2215 posts • joined 29 Jun 2009
Re: That's a problem with KDE
From my experience, the KDE team is primarily one-off developers that aren't dedicated to the project itself, but are avid users of KDE, so they'll scribble up a code patch, submit it, and it ends up in the tree. Since their code works well enough, the core developers end up ignoring the edge-case bugs and instead focus on the highly-visible bugs or working on features.
Not saying that it is only the KDE project that suffers from this, its becoming quite prevalent across pretty much all software projects, both Open and closed.
I imagine that it is searching a text file to see if it has seen that volume before so it can use user settings versus defaults. Probably so users can set permission-bit-masks, mount options, etc
They author probably just took a script they already had, expecting that someone would replace it alter, but since it functioned correctly, no one bothered to look at the code to see what it was actually doing. Fairly common problem in under-resourced software projects: Someone sets up a script or something as a placeholder for the real code they intend to write; deadline approaches, so code is forced to be shipped without replacing the script; developer ends up working on bugs and other issues and either forgets about the script or just remains busy with fixing broken items versus correcting working code.
Its not running scripts, just a basic injection attack. The script to auto-mount is taking the volume label concatenating it into a string, then running that string as a command in a shell. I presume its searching against a flat-file that maps the volume label to other parameters like mount point, permissions, etc. that get fed into the mount command.
Since it is running arbitrary code, you -could- tell it to run a script, but it doesn't have to be.
ARM is probably going to be your best bet for a system without a crap management sub-system running on it.
@Orv Re: Over complicating things
If it was following the Unix philosophy they would have just updated /etc/magic with those file types and used 'file' to determine what icon to display. There is no need to re-invent the wheel, especially with this massive pile of shit.
I would have grabbed a copy of Adobe's Voco and did all the audio in Trump's voice or some equally pompous moron that is blundering at full speed into helping Daesh...
Re: writing utter b*ll*cks on tabloid websites.
"never "censored" yourself with useless fucking ***s"
I am ashamed to admit that I spent longer than what is reasonable trying to decode what you were trying to say, but couldn't figure out what obscenity was 4-letters long and ended with an 's'...
Re: (delete as appropriate)
A week? I'd say they were tedious the second they were uttered.
I must admit, those words do have their uses, the foremost as an indicator that the writer has nothing useful to add to the conversation and can be safely ignored, a shit-boleth, if you will.
Re: Grsecurity makes money out of Open Source
"You also are free to charge whatever you like for the software, but are unlikely to attract many buyers."
Red Hat seems to be doing alright...
Well good riddance
Their patches kinda sucked and were over-burdened with crap licenses, their code will not be missed.
Re: Chipotle hit by bank-card-stealing malware
Doesn't matter, any system can be infected. I've done a proof of concept malware for client with PoS systems that was just a bash script that would run tcpdump, filter for credit card numbers with grep, use a bit of sed to combine the information into a semi-structure format, then XOR'ed the data with a pre-shared key (Actually a DNS query to my domain then used the result as the key) then would query my DNS server for a host named <Encoded_CC_Data>.<subdomain>.<my_domain>.com.
The infection method was to just hi-jack the PoS terminals boot process. When the terminal boots up, it sends out a DHCP/BOOTP request, the server would then pass an IP address to client for a TFTP server to receive its configuration. All I had to do was to plug a small system into the network that would emulate a PoS terminal so that I'd get a copy of what the PoS terminals would. Next step was to modify the payload with my script added into it. Once that was prepared, the device would DoS the real DHCP server (Exhaust its addresses) then give out its own address for the TFTP server and give the poisoned package to those systems.
I was able to also a quick nmap and found that the boot server I was attacking was responsible for the entire region and that each store was connected to it by way of an L2TP VPN. With a slight modification of my attack, I was able to infect about 30 stores and about 120 PoS terminals.
The whole thing just used utilities that came pre-installed with the OS, so would avoid any and all anti-malware scans. The only signs of my attack were that the PoS terminals had an extra line in their crontab (the entire script could be condensed to a single line), the DHCP server seeing a little less traffic, and some odd DNS queries coming out of each store's network (Although my domain would, at first glance, look just like a legitimate domain). Hell, I didn't even attack the cash registers themselves, nor any other server, just exploited some weaknesses in the network.
Re: Yet another example
A better change would be to smash the parties so that no single party could gain a majority without cooperating with others. The current problem is that the government has devolved into "Us versus Them" where if you do not agree 100% with whoever is currently in charge of "Us", then you must be one of "Them" and should be crushed. Of course then, because you do not agree 100% with the leader of 'Them' then you are essentially without support, and without support from the parties, there is very, very little chance of getting elected.
Re: I'm really glad I don't have to put up with this
I also find it funny how that the ISPs still made record profits while under these 'burdensome' regulations. Funny how many new business were able to thrive during this, how the average internet connection got faster, how even massive internet-based companies grew dramatically, all under those regulations...
I find it quite irksome that the same people that keep complaining that government regulations are hurting their business are the same people who own the largest buildings in the world, or that their net worth keeps increasing, or that their profits are also increasing.
There are far too many politicians that believe that the "Rapture" is going to happen in their life times, so there is no point in saving things if all the "good people" are sent up to heaven while the 'heathens' are forced to fight each other for resources, so why leave some behind for them?
It isn't just crazy fringe politicians either, Ronald Reagan believed in it, as well as many other presidents and high-level senators since the 1950's. Reagan actually believed that he could start the rapture by initiating a full-scale nuclear war with the USSR. The same brain damage that causes people to believe in that non-sense is also the same type of brain damage that causes them to think that they are qualified to hold power.
Has spying actually made anyone any safer?
I have yet to hear a single attack stopped by intelligence gathered by the intelligence agencies. If they did stop one, wouldn't they be announcing it from the roof-tops? Wouldn't it be the only thing they ever say? But, no, all we hear is "We need more data!" and "Anyone that doesn't give us more data must be a communist / terrorist"
All the recent terror attacks have been lone-wolf affairs by people that haven't really been given any more orders from Daesh than "We hate this list of countries and would love it if someone were to attack it". The various terrorist groups have moved to a completely de-centralized command structure where the people in control are just putting out instruction guides on how to carry out attacks and a guides on selecting targets based on the goals of those in command (Which is 'make the West scared of everyone').
Really, the better option would be to set up community programs where people safe turning in their relatives that they are worried might commit an act of terrorism, or at least not torturing people even slightly related to a terrorist into some inhuman secret prison where they'll never be heard from again. But then something like would require politicians acknowledging that war is not as simple as good guys vs bad guys but rather intensely complex with many, many different sides. Doing so would lose them votes because nothing invigorates the electorate like a big bad evil to fight against.
So does that fare come with an entire train car to yourself? And do you get to keep the car afterwards? Although I suspect for that much, you could buy your own car...
Re: More Amaz'n prices!
A lot of those are meant for money laundering or drug deals. The seller puts up a $100 item up for sale, but charges $1000 for it so that no one would buy it normally while providing cover for their criminal activity. Everything looks legitimate from Law Enforcement's and Amazon's point of view, so the risk of getting caught is minimal. The only way they could get caught (without getting either end to give up the other) would be for someone knowledgeable about that specific item and what it should cost to report it.
This happened to me a few years back, I ordered some parts for an old system, so ended up buying a module that was 10x the price as it should have been (needed it last minute and needed a new one, it was the only one available at the time). Arrived the next day and overheated after a few hours of use, pulled it apart to discover that the fans were blocked by a bag of cocaine wedged into the device. Reported it to the police and they took it away for evidence, but still haven't gotten the damn device back...
I've set up my own DNS servers
I grabbed a pair of old Pentium-4 boxes loaded with OpenBSD and a cron job to wget the root.zone file from internic.org, place it into nsd's zone directory, then kill -HUP nsd. I get my own root server and only a failure of an entire TLD's DNS server would cut me off.
I get unpoisoned DNS (unless someone can poison the root TLD servers...), much quicker responses, better uptime, and no futzing about something as ridiculously unnecessary as this new research.
"be sure not to look at names or addresses on resumes"
One of the things my employer did was to create a sort of pre-screening group in HR that would accept resumes, do cursory checks on them (Make sure we didn't fire them before, make sure they are real people, etc). The resume would then be handed to the hiring manger sans identifying information. The hiring managers would then send pack the ID numbers of the people they felt were qualified. HR would then schedule times for a first-round interview between the candidate and the hiring manager. The first interview would be performed over a text-based channel where no one's identity is known to the other party. Only after the candidate passes that round of interviews are their identities revealed to the hiring managers so that the second round, in-person interviews can be conducted.
Not perfect, but we do have a much more diverse, and productive, work force than before.
Re: Supported processor revisions
Yeah, nothing deliberate but it seems they aren't exactly breaking a sweat to ensure compatibility...
Supported processor revisions
What the hell happened to x86 while I wasn't looking? Wasn't the whole point of x86 that you could run code on both older -and- newer chips so long as the supported the features you need?
I remember being able to run old OSes on hardware that was made 10+ years after the OS was last compiled and everything working just fine. So why wouldn't Windows 7 work on any of the new chips? Unless Intel and Microsoft are purposefully making them incompatible, there is no reason for it.
Re: This should help Apple and Linux
Apple lost my vote when they decided to just up and abandon PowerPC even though they were selling machines with those chips in them just months before the announcement.
I've been trying as hard as I can to stay away from the pool of mediocrity that x86 has become. My main desktop has been AmigaOne systems (An XE back in the day, then a 500, now an X1000), primarily running Mint or a custom-built Linux. Most of server hardware is Sparc-based, might start moving over to ARM in the future.
I used had a late-2005 PowerMac G5 (The one with 2x dual-core chips) after a photographer friend of mine bought one then traded it to me once Apple announce they were dropping support for it.
Re: Suppressing prostitution never works
"The issue with that model is that most prostitutes aren't in it for a career, they just want to make a bit of money in the short term"
That would be part of the support network, providing former prostitutes a new identity (Or operate under a nom-de-whore, so to speak) where if they could put some generic-sounding customer service job on their resumes and have former coworkers able to vouch for them. Also, may offer re-location, so that they don;t end up running into someone they knew while working. But I figure that providing safe and secure work spaces, paying a fair wage, and giving them a bit more agency over their bodies, there may be quite a few people wanting to make it into a career, or at least a long-term side-gig.
"Actors, musicians and artists often have agents to take care of their legal, accounting, and marketing needs. Why not also prostitutes?"
Well, the idea of what a pimp does isn't the bad part, its what happens in practice that is the issue. Even in places like Amsterdam or Nevada, the brothel owners tend to go quite abusive on their employees. They're out to make a profit and tend to lack the ability to understand the position they are putting their employees in (forcing them to service terrible clients that otherwise pay quite a lot, in some cases getting away with everything short of murder). In areas where prostitution is illegal, the prostitutes are almost always emotionally abused quite regularly, physically abused in the vast majority of cases, and in many cases, repeatedly sexually abused by the pimp, if not by the client (In many cases, they end up in a situation where if they don't do heinous things for the client, they'll have those same things performed upon them by their pimp).
Suppressing prostitution never works
There will always be a demand for sex, so when will politicians get it through their thick skulls that the best way to protect women would be to make it legal for them to actually report being trafficked (As of right now, in the US, the police will arrest prostitutes alongside their pimps and treat them both equally guilty).
Sex trafficking in Canada has dropped dramatically since they decriminalized selling sex. One of the primary methods in the US for pimps to control their slaves is to find women with children that in the country without a visa, and have someone complicit in the operation take joint-custody of the child. That way, if the woman were to attempt to report the trafficking, she'd end up getting deported (gotta ged ridda dem e-legals comin' in an' committin' crimes) and separated from their children. Even if the pimp is convicted of being a complete shit-bag, and they end up seeing the inside of a jail cell, then another member of the ring would take control and use the child (and the child is kept in line with the threat of being deported just like their mother).
The (least terrible) solution would be to make prostitution fully legal and use something like the Dutch model to police it, perhaps have regulations such as the business must be owned and controlled by the workers themselves (A sort of sexual co-op) to prevent any semblance of pimping going on. Require, and provide, medical care and regular screenings (paid for by taxes placed on the business), maybe even set up a network for those who want to get out of the profession (offer schooling, relocation services, etc). Make it so that the legal option is prevalent and has very little risk so that few, if any, people attempt to make use of the unlicensed / unregulated services.
Re: One of the factors I'd be interested in
"One issue with EVs is the load they will put on the electric grid and is the grid resilient enough to handle it."
That is sort of my primary concern. Of course that would be highly variable. In a place like Shanghai where most of the electrons come from burning dinosaurs, the conversion losses from fuel-heat-steam-turbine-transformers-power lines-transforms-batteries-motor may actually make that EV require twice as carbon to be tossed in the air to move the same distance as a petrol-guzzling car. But then you might have a place like Reykjavik where the electrons are going to be from Hydro, so that EV is going to put a trivial amount of CO2 in the air compared to a standard car.
What I'd really like to see is some kind of map done up that would show "Here are the areas that using an EV would produce more pollution than a standard car". Figure in all the energy costs and pollution generated from every step of a vehicle's life cycle (EG, manufacturing, shipping costs, daily use costs, disposal, maintenance, etc).
I want to avoid a situation where I am not really helping the environment but rather just moving my pollution to some poor nation on the other side of the globe. Similar to the whole early hydrogen cell issue in that while the vehicle produces less pollution, the energy required to produce and transport the hydrogen in the cell ends up producing almost twice as much pollution.
One of the factors I'd be interested in
I'd be interested to see the overall environmental impact of electric cars versus standard petroleum based vehicles. Specially in terms of manufacturing and disposal impact. Yeah, an electric vehicle doesn't produce pollution -now- but what about disposing of the battery when its capacity wears down to nothing? What about all the by-products required to produce the battery in the first place?
I'm not trying to troll or disparage the electric car idea, I'm just curious about the overall impact.
Re: Back to the Future needed 88MPH, not MPG.
This car would technically get infinity miles per gallon as it doesn't use a gallon of anything...
This car may very well be able to go 88 MPH (but couldn't keep that up for a full hour), the '80 miles' quoted in the article is the -range- that it has, not its top speed.
"popular TV shows, big-league sports, and absorbing games."
Shouldn't that be 'Biggly sports'? Or has he not received the latest edition of "How to sound like an incompetent blow-hard"
Actually not -illegal-
It is only illegal when you charge for the media and present it as a legitimate copy (Counterfeiting). File sharing is copyright infringement, a civil matter (EG, the company that owns the product can sue for breach of contract or for lost profits, but either way, technically not a crime...).
It should be noted that the thing costs $314 Million USD to build, plus expenses related to schlepping the thing from the factory to Afghanistan, then the cost of actually dropping it (Fuel for the aircraft dropping, plus the escorts). All that, just to kill, at most, 800 people (That is the maximum estimate of the number of Daesh fighters in the entire country of Afghanistan).
You could pay every member of Daesh in Afghanistan a half million dollars to stop fighting and it'd still be cheaper than dropping the damn thing...
Re: Easy to prevent
Ah, that makes sense. In that case, I assume they are just grabbing an I-Frame + associated P-Frames, waiting for confirmation of reception, then sending the next I-Frame + its P-Frames. I thought they'd be sending based on portions of the video file as stored on the filesystem versus portions of video as stored in its container. Makes sense architecturally since the client would track state rather than being dependent on the server to do so.
Perhaps the solution may be to re-encode the videos with a format that determines the placement of I-Frames on the total number of bytes changed since last I-Frame, rather than number of P-Frames since last I-Frame. Although that would mess with video seeking (although if nothing much is really changing, wouldn't you want to skip to beginning or end of that scene directly? Like if the scene is a new caster sitting still and addressing the audience, so really only the pixels making up their mouth would change from one frame to the next and you would either want to see it in its entirety or skip it in its entirety).
Easy to prevent
Just fill up the window size so its always the MTU, nothing wrong with stuffing parts of the next few frames into the previous packet, and at the end, just shove in some random data. At the very least, it'd cut down on buffering and wouldn't really use all that much more bandwidth since networking devices already expect a 1520-byte packet and use buffers assuming that size (and usually shove packets into the buffer spaced 1520 bytes apart).
This attack relies on the variability of the window size, so if everything is the maximum, there is nothing to analyze. Obviously it would need to find a way of figuring out what that maximum size is (Eg, detecting if there is some piece of equipment in between that lower than expected and causing fragments)
Prisoners built two PCs from parts, hid them in ceiling, connected to the state's network and did cybershenanigans
Re: Hats off to them...
"yep and your little system fails on 2 counts:
1. Mac spoofing
2. Current trend for devices to randomize the MAC."
I take it you don;t know how 802.1x actually works... Reason 1 would be prohibitively difficult to pull off without anyone noticing. As for the second one, if a device pops up on a network that doesn't possess a valid token, the device will be quarantined until the device receives a new token by way of an Authentication back-end. Granting of the token by the authenticator can be done on something as basic as mac address (by far the most common on wired networks) but can be based on any authentication mechanism that the connecting OS has a supplicant for and the switch is able to relay back to the authentication server. I've implemented 802.1x using everything from basic mac address to usernames/password to certificates to manual approval by an authorized admin.
The switch doesn't care what is used to authenticate the conencting client, so long as the authentication server responds back with an AUTHORIZED packet, and expiration for the authorization, and an optional VLAN assignment that the client belongs on. Otherwise the systems is just left on a quarantine VLAN that, usually, doesn't route to anything (Some places allow packets to route out on that VLAN to build a 'guest network' without allowing the system to see packets from secured networks, obviously a prison wouldn't allow that). So if they do implement something a little more than mac based auth, then the system will be sitting there with nothing to do but talk to the authentication server (until an admin notices a weird machine on the network and kills the system).
A place like a prison, where security is key, it would be likely that they'd use the mac to authenticate the system to the network, but would only get them access to the authentication network until their system can convince the authentication server to grant them greater access.
Re: Hats off to them...
"Because spoofing a MAC address is impossible right?"
They'd have to spoof an authorized mac and somehow get the real system offline (Otherwise the systems would just start throwing errors and effectively disconnect themselves), and even then, they'd have to get around the fact that the switch would still yell at the admin about the fact that it is on a different port. So even if they do duplicate both the mac, and somehow connect it to the same port, someone is going to notice that their computer no longer has connectivity.
Re: Hats off to them...
They weren't really good at it, just slightly better than the Prison's staff. Something as simple as implementing port-lock-downs, 802.1x or just keeping ports unplugged unless actually needed would have stopped them cold.
A prison is unique in that the IT staff would be aware of every single MAC address of every machine that should be on the network, at least in the areas where prisoners might be. They should be setting up a monitoring system that screams in their face every time the MAC changes on a port, and if it isn't tied to a work order, someone should go investigate.
Setting something like that up is fairly trivial, I did it in a weekend using FreeBSD, nagios, and radiusd on an old Pentium-3 system that was rusting away in a closet. I get an email every time a machine is plugged into a different port, or a new system is added to the network, even over wireless. Any new device is dropped onto a non-routing VLAN and can only access a read-only ftp server hosting OS install files, patches, and some packages (FTP is in read-only mode, files are modified via rsync on another interface). It wouldn't take much more for the prison's IT staff to do the same.
How could he miss all the other wars?:
vi - emacs
BSD - Unix
csh/ksh - bash
C - C++
Monolithic kernel vs micro vs hybrid
CISC vs RISC
fully free vs. allowing binary blobs
And so, so many more, and that isn't even touching the perennial license wars and the eternal coding style wars (I once saw a project implode over K&R versus Allman style indents) ...
If X-windows vs Mir is Shuttle-cock's first *Nix holy War, I'd shoot him for being a pod person that replaced the real Mark less than an hour ago. Either that, or he has had his head so firmly planted in his own ass the whole time he didn't even know there was a world around him.
Re: Tsk, tsk
Pricing on aircraft is highly variable. The price can go from anywhere between $60 million to $120 million depending on features. On one you have RyanAir's "the luggage is treated better than the passengers" air-borne cattle-cars. On the other, you have Emirates' "Even Caligula would think its too decadent" flying palaces.
Jesus wasn't the only one crucified...
I find it weird that Christians fetishize the whole "Jesus Crusifiction". The Romans did it to thousands of regular people. Although I find it odd that they care about how he was killed in the first place... I always thought that Jesus was supposed to be some kind of paragon of virtue that his followers were supposed to emulate, not some martyr who wasn't really martyred anyway (coming back to life kinda undoes that a bit...).
But then it seems that people care a hell of a lot more about being portrayed as oppressed and persecuted rather than being a proper mensch like Jesus was portrayed to be. Any schlub can get themselves killed, but it takes real effort to be a good person.
Re: WiFi in a device inside pussy, a really bad idea!
*Sigh* how many times do I have to tell people that battery powered devices like this are completely incapable of generating ionizing radiation since they lack the high-voltage components to do so. You'd need to figure out some way of dumping an entire battery's energy into a burst of a few nanoseconds to get any ionizing radiation, and even then, that radiation is no where near harmful to organic matter.
Being within a meter of another human is going to generate an infinitely larger amount of ionizing radiation (Due to the natural break-down of carbon-18 into carbon-16 as part of life) than a cell phone would produce, much less something like Bluetooth.
Re: Don't use your ISP's DNS
No, no it would not. Logging DNS traffic is trivial, at best, to grab from users' streams. I am doing it right now for 250,000 people (My employer). I'm just using some old servers to do it while an ISP will have access to much larger and more efficient systems (If they aren't already doing it).
I'm just picking up all port 53 traffic going in and out of the network, and correlating it with the http and https traffic. I have the ability to see what websites everyone is viewing and how much traffic is going back and forth (I can only see domain when it comes to https). For the most part, its a simple matter of matching an http steam's destination IP to the DNS responses the user's system recently received. All of it is done with open-source tools and a little know-how.
ISP would have an incentive to produce much higher quality tools and invest in higher-end equipment since they'd make so much off of selling that data. I'm just tracking this data to identify malware activity and web traffic is very much against company policy (The policy violating traffic is really only because HR is requiring me to do so, personally, I couldn't care less about it).
I'm pretty sure they were behind the bill in the first place
They are one of the most greedy companies out there and one of their most famous employees is now is a position to abuse his powers in favor of them (Trump is still legally an employee of Comcast through their subsidiary, NBC, by virtue of him retaining his contract for "The Apprentice")
I wouldn't be surprised that if Comcast starts making more money that Trump's salary doesn't skyrocket when he returns to his show after leaving the White House (The guy is just far too much of an ego-maniac to not take every opportunity to have his face smeared across the airwaves).
"So the backups were accessible to such a degree remotely? They had zero offline backups?"
The system processed orders, so even if they had backed up the system 5 minutes before hand, the system still would have information, such as new orders and orders ready to ship, that isn't in the backup.
Depending on volume, the number of orders lost could easily become more valuable than the cost of a new server. This would especially be true if they are customer-focused; If you were a customer that had paid for merchandise and received a confirmation email detailing the same, would you stand for the company telling you "Sorry, we lost your order"? On the other hand, a customer's order may have completed processing and shipped so a full manual search of which orders are still in the shipping dock, which have had shipping labels applied, which labels are on a truck, etc.
Re: There's your problem...
At least they weren't a Jehovah's Witness. That religion is completely incompatible with the medical profession as the religion forbids Blood Transfusions of any sort.
Or there are the "Christian Scientists" that believe that people only become sick because they aren't praying to god hard enough. They reject medicine in all its forms because they believe it to be an attempt to thwart god's will.
"commitment towards offering today's entrepreneurs the same opportunities"
That's the thing, he only cares about making his rich friends richer. And that is what the Republican party is about, it's not making more companies successful its about making already successful companies better capable of crushing their smaller rivals.
Re: Only one?
I wouldn't be surprised if all nations didn't just end up contracting with the same group of black-hats that are playing all sides. Telling the Americans that Russia has a new tool, and they have their own tools for detecting it, and then telling the Russians that the US has discovered their attack vector, but their group can make something the Americans can't detect.
Reminds me of a story I read about scientists during the Cold War that set up "Think Tanks" in both the US and Russia. They'd communicate between each other claiming the other group is their spies so they can build something that would defeat the other sides' new toys. Then they'd also need access to both sides' current toys so they can evaluate them for weaknesses and areas for improvement. They'd go to the governments of either side with something the other team built, claim the other side is building it, and then ask for money to design something to counter it (which they'd send that new project to the other team for them to present it to the other government). Can't remember if it was fiction, but I'm pessimistic enough to believe that something like that could happen...
Re: Attribution is a myth
"Lucky then that all of our security services can confirm that everything leads back to Putin."
I would assume they have a lot more information than just where the malware phoned home before accusing a foreign country of such things. The problem is the that the first rule of counter-intelligence is to never reveal how you figured out how the enemy is doing it, lest they change their tactics and become undetectable. By keeping your methods a secret, it is possible to confuse enemy spies by feeding misinformation through that leak. Like if you know your enemy is just stealing information from a diplomatic courier, you are going to keep sending couriers as usually, but giving them false information for the enemy to steal, and since they have no reason to know that you know about the theft, they'll believe the data valid.
My grandfather used to work in intelligence back during WW2 and continued into the Cold War. The technology changes, but the techniques never really did. Social Engineering, Phishing, Spear-phishing, false-flags, false-false-flags, blackmail, bribery, etc have all existed in one form or another since the dawn of civilization.
Re: Attribution is a myth
"to it appearing at a distant server can be minutes (or even hours)"
With many targets for espionage, a delay of even days or weeks tends to be acceptable. Most intelligence work's priority is protection of transfer medium rather than how quickly the data can be transferred. If it takes weeks for a spy to get specs on an adversary's new bit of kit, they spying country can accept several weeks delay in getting it as the adversary isn't going to be deploying, let alone replacing, that new piece of kit anytime soon (Like the Harrier jet or the Minuteman ICBM). Protecting their source is going to be much more important in that case.
But back to the original topic, the only real way to determine who is spying on you is to observe the actions of everyone else and see how they react. Especially if the information is that your country is planning to move troops form one location to another. If any country moves their troops closer to the destination or away from the source, it becomes obvious who is and is not spying.
Re: "...and an endpoint exploitation kit called Scaramouche."
Probably written by a poor boy, from a poor family... But, please, spare his life from this monstrosity.