Hacker Tool Author Sentenced to 3 Years

FrgMstr

FrgMstr

Just Plain Mean
Staff member
Joined
May 18, 1997
Messages
55,601
Crime does pay, just not much when it comes to selling your remote access trojan for $25. What is a bit odd about this "hacking" case is that the man being sentenced is not being prosecuted for using it, but rather simply selling and distributing it.


Taylor Huddleston, 26, of Hot Springs, Arkansas, pleaded guilty on Tuesday to federal charges of aiding and abetting computer intrusions for intentionally selling a remote access tool (RAT), called NanoCore, to hackers.
 
Or Kali. Seriously, what about people who SSH into machines with poor creds? Prosecute the SSH authors?
 
what about hospitals i have supported that dont use https for credit card transactions? lol
 
I think this prosecution lies more with the fact that the tool was supplied to do something nefarious rather than being neglectful in hardening systems. I agree those who create an environment that invites crime should be penalized in some way but the intent behind the action matters.
 
Gigus Fire said:
Did this guy work for the NSA? I guess it's not illegal for them to create hacking tool kits?
Click to expand...
Was just going to post the same thing. If this guy worked for the NSA or CIA then he would have probably gotten a raise or promotion. Instead they will send him to jail and create another jaded criminal who will probably do more damage when he gets out on "good behavior".
 
Gigus Fire said:
Did this guy work for the NSA? I guess it's not illegal for them to create hacking tool kits?
Click to expand...


No, it's not.

They aren't aiding and abetting a crime and if the guys that Taylor Huddleston, 26, of Hot Springs, Arkansas, sold his tool to, had not committed crimes with it, he wouldn't have been accused and convicted either.
 
thebufenator said:
Or Kali. Seriously, what about people who SSH into machines with poor creds? Prosecute the SSH authors?
Click to expand...

Did the SSH authors knowingly and with intent create and market SSH to others for illegal purposes?

Do you fail to understand the difference?
 
lcpiper said:
No, it's not.

They aren't aiding and abetting a crime and if the guys that Taylor Huddleston, 26, of Hot Springs, Arkansas, sold his tool to, had not committed crimes with it, he wouldn't have been accused and convicted either.
Click to expand...
Right. So when the toolkit is leaked and used by every criminal organization, it's not their fault or problem, right? Remember wannacry?
 
SomeoneElse said:
Was just going to post the same thing. If this guy worked for the NSA or CIA then he would have probably gotten a raise or promotion. Instead they will send him to jail and create another jaded criminal who will probably do more damage when he gets out on "good behavior".
Click to expand...


Blame everyone but the guy who did the crime or made money selling his tools for the purpose of criminal activity.
 
Gigus Fire said:
Right. So when the toolkit is leaked and used by every criminal organization, it's not their fault or problem, right? Remember wannacry?
Click to expand...


Oh yes, that malware that decimated the third world and all their out of date operating systems ......... And didn't effect the up-to-date IT world at all, that wannacry?


https://en.wikipedia.org/wiki/WannaCry_ransomware_attack#Affected_organizations

It propagated through EternalBlue, an exploit in older Windows systems released
Click to expand...

According to Kaspersky Lab, the four most affected countries were Russia, Ukraine, India and Taiwan.
Click to expand...

A number of experts highlighted the NSA's non-disclosure of the underlying vulnerability, and their loss of control over the EternalBlue attack tool that exploited it.
Click to expand...

British cybersecurity expert Graham Cluley also sees "some culpability on the part of the U.S. intelligence services". According to him and others "they could have done something ages ago to get this problem fixed, and they didn't do it".
Click to expand...

So why? Why did the NSA not let everyone know about this vulnerability? Well just look at the countries most effected, and understand that the risk to US business and customers was really small because it only effected older Windows OSes and not current ones. That is what they do, they way the gains against the risks. Financial losses from wannacry ranged from;
According to Cyber risk modeling firm Cyence, economic losses from the cyber attack could reach up to $4 billion, with other groups estimating the losses to be in the hundreds of millions.
Click to expand...
And since it was Russia, Ukraine, India, and Taiwan that suffered the most, they are the ones who it cost the most.

Looks like a net gain to me.

Look, the NSA lost EternalBlue and others, they were all mostly designed and used to compromise older versions of Windows because most of our biggest Intel targets still use that old shit. Wouldn't do much good to use a bunch of hacking tools for current operating systems and software that your biggest Intel targets don't use would it?

Wow, so if the NSA is targeting older OSes, maybe they really aren't targeting American Citizens as much as people think, otherwise it would have been hacking tools for current OSes instead that they lost right?

Go fucking figure :cool:
 
Last edited:
lcpiper said:
Oh yes, that malware that decimated the third world and all their out of date operating systems ......... And didn't effect the up-to-date IT world at all, that wannacry?


https://en.wikipedia.org/wiki/WannaCry_ransomware_attack#Affected_organizations









So why? Why did the NSA not let everyone know about this vulnerability? Well just look at the countries most effected, and understand that the risk to US business and customers was really small because it only effected older Windows OSes and not current ones. That is what they do, they way the gains against the risks. Financial losses from wannacry ranged from;

And since it was Russia, Ukraine, India, and Taiwan that suffered the most, they are the ones who it cost the most.

Looks like a net gain to me.
Click to expand...
I think there are two big thing you're glossing over. Should NSA be in the business of developing viruses and hacking tool kits and should they be lazy when it comes to securing it and making sure they don't lose it?
Let me boil it down another way. Should the NSA be in the business of developing illegal things and doing illegal things?
 
Gigus Fire said:
I think there are two big thing you're glossing over. Should NSA be in the business of developing viruses and hacking tool kits and should they be lazy when it comes to securing it and making sure they don't lose it?
Let me boil it down another way. Should the NSA be in the business of developing illegal things and doing illegal things?
Click to expand...


well yes basically.. the fact is it is a war of sorts .. you don't think the Russians, Chinese , N. Korea ..etc aren't all busy developing such things..of course they are.. in the interest of National Defense we must also have such things..

I guess it is like this if you shoot someone on the street it is murder ... If you shoot the enemy while in the Army during war it isn't ..
 
Gigus Fire said:
I think there are two big thing you're glossing over. Should NSA be in the business of developing viruses and hacking tool kits and should they be lazy when it comes to securing it and making sure they don't lose it?
Let me boil it down another way. Should the NSA be in the business of developing illegal things and doing illegal things?
Click to expand...

The NSA isn't in the business of doing illegal things. Your biggest problem is you don't even get that concept, that what they are doing isn't illegal, that it is their job to do so. Sauce for the goose, is not sauce for the gander.

There are fundamental differences between what a government will not allow of it's citizens, or allow to be done against it's citizens, and what a government will do or allow against it's enemies.

The NSA is part of the Department of Defense, it's purpose is to support the Military and help our decision makers make informed decisions. The NSA is not Law Enforcement, it does not have a Law Enforcement mission, it does not target US Persons except in the most special circumstances, but it can target foreign nationals who are inside the United States or use the services of US businesses and telecoms/ISPs.

It's no more illegal for the NSA to use malware and viruses against foreign intelligence targets then it is for a soldier to kill enemy combatants in wartime, or even shoot a trespasser onto a military base, which happens as well.

If you don't understand these basic facts then where do we go from there. If you think it's wrong then that is your prerogative, I will not challenge you for your beliefs as long as they are based on reality which is what I have just explained to you.

In short, it's not illegal even if you think it should be.


EDIT: I forgot your second question about "should they be lazy when it comes to securing it and making sure they don't lose it?"

There are no guarantees in this world. Can you say that just because the tools were compromised, that it was in fact due to negligence on the part of the organization as opposed to willful deceit on the part of a trusted individual?

As an organization, there is only so much you can do to secure something. It's easier if you don't have to use it, you just lock it up, but it's harder if you actually use the tools regularly. And it gets even harder when someone on your workforce becomes untrustworthy. Loosing something through negligent disregard is one thing, someone going bad and "stealing" your tools, that's much harder to guard against.

If the person who stole the tools did things that should have given others a reason to suspect them, and no one raised the flag, then the organization has a problem. If the person gave no warnings, what can you do, these things happen. If the organization had good secure policies that weren't enforced that's another form of negligence and it's probably still the fault of an individual, not the organization, but if the organizations operating procedures and policies are weak, then that would be the NSA'a fault.

Do you have specific details, know of reports, that shed light on just what happened so that you know which of these is the case? I don't although I think there was a report that maybe it was a contractor who sold the tools on the dark web. But I don't remember for sure, and I sure can't be sure that the source is good. If you know of a solid source reporting about it please share.
 
Last edited:
lcpiper said:
The NSA isn't in the business of doing illegal things. Your biggest problem is you don't even get that concept, that what they are doing isn't illegal, that it is their job to do so. Sauce for the goose, is not sauce for the gander.

There are fundamental differences between what a government will not allow of it's citizens, or allow to be done against it's citizens, and what a government will do or allow against it's enemies.

The NSA is part of the Department of Defense, it's purpose is to support the Military and help our decision makers make informed decisions. The NSA is not Law Enforcement, it does not have a Law Enforcement mission, it does not target US Persons except in the most special circumstances, but it can target foreign nationals who are inside the United States or use the services of US businesses and telecoms/ISPs.

It's no more illegal for the NSA to use malware and viruses against foreign intelligence targets then it is for a soldier to kill enemy combatants in wartime, or even shoot a trespasser onto a military base, which happens as well.

If you don't understand these basic facts then where do we go from there. If you think it's wrong then that is your prerogative, I will not challenge you for your beliefs as long as they are based on reality which is what I have just explained to you.

In short, it's not illegal even if you think it should be.
Click to expand...
I guess i just relate developing hacking toolkits with developing nuclear weapons. They both can be claimed to be created in national defense reasons. I'm fairly sure if someone lost a nuclear weapon or allowed civilians direct access to it and walk away with it heads would roll. When i see the NSA developing these tools, allowing contractors to get direct access to them and steal them or lose laptops with it installed on them to see them used as malware later on, i get confused why they're never held accountable for it.

My bad.
 
Gigus Fire said:
Did this guy work for the NSA? I guess it's not illegal for them to create hacking tool kits?
Click to expand...

Actually it is not illegal for anyone to create hacking tools. It is illegal to sell or distribute them for nefarious means. There are tons of hacking tool kits out there that are free for use. And there are kits out there that are even for sale legally. The difference is on the marketing and use of the tool.
 
Gigus Fire said:
I guess i just relate developing hacking toolkits with developing nuclear weapons. They both can be claimed to be created in national defense reasons. I'm fairly sure if someone lost a nuclear weapon or allowed civilians direct access to it and walk away with it heads would roll. When i see the NSA developing these tools, allowing contractors to get direct access to them and steal them or lose laptops with it installed on them to see them used as malware later on, i get confused why they're never held accountable for it.

My bad.
Click to expand...

To be clear your choice of words "allow contractors to get direct access to them" is too broad. Generally speaking contractors are the ones developing the tools in the first place. And as for being held accountable, they are held accountable. Just because you don't know or see the punishment or changes in policy does not mean it is not happening.
 
Gigus Fire said:
I guess i just relate developing hacking toolkits with developing nuclear weapons. They both can be claimed to be created in national defense reasons. I'm fairly sure if someone lost a nuclear weapon or allowed civilians direct access to it and walk away with it heads would roll. When i see the NSA developing these tools, allowing contractors to get direct access to them and steal them or lose laptops with it installed on them to see them used as malware later on, i get confused why they're never held accountable for it.

My bad.
Click to expand...


Well, today, I'm promoting you to Director of the NSA, they call you DIRNSA for short so today, you are DIRNSA. It's the big day today and you are being briefed by your department head for operations about how some of our hacking tools got lose and are being sold to the highest bidder on the Dark Web. "how did this happen?" You ask. A contractor who worked for WHFBC (We Hack For Bit Coin) zipped the files up into an archived folder and emailed them to his Grand-Ma's AOL account, we checked and She says She never had an AOL account so the Jedi falsified her identity. Anyway, from his laptop in his basement he posted them for bid on the Dark Web. The files were purchased by the Shadow Brokers before we caught up with him.

1st Question for DIRNSA is, "Do we publicly try Mr Jedi Master and tell the whole world that those really were our hacking tools?"

2nd Question, "Do we even acknowledge this happened at all?"

3rd Question, "Did he get the secret trojan as part of the package, the one we hoped the Chinese hacking Unit try to use?"

In short, this stuff is still all secret even though we all think we know everything about it. Things like this, the NSA isn't likely to admit, and probably won't host a public display over, and furthermore, for all we know, this is exactly what the NSA planned all along. For all we know, the Shadow Brokers not only spread their wannacry malware all over the third world, but they could have spread our best Trojan for us, making themselves responsible while were just incompetent.

The long and short is, we don't know, we probably never will know. If some were of the few in the western world hit by wannacry, I'm sorry.

But Dude, WinXP still? Really?

USIS was cheating on their contract to perform Security Investigations for the US Government. USIS was doing crap background checks pocketing bonus money for completing them ahead of schedule. Two of the people who's investigations were done by USIS were Ed Snowden and the Navy Yard shooter.

Neither of these two people should have passed their investigation but they did. Now I'll admit, the whole idea of offering bonus money for early completion of these background checks was too tempting and a boneheaded thing to put into this type of contract vehicle. Later, USIS lost this contract and they were fined. Not everyone gets away with such things without payback and the government doesn't always trumpet how they choose to get even because they are still wearing the black eye for these things, it didn't remove responsibility. Sometimes they just feel it's better to let things go away.

It's not like they aren't going to fuck something else up next week right?

Oh, and Thank You. You aren't thinking anything that thousands of others aren't and unlike most of them, you didn't start calling me names and attacking me.
 
lcpiper said:
Well, today, I'm promoting you to Director of the NSA, they call you DIRNSA for short so today, you are DIRNSA. It's the big day today and you are being briefed by your department head for operations about how some of our hacking tools got lose and are being sold to the highest bidder on the Dark Web. "how did this happen?" You ask. A contractor who worked for WHFBC (We Hack For Bit Coin) zipped the files up into an archived folder and emailed them to his Grand-Ma's AOL account, we checked and She says She never had an AOL account so the Jedi falsified her identity. Anyway, from his laptop in his basement he posted them for bid on the Dark Web. The files were purchased by the Shadow Brokers before we caught up with him.

1st Question for DIRNSA is, "Do we publicly try Mr Jedi Master and tell the whole world that those really were our hacking tools?"

2nd Question, "Do we even acknowledge this happened at all?"

3rd Question, "Did he get the secret trojan as part of the package, the one we hoped the Chinese hacking Unit try to use?"

In short, this stuff is still all secret even though we all think we know everything about it. Things like this, the NSA isn't likely to admit, and probably won't host a public display over, and furthermore, for all we know, this is exactly what the NSA planned all along. For all we know, the Shadow Brokers not only spread their wannacry malware all over the third world, but they could have spread our best Trojan for us, making themselves responsible while were just incompetent.

The long and short is, we don't know, we probably never will know. If some were of the few in the western world hit by wannacry, I'm sorry.

But Dude, WinXP still? Really?

USIS was cheating on their contract to perform Security Investigations for the US Government. USIS was doing crap background checks pocketing bonus money for completing them ahead of schedule. Two of the people who's investigations were done by USIS were Ed Snowden and the Navy Yard shooter.

Neither of these two people should have passed their investigation but they did. Now I'll admit, the whole idea of offering bonus money for early completion of these background checks was too tempting and a boneheaded thing to put into this type of contract vehicle. Later, USIS lost this contract and they were fined. Not everyone gets away with such things without payback and the government doesn't always trumpet how they choose to get even because they are still wearing the black eye for these things, it didn't remove responsibility. Sometimes they just feel it's better to let things go away.

It's not like they aren't going to fuck something else up next week right?

Oh, and Thank You. You aren't thinking anything that thousands of others aren't and unlike most of them, you didn't start calling me names and attacking me.
Click to expand...
I don't call people names and attack them personally, only their ideas.
If i was director of the NSA i would kill all the developers working for me in secretive ways, then i would resurrect Senator Ted Stevens and put him in charge as well as Al Gore in charge of all future development projects and see how far it can go!

But on a serious note, i would put real penalties (life in prison, etc) for people that lose programs or hardware associated with the NSA. I would also put in remote kill switches on all hardware and encryption on all software that's classified as created for national defense and clearly and securely use them only when needed.
Having these cases come out in the public is already a failure in many aspects for a security organization.
I would monitor all civilian access and limit them and search them as they come in and out of work. I would try and get military officials who are trained to develop these applications while also hiring people who can develop these programs. Basically use this guy (as long as he had more skill than a script kiddie) and draft them into a program in exchange for no prison sentence and pay them well. Honestly some of the hackers in the past did amazing things and had great ideas, but they lacked money so they turned to do stupid things (get rich quick schemes) instead of develop a career out of it.
I know a lot of ideas are developed in a lab in some university, so i would try to entice people to come work for the government with lucrative offers, but they would have to be under military command. Kinda like the airforce does with the cyber squad or whatever they're called but without the flunky name.
 
Gigus Fire said:
But on a serious note, i would put real penalties (life in prison, etc) for people that lose programs or hardware associated with the NSA. I would also put in remote kill switches on all hardware and encryption on all software that's classified as created for national defense and clearly and securely use them only when needed.
Click to expand...

What would those "real" penalties be? There are already severe penalties for that sort of thing.

Gigus Fire said:
Having these cases come out in the public is already a failure in many aspects for a security organization.
Click to expand...

Only tangentially. Nothing is 100% secure, which is why there are organizations that specialize in security. Specializing does not make one immune.

Gigus Fire said:
I would monitor all civilian access and limit them and search them as they come in and out of work.
Click to expand...

Define civilian. A civilian is a government employee who is non-military. Do you mean civilian or do you mean contractor? Also this is done as well, depending on the location and work there. Aside from doing strip searches, not sure how this would help. Also not sure what you think the real difference between a direct government employee and a contractor is for these purposes...

Gigus Fire said:
I would try and get military officials who are trained to develop these applications while also hiring people who can develop these programs. Basically use this guy (as long as he had more skill than a script kiddie) and draft them into a program in exchange for no prison sentence and pay them well. Honestly some of the hackers in the past did amazing things and had great ideas, but they lacked money so they turned to do stupid things (get rich quick schemes) instead of develop a career out of it.
Click to expand...

This is also done and has been done for years.

Gigus Fire said:
I know a lot of ideas are developed in a lab in some university, so i would try to entice people to come work for the government with lucrative offers, but they would have to be under military command. Kinda like the airforce does with the cyber squad or whatever they're called but without the flunky name.
Click to expand...

This is also done to some extent. Unfortunately you cannot really offer them lucrative deals because salaries are specifically defined in government work. This is why they have contractors. There are some ways to be able to hire direct government employees for higher rates, but it is a crap ton of paperwork and processes to do it and would take too long to effectively recruit that way. They usually use this process to lure executives from contracting companies.

So basically if you were the Director you would do what is already being done, only less. Cool, good to know.
 
Twinsen said:
He should have a great job waiting on him once he's done his time though.
Click to expand...

Doubtful. The tool isn't that extraordinary as evidenced by the cheap price for it. There are far more powerful tools out there.
 
NoOther said:
What would those "real" penalties be? There are already severe penalties for that sort of thing.
Click to expand...
Kill them, CIA retirement style
NoOther said:
Only tangentially. Nothing is 100% secure, which is why there are organizations that specialize in security. Specializing does not make one immune.
Click to expand...
It's done? Laptops with hacking tools found left and right unsecured and unencrypted. Allowing people to bring in and out usb sticks filled with terabytes of data? Yeah, 100% not secure isn't really defining what went down.
Then there's purposely putting a backdoor into RSA which is really questionable, considering once it was known RSA lost all credibility.

It's just doing stuff that comes back to bite them in the ass time and time again.
NoOther said:
Define civilian. A civilian is a government employee who is non-military. Do you mean civilian or do you mean contractor? Also this is done as well, depending on the location and work there. Aside from doing strip searches, not sure how this would help. Also not sure what you think the real difference between a direct government employee and a contractor is for these purposes...
Click to expand...
anyone not in the military. Anyone who still has rights and can't be court martialed.
NoOther said:
This is also done to some extent. Unfortunately you cannot really offer them lucrative deals because salaries are specifically defined in government work. This is why they have contractors. There are some ways to be able to hire direct government employees for higher rates, but it is a crap ton of paperwork and processes to do it and would take too long to effectively recruit that way. They usually use this process to lure executives from contracting companies.
Click to expand...
Well if it can't be done, might as well just neuter the whole organization and outsource all the tools
NoOther said:
So basically if you were the Director you would do what is already being done, only less. Cool, good to know.
Click to expand...
You're welcome.
 
Gigus Fire said:
Kill them, CIA retirement style
Click to expand...

Unconstitutional.

Gigus Fire said:
It's done? Laptops with hacking tools found left and right unsecured and unencrypted. Allowing people to bring in and out usb sticks filled with terabytes of data? Yeah, 100% not secure isn't really defining what went down.
Then there's purposely putting a backdoor into RSA which is really questionable, considering once it was known RSA lost all credibility.

It's just doing stuff that comes back to bite them in the ass time and time again.
Click to expand...

Yes it is done, they check bags going in and out of secured areas. You typically are not allowed to bring laptops in or out of secured areas. The only laptops allowed are special laptops that have very rigid controls on them and are heavily monitored. Again without doing a strip search, how are you going to be sure someone does not have a USB drive? Not really sure what the backdoor into RSA has to do with it.

Gigus Fire said:
anyone not in the military. Anyone who still has rights and can't be court martialed.
Click to expand...

Civilian is a specific definition in the government though. A contractor is not a civilian, they are a contractor. And I don't know what court martial has to do with it. Civilians and contractors sign the same agreements as military when they are doing the same secure work for the government. Court martial actually isn't anything special, and military is more protected than civilians and contractors in this case.

Gigus Fire said:
Well if it can't be done, might as well just neuter the whole organization and outsource all the tools
Click to expand...

As I said, much of this is already outsourced. Usually they do get bright individuals straight from college, they just don't offer them lucrative deals. They appeal to their ideology and patriotism.
 
NoOther said:
Unconstitutional.
Click to expand...
Only if they find out.
NoOther said:
Yes it is done, they check bags going in and out of secured areas. You typically are not allowed to bring laptops in or out of secured areas. The only laptops allowed are special laptops that have very rigid controls on them and are heavily monitored. Again without doing a strip search, how are you going to be sure someone does not have a USB drive? Not really sure what the backdoor into RSA has to do with it.
Click to expand...
Make them go through back scatter detectors when coming in and out of the facilities.
NoOther said:
Civilian is a specific definition in the government though. A contractor is not a civilian, they are a contractor. And I don't know what court martial has to do with it. Civilians and contractors sign the same agreements as military when they are doing the same secure work for the government. Court martial actually isn't anything special, and military is more protected than civilians and contractors in this case.
Click to expand...
Pretty sure the secretive part of it can be contained in a military court rather than it being plastered on the nightly news.
NoOther said:
As I said, much of this is already outsourced. Usually they do get bright individuals straight from college, they just don't offer them lucrative deals. They appeal to their ideology and patriotism.
Click to expand...
Yeah, that doesn't work in this day and age.
 
Gigus Fire said:
Make them go through back scatter detectors when coming in and out of the facilities.
Click to expand...

The sheer cost of this makes it a non-starter, nor is it infallible. I have actually gone through a few scanners with USB devices before that did not detect them.

Gigus Fire said:
Pretty sure the secretive part of it can be contained in a miitary court rather than it being plastered on the nightly news.
Click to expand...

The secretive part is contained whether it is military or not. What about military court makes it any more secret? There is a long litany of people tried for treason that you have never heard of. And you will likely never hear about them. As I said, there are already severe penalties for breaking rules.

Gigus Fire said:
Yeah, that doesn't work in this day and age.
Click to expand...

Except that it does.
 
I guess I don’t understand still how this is premise for a criminal charge. Correct me if I’m wrong but isn’t this equivalent to charging the devs of metasploit for intrusion? Code is just code until it’s compiled and run. Like I’m writing on a public forum and I can say I’m selling drugs. You can’t charge me for trafficking unless I actually... you know sell drugs.
 
Gigus Fire said:
............................But on a serious note, i would put real penalties (life in prison, etc) for people that lose programs or hardware associated with the NSA. I would also put in remote kill switches on all hardware and encryption on all software that's classified as created for national defense and clearly and securely use them only when needed.............................


I would monitor all civilian access and limit them and search them as they come in and out of work.............................
I know a lot of ideas are developed in a lab in some university, so i would try to entice people to come work for the government with lucrative offers, but they would have to be under military command. Kinda like the airforce does with the cyber squad or whatever they're called but without the flunky name.
Click to expand...

Cool, you'd fit right in because all of these things have or are being done. With one exception, the NSA doesn't get to assign these penalties, they are just laws regarding divulging classified, espionage, treason, etc. But if the NSA catches someone doing something wrong, like Ed Snowden for instance, all they can do is pass on the information to the Department of Justice, it's their job to arrest and prosecute federal crimes, unless the person is an actual soldier on duty, then it's UCMJ, potentially a courts martial which becomes a Felony Conviction if it goes bad for the defendant, and time in a military prison.

I have been searched going to work, and my vehicle is subject to being searched at any time and for no special reason anytime I am driving on post, that's just life working on a military base.

The military is not only offering really nice bonuses for cyber recruits, they are even modifying the physical standards and testing rules because they realize these people just do not need to face the possibility of combat action so they are making it easier to enter and assimilate these slightly different people. They have wizened up, why chase off or eliminate recruits for reasons that have nothing to do with the work you need them to perform.

What this should tell you is that although we are taking all kinds of reasonable security measures, even things that would never fly in the civilian world, there is still very little you can do when someone just decides to go off the reservation except try and recognize people who are behaving oddly before they get too crazy. It's like trying to identify the risk before it actually becomes a threat, easier said than done.

EDITED: So I'm catching up with your discussion with NoOther, the thing is, because the NSA has a world wide mission, not everything is done in nice big secured facilities. Take for instance the teams that were working at shipping facilities, like overseas mail carrier companies. Those guys are under-cover, they aren't working out of a security government building or a SCIF like I do. The same for contractors supporting the military in war zones, the security can get pretty lax in an environment like that. So if you have some contractors who's job is hacking say Iraqi owned and run ISPs that are operating on military bases providing internet services to soldier's barracks rooms, then yes, those guys are going to be running things pretty loose there.

Again, risks versus gain. Another thing, any time you spin up a 10 year war, your going to hire and go through a lot of people, the turnover is going to be high, and when you start drawing down at the end of the war, and letting people go, the risks are going to go up greatly. OH, and there is another thing that happens, let's say a company has a contract to do I/A Security work on a base, all their equipment will be bought and payed for by the government, not owned by the contractor company. If the contract goes away, the contractors usually just pass their equipment and hard drives off to the Military and go home. Now the Military unit that receives the gear might re-purpose it, but they mostly have everything they need anyway so most likely that gear will get thrown into a connex container and locked away until the unit leaves. The gear isn't really part of a unit's issue. Now if you ask around it won't be hard to find stories of units that were leaving and the young soldiers didn't want to go through hassles of turning in ammo, and other sensitive items. Ammo, grenades, weapons, hard drives, etc get found buried in shallow graves, hidden underneath buildings, inside the walls of buildings, in the attics, etc. It's just what 19 and 20 year old kids do when all they want to do is go home. And of course, some things don't get left behind, they get brought home instead, who wouldn't take a hard drive or laptop nobody wants or knows about.
 
Last edited:
lcpiper said:
Cool, you'd fit right in because all of these things have or are being done. With one exception, the NSA doesn't get to assign these penalties, they are just laws regarding divulging classified, espionage, treason, etc. But if the NSA catches someone doing something wrong, like Ed Snowden for instance, all they can do is pass on the information to the Department of Justice, it's their job to arrest and prosecute federal crimes, unless the person is an actual soldier on duty, then it's UCMJ, potentially a courts martial which becomes a Felony Conviction if it goes bad for the defendant, and time in a military prison.

I have been searched going to work, and my vehicle is subject to being searched at any time and for no special reason anytime I am driving on post, that's just life working on a military base.

The military is not only offering really nice bonuses for cyber recruits, they are even modifying the physical standards and testing rules because they realize these people just do not need to face the possibility of combat action so they are making it easier to enter and assimilate these slightly different people. They have wizened up, why chase off or eliminate recruits for reasons that have nothing to do with the work you need them to perform.

What this should tell you is that although we are taking all kinds of reasonable security measures, even things that would never fly in the civilian world, there is still very little you can do when someone just decides to go off the reservation except try and recognize people who are behaving oddly before they get too crazy. It's like trying to identify the risk before it actually becomes a threat, easier said than done.

EDITED: So I'm catching up with your discussion with NoOther, the thing is, because the NSA has a world wide mission, not everything is done in nice big secured facilities. Take for instance the teams that were working at shipping facilities, like overseas mail carrier companies. Those guys are under-cover, they aren't working out of a security government building or a SCIF like I do. The same for contractors supporting the military in war zones, the security can get pretty lax in an environment like that. So if you have some contractors who's job is hacking say Iraqi owned and run ISPs that are operating on military bases providing internet services to soldier's barracks rooms, then yes, those guys are going to be running things pretty loose there.

Again, risks versus gain. Another thing, any time you spin up a 10 year war, your going to hire and go through a lot of people, the turnover is going to be high, and when you start drawing down at the end of the war, and letting people go, the risks are going to go up greatly. OH, and there is another thing that happens, let's say a company has a contract to do I/A Security work on a base, all their equipment will be bought and payed for by the government, not owned by the contractor company. If the contract goes away, the contractors usually just pass their equipment and hard drives off to the Military and go home. Now the Military unit that receives the gear might re-purpose it, but they mostly have everything they need anyway so most likely that gear will get thrown into a connex container and locked away until the unit leaves. The gear isn't really part of a unit's issue. Now if you ask around it won't be hard to find stories of units that were leaving and the young soldiers didn't want to go through hassles of turning in ammo, and other sensitive items. Ammo, grenades, weapons, hard drives, etc get found buried in shallow graves, hidden underneath buildings, inside the walls of buildings, in the attics, etc. It's just what 19 and 20 year old kids do when all they want to do is go home. And of course, some things don't get left behind, they get brought home instead, who wouldn't take a hard drive or laptop nobody wants or knows about.
Click to expand...
See, i'm kinda mixed about the whole snowden thing. On one hand he did steal data from the NSA and release it to the public. On the other hand the info that he stole he did first try to go to the chain of command to show wrongdoing on the parts of the people there and was rebuffed. He did take info that shows wrongdoings on the part of several NSA personnel such as spying on normal citizens (this is definitely illegal), spying on their wives/girlfriends (misuse of authority, illegal, etc), and more activities which are shown to be illegal. At what point is he then justified as a whistle blower (lets talk about what a whistle blower means, not how to qualify for whistle blower protections).
It just seems to be a major problem stemming from no oversight. It's similar to how other organizations are put in positions of power (police for example) with little to no oversight and abuse takes place which is then either hidden or so common place it becomes the norm. That's why no one trusts them anymore.
At what point does creating hacking toolkits, spying on citizens, spying on girlfriends and wives, looking at naked pictures of people separate from their mission of defending the country? I think it's self explanatory in which the malfeasance outweighs the good done. And while a few bad apples don't mean the entire place is rotten, it does sure make the entire place stink.
 
Gigus Fire said:
See, i'm kinda mixed about the whole snowden thing. On one hand he did steal data from the NSA and release it to the public. On the other hand the info that he stole he did first try to go to the chain of command to show wrongdoing on the parts of the people there and was rebuffed. He did take info that shows wrongdoings on the part of several NSA personnel such as spying on normal citizens (this is definitely illegal), spying on their wives/girlfriends (misuse of authority, illegal, etc), and more activities which are shown to be illegal. At what point is he then justified as a whistle blower (lets talk about what a whistle blower means, not how to qualify for whistle blower protections).
It just seems to be a major problem stemming from no oversight. It's similar to how other organizations are put in positions of power (police for example) with little to no oversight and abuse takes place which is then either hidden or so common place it becomes the norm. That's why no one trusts them anymore.
At what point does creating hacking toolkits, spying on citizens, spying on girlfriends and wives, looking at naked pictures of people separate from their mission of defending the country? I think it's self explanatory in which the malfeasance outweighs the good done. And while a few bad apples don't mean the entire place is rotten, it does sure make the entire place stink.
Click to expand...

How do you become a whistle-blower or report something being done wrong, when you were never cleared and approved to work on the program to begin with?

This is a vitally important thing to understand, just like William Binney, Edward Snowden was not ""Read ON" and approved to work on what he was complaining about, which means in order to make a complaint, you are actually admitting that you have been accessing information that you weren't authorized to work with. The stuff I worked with, I wasn't just briefed, they showed me multiple films explaining everything, how what, why, etc. I know without any doubt under what authority I was doing my job, I received training every year on what I could and couldn't do regarding information collected on US Persons, what the limits were, how to report problems or incidents. Even now as a contractor, even though I don't actually work with SIGINT information any more, I still have to go to the Theater every year with thousands of other people and get briefed again on these things. It's because this post is where the Army does most of it's SIGINT training for new people so they just assume that most offices need it, and better to get it and not need it then have someone miss it. You can't know how sick I am of hearing about EO12333 but I get paid, and my customer demands it so.

Classified Information at those levels are compartmented, Sensitive Compartmented Information. In order to be allowed to work within a compartment and have access to the information, you must have three things, the appropriate level of Security Clearance, A Signed NDA, and a "Need to know", meaning your duty is to work with information from that compartment. Part of the Reading On process includes being briefed on what information it is you are going to be working with, how that information is collected, under what authority it is collected, and what safe guards are in place regarding this collection process to protect people's rights when appropriate. If he wasn't read onto the program, then he didn't have these things explained to him and other people who are read on, aren't supposed to discuss these things with people who aren't read on. So how he he supposed to explain how he knows about this stuff when he isn't supposed to know about this stuff. The simple fact that he is complaining about it means he is doing something illegal. And if he had been read on and cleared to work with this information, then he would have known why, what was being done, wasn't illegal.

Now Ed can sit in Russia and tell people all kinds of things and make claims that he went to his superiors and tried to use his proper reporting chain, but exactly how does that make any sense? It's not believable, not even remotely. Nobody that works in this world of classified information would ever believe this was true because things just don't work the way Snowden is trying to make it sound like they work. Only people who are ignorant of these things would ever buy it.
 
Sweet. By the same logic, gun-makers are liable for all murders. Time to prosecute them.
 
doublejack said:
Sweet. By the same logic, gun-makers are liable for all murders. Time to prosecute them.
Click to expand...

And again, if the gun maker designs and markets his guns as murder weapons and someone uses one to commit murder, then you are correct.

The same would be true for baseball bats, if they were designed as murder weapons and marketed to murderers.

That's the logic that you are missing.
 
You must log in or register to reply here.
Back
Top