"GCHQ & NSA IRS FBI MI5 etc I sure will soon be hacked i guess,,, what next?"
You seem to think that someone stealing a pen from a bank lobby is the same thing as someone robbing the vault.
So what if their webservers and unclassified data is hacked? That's why it's unclassified. Defacing a web page is not a threat to national security.
Classified data is a different beast, and should be air-gapped from the Interwebz, making it hopefully physically impossible to steal.
It seems the security services don't like it up them.
I see where you're coming from, I do the same thing when I'm thinking hard. I just keep. Repeating the same thing until a new thing appears. It's worked well for me :)
In all seriousness, it's a mistake to assume that huge, super powerful organizations have their shit together simply because they're huge, super powerful organizations. Yes, it looks worse when people can just waltz into the Federal Reserve system, or when the Department of Energy gets its electricity service interrupted for nonpayment or a space agency can't do standard/metric conversions or see the big direction arrow cast into a part. But other than a bit of extra embarrassment it's not such a big deal.
Maybe that last sentence can be refined. Other than a bit of extra embarrassment it's a universal truth that some Human will fuck it up. Not on purpose, usually, but the 'Three Person Fallibility Constant' (aka Don Jefe's Law of Unstable Resources) is as true in a finger painting class as it is at NASA or the Federal Reserve. That law states:
'In any group of three or more Humans assigned to a task, one of those Humans will always be hungover/drunk/high/hungry/horny/dying/suicidal/hiding from a bookie/have a dead hooker in the trunk of their car/bored/possessed by demons or has recently been abducted by aliens and will make an elementary mistake that jeopardizes the success of the entire group'.
Some people disagree with my approach to things, but I've been running with that law in a professional capacity for many, many years and it has never failed to be validated. Obviously, you want everyone to do the best they can, but if you assume everything is hemmed up and perfect then the best you can hope for is an embarrassing story about you on El Reg or maybe in a trade journal. At worst people can get hurt or killed and that's really bad, obviously. It's also why I never get around anything three or more people are working on.
Mistakes are going to happen. It's how you deal with them that separates Best of Field Professionals from technicians and people in hospitality roles (any role that is only staffed by a Human to make you feel better about tossing your money behind a wall they shoot you for looking behind). When everybody assumes nothing is going to happen they also assume they don't need to at least consider various scenarios and know what resources are available (fire extinguisher, ejection seat, holy water).
Do you know what the first thing you are trained to do in an emergency situation where other Humans are involved? You have to tell someone to call the police & make sure they do it. If you don't do it chances are way better than you'd think nobody else will do it. A few months ago a woman here in DC went into labor on the beltway, she got out of the car and carried on having the baby and people stopped, got out, watched and it wasn't until the news helicopter showed up that people realized there was no police/emergency presence.
I realize a SQL injection vulnerability isn't a woman giving birth, but the principal is exactly the same. All your people have to know what to do when the shit goes bad (ideally their supervisor would keep them up to speed, but I wouldn't want my FederalReserve riding on that). (Event) happens, you get it sorted and roll on. You handle the recovery like a fucking boss and a few months later at the hearings you can look those bastards dead in the eye and say 'Yup. It happened. We fixed it. And now we would like to leave and get back to the jobs we do so well you wouldn't even know this one off event happened if we didn't tell you'. If you're feeling really confident at that point, gesture at the bailiff or the Congressional aide and place a drinks order.
I don't think its sad time for tech at all. People will screw with whatever they can and that's how we all learn. Tech just let's us share the information about what not to do. Imagine how many 'cavemen' had to eat those berries for us to know now that they are deadly poisonous. Count on people creating problems, fix them (the problem) and most importantly, don't lose your cool.
"Three Person Fallibility Constant"
That has always proved to be true, in every group I've been involved in of three persons or fewer.
re: If you're feeling really confident at that point, gesture at the bailiff or the Congressional aide and place a drinks order.
You tell me when you're going to do it and I'll TIVO C-SPAN.
Don Jefe's comment is worrying. I recently retired from a group of 3 people and I don't meet any of his criteria. As I haven't been replaced, this means that one out of 2 of those left is the black gentleman in the arboretum. This scenario must be repeated in many other places: 50% incompetence.
That could explain a lot.
Re: Sigh. @hplasm
I see you've identified the operator safety mechanism in the 'Three Person Fallibility Constant'.
I designed it that way with the assumption that I could occasionally end up as part of a Three Person (or more) group. That let's me invoke the law, and doubles (at least) my chances of getting the blame dumped one of the other two.
Stuck Between two worlds
Apparently in the US he wouldn't be forced to give the encryption keys due to laws on self incrimination. He is not accused of committing any crime in the UK yet could spend 2 years in jail for not handing over the keys anyway. If the UK get the keys for the US, then they can ignore the self incrimination rule.
With GCHQ and the NSA hacking non-terrorist entities and peeking in to the webcams of millions of people, how can they even think about bringing charges and extraditing someone for releasing a few entries from a database?
Re: Stuck Between two worlds
He is accused of committing a crime - that is the 'beauty' of RIPA (as far as the Gov is concerned). Failing to decrypt the files when requested, in iteslf, a crime.
Not like McKinnon
This is not like the McKinnon issues. This guy seems to have gone on a hacking spree full of purpose. He is reported to have not only extracted information from these servers, but to have published same. The further fact that he has refused to release his encryption keys makes him a criminal in the UK as well.
If you go all out to piss off two states, one of which is a known litigant against UK hackers, you have yourself to blame when the size 12's kick down your door.
So, whilst I actively supported Gary McKinnon in his fight against extradition, this one should go to the States should they ask (and they surely will) just as soon as he has served the sentence he will probably get here.
Re: Not like McKinnon
I agree that the case isn't the same but I still think he should be tried in the UK. What he's allegedly done is illegal in the UK and he was in the UK when he allegedly did it.
Re: Not like McKinnon
What he's allegedly done is illegal in the UK and he was in the UK when he allegedly did it.
Hmmm was what he did in the UK illegal? All he did in the UK was type some strings of text into a computer and transmit them across the network. That actual hack happened when those strings arrived at the server(s) in the USA.
The data stream is a similar argument, Receiving information you wouldn't normally have access to isn't a crime in the UK, illegally extracting it from the server in the USA is a crime that happened in the USA.
Re: Not like McKinnon
Unless it is dealing with something just stunningly atrocious, I don't like any country giving up their citizens for prosecution in another country. Fucking with the Federal Governments computers does not qualify. In cases like this it's really shortsighted anyway.
If Federal systems were completely invulnerable how would contractors go about getting overpriced work? Funding for my submersible island fortress is 100% dependent on individual system intruders being able to cause millions and millions in damages. Lots of people also count on these sorts of incidents to get laid. Not everybody has social skills, athletic prowess and a world class education you know. Sometimes a bit of money from a big contract is their only chance at getting laid and cockblocking others just to get an extra star on a security audit is just low man. Really low.
Besides, even if they don't do it intentionally, prosecutors, in any country, dealing with foreigners have a distinct 'We'll show those (slur) why you don't fuck with (government) and use this (appropriate slur - be sure to build off your first one. It gets confusing if you say 'Limey Wetback' or something really weird like that and you'll lose your thunder in the confusion).
That bias is absolutely unavoidable and no 'justice' can ever be served if the justice system has a point to make. Nobody prosecutes for any national level court unless they really, really like proving points and bigging up their country. Just move on and leave aggressive dumbassery to others.
Re: Not like McKinnon
"What he's allegedly done is illegal in the UK and he was in the UK when he allegedly did it.
Hmmm was what he did in the UK illegal? All he did in the UK was type some strings of text into a computer and transmit them across the network. That actual hack happened when those strings arrived at the server(s) in the USA."
This is complete and utter bollocks.
Read up on the Computer Misuse Act and educate yourself about UK law around this, before you get yourself, or someone else, into trouble, by assuming you have any kind of idea what you're talking about.
Re: Hmmm was what he did in the UK illegal?
Well GCHQ are allowed to do the same so we have to conclude that no it isn't. End of story.
Re: Hmmm was what he did in the UK illegal?
You think you have the same legal protection as GCHQ?
RIPA - Just to clarify
Under RIPA you do not have to hand over the encryption keys, but you do have to decrypt the encrypted files/systems (i.e. provide them in clear text or whatever). A subtle difference but an important one (espceially if you use the same keys for other documents/systems not under investigation).
Re: RIPA - Just to clarify
(espceially if you use the same keys for other documents/systems not under investigation).
Cause the police are bound to only investigate the one computer, and leave all the other computers you have access to, and use of alone... aren't they?
To be accused is to be guilty
"Guilty pleas last year  resolved 97% of all federal cases that the Justice Department prosecuted to a conclusion"
Given the extreme lengths of sentences that can be handed down to individuals who force a court into the inconvenience of giving them a fair trial, many people opt to "cop a plea" (and in the process, perjure themselves by swearing they were guilty when they weren't) and get off with a lesser sentence. In many plea bargains, one of the conditions included is that the individual waives any possibilty that they can appeal whatever sentence the beak hands down.
Add to which, it can take years¹ for a person to even come to trial in the USA - during which time they are either in jail or have to raise enormous amounts of bail (and then abide by whatever restrictions are associated with it) and keep paying your lawyers to defend you. None of which is conducive to earning a living or supporting yourself, waiting for your "day in court" to arrive.
No wonder so many people "vehemently oppose" (and with bugger all support from the UK government, looking after its citizens' rights to a fair trial) leaving this country. Once you're in the clutches of the US judicial system, you're as good as slammed up.
 988 days on average in NY. ref: http://www.thenewyorkworld.com/2012/02/27/the-daily-q-how-long-criminal-cas/
Re: To be accused is to be guilty
I think you're glossing over a couple of points:
1 -- Most prosecutors won't go to trial unless they believe that they actually have enough evidence to get a conviction -- they don't want to waste their office's budget and (more importantly, to them) their time on bringing a case to trial that won't enhance their conviction rate and reputation. They may propose a plea deal because they can get the same result for less effort. The vast majority of plea deals come in cases where the accused actually DID do the deed and it works to everyone's advantage to agree to the deal.
2 -- You seem to assume that all of the the delays in going to trial fall on the shoulders of the state. While I don't have numbers, based on what I've seen mentioned in the newspapers in my area (and no, I don't read the local Murdoch-owned tabloid), requests to postpone the start of trials appear to skew more towards the defense than the prosecution. If that is the case then the issue of how long it takes a case to come to trial can be something of a red herring.
Re: To be accused is to be guilty
Seems like glossing over things is going around Mike.
Prosecutors won't generally go to trial unless the judge is sympathetic to the evidence presented. Now, the system was designed with the intent of allowing the social/economic opinions of the judge to be expressed in their rulings. In and of itself, that's actually a good plan. Somebody who doesn't perpetually cause trouble shouldn't get the same punishment as a person the judge has been seeing every few months for the last 25 years. That's cool.
What isn't cool, is that any system designed to reflect the individual opinions of those who oversee the systems operations is that you can game the system if you want it to take you to loftier heights. It's the same reason most people suck at capitalism. People are really, really bad at understanding value.
You assume the DA doesn't want to go to court because he doesn't have good evidence, but the fact of the matter is the evidence is valued differently by everyone involved. The DA doesn't want to take this trial to court because he will be putting his name in for a bench job next cycle and he wants a hardass resume of being hard on drug cases. This judge never rules hard on marijuana cases because he was still smoking pot with his soon to be wife when she got pregnant and his, now adult, daughter smokes grass too.
What you see as valuable, isn't. You think budgets are the issue when no federal court has ever, not one fucking time, been denied funds to prosecute crimes. It's a bottomless well, you can't budget the courts. Jesus. If you think people don't want to screw up their win/loss record because it'll make them look bad, how's it going to sound when you say: 'I'm very sorry lady. I know there is footage from 14 high resolution color video cameras showing him bludgeoning everyone to death with concrete garden statuary then wiping his bloody penis all over your daughters face, but we spent all our money prosecuting foreign computer hackers and pot smokers. Better luck next time'.
That's going to do wonders for your reputation right? Christ man. We now know, unequivocally, that you don't understand how courts work. I'm gong to have to express my doubts regarding your knowledge of statistics as well.
You absolutely cannot, under no circumstances, it is truly impossible, for any system designed by Humans, and dealing with Humans in matters which take into age, desire, intent, social status, outside influence, past history and a zillion other factors to have a 97% ANYTHING. It can't be done. That's just, really, really, really bad use of numbers. You seem to be able to identify grossly weighted conservative commentary, where's your common sense when it comes to a 97% win, by plea, for the prosecutors.
The fucking Pope wasn't 97% back when the Pope was infallible. The all powerful God of the Jews, Christians and Muslims wasn't 97%. There's a whole big section at the front of their books that deals with God saying: 'God damnit. I'm really sorry for the whole drown everybody thing. I was cranky and it seemed like a good idea at the time. I mean, I expected some collateral damage and all. But shit. None of you guys learned to swim? I've seen you guys floating felled trees on the rivers and stacking them to make shelters. I really thought people would see that if you turned the house upside down BAM! Instant boat. I even sent that Noah guy blueprints via Angel Courier all you had to do was do what he was doing. Noah has missed the last 13,000 days of work because he's a drunk, but guess who isn't dead and is still drunk. Yup. Noah. First thing he does after walking around in animal shit for over a month was get to work on a new vineyard. First thing. Anyway. I fucked up. Next time I'll use fire. Sorry. Have a rainbow.'
Yeah. Remember that part? Yup. That was the all powerful God of several big religions saying he fucked up. No matter what you believe about religion, the fact God is saying oops, is absolute proof you can't have 97% of anything. If they made up the God stories why put in such a big glaring hole in the 'all powerful, all seeing, all knowing, omnipresent supernatural being' part? If they didn't make it up then you've got an all powerful, all seeing, all knowing omnipresent supernatural being saying Fuck. I screwed this up. Sorry.
You're obviously not an idiot. Step away from the issue a little bit and think. Don't emote and make a highly irrational defense of something you know absolutely cannot be valid without weighting or falsifying data. Don't think for a second that because somebody is with the government that they're above lying or cheating.
So I had this job at the Federal Reserve only I had to leave on account of Janet Yellen, I just couldn't stand the noise.
That's pretty fucking good!
With a name like that...
One has to ask, are his parents film stars?
Re: With a name like that...
No, but he's a bit of a hippy.
Re: With a name like that...
His stage name is Truck d'Amour
Re: With a name like that...
This made me giggle!
wild west web
So the laws are draconian and internationally incompatible, the nominated control agencies toothless: the ones with teeth are outside the law, antisocial and ransacking the world's data to collect porn or anything else from everyone, rather than addressing any pressing issues. The active citizens are at best asocial nosies, others are ripping off all and sundry, businesses and private persons alike.
This is not what is I had in mind with the terms net neutrality, or balance of powers.
Another assburgers sufferer, I suggest. Mr Love probably doesn't know it, but this dread diagnosis will be his very shortly, at least if his lawyer is doing their job correctly.
Response from the technical community ..
"Lauri Love .. is charged with one count of computer hacking .. over an alleged attack on Federal Reserve computer systems .. Love already stands accused of breaching the security of NASA, the US military and FBI, among other US government agencies"
Sophisticated computer hack?
'As set forth more fully below, defendent LOVE was a sophisticated and prolific computer hacker .. in the District of New Jersey and elsewhere, defendent LAURI LOVE did knowingly and intentionally conspire and agree with othere to commit an offence against the United States .. in an IRC communication .. using the online moniker "peace" stated .. exploitation of vulnerabilities in Coldfusion applications` Lauri Indictment