent, if you can figure that out.
| Groxx wrote:
| Seems reasonable to assume that a government saying "it
| wasn't us" or "it was them" is a heavily politically-
| motivated statement, not a strictly technical one. Regardless
| of it being accurate or not - there are reasons to keep quiet
| even if there's conclusive proof.
|
| This is a case of a third party saying "we think it was
| probably X". You can't rule out other motivations here
| either, but there's a fair bit more room for it to be _less_
| politically motivated.
| coliveira wrote:
| The CIA was caught lying and cheating several times in
| official investigations. Can you imagine what they have done
| when nobody else is looking?
| Jenk wrote:
| Given the public image of North Korea is one of a time
| capsule from the 60s I think it's more a case that the North
| Korean effort is considered inadequate or incapable, whilst
| the US TLAs have virtually limitless resources.
| vbezhenar wrote:
| One reason would be the capability. There's no doubt that
| there are US citizens able to produce complex software
| including malware. Same could be said about China or Russia.
| But when it comes to North Korea, I really have doubts about
| their IT competence. Sure, they probably have some good
| programmers able to create ordinary IT systems. But working
| on edge of current technologies - that's what I have my
| doubts about.
| tclancy wrote:
| This may be helpful then:
| https://www.newyorker.com/magazine/2021/04/26/the-
| incredible...
| throwaway210222 wrote:
| Why exactly do you think no North Korean can make malware?
|
| Hell, I've seen malware from countries in Africa that lack
| food. These societies have a lot of kurtosis.
| kevin_thibedeau wrote:
| Their biggest trading partner uses them as an attack dog to
| do the things they don't want to be directly associated
| with. It isn't unreasonable that it was given to them.
| kube-system wrote:
| If they can get fighter jets, tanks, and missiles from
| China and Russia, certainly they can get some malware.
| daniel-cussen wrote:
| Well, by comparison, Iran is very competent at cyber but
| they keep getting their uranium centrifuges hacked. North
| Korea, on the other hand, already didn't get hacked, and
| built the bomb.
|
| They have a lot less money than South Korea, and their
| political system is...what it is...but I don't see any
| reason a North Korean can't study just as hard as a South
| Korean and achieve similar results.
|
| I think people confuse North Korea's suffering with
| weakness. I'll grant that there is a lot of hunger, but the
| mission from the beginning, of the guerrilla fighters who
| now run the country, was sovereignty at all costs. And I'd
| say purely in terms of sovereignty North Korea is doing
| remarkably well.
| tgragnato wrote:
| Iranian getting their centrifuges hacked probably has to
| do more with geography than cyber. Israel is a powerful
| ally. I would compare South Korea more to a US protected
| country than to an ally. Given the dynamics with China,
| the Asian region is "less controllable" than Persia.
| pc86 wrote:
| It's human nature to give things that fit your preconceived
| notions and biases the benefit of the doubt over those that
| don't, _even when you 're aware of this effect_. The best we
| can do is try to be cognizant of it and be _really_ self-
| critical about our knee-jerk reactions.
| measuring_tape wrote:
| Assuming it was said by someone fin the USA, there's also
| utility in this framing. Remaining critical of your own
| government is pretty healthy for a democracy.
| da_chicken wrote:
| > _Not that I don't think it's false, it's just that the lack
| of consistent skepticism is interesting._
|
| It's not genuine skepticism. It's people on social media
| wanting Internet points for pointing something out. It's
| devil's advocates and "well akshully..." people just saying
| something to make a point. People don't do it on CIA stories
| because it's not honest skepticism in the first place. It's
| not fun when the sarcastic and cynical responses make you
| even more jaded about your own country.
|
| <--- Now, kindly do the needful, dear reader.
| tehjoker wrote:
| The existence of their insane levels of funding and well
| known history of coups, lies, dirty tricks, and mass murder
| makes it extremely easy to believe US intelligence is capable
| of deploying computer bullshit lol. Of course, if there is
| credible evidence exhonorating them we can look at that.
| adrianN wrote:
| There are plenty of other actors capable of "deploying
| computer bullshit". Why shouldn't one of them be the
| culprit here?
| lawxls wrote:
| Because this thread is about CIA malware?
| [deleted]
| cowmoo728 wrote:
| Until a few years ago, I was skeptical that North Korea had
| the technical expertise to pull off some of the hacking that
| was being attributed to them. In the past 5+ years, however,
| it's become increasingly clear that they have a well funded
| and dedicated team of competent hackers.
|
| The NSA and CIA, on the hand, are always assumed to have some
| of the best hackers in the world. So when I read that some
| huge exploit with multiple complex 0-days chained together
| has been discovered, and it's being attributed to the USA
| and/or Israel, I usually assume that's true because very few
| other countries have the ability to pull it off.
| willcipriano wrote:
| If I had to wager I'd always bet on the CIA lying, I don't
| see how anyone could come to another conclusion given their
| history.
| anothernewdude wrote:
| Kaspersky are a branch of Russian intelligence.
| Koshkin wrote:
| I've come to a conclusion that, from the evolutionary
| standpoint, lying (and stealing) is one of the most
| important forms of the _intelligent_ behavior. We see it in
| the animal world, so this unavoidably should be seen as
| such in the world of humans...
| andy_ppp wrote:
| Humans have the option of trying to be ethical as well
| and a lot of people would question if the CIA always
| behaves ethically.
| ectopod wrote:
| Surely no-one believes the CIA always behaves ethically.
| Especially after the post-9/11 kidnap, torture and murder
| rampage. Perhaps you meant a lot of people question if
| the CIA ever behaves ethically.
| andy_ppp wrote:
| I'm sure the people that work there think they are a thin
| line against the harm others would like to do to America.
| "The ends justify the means".
| mandmandam wrote:
| I would hope they're smarter than that, but apparently
| not many are.
| kungito wrote:
| Trying to take the optimal route in prisoners dilemma
| would make smart animals stop this behaviour
| scoofy wrote:
| >If I had to wager I'd always bet on _national security
| agency of any powerful country_ lying, I don 't see how
| anyone could come to another conclusion given their
| history.
|
| Let's not pretend the FSB and MSS don't also lie
| constantly. That you're more familiar with the CIA lying is
| a testament to the free press of the US, not the other way
| around.
|
| The point of the previous post is that it could easily be
| another security agency.
| himinlomax wrote:
| > Let's not pretend the FSB and MSS don't also lie
| constantly
|
| How do you go from reading "the CIA is lying" to "the FSB
| is telling the truth"? Do you understand the difference
| between those statements? Reminds me of a stand up bit,
| "are you a Jew or an antisemite?"
| neartheplain wrote:
| >How do you go from reading "the CIA is lying" to "the
| FSB is telling the truth"?
|
| The link is a Kaspersky press release, so there's
| potential for an FSB connection:
|
| https://www.bloomberg.com/news/articles/2017-07-11/kasper
| sky...
| encryptluks2 wrote:
| Yet it wasn't until relatively recently that they stopped
| selling Kaspersky at major retailers. Even if they have
| an FSB connection they are basically saying, well we now
| know that company we let get loose on millions of
| consumer desktops and enterprise/government systems in
| the US is connected to Russian intelligence. Oops!
| freeflight wrote:
| Using that same logic most statements out of the US
| corporate InfoSec establishment should be similarly
| scrutinized.
|
| A whole lot of these outfits are started by former NSA
| employees, and they love having people that previously
| worked in US national security on their rooster for the
| marketing value.
|
| Yet whenever one of these outfits accuses
| China/Russia/Iran of being responsible for the latest
| "cyber incident"/"misinformation campaign" these
| accusations are widely regurgitated without any doubt
| like some kind of definitive factual truth.
| coliveira wrote:
| The CIA has a budget for lying and cheating that is an
| order of magnitude larger than anything else other
| countries have. I always assume that they are doing more
| damage than what we know about.
| stjohnswarts wrote:
| I highly doubt if they have an order of magnitude more
| than China "budget" for CIA type activities. Probably
| more but not 10X, maybe 2X
| mhermher wrote:
| you can use military spending as a proxy.
| HDMI_Cable wrote:
| Wouldn't the fact that we know more about the CIA mean
| that they lie _less_ , since there are verifiable claims
| to the contrary if they _do_ lie? Like for example how
| the CIA can 't claim it didn't infect Iran with Stuxnet
| without someone calling BS.
| thereare5lights wrote:
| How does it mean they lie less?
|
| You don't know everything there is to know about the CIA.
| All it means that that they can't lie about what you do
| know.
| hulitu wrote:
| No. They dont't lie less. They just try to canalyse the
| discussion to another subject. Just like ...
| _jal wrote:
| > Let's not pretend
|
| Who is pretending? The discussion is about the CIA.
|
| When I discuss cats, there is no reason I should have to
| always qualify it by saying "yes, and dogs are cute,
| too."
| oytis wrote:
| Kaspersky's ties to FSB are an open secret, so it's
| really believing FSB vs believing CIA unless you have a
| way to verify them.
| stjohnswarts wrote:
| I mean would Kaspersky even have a choice not to work
| with FSB? I mean it is a Russian company , I doubt if
| anyone other than Putin can naysay FSB dictates.
| caconym_ wrote:
| I think it's much more likely for both these orgs to be
| telling the truth when they're accusing their enemies of
| doing bad things than it is when they're denying that
| they've done bad things themselves. It's not a simple
| case of one consistently telling the truth, and the other
| consistently lying...
| bcrosby95 wrote:
| So when the CIA tells me some foreign government is doing
| something bad, I should believe them? Then when the CIA
| denies they lied about the foreign government was doing
| something bad, I should ignore them?
|
| This advice makes no sense to me.
| totalZero wrote:
| It's more like saying "white cats enjoy naps" when
| napping activity is generalizable to all cats.
| godelski wrote:
| Sure, but isn't that true for any intelligence
| organization? CIA, NSA, FSB, MI5, Mossad, BND, etc?
| willcipriano wrote:
| Sure, I dont focus on them because I don't believe that
| Mossad or MI5 are the reason why my country has been at
| war my entire adult life, but I have witnessed the NSA
| and CIA justify those wars-that-arent-really-wars time
| and time again. How much blood was spilled over the
| 'yellow cake' line alone? Remember when they lost that
| ten thousand page report on torture right before it was
| to be delivered? Or the time they dosed unwilling people
| with LSD or when they smuggled cocaine and fueled the
| crack epidemic, or when they...
| lostlogin wrote:
| > my country has been at war my entire adult life
|
| The US has been at war for most it's existence.
|
| Someone made a search tool to see how many years the US
| had been at war for, and then ran it on Wikipedia.
|
| Interestingly, France performed worse (assuming one
| doesn't like war), though being involved in things like
| 'The 100 years war' skews things a little.
|
| https://freakonometrics.hypotheses.org/50473
| stjohnswarts wrote:
| That's kind of nuts. If you want to compare it to the USA
| you would have to have some reasonable date like starting
| in 1900, the modern era of history. Things are so very
| different now than the 1800s but not terribly different
| than 1900s (as far as interaction and possibility of
| interaction between countries)
| willcipriano wrote:
| I probably wouldn't be complaining if I was born in the
| 1930's, WW1 and 2 were fairly well justified. However
| what are the current wars even still about? WMD? No, that
| was a fabrication. Bin Laden? He's long dead. Oil? With
| fracking, the US has the largest oil reserves on the
| planet. ISIS? Essentially gone, not much of a threat to
| US citizens in any case. There was no reason for these
| wars, there is certainly no reason to let them continue.
| jessaustin wrote:
| Of course you're right about all the stupid wars fought
| in my parents' lifetimes. It's also true that by the time
| WWII broke out, it was too late for USA to avoid it, so
| in a sense it was "justified". I don't find USA's actions
| in WWI to have been either justified or beneficial to
| humanity.
|
| Wilson ran for reelection promising not to enter WWI.
| Upon winning, he immediately broke that promise. When USA
| entered the war, it had already ground to a stalemate
| after three years of carnage. The various warring parties
| had been open to a negotiated peace. As soon as American
| lives were on the line, France, Britain, and Italy
| discovered a determination to see the war to its bitter
| end, which took another 1.5 brutal years and millions
| more human lives.
|
| Wilson claimed to prefer reconciliation to punishment of
| Germany, and initially during peace negotiations he
| reined in the worst French and British excesses. Then he
| got Spanish Flu, suffered severe mental decline, and
| functioned as a doormat for the remaining "negotiations".
| The French and British somehow concocted such draconian
| penalties that they created brutal fascist dictatorships
| not only in their enemy Germany but also in their ally
| Italy. Hitler's and Mussolini's empowerment, not to
| mention the transfer of Germany's Chinese colony to
| Japan, guaranteed a conflict like WWII.
|
| https://www.history.com/news/woodrow-
| wilson-1918-pandemic-wo...
| stjohnswarts wrote:
| Almost nothing after WW2 was a reasonable war to be in.
| Not vietnam, probably not Korea, not Afghans, not Iraq,
| although I think the limited war in Gulf War 1 was fairly
| well reasoned.
| lostlogin wrote:
| It's striking just how short those two wars were when you
| compare them to others, before and after.
| dnautics wrote:
| To be fair the fracking thing is a last 5 years thing,
| until about 2-3 years ago the all in cost of fracking
| wasn't competitive with saudi arabia/iraq.
| narwally wrote:
| It's nearly always about natural resources, just because
| the US has the largest oil reserves doesn't mean it's
| going to stop there. And the wars you mentioned are just
| the boots on the ground (or drones in the air) conflicts.
| Were still backing coups in Latin America (Honduras,
| Venezuela, Bolivia) so US friendly governments are put
| into place that will allow American companies to extract
| their resources.
| anoraca wrote:
| About the development of, distribution of, and continued
| stability of access to natural resources... which
| benefits everyone.
| nyolfen wrote:
| which natural resources were we getting out of
| afghanistan
| withinboredom wrote:
| Pomegranate. After burning the poppy fields.
| jessaustin wrote:
| Oh I love that fruit. In that case, bombs away!
| JasonFruit wrote:
| Don't look too closely at how we got into World Wars 1
| and 2, if you want to maintain that opinion.
| narwally wrote:
| Roosevelt won in 1940 in large part because he was
| running against an interventionist that wanted to join
| the war alongside the allies, but the US population was
| either largely against any intervention, or was outwardly
| pro-Nazi[0]. If it wasn't for Japan forcing our hand, the
| US would have been perfectly happy profiting from
| supplying other countries' war efforts, and building up
| their military while the rest of the world was destroying
| their own; All while turning a blind eye to the
| atrocities occurring in Europe and Asia.
|
| [0]: https://en.wikipedia.org/wiki/1939_Nazi_rally_at_Mad
| ison_Squ...
| dataflow wrote:
| I'm actually curious precisely what CIA justification
| you're referring to. What I'm aware of are [1] and [2].
|
| [1]
| https://www.washingtonpost.com/politics/2019/03/22/iraq-
| war-...
|
| [2] https://www.washingtonpost.com/archive/opinions/2003/
| 11/28/m...
| willcipriano wrote:
| https://en.m.wikipedia.org/wiki/Niger_uranium_forgeries
|
| Folks inside the CIA knew that the yellow cake uranium
| was a lie and at best, did not make any of this knowledge
| public as the justification for war was coming together.
| That silence resulted in the loss of at least one hundred
| and fifty thousand human beings needlessly and a war that
| has lasted decades.
| dataflow wrote:
| Huh, you went from
|
| > I have witnessed the CIA justify those wars
|
| to
|
| > the CIA knew that the yellow cake uranium was a lie and
| at best, did not make any of this knowledge public
|
| ?
|
| Isn't that a bit of a... large jump?
|
| Also, do/should intelligence agencies generally come out
| and make public announcements of intelligence at all? I
| mean, maybe you can argue they should do that (for the
| public good), but unless they already do this in similar
| situations (or are normally instructed to), to show they
| actually acted in _bad faith_ is going to need a lot more
| than arguing they didn 't explicitly go out of their way
| to do so.
|
| Btw, here's what I'm reading they apparently reported:
| https://fas.org/irp/cia/product/iraq-wmd.html
|
| > Moderate Confidence: Iraq does _not_ yet have a nuclear
| weapon or sufficient material to make one but is likely
| to have a weapon by 2007 to 2009. (See INR alternative
| view, page 84).
|
| > We cannot confirm whether Iraq succeeded in acquiring
| uranium ore and/or yellowcake from these sources. [...]
| Intelligence information on whether nuclear-related
| phosphate mining and/or processing has been reestablished
| is inconclusive, however.
|
| (To be clear: none of this is to suggest I'm a fan of the
| entities involved...)
| willcipriano wrote:
| On the "I have witnessed the CIA justify those wars"
| comment we have started what 4 wars since Iraq? Every
| drone strike is justified with intelligence. I can find
| some YouTube clips later of CIA directors justifying war
| in Iraq, Afghanistan and Syria if you don't believe me.
|
| > Also, do/should intelligence agencies generally come
| out and make public announcements of intelligence at all?
|
| They did so pretty frequently during the Trump
| administration. Whistleblowers spoke up when someone came
| in claiming to want to end the war on terror, they didn't
| feel the need to do so in 2001 when that war was getting
| started.
| fit2rule wrote:
| >Every drone strike is justified with intelligence.
|
| No.
| dnautics wrote:
| Not defending the cia, but the yellow cake thing was not
| a lie of commission (arguably a lie of omission): it was
| very much true in the strictest senses - hussein did have
| yellow cake and we did not know for sure where it was and
| he blocked inspectors that he was supposed to let in. but
| utterly overblown and misrepresented: yellow cake is not
| that dangerous by itself, hussein had stopped trying to
| enrich it - and we probably knew that - and it turned out
| to be exactly where it was last known to be to be under
| the UN inspections regime.
|
| As they say, technically correct, the best kind of
| correct.
| [deleted]
| mandmandam wrote:
| >That silence resulted in the loss of at least one
| hundred and fifty thousand human beings needlessly
|
| Just gonna point out that non-Americans are human beings
| as well, and _millions_ have died - directly as a result
| of this silence.
|
| The fact that Biden played a key part in enforcing this
| silence at various stages is particularly galling, and
| it's beyond fucked-up that he isn't held to account for
| it.
| monocasa wrote:
| The NIE that the CIA wrote up was declassified. It makes
| it very clear that they believe with "high confidence" (a
| very specific term in intelligence which means "we're
| pretty damn sure, normally enough to start a war over")
| that Iraq was continuing to make active progress on their
| nuclear weapons program and delivery systems in contrast
| to their UN sanctions.
|
| There's been a bunch of opinions since then that they
| were actually just misrepresented, but their own words
| from 2002 speak for themselves, IMO.
|
| https://www.scribd.com/doc/259216899/Iraq-
| October-2002-NIE-o...
| dataflow wrote:
| Ah! It took me a while to get what's going on (I didn't
| know what INR was!), but I think I finally see what
| you're saying. I assume you're talking about page 9 [1].
| For anyone else interested, here are the relevant quotes
| I can find:
|
| > Iraq is continuing. and in some areas expanding, its
| chemical, biological, nuclear and missile programs
| contrary to UN resolutions.
|
| > If left unchecked, [Iraq] probably will have a nuclear
| weapon during this decade. (See INR alternative view at
| the end of these Key Judgments.)
|
| > [State/INR Alternative View] The activities we have
| detected do not, however, add up to a compelling case
| that Iraq is currently pursuing what INR would consider
| to be an integrated and comprehensive approach to acquire
| nuclear weapons. Iraq may be doing so, but INR considers
| the available evidence inadequate to support such a
| judgment.
|
| So basically the CIA is saying:
|
| - The INR (separate agency) doesn't believe this is
| enough to start a war over.
|
| - The other agencies (presumably including CIA) do.
|
| However, their justifications in the bullet points seem
| to rely on a fair bit of speculation about motivations
| behind things, not as much actual concrete evidence as
| you'd hope. Whereas the INR evaluated the same evidence
| and said they aren't confident enough in this yet.
|
| OK, so I'm with you here so far. Now the question to me
| is: did the CIA really lie here, or did they (and other
| agencies) really fail at their job? If it was a lie, are
| we using that to mean a falsehood, or does it refer to
| omission of critical information that they were
| reasonably confident about? On the face of it, it looks
| like they really just failed spectacularly, not that
| there was malice per se, but I don't have more details.
| (Though I guess that means we should listen more to the
| INR in the future?)
|
| [1] https://nsarchive2.gwu.edu/NSAEBB/NSAEBB129/nie.pdf#p
| age=13
| chiefalchemist wrote:
| Intelligence is as much about focusin and finding as it is
| about distraction and deception.
|
| There's absolutely no morals or ethics at the means level.
| That's not a judgement. The fact is, the driver is the
| ends. Meet the objective by (nearly) any means necessary.
|
| The CIA, NSA, etc. will - and have - say pretty much
| anything. That's their job. But why people liken them to
| some holy higher power is beyond me. Maybe it's a result of
| the IC's own disinformation? Ironic but fitting.
| djbebs wrote:
| I mean, given the amount of malware made by the CIA and NSA,
| is it really a stretch that this is just one more?
| RedComet wrote:
| Its probably because the US government is the single greatest
| force for evil in the world right now.
| president wrote:
| This falls under nationalistic flamebait according to HN's
| guidelines.
| viro wrote:
| Yea .... not if you ask a gay person in Russia.
| Hammershaft wrote:
| I think this strays from the original topic but why do you
| believe that? What makes you think the US is more evil then
| say, North Korea, China, or Russia?
| dcsommer wrote:
| This kind of hyperbole is neither instructive nor accurate.
| What is the intended purpose of this comment?
| RedComet wrote:
| It is accurate and not hyperbole. But the point is to
| help that poster understand why someone would not
| question the claim.
| seppin wrote:
| "I am the greatest cook in the world" is hyperbole, even
| if you believe it to be true. Please google the basic
| definitions of words before you use them.
| reedjosh wrote:
| I'm sure the intended purpose is to vent frustrations,
| but maybe also to make aware those who've turned their
| eye from the US's terrible tyrannical and oppressive
| nature at home and abroad in favor of tribal political
| trivialities.
|
| It's not an incorrect statement either. I'd put the US up
| there with China, Russia, Big Tech, and the UN for forces
| of evil in the world right now.
| kube-system wrote:
| What does "force of evil" mean anyway? It seems like a
| subjective measurement based entirely on tribalism as a
| foundation.
| reedjosh wrote:
| > What does "force of evil" mean anyway?
|
| Yes, subjective. But here's my belief and how I believe
| it applies.
|
| I believe evil is the abandonment of reason in any way.
| Instigation of force or coercion is an un-reason-able act
| no matter whether done by an individual or group of
| people.
|
| Currently the US is engaged in numerous instigative
| forceful and coercive acts.
|
| Further, much of what the US does would not be possible
| without people abandoning their own reasoning for the
| fallacy of authority. Here I do not mean appealing to
| authority, but instead `following orders` without
| consideration to one's own responsibility to also not
| instigate force/violence/coercion.
|
| We could go down the path listing instigative acts of the
| US, but I believe most reasonable people know that the US
| is engaged in a number of these acts and would prefer it
| wasn't.
| kube-system wrote:
| The people who define it differently than you also use
| reason -- just a different line of reasoning. This is the
| entire issue with the phrase to begin with, there's no
| universal definition of what it means. It assumes a
| shared value system.
|
| Almost everyone who fights anyone else believes that they
| are right and has a reason for it.
| reedjosh wrote:
| > This is the entire issue with the phrase to begin with,
| there's no universal definition of what it means. It
| assumes a shared value system.
|
| True it's not precise language and maybe could have been
| better, but I think that would require a much larger
| post. Still I agree with it based on my value system.
|
| > Almost everyone who fights anyone else believes that
| they are right and has a reason for it.
|
| Sure, but at least my value system will have me not only
| not instigating a fight, but actively avoiding people
| that do.
|
| For clarity, I _never_ attempt to avoid a well reasoned
| argument. You've made good points, and I thank you for
| doing so. :)
| Godel_unicode wrote:
| > actively avoiding people that do
|
| So, Vichy France? This is the type of stance that only
| makes sense in a world with no evil in it; do you believe
| that the US was wrong to fight the Nazis in the 1940s,
| for instance?
| reedjosh wrote:
| >So, Vichy France?
|
| Vichy France was an ally of Nazi Germany that was
| betrayed.
|
| >do you believe that the US was wrong to fight the Nazis
| in the 1940s
|
| I did not say we should never fight, just not instigate.
| If not questioning the official narrative, it takes
| little effort to see that the US entered into WW2
| defensively.
|
| > On December 8, 1941, the United States Congress
| declared war (Pub.L. 77-328, 55 Stat. 795) on the Empire
| of Japan in response to that country's surprise attack on
| Pearl Harbor the prior day.
|
| https://en.wikipedia.org/wiki/United_States_declaration_o
| f_w...
|
| On 11 December 1941, four days after the Japanese attack
| on Pearl Harbor and the United States declaration of war
| against the Japanese Empire, Nazi Germany declared war
| against the United States,
|
| https://en.wikipedia.org/wiki/German_declaration_of_war_a
| gai...
|
| Admittedly I don't believe the official narrative, and I
| also advocate for intellectual self defense.
|
| For example, the US entered into WW1 after instigating
| the sinking of the lusitania.
|
| > whether or not the passenger ship Lusitania was
| carrying munitions and therefore a legitimate target when
| it was sunk by a German submarine in May 1915 - has been
| solved in the affirmative by newly released government
| papers.
|
| https://www.theguardian.com/commentisfree/2014/may/01/lus
| ita...
|
| Reason and intellect are the solution.
|
| Not rar-rar we did the right thing in preemptively
| striking against `evil`.
|
| I didn't want the US to enter Iraq to take out terrorists
| (that were never proven associated to Sadam), I didn't
| want the US to enter Libya to overthrow a ruler that
| wouldn't obey world trade systems rules, I didn't want
| the US to intervene in the Syrian civil war, and I don't
| want the US doing regime change in Belarus right now.
| https://congressionaldish.com/cd229-target-belarus/
| aero-glide2 wrote:
| Yeah, and CNN saying Chinese or Russian hackers always
| cyberlurker wrote:
| Even if you think CNN is bad it still might be true.
| jessaustin wrote:
| Truly, a level of excellence to which all "news"
| organizations should aspire.
|
| "CNN" is a recursive acronym, modeled after "GNU".
| [deleted]
| tsimionescu wrote:
| There's a difference between Microsoft or Google or Symantec
| coming out and saying 'this was NK malware' and the CIA or
| NSA or FBI saying 'this was NK malware' - people would be
| more inclined to believe the former rather then the later,
| even though we would still have to imagine that it's possible
| they are saying this because of CIA/FBI/NSA influence.
|
| Likewise, Kaspersky is more believable than if the FSB came
| out with this story, even if we must be cautious that it
| could be an FSB story.
| acruns wrote:
| we should consider the source and timing for sure.
| wait_a_minute wrote:
| Because the entire goal is to promote skepticism about the
| USA while remaining as mum as possible on Russia and China.
| In the case of Russia, it's not a secret that they try to
| disrupt and divide the states via internal conflicts so they
| can take over if we decline because of it. Here is just one
| example:
|
| https://www.wsj.com/articles/russian-backed-facebook-
| account...
|
| We also know that hundreds of thousands of foreign-sponsored
| accounts on Twitter, Reddit, Facebook, etc, have been banned
| over the years. (Please fact check by googling!)
| Lammy wrote:
| Meanwhile all you people stoking nationalist fervor keep
| the global population of generally-well-meaning humans
| divided and hating each other instead of uniting into a
| whole that demands a better life for everyone. Please stop.
| stjohnswarts wrote:
| It's pretty easy to spot Russian/Chinese trolls on
| facebook. I've seen tons of it on conservative news feeds.
| Just find a ridiculous statement and trace back to the
| source. Usually they have public facing feeds to maximize
| propaganda and it's so blatantly obvious it usually makes
| me giggle.
| freeflight wrote:
| _> Here is just one example:_
|
| Here's an example that in major parts contributed to a
| civil war going on to this day: The existence of a US
| military operation that manipulates social media trough
| sock-puppet accounts [0] was revealed around the same time
| Syrians were riled up to regime change trough.. social
| media [1].
|
| Said social media presence kept announcing "Days of Rage"
| protests in Syria which initially no Syrian even showed up
| to.
|
| These operations predate anything noteworthy Russia did on
| the same front, as most of that only started in the wake of
| the Ukraine revolution, which also saw plenty of blatant US
| interference [2]. Back then Russia was diplomatically
| _very_ vocal about how unprecedented the foreign
| interference in Ukraine was.
|
| What followed was St. Petersburg troll farms heavily
| targeting the US.
|
| _> We also know that hundreds of thousands of foreign-
| sponsored accounts on Twitter, Reddit, Facebook, etc, have
| been banned over the years. (Please fact check by
| googling!)_
|
| How many domestic sponsored accounts have been banned?
| _Zero_ , which means that on US based social media these
| kind of outfits are fighting with a heavy home game
| advantage [3], yet in most of these places that never comes
| up, it's always "Look out for the Russian/Chinese
| propagandist!", just like you are doing here. Which usually
| ends up targeting skeptical people not wholeheartedly
| endorsing the "Good vs Evil" narrative and not any actual
| propagandists.
|
| [0] http://www.theguardian.com/technology/2011/mar/17/us-
| spy-ope...
|
| [1] https://www.france24.com/en/20110203-syria-democracy-
| protest...
|
| [2] https://www.theguardian.com/world/2013/dec/15/john-
| mccain-uk...
|
| [3] https://www.reddit.com/r/Blackout2015/comments/4ylml3/r
| eddit...
| ClumsyPilot wrote:
| Eh, we are at a apoint where every self respecting
| political party has thousands of fake twitter accounts.
| at-fates-hands wrote:
| Likewise, Kaspersky always seems to ferret out CIA activities
| quite frequently; but never seems to get the same kind of
| discoveries on his own countries hacking exploits and
| activities.
| throwawayfff wrote:
| The last round of skeptics were skeptical of Russian hacking,
| and were shouted down for asking for more evidence then
| "experts agreed". They're either still around lurking or have
| just moved on. No one wants to post just to get down voted or
| shadow banned.
| germinalphrase wrote:
| Hopefully - we never find out the extent of our (and their)
| capabilities.
| canada_dry wrote:
| > determine all this from some binary
|
| Reminiscent of how cipher decoders knew their German operators
| well enough that it assisted in the decipher process.
| dilyevsky wrote:
| I'd say it's likely they were instructed to sit on it until the
| time is right
| sturza wrote:
| Did you take occam's razor into account? Why is this likely?
| dilyevsky wrote:
| The timing is very sus given recent and ongoing spy mania
| in eastern europe (if you've been following)
| smolder wrote:
| Occam's razor hardly ever applies to stuff like this (news
| in the intelligence space) because deception is the whole
| game. A tendency to believe simpler explanations is
| something they exploit.
|
| I think Occam's razor is often misapplied in this way. It's
| for explaining natural phenomena, not for surmising the
| intent of an intelligent entity with an incentive to
| deceive.
| [deleted]
| sitzkrieg wrote:
| and to think thats because they seemingly randomly decided to
| go back and re analyze this older stuff
| bredren wrote:
| >seemingly randomly decided
| craig131 wrote:
| Using inductive reasoning, they're probably still deploying
| first-stage malware en mass that activates under certain
| network conditions. Truly scary stuff.
| Dolores12 wrote:
| Now compare it to how fast US intelligence analysts are. They
| may conclude who is behind attack in a matter of days. (For
| example, recent solarwinds attack)
| auiya wrote:
| Correct, different campaign signatures can make attribution
| happen quickly, or slowly. Just depends what data the analyst
| has to work with.
| nzmsv wrote:
| Conclusion prefetching is awesome, isn't it?
| Wassimo wrote:
| CIA, NSA, FBI, what else is new? Our society is doomed.
___________________________________________________________________
(page generated 2021-04-28 23:00 UTC)