[TriLUG] NSA hunting and hacking sysadmins

Aaron Joyner aaron at joyner.ws
Fri Mar 21 11:35:01 EDT 2014


I don't wish to minimize the very real concern that our government should
not be hacking our computers, but I'm going to leave that aside for a
moment.

Anyone who's responsible for maintaining the security of other people's
data should take a moment to reflect on the insight provided by these
revelations.  They provide a small peek into the mind of a nation-state
information security actor, and how they view their mission of acquiring
intelligence.  As John alluded to, surely, the representatives of China or
Russia (or ... a long list of countries) are not bound by any laws or
conventions from compromising your accounts, computers you may run, or even
your wall outlets if they can.  You are merely a means to an end in a long
chain of persistent compromise, necessary to gather intelligence on someone
deemed "bad".

Thus, anyone who works as a Systems Admin, a Network Engineer, a Release
Engineer for a company who builds binary releases of software used by
others, probably north of 50% of the people on this list... you should be
aware that the resources of *large* foreign governments will be brought to
bear directly on your personal computing infrastructure, habits, and data.
 That might sound a bit tin-foil-hat when you first thing about it, but
take off the tin-foil and put on a black hat.  Remember that if your goal
is to read the email of a "bad guy" in <insert your favorite foreign
national villain here>, attempting to guess his password is probably hard.
 Attempting to attack his email service directly is probably also hard.
 Walking the chain of trust of employees of that company until you find a
weak link is likely to be a pretty trivial exercise.  It also vastly
expands the list of potential targets who you can compromise from "the bad
guy" to "all the other people with semi-legitimate access to his inbox", or
even one step removed from those.  Nation-state actors are looking for a
toe hold they can build a persistent compromise on.  Try to avoid being
'that guy'.  :)

Aaron S. Joyner


On Fri, Mar 21, 2014 at 10:45 AM, John Vaughters <jvaughters04 at yahoo.com>wrote:

> Random Thoughts!
>
> I think I have said this before, but if technology exists it will be used.
> I am more worried about being pwned by Iran, China or Russia. I am not
> excusing the NSA, but we just have to live in reality.
>
>
> The only way to not be pwned if you are targeted is to be completely on
> private networks and that is nearly impossible and even if you owned all
> the fiber and equipment to run the fiber, you would still have to deal with
> someone tapping your fiber. Only organizations at the level of Google have
> a chance to fend off the NSA and they are more likely to cooperate with the
> NSA.
>
> If you truly are that concerned about privacy, go completely off grid with
> no internet, no smart phone, or for the truly concerned, not even a
> landline. Use antenna TV because that smart TV will sell you out too. I
> guess the only fear then would be will you become an investigated target
> becasue you are not on-grid. `,~)
>
> John Vaughters
> --
> This message was sent to: Aaron S. Joyner <aaron at joyner.ws>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/aaron%40joyner.ws
> Welcome to TriLUG: http://trilug.org/welcome
>


More information about the TriLUG mailing list