back to article NSA snoops told: Get your checkbooks and pens ready for a cyber-weapon shopping spree

NSA and US Cyber Command boss Mike Rogers has revealed the future direction of his two agencies – and for the private sector, this masterplan can be summarized in one word. Kerching! Speaking at the West 2017 Navy conference on Friday, Rogers said he is mulling buying up more infosec tools from corporations to attack and …

  1. Anonymous Coward
    Anonymous Coward

    Citizens paying taxes to be spent on spying on them

    Ohhhh say cannnn yoooou seeee....

    1. Trigonoceps occipitalis

      Re: Citizens paying taxes to be spent on spying on them

      We hold these truths to be self-evident, that all advertisers are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Personal Data, Legal Immunity and the pursuit of Profit.

  2. Baldy50

    Well It'd be wise for the well tanned man...

    To rein in the anti-semitic crowd in his entourage and check out Israel's cyber security companies, they worked out a long time ago to start preparing for attacks, training people and developing exploits, defenses etc.

    Jerusalem Venture Partners (JVP) Cyber Labs would be a good place to start and maybe Deutsche Telekom Innovation Laboratories as well, don't put all your eggs in one basket, Adallom, Aorato, MS interest was high in the last two, plenty of others to look at.

    1. GrumpyOldBloke

      Re: Well It'd be wise for the well tanned man...

      Dealing with Israel or not is not a simple question of pro or anti Semitism. Unlike other mindless vassal states, like Australia, Israel has its own ideas about what it wants to be when its grows up. Sometimes it is a strategic ally of the US, sometimes a strategic competitor. Not to recognise this, especially in an area of warfare where the barriers to entry are low, would be very foolish.

    2. Anonymous Coward
      Anonymous Coward

      Re: Well It'd be wise for the well tanned man...

      Pardon.

      Isn't this the first administration to sack off the two party state thereby saying to Israel do what you want in the middle east?

      How do you even get to anti-semetic within the Trump administration?

      I was actually going to post how it's a shrewd move that the majority of infosec companies that make grandiose hacking claims (See using the hdd light as a form of data transfer) are based in Israel but then I see this comment and think you know what, all this "anti-semetic" rhetoric is starting to get on my nerves. It's like having a paranoid friend who no matter you say or do turns it round into something against them when nothing bad has been said or done. I don't like Trump however if you are basing your perceived anti-semetic on anti-establishment rhetoric then you are wrong because because some how I don't think the "establishment" he is referring to are all semitic, unless of course the whole of congress, every multinational and all the media are semetic. Side note he isn't going to anything about the three that I mentioned, it's all bullshit.

      Sorry but this sort of comment gets my goat (which is for sale by the way for 30 shekels)

      1. DocJames
        Pint

        Re: Well It'd be wise for the well tanned man...

        the anti-Semetic thing is based on the people around Trump (well, the alt-right group, not the conservative group. This economic nationalist grouping is (perceived to be) led by Bannon, not Pence (who's the anti-LGBT/poor people dude)).

        And the fact they failed to mention the Jews in their Holocaust day statement. Whoops - except they then announced it was deliberate.

        So accusations about being anti-Semetic are not completely off the ball. I agree it's bizarre to have the same people say that Israel has a free hand, but then I don't think there is a coherent ideology to run Trump's government. (Ideology is a loaded word, but essentially it isn't a bad thing. It's just a handy heuristic on how to approach a political situation. We only ever accuse our opponents of having ideology though...)

        Beer, cos the world needs it.

      2. Tom Paine

        Re: Well It'd be wise for the well tanned man...

        Er. Apart from the huge wave of fake bomb threats and vandalism of Jewish cemeteries and so on, which is arguably only /indirectly/ the fault of #45, I think you'll find ten seconds with Google will turn you up all the evidence you'd ever want about Jew-hate within the administration. The Holocaust Memorial Day statement deliberately omitting the small detail that, although it's true that gypsys, gays, trade unionists, resistance fighters etc were all victims as well, the main and fundamental purpose of the Nazi death camps was a genocide of Jews. That's a classic anti-semitic dog-whistle. This might be a good place to start: http://www.vox.com/2017/1/30/14431216/trump-holocaust-statement-6-million-jews

  3. Christian Berger

    "Unique nature" of the job?

    The problem is, that one one side, they need people who are smart enough to understand how computers work, on the other hand they must be dumb enough to believe in the story that the NSA is a "good guy".

    There is no justification for offensive "cyber weapons" as defense would be _much_ simpler.

    IT security is like having a party. Yes, it may cost a bit of money, but lack of money usually isn't a problem. It's all just a question of mindsets.

    1. Anonymous Coward
      Anonymous Coward

      Re: "Unique nature" of the job?

      Anyone that actually works in the field, e. g. Bruce Schneier, will tell you that offense is far easier than defense. Defense has to get it right every time. Offense only once. Which is one reason social is such a successful vector. For example, I am reminded of an example of a successful cyber attack that I was involved in back in 1980 against a carrier battle-group. First we trashed the system's tactical data information sharing then one of our people used social to screw up their force deployment. That allowed us to sneak in for a simulated Soviet missile launch. No magic involved, nor did it involve any new technology. Just a bit of lateral thinking.

      1. amanfromMars 1 Silver badge

        Re: "Unique nature" of the job?

        The more things change, the more they stay the same, Jack of Shadows. :-) And now we have all these new tangled entangling NEUKlearer HyperRadioProActive weapons to play Great Games with.

        Heaven for some, and Hell for Others.

    2. Yet Another Anonymous coward Silver badge

      Re: "Unique nature" of the job?

      No harder than finding people in the 60s who were bright enough to build mach3 spy planes but dumb enough to think Vietnam was a good idea

  4. amanfromMars 1 Silver badge

    Sub Prime Orders deliver Second Hand Roses and Jaded Blooms

    That said, the force is bound by the Law of Armed Conflict, which limits attack choices to purely military targets.

    Right there is a debilitating problem and systemic weakness which renders the force a subservient vassal rather than leading vessel.

    Although, of course, any effective Cyber Security Command Service Centre in Control would have that problem easily solved with a private army and secret arsenal of renegade rogue programs and covert projects. Shady Shadowy AIMissionary Work to some, Heavenly Climactic Enterprise to A.N.Others.

    Do you wonder if UKGBNI forces and sources and resources play similar Great Games ... or do they just spectate and speculate on outcomes with no input provided for extraordinary rendition of desired results? Playing second fiddle and subservient vassal to a leading vessel?

    1. amanfromMars 1 Silver badge

      Re: Sub Prime Orders deliver LOCO Second Hand Roses and Jaded Blooms

      And if you have no idea about who or what might be readily classified as Renegade Rogue playing by rules of their own ....... here be speculation on a Likely Odd Couple Operating ........ Destabilizing Forces

      Are Destabilising Forces, Enemies of Peaceful States and International Terrorists?

      1. Anonymous Coward
        Anonymous Coward

        Re: Sub Prime Orders deliver LOCO Second Hand Roses and Jaded Blooms

        amfm 1: as always, such interesting rabbit holes you lead me into. Rabbit warrens, more like.

        1. amanfromMars 1 Silver badge

          Sub Prime Orders deliver LOCO Uncivil Warriors for Lost Causes

          Howdy, Jack of Shadows,

          Regarding rabbit warrens and talking of Renegade Rogues and such like as we are, here be fresh tales of deceit and high treason and plot against an elected presidency in a divisive land proclaiming itself a union of states? .......http://www.zerohedge.com/news/2017-02-25/hillary-clinton-calls-resistance-we-need-stay-engaged-ill-be-you-every-step-way

          Did you know ex-president Obama's Secret Service handle was Renegade, with Michelle loaded with with Renaissance? And now they appear to be more than just apt and APT [Advanced Persistent Threats] if you can believe what you read and discover to be true in a sea and sees of fiction.

          It never rains but it pours on a crooked parade and right dodgily handled charade.

          Goodness knows what the future and Global Operating Devices will bring to brighten and enlighten both the masses and a few chosen alike.

    2. Tom Paine

      Re: Sub Prime Orders deliver Second Hand Roses and Jaded Blooms

      If you're asking if UK security services carry out offensive CNE operations (hackign adversaries) the answer is "yes, of course".

  5. Anonymous Coward
    Anonymous Coward

    USA wants to further develop cyber weapons capability...

    ... and for some reason I have this mental image of a guy shooting clay pigeons inside a glasshouse which keeps popping into my mind.

    Must be off to discuss it with my shrink.

  6. John Smith 19 Gold badge
    WTF?

    "The decision to use online weaponry is too much like the use of nuclear weapons,"

    Perhaps because attacking a sovereign nations internal infrastructure without a declaration of war is a declaration of war?

    TL:DR. I want to build an empire for myself and this is a pretty good way to do it.

    Wants to "integrate" the private sector into US military. You could say LM with the F35 does this.

    In the way the tail wags the dog.

    1. Anonymous Coward
      Anonymous Coward

      Re: "The decision to use online weaponry is too much like the use of nuclear weapons,"

      Adm. Rogers seems to want to short-circuit the usual process. Normally DARPA is the intermediate between desiring a capability, RFI, RFP,..., delivery of goods. I can't determine if that's good or bad. Seems to be a wash.

    2. Tom Paine

      Re: "The decision to use online weaponry is too much like the use of nuclear weapons,"

      Perhaps because attacking a sovereign nations internal infrastructure without a declaration of war is a declaration of war?

      Eh? But it's demostrably not, as is easily demostrated by looking around at all the countries not in shooting wars who are busy hacking away at each other -- which is most of them.

  7. Anonymous Coward
    Anonymous Coward

    $1.5 million for remote iOS exploit

    I remember when news of that came out I posted here, wondering who is actually going to pay that much since you'd have to be able to make a lot of money off it and news of any successful monetization of exploits on Android, let alone iOS, has been non-existent. The exploits we've seen so far - mostly in China - do stupid stuff like sending premium rate texts or downloading apps, hardly a route to a quick repayment of $1.5 million plus profit.

    If the US government is a customer, however, that explains it. Unlimited budget means they can price it arbitrarily high. The more secure Apple makes iOS, the more difficult such exploits will be to find, the higher bounty Zerodium would be willing to pay - knowing the US government would fork over because they gotta have something to spy on foreign leaders phones and elements the administration deems subversive, like NYT journalists.

    1. Tom Paine

      Re: $1.5 million for remote iOS exploit

      Well, duh. Not to be rude, but if you didn't realise this a decade ago, you weren't reading the Reg or paying attention to any other security news.

  8. Anonymous Coward
    Anonymous Coward

    Selling backdoors

    Maybe now Cisco can be reimbursed for all the back doors they have been fielding for the spooks...

  9. Anonymous Coward
    Big Brother

    The capabilities resident in the private sector

    "Does that enable you to access fully the capabilities resident in the private sector?"

    Snort (◔_◔) ..

    "Part of that is, no doubt, down to increased levels of security vetting involved. After all, they don't want another Snowden in the ranks."

    Surely a demonstration of the perils of outsourcing to the private sector :)

    1. amanfromMars 1 Silver badge

      Re: The capabilities resident in the private sector

      With particular and peculiar regard to Snowden, was Booz Hamilton sanctioned/prosecuted for the supposed catastrophe? Or did they escape that bullet

      [Snowden was in their employ, was he not? Or was he a conveniently self-employed, independent sub contractor? ]

  10. Alister

    Too Late?

    Part of that is, no doubt, down to increased levels of security vetting involved. After all, they don't want another Snowden in the ranks.

    Much too late:

    https://www.theregister.co.uk/2017/02/08/us_grand_jury_indicts_harold_martin_nsa/

    "Zachary Myers, an assistant US attorney with the District of Maryland, told a court last year Martin had 50TB of potentially secret and top-secret data at his home."

    Also a Booz Allen Hamilton contractor, strangely...

  11. John Smith 19 Gold badge
    Coat

    "told a court last year Martin had 50TB of potentially secret and top-secret data "

    or maybe 10TB of top secret data and 40TB of cat videos?

    Just saying.

    That's a lot of data to move anywhere. It suggests he has been moving data outside the NSA buildings (Which I thought was absolutely forbidden. As in not allowed under any circumstances, ever) for quite a while.

    Personally I've always had a soft spot for a company that can incorporate the word booze in their name.

  12. amanfromMars 1 Silver badge

    Bigger Picture Generals, Future Virtual Emperors and Epic Armchair Heroes Needed ..... Urgently

    US Cyber Command bosses will have persistent problems which will always thwart their plans for decades so long as they take orders from and server to sub-prime masters of tiny universes.

  13. Mahhn

    yep

    "they don't want another Snowden in the ranks"

    Yeah, can't have anyone exposing lies and corruption is government, it makes them look bad LOL

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like