Crypto Legend Quisquater Targeted - But NSA May Not Be To Blame 57
judgecorp writes "Reports that the NSA and/or Britain's GCHQ deliberately targeted Belgian cryptography professor Jea-Jacques Quisquater may be jumping to conclusions, the professor has said. Investigation of an apparent NSA/GCHQ hack of Belgian ISP Belgacom uncovered evidence that Quisquater's PC had been infected with malware and had data extracted. However the two incidents might be coincidence: similar malware is used by Asian attackers, he said."
Damned if they did, more so if they didn't (Score:4, Insightful)
Now the NSA has shown its willingness to do such things, and then deny even having the ability, they're going to get the finger of blame pointed at them a lot more, regardless of whether they deserve it, and now in a much more credible way.
Re: Damned if they did, more so if they didn't (Score:3, Insightful)
If you lie often enough I can't believe anything you say anymore. That's the way trust works.
Re: (Score:2)
The intel agencies prefer to say nothing, not to lie. Some people won't trust them regardless of what they say anyway. That's the way it works.
It isn't uncommon for the people to call them liars to be lying themselves.
Re: Damned if they did, more so if they didn't (Score:4, Insightful)
Clapper lied to Congress. No ifs, ands or buts about it. That's enough for me. If he'll lie under oath why on earth should we ever expect him to tell the truth?
Re: (Score:1)
He lied during the open session of Congress. My understanding is that during a classified, closed door session with committeee members, the actual truth came out.
Sometimes, you are required by law to lie, even to Congress. That doesn't make it right however.
Re: (Score:3)
> My understanding is that during a classified, closed door session
> with committeee members, the actual truth came out.
How would you know? The members of the Intelligence Committees are clueless/corrupt, and even less reliable sources of information than the intel brass.
> Sometimes, you are required by law to lie, even to Congress
No. Just, no. Clapper has on numerous occasions refused to answer questions in open sessions while providing the information in closed session (to the same Congressmen, n [techdirt.com]
Re: (Score:2)
No. You can say that you can only reveal infromation related to that topic in a closed session. You don't have to lie.
Of course, if you only reveal things in a closed session, people will doubt that you said them. So, perhaps, his intent was to use the testimony in open session to lie to the public, and to the non-cleared members of Congress. He still lied to Congress under oath, and that makes him a criminal. One who remains curiously unprosecuted.
Re: (Score:3, Insightful)
Problem is, when pointing the finger blindly at the NSA, your chance to be right is surprisingly high...
Re: (Score:2)
The most amusing thing I find about it is how we had weekly, almost daily stories about China hacking this, China hacking that, how China was engaging in a cyber war and so on and so forth.
Since the Snowden revelations I don't think I've seen a single story on the issue.
The NSA has caused the US to lose all credibility in complaining about hacking from foreign nations, which doesn't mean it's not happening, but is a result of the fact that anything even China was or still is doing is small fry compared to t
NSA And GCHQ Used Fake LinkedIn And Slashdot Pages (Score:3)
How about this? Edward Snowden Reveals 'Quantum Insert': NSA And GCHQ Used Fake LinkedIn And Slashdot Pages To Install Spyware [ibtimes.com]?!?!
German newspaper Der Spiegel reported that documents leaked by Snowden show that the GCHQ used a method called “quantum insert” to redirect employees of Belgacom, Belgium’s largest telecommunications company, to fake websites that contained spyware. The program targeted higher-level employees that had “good access” to Belgacom’s infrastructure.
Re: (Score:2)
And we still don't have SSL with PFS on /.
Re: (Score:2)
Re: (Score:3)
The prof is simply not jumping to conclusions. Doesn't mean anyone in particular is or is not involved.
Presumably the researchers he contacted know enough to say if this did not look like the NSA job. The quantum insert looks like they don't need hosting in Asia, where these attacks were hosted.
NSA ate not the only people who have heard of LinkedIn, and it is the obvious attack vector for people who use it. It could be fricken anyone, and pointing to one party in particular is just click bait given the fact
TFA doesn't tell much... (Score:2)
TFA doesn't tell much about the setup on the professor machine and network. I couldn't even find which OS he was running...
Re: (Score:2)
"Belgian professor in cryptography hacked"
("This is an English summary of an article published in today's [01/02/2014] edition of Belgian newspaper De Standaard. The article concerns the hacking of the computer of professor Jean-Jacques Quisquater")
Note the German aspect too near the end of the article.
Re:TFA doesn't tell much... (Score:4, Informative)
"He received a fake LinkedIn invite from a non-existent person in the European patent office (Quisquater holds 17 patents).
This dropped a variant of the MiniDuke malware which covertly opens a backdoor onto the infected computer."
and http://www.infosecurity-magazi... [infosecuri...gazine.com]
Re: (Score:3)
Taking parent's post for granted, MiniDuke appears to only target Windows:
http://www.symantec.com/securi... [symantec.com]
Re:TFA doesn't tell much... (Score:4, Insightful)
Re: (Score:2)
WTF? Is it no longer PC to say Chinese hackers? And so now we vilify an entire continent instead?
In other news felching all the rage with GCHQ staff.
I'm not sure of usage in Belgium but in England "Asian" typically refers to Arabs/Persians/Turks/Indians (you know, the rest of the Asian continent). It's unclear if this ambiguity is intentional or not.
Mail said... (Score:1)
Enlarge ur ......linkedin profile size! Click Here!
Malware "was only active when I was out" (Score:2)
Re: (Score:2)
Or simply software that waits a long time for the user to be idle (four or five hours) before it does its thing.
Re: (Score:2)
Or maybe wait 'til the login prompt gets displayed after the computer locked down after a while?
Either way, they are responsible (Score:3)
The NSA is responsible for the hacking of Jean-Jacques Quisquater whether or not they actually did it.
They're the ones who created this ugly labyrinth of snoops and upskirters who obsessively have to possess every atom of extant human dignity by owning their information, they're very meaning.
God, I hope Edward Snowden is only the beginning. I hope that dozens, hundreds, thousands of Edward Snowdens reveal every single detail of every single stinking perverted notion of what a government and corporation is to do until we know exactly what kind of chlamydia medicine the wife of the head of the NSA takes and how often he spits in the shower.
These NSA revelations have left me absolutely disgusted and incensed. They've changed my politics, they've changed my behavior, they've changed my view of my innocent corner of the world.
And worse, for the corporations who thought this was going to bring some great future of control over the metrics of our lives, it's changed my consumption habits. Now, I've become leery of every request for my zip code. My willingness to use a real email address anywhere is just about gone and I'll pay cash just because fuck them.
I don't think the backlash has even started over this Surveillance State. Or rather, I hope it hasn't because if there's not an effective backlash then our only hope is a solar flare that wipes everything with an EMP, and that would mess up my saved games.
Damn you to hell, NSA! and the corporate trojan horse you rode in on.
Re: (Score:3)
The problem I have with the NSA is not just the violation of my (and others') privacy. That's pretty bad but let's face it, that seems to be the direction the world is heading. As our technology matures, we are going to be under observation more and more often, be it from the government, corporations, other organizations (such as religions) or just each other.
As bad as this is, the real issue I have with the NSA is the complete imbalance of power this creates between the people and the government that is no
Re: (Score:2)
That's pretty bad but let's face it, that seems to be the direction the world is heading.
Yeah, so just give up on things like "freedom" and "privacy."
Re: (Score:1)
Re: (Score:2, Insightful)
Thanks a lot. It's bad enough that it's below zero outside and I'm still hungover and haven't gotten over the cold that I caught last week, but now I've got Total Surveillance in the WorkplaceTM to worry about.
And my cat just threw up. I'm going back to bed.
Re: (Score:2)
Presumably my most recent NDA would prevent me from mentioning if I've been reminded of
Re: (Score:2)
/Lex Nokia/
The Wikipedia entry is in Finnish and does not translate well. Is this law still in effect in Finland? People really live like that?
Re: (Score:2)
Where are you comparing to?
Re: (Score:2)
OK, I have to try to work through that Wiki article again. I guess I just don't understand the law at all.
I've got a neighbor who's a recently-arrived Finn, and I'm going to ask for her help. (Plus, she's really good-looking).
Re: (Score:2)
Why bother? Just toss a dead cat over your shoulder, you'll sure as hell hit some kind of privacy invasion the NSA has been responsible for.
Exactly what they wanted (Score:2)
May not be to blame? Well, they very specifically seem to aim for that don't they?
They use injection systems that masquerade as legitimate systems. They use preliminary infections to probe and gauge user sophistication, then they choose their attacks based on threat of detection.
so the attack that most looks like them is one that doesn't look like them. So any intrusion, unless its just lame (like the one Jake Applebaum talked about in his recent talk where it was litterally just using a script to upload s
how this works (Score:3)
You can be pretty much certain that the NSA is trying to get its hands on the private data of anybody relevant to their interests and work: cryptographers, big data scientists, other related fields of computer science. This is simply so that they can make sure that they are ahead of what's out there in the public domain and academia.
And in addition, you can also be certain that any administration is going to be using the NSA and other spy agencies to keep track of potential dissidents, critics, and leakers: economists, social scientists, political opponents, political activists, members of the military, etc. And they are going to use that data to warn the administration of political attacks and silence opponents through leaks of unflattering personal information, as well as selective prosecution of actual wrongdoing.
That's not a question of whether this or any other administration is particularly bad or dishonest, it's simply what happens when you give any organization and any government the kind of power that the NSA has given to recent administrations.
Crypto Legend? (Score:2)
This guy's Wikipedia page [wikipedia.org] basically only mentions that he's famous for being the victim of the alledged attack. So he's been chosen as a target because he is famous for being the target of the same attack? I'd assume a garden variety mass phising attempt is more likely.
Re: (Score:3, Informative)
Re: (Score:3)
Google for ``"Quisquater attack"'', and you should find some of the cryprographic attacks he's known for.
Data was taken (Score:2)
...including the letter N from his first name!
Re: (Score:2)
Whoever it was -- it doesn't help the NSA (Score:1)
fuck the nsa (Score:1)
When are people going to understand: the NSA targets all, at all times. Satellite and space/radar capability monitor all souls regardless. Who the fuck cares if they targeted him one pathetic way or not, when everyone is being monitored regardless in other more invasive and secretive ways?
Total global surveillance method exposed by Dr. Robert Duncan, a DOD/CIA/US DOJ systems architect: http://www.oregonstatehospital... [oregonstatehospital.net]
NSA is 90% air wave and radiation intelligence. 10% lower tech shit.