How many current journalists have the capacity to analyze digital content for payload? Set up secure communications? Storage?
Greenwald doesn’t; he’s being “managed” by his source.
What does that do to journalistic integrity?
Why Greenwald?
He looked sympathetic? How did Snowden come to prioritize sympathy over info security?
To others, Greenwald might have looked ideal: sympathetic to
an NSA whistleblower, unskilled in info security, and residing in South
America.
Who’s interested in info security in South America?
The answer to that question makes Greenwald look like the ideal delivery system…
It’s
the job of journalists to not believe in the “hero myth,” to be
skeptics and to maintain their objectivity.
Did it become too difficult when the subject
matter made them the story?
Personal privacy and freedom of the press are a no-brainer. From the beginning, the public conversation has been consumed with the completely obvious.
PRISM--we already know what it's bad for.
Is it impermissible to ask what it's good for?
Why?
Showing posts with label "social engineering". Show all posts
Showing posts with label "social engineering". Show all posts
Sunday, September 8, 2013
Sunday, September 1, 2013
Could the Constitution be Employed in a Social Engineering Exploit?
Jay Rosen was kind enough to correct my understanding of Snowden's security precautions by providing a link to this recent article: How Laura Poitras Helped Snowden Spill His Secrets
So, it's inaccurate to characterize Greenwald as clueless. At the same time, material has still been transferred, via a journalist, to a realm where data security protocols are not the norm--where a password to the material is written down and carried on person, and where presumably few have the background to inspect the encrypted digital content of drives for more than document files, or to prevent skilled unauthorized access and transfers of material.
No one should misunderstand me to be saying press freedoms and protections, safety of person, or privacy, are of no consequence--they are of the utmost importance to democracy. But, much of the public conversation is one-dimensional, to the extent that it obscures consideration of other threats to democracy that are equally potent and real, and that attend the transfer of digital information.
Peter Maasscites quotes Poitras' fears over the growing threat of the nation-based shadow governments. What frightens me is the absence of the cartels from the discussion--the shadow governments that have even less of their iceberg apparatus showing above water, rapidly expanding powers--extreme liquidity--and certainly access to just as much technological sophistication as any democracy.
They have repeatedly infiltrated global banking, subverted the Secret Service and possibly the ATF, hired returning American soldiers as hitmen and kidnapped digital communications engineers in a quest to create impenetrable communication systems. They could easily be the shadow governments with the most interest in crippling PRISM, acquiring information about NSA methods, accessing their files, and transporting an NSA level engineer into their realm. Is it coincidence, or of utmost concern, that cartel activity formerly based in Colombia has now moved to Ecuador? What about McCain's contention that there is ample evidence that Russia's most powerful organized crime group is deeply intertwined with their government, at the highest levels? When I note the two countries with the most interest in hosting Snowden, I worry--for us and for him.
If the power most integral to the cartels' success is their ability to operate in secret, to create massive "icebergs" with very little showing above water, social engineering would be the most sensible method of acquiring the information they need. As a result, I don't just ask myself about freedom of the press and personal privacy, I also ask whether those values could not be socially engineered so that we, in our altruism, miss a sleight of hand. My questions bother me, but I don't think they're "bad" questions in the era of digital information:
Could the Snowden affair go down as the social engineering feat of the decade? Was the Manning incident a practice run? Are journalism companies and individuals without info security protocols and training vulnerable, in the course of investigative reporting on traditional core Constitutional issues, to also being used as digital information vectors, in the service of organized crime?
We absolutely can't have a war on journalists' lives and our privacy, but we also can't afford not to know what these extremely wealthy, liquid and sophisticated sub rosa governments are doing, either. How do we protect our democracies from both threats?
I want to see that conversation.
So, it's inaccurate to characterize Greenwald as clueless. At the same time, material has still been transferred, via a journalist, to a realm where data security protocols are not the norm--where a password to the material is written down and carried on person, and where presumably few have the background to inspect the encrypted digital content of drives for more than document files, or to prevent skilled unauthorized access and transfers of material.
No one should misunderstand me to be saying press freedoms and protections, safety of person, or privacy, are of no consequence--they are of the utmost importance to democracy. But, much of the public conversation is one-dimensional, to the extent that it obscures consideration of other threats to democracy that are equally potent and real, and that attend the transfer of digital information.
Peter Maass
They have repeatedly infiltrated global banking, subverted the Secret Service and possibly the ATF, hired returning American soldiers as hitmen and kidnapped digital communications engineers in a quest to create impenetrable communication systems. They could easily be the shadow governments with the most interest in crippling PRISM, acquiring information about NSA methods, accessing their files, and transporting an NSA level engineer into their realm. Is it coincidence, or of utmost concern, that cartel activity formerly based in Colombia has now moved to Ecuador? What about McCain's contention that there is ample evidence that Russia's most powerful organized crime group is deeply intertwined with their government, at the highest levels? When I note the two countries with the most interest in hosting Snowden, I worry--for us and for him.
If the power most integral to the cartels' success is their ability to operate in secret, to create massive "icebergs" with very little showing above water, social engineering would be the most sensible method of acquiring the information they need. As a result, I don't just ask myself about freedom of the press and personal privacy, I also ask whether those values could not be socially engineered so that we, in our altruism, miss a sleight of hand. My questions bother me, but I don't think they're "bad" questions in the era of digital information:
Could the Snowden affair go down as the social engineering feat of the decade? Was the Manning incident a practice run? Are journalism companies and individuals without info security protocols and training vulnerable, in the course of investigative reporting on traditional core Constitutional issues, to also being used as digital information vectors, in the service of organized crime?
We absolutely can't have a war on journalists' lives and our privacy, but we also can't afford not to know what these extremely wealthy, liquid and sophisticated sub rosa governments are doing, either. How do we protect our democracies from both threats?
I want to see that conversation.
Saturday, August 31, 2013
I Wrote the Password for International Security Documents on a Piece of Paper
The public discussion of Snowden's leak has been as naive as Greenwald's handling of his digital files. It's criminal.
The paper media companies are so far behind the digital curve, still. Will they ever catch up? Putting digital files on a password protected hard drive or usb drive is not the equivalent of putting paper files into a safe with an alarm.
Do *any* of the major media companies have digital security protocols in place for their journalists? For their organization? If not, then they can't protect their sources and they're putting them at extreme risk. If you're reading this and you're considering becoming a source, I'd think twice about your choice of journalist and media company.
Judging from Greenwald's and the Guardian's data security behavior, they not only can't protect their sources, they also can't be certain that they haven't transmitted a digital payload, in addition to documents, to unintended recipients...anywhere in the world.
The media doesn't seem to see this potential, but governments (such as the one that recently trashed some unsecured hard drives) and criminal groups surely do.
So, let's add some nuance and consider another angle. (If you think my imagination is too wild, just pretend it's a screenplay.)
A hostile nation or crime group easily liberates top secret information from a secure facility by using an upper level mole to cultivate a whistleblower and provide him/her access to info and digital payloads. The discontented whistleblower walks out the door with more than just documents on a company laptop. The mole is untraceable. A counterintelligence tool enters public knowledge, internationally. Methods are revealed. Using algorithms and potent hashtags gleaned from past social media viral events, a team simultaneously and strategically posts the seeds that grow into an unnuanced public frenzy over privacy and hostility to government surveillance, of any kind. The whistleblower is subsequently offered protection by two countries professing concern about human rights, one of which has longstanding government connections to organized crime at the highest levels, the other host to one of the most powerful crime groups in the world. The digital files sit in the possession of a journalist with no clue about data security, and on the unsecured, crackable hard drives of a major media company. Having engineered the transfer of documents from a secure facility to multiple unsecured locations, the files are easily accessed by...
The paper media companies are so far behind the digital curve, still. Will they ever catch up? Putting digital files on a password protected hard drive or usb drive is not the equivalent of putting paper files into a safe with an alarm.
Do *any* of the major media companies have digital security protocols in place for their journalists? For their organization? If not, then they can't protect their sources and they're putting them at extreme risk. If you're reading this and you're considering becoming a source, I'd think twice about your choice of journalist and media company.
Judging from Greenwald's and the Guardian's data security behavior, they not only can't protect their sources, they also can't be certain that they haven't transmitted a digital payload, in addition to documents, to unintended recipients...anywhere in the world.
The media doesn't seem to see this potential, but governments (such as the one that recently trashed some unsecured hard drives) and criminal groups surely do.
So, let's add some nuance and consider another angle. (If you think my imagination is too wild, just pretend it's a screenplay.)
A hostile nation or crime group easily liberates top secret information from a secure facility by using an upper level mole to cultivate a whistleblower and provide him/her access to info and digital payloads. The discontented whistleblower walks out the door with more than just documents on a company laptop. The mole is untraceable. A counterintelligence tool enters public knowledge, internationally. Methods are revealed. Using algorithms and potent hashtags gleaned from past social media viral events, a team simultaneously and strategically posts the seeds that grow into an unnuanced public frenzy over privacy and hostility to government surveillance, of any kind. The whistleblower is subsequently offered protection by two countries professing concern about human rights, one of which has longstanding government connections to organized crime at the highest levels, the other host to one of the most powerful crime groups in the world. The digital files sit in the possession of a journalist with no clue about data security, and on the unsecured, crackable hard drives of a major media company. Having engineered the transfer of documents from a secure facility to multiple unsecured locations, the files are easily accessed by...
Subscribe to:
Posts (Atom)