Google and NSA Teaming Up 125
i_frame writes "The Washington Post reports that 'Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google — and its users — from future attack.'"
Conversation between Google and NSA (Score:5, Funny)
NSA: We need complete access to your gmail system.
Google: Alright! This is to help us with the recent China break-in, right?
NSA: Um, sure...
Re:Conversation between Google and NSA (Score:4, Insightful)
Re: (Score:2)
Dammit! If only we had known before, that it was that easy! Could have saved us all the work.
The Chinese Government.
Re: (Score:2)
Yeah that's an oldie alright.
Asshat.
Re: (Score:3, Informative)
Why would you click on an a tinyurl link, especially from an AC?
Re: (Score:1)
Re: (Score:1)
why is a question modded informative?
Re:Here's an oldie... (Score:5, Informative)
may i recommend detiny url expander a small add on for firefox https://addons.mozilla.org/en-US/firefox/addon/13140 [mozilla.org]
which expands the above link to http://web.archive.org/web/20001202200100/http://---www.goatse.cx/ [archive.org] (If you really want to click it you will have to go to the parent post)
Re: (Score:2)
Nice thank you
Re: (Score:1)
Re:Here's an oldie... (Score:4, Informative)
Re: (Score:2)
I recommend ChromeMUSE [google.com] for us Chrome folk.
I thought you were called "Chromers."
Re: (Score:3, Informative)
Re: (Score:3, Funny)
Pfft, I have long held that Google is just a front company for the NSA. Now it seems they are comfortable taking that relationship to the next level, out of the closet so to speak. (Adjusts his tin foil hat and returns to his regular viewing)
Re: (Score:2)
Too far out and its still https.
Too far in and foreign staff might stumble over the 641A like room.
It's the rooms the NSA rejects that make the NSA the best
Re: (Score:2)
Re:Conversation between Google and NSA (Score:5, Funny)
They running Windows on their desktops, the NSA already had access.
Re: (Score:2, Insightful)
Re:Conversation between Google and NSA (Score:5, Informative)
A Microsoft officer offered to explain the presence of NSA_KEY, and indeed gave a partial clarification. Microsoft then declined to answer the follow-up questions which were asked, and refused to explain why they were not answering. http://cryptome.org/nsakey-ms-dc.htm [cryptome.org]
Read into this whatever you like - innocent, tinfoil hat, or otherwise. Here's the wikipedia story about it; feel free to vandalize^W improve it with your comprehensive knowledge. http://en.wikipedia.org/wiki/NSAKEY [wikipedia.org]
Re: (Score:1)
I mean, why does the NSA need a backdoor when the front door doesn't even have a lock on it?
Re: (Score:2)
I'm not trying to substantiate or refute any theories. Having said that, if it is well known that the front door doesn't have a lock on it, then one day some enterprising individual or organization come along with a business plan along the lines of...
1. Lock front door
2. Charge for lock
3. ??? (completely unnecessary ??? step)
4. Profit
Given that scenario, the NSA still has their back door into the system.
Re: (Score:2)
I'd say DRM and Apple are both prior art on that idea.
Re: (Score:3, Informative)
Re:Conversation between Google and NSA (Score:5, Insightful)
Re:Conversation between Google and NSA (Score:4, Interesting)
Re: (Score:2)
One Google to find them,
One NSA to bring them all and,
in the darkness bind them
Anonymous Coward Trolls (Score:4, Insightful)
Funny how this topic breeds anonymous coward trolls, and isn't it strangely coincidental that they're all of the same meme. Google is evil. US Government is a bad guy. China is a victim.
I'm sure it's only a coincidence.
Re: (Score:3, Insightful)
The NSA and Google are in the same business: information.
They may have different motivations and methods, but at their core they are both organizations that collect huge amounts of information and use that information as a means to an end.
Google's "don't be evil" is a tacit acknowledgment of the power information wields, and seeing them team up with a disreputable organization like the NSA makes the parallels between the two very obvious, generating a flurry of AC comments to capitalize on the memetic oppo
Re: (Score:1)
- google MAY not be evil but is certainly making it easy for evil to get up in your ass
- the us govt. IS most certainly evil
- the chinese people ARE victims indeed
Re: (Score:2, Interesting)
Re: (Score:2)
Why would they ask for something they already have?
Could be worse... (Score:1)
Re: (Score:3, Funny)
joint-venture (Score:5, Funny)
As part of the agreement a new slogan to be used jointly by both Google and the NSA has been implemented:
"No Such Evil" ...
Re:joint-venture (Score:4, Funny)
"Google/NSA: Your privacy is in good hands, with us."
or
"Google/NSA: Organizing the world's information; and more*."
or
"Google/NSA: Collaboration has a new meaning."
Defend its users? (Score:5, Informative)
I can defend myself perfectly well, by using the correct tool for the job:
Self hosted mail server: Business, personal, anarchism.
Gmail: Fwding Lolcats.
Re: (Score:2)
I've been considering setting up my own mail server...the service provided by my Domain Hoster (prouddomains) is fairly stable and rock solid, but I still like the idea of having complete control over my email.
I suppose the question is should I build a seperate box, or just incorporate it into a server I already have running as an archive and (non-HD) media streamer...it's already far overpowered for the task (Core 2 Duo E8400 and 4 gigs of ram), I doubt adding email duties to it would be too big of a deal.
Re: (Score:2, Interesting)
Your "media streamer" system has 125 times the amount of memory, about 70 to 100 times the processing power, and probably several hundred times the storage space of the mail server I set up for a company with 40,000 users back in the late 1990s.
Thanks to Sun hardware and Solaris, that system handled the load just fine, and even did some rudimentary spam filtering. I doubt you could even generate a similar load on your system. If it can't handle a small fraction of what we could easily handle over a decade a
Re: (Score:2)
Like I said, it's already overpowered for the tasks given to it :-) But it's what I had laying around, so...
Re: (Score:2)
I doubt you could even generate a similar load on your system. If it can't handle a small fraction of what we could easily handle over a decade ago, then something is really fucked up.
Yes but he was talking about exchange not qmail... Plus we often times forget to "think of the hackers's" when we decide on minimum hardware requirements.
Re:Defend its users? (Score:5, Interesting)
Cloud computing has interesting security implications.
The IT security team protecting Gmail are better at security than the team protecting your average datacenter, and they are FAR better at security than your average small business or home user "IT security team."
But on the other hand, far more attackers are going to try far harder to get into gmail than to get into your small business mail server.
So how do these factors balance out? On the whole, I think medium-to-large businesses with dedicated IT security staff will provide better security than you would get by cloudsourced IT; but the small businesses with no dedicated IT security staff really would be better off, from a security perspective, sending their IT systems to "the cloud."
Security is NOT an issue with The Cloud. (Score:5, Funny)
Wait a minute. I'm a manager, and I've been reading a lot of case studies and watching a lot of webcasts about The Cloud. Based on all of this glorious marketing literature, I, as a manager, have absolutely no reason to doubt the safety of any data put in The Cloud.
The case studies all use words like "secure", "MD5", "RSS feeds" and "encryption" to describe the security of The Cloud. I don't know about you, but that sounds damn secure to me! Some Clouds even use SSL and HTTP. That's rock solid in my book.
And don't forget that you have to use Web Services to access The Cloud. Nothing is more secure than SOA and Web Services, with the exception of perhaps SaaS. But I think that Cloud Services 2.0 will combine the tiers into an MVC-compliant stack that uses SaaS to increase the security and partitioning of the data.
My main concern isn't with the security of The Cloud, but rather with getting my Indian team to learn all about it so we can deploy some first-generation The Cloud applications and Web Services to provide the ultimate platform upon which we can layer our business intelligence and reporting, because there are still a few verticals that we need to leverage before we can move to The Cloud 2.0.
Re: (Score:1)
Re:Security is NOT an issue with The Cloud. (Score:5, Funny)
Oh come on! You can't just throw terminology around like that without metrics to back it up! What does Gartner have to say about it? What magic quadrant is it in?
Re: (Score:1)
That'll make a great Dilbert poster...
**fires inkscape**
Re: (Score:2)
You are absolutely wrong. I hope you're not responsible for anyone else's IT operations. Do you have an IP address? It is certain that you are worthwhile to attack.
Big hosts like google and amazon will attract more attacks with more sophisticated methods, as I said, but no matter how small you are, you will be attacked. Constantly. Check your ssh and httpd logs if you don't believe me.
Comment removed (Score:4, Insightful)
Re:Really it means... (Score:5, Funny)
It makes sense. I am having a professional burglar come around tomorrow to check my locks. I told him not to come around tonight as I won't be in.
Phillip.
Re: (Score:2)
Re:Really it means... (Score:4, Funny)
Shocked. Shocked, I Tell You. (Score:5, Funny)
If anyone thinks this is the first collaboration between Google and the NSA, I've got a wall in China I want to sell you.
Re: (Score:2)
> If anyone thinks this is the first collaboration between Google and the NSA,
> I've got a wall in China I want to sell you.
You do? NICE!! PM me... :-)
Re: (Score:1, Interesting)
wasn't their first cto or cso former head of nsa?
Re: (Score:2)
If anyone thinks this is the first collaboration between Google and the NSA, I've got a wall in China I want to sell you.
I know you're joking but it's true, so really: The US has decided to publicly announce collaboration between Google and the NSA. It's Diplomacy by other means.
IDK... (Score:1)
Re:IDK... (Score:4, Insightful)
Google probably knows more than NSA when it comes to things like search, but when it comes to breaking into a computer that doesn't belong to you, you're not going to find anyone much more knowledgeable than the NSA.
Re:IDK... (Score:5, Insightful)
Re: (Score:2)
Different Experts , but also deniability (Score:5, Interesting)
I've said it before, but if Google's investigation points to Chinese government IPs, they must tread on careful ground because they have employees in China that could go to gulag if Google gets too curious.
Involving the NSA allows them a certain level of deniability/immunity, and let's face it, the NSA probably has been tracking Chinese Gov't IP's a lot longer than anyone, so I think it's not a question of 'better' experts, it more a question of experts experienced in doing what Google wants.
I still believe that Google is still holding cards to their chest. I mean, how many other corporate hacks have occurred where the corporation has publicly requested the assistance of the NSA?? I'm not aware of any (though I'm sure someone will post a link showing how little I know!). So I think Google already has very good evidence that the Chinese Gov't was behind it, but is afraid to make that information public.
Re: (Score:2)
If google does it and then 'sells the NSA the web (all of it with the robot pages sorted too) its ok.
US embassy staff mapping your streets? They would be followed in every city in the world.
Google can do it and sells it back to the US gov.
The US wants to track a phone, with NSA in the network, nobody uses a phone.
With google location marketing, its just a pest, but the tech stays on as you walk.
Google is more dual use, anythin
Re: (Score:2)
The corporate State considers that private enterprise in the sphere of production is the most effective and usefu [sic] instrument in the interest of the nation. In view of the fact that private organisation of production is a function of national concern, the organiser of the enterprise is responsible to the State for the direction given to production.
State intervention in economic production arises only when private initiative is lacking or insufficient, or when the political interests of the State are in
Re: (Score:1)
Re: (Score:1)
I find it hard to believe the NSA really has better computer experts than Google..
I don't have enough evidence to counter your assertion due to the shroud of top secret surrounding NSA. But I'd still like to point out two non-classified facts:
1. NSA is the biggest employer of Mathematic PHDs in North America.
2. In 1991, the "discovery" of differential cryptanalysis was publicly announced. But then people soon realized that the concept was already guarded against in IBM's DES cipher published back in 1976.
In 1994, IBM publicly admits that it knew about differential cryptanalysis i
Re: (Score:2)
I find it hard to believe the NSA really has better computer experts than Google...the real question is, what is Google really getting out of this?
Why is that? They done major linux developement [nsa.gov] in SELinux and have been using computers since hollerith cards and magnetic drum storage. Their own website [nsa.gov] talks about things like
Re: (Score:3, Interesting)
They are building big time in the fly over states.
Not Japan, Australia, the UK ect.
They care about you a lot.
some people move (Score:1)
to the FrontOffice
We define whats evil!
Stop using .. (Score:2)
Does google need that in a powerpoint slide via someone from Rick's rolodex?
Or does he only know CIA people
post chinese leaders' emails (Score:4, Interesting)
Block em for starters (Score:2)
OK so part of me says well why don't all of us start off by blocking all IP addresses assigned to China ... oh wait isn't that what China wants to do anyway? Block their people from getting to the Internet ... kinda sorta.
It might not be a bad idea for networks with no intention of communicating with China.
Google can Read Your Mind... (Score:5, Interesting)
Google has always been able to use the things people are looking up for evil: if someone using Apple's IP googles a particular microchip's specs, you might infer from that that they might be thinking of using that chip soon.
How about a Chinese IP googling "openssl 0.9.6 exploit".. especially if that IP was just visiting www.$SOMESITE.gov, where the HTTP-headers mention it's using "openssl-0.9.6". Or a Saudi Arabian IP googling for flight info inside the US, and a few seconds later, a Yemeni IP opening up the same URL (hmm, although without that site's cooperation, the NSA won't be able to see that, or are they..?)
Such powers would be interesting, for the wielder. Not so much for victims of its inevitable abuse.
No evil (Score:5, Funny)
Do no evil, with a little help from Satan.
Re: (Score:3, Insightful)
The motto isn't "don't do evil", it's "don't BE evil". Not a human alive has lived without doing evil, although some of us try very hard to not do evil.
Re: (Score:2)
There is no evil.
Re: (Score:2)
The whole “Don’t be evil” motto is a joke.
It is factually impossible for a human to willingly do something that he thinks is evil.
He will either justify it in some way, no matter what... Or he will say that something forced him, which takes him out of the responsibility.
I think, subconsciously everybody who created that slogan, is perfectly aware of that, and did choose it because of that.
So what (Score:3, Informative)
ATT routes all (yes all) their traffic thru the NSA
http://arstechnica.com/tech-policy/news/2007/11/ex-att-employee-nsa-snooping-internet-traffic-too.ars [arstechnica.com]
This move from Google is more political the security oriented.
Re: (Score:2)
Re: (Score:2)
By monitor I mean "filter" (and you can filter everything and store what trips the filters) in other words looking for specific things, but I'm no expert so I can't really say what they're doing.
Re: (Score:2)
I doubt that.. It's more like they can route anything they want to through it easily, splitting a stream copy. Yes I imagine they can monitor and search a large number of streams looking for something, it's the monitor everything part that I doubt. And in a small room in San Francisco.. You would need incredible storage capacity to save even 10 minutes of all the internet traffic on just AT&T's network.
They're not re-routing traffic through the NSA's secret room. If they were, the increase in latency alone would enable people to detect it. They are passively mirroring the circuits running through that facility, so that the communications are duplicated into the NSA's secret room. I would agree that it's not practical to store everything going into that room, but only certain people with the right authorization would know exactly what is being done with it at that point.
Re: (Score:2)
Thank you for the clarification, re routing is the wrong term, mirroring is a better term.
strategic advantage (Score:2)
The information gleaned from Google will probably give the US a little bit of an advantage in the coming cold war against China. Additionally, this kind of cooperation without divulging proprietary code or sacrificing anyone's privacy would serve as a much needed template for other US companies to share vital attack info with the US government. Right now every Chinese company probably gives the Chinese government full and unfettered access to their systems, a considerable advantage for the Chinese. Democ
why NSA hate? (Score:2, Insightful)
The NSA are experts in systems security. We use their hardening guidelines to secure our servers. They really contribute good stuff to Linux security. They really do want to keep US systems secure. I don't think anyone has ever seen them doing something truly shady, like injecting backdoors into popular software. As far as I can tell, they break codes in one department, and help secure systems in another department. These are the good guys (unlike the FBI, who are media-whoring, civil-rights-abusing porno-
Re: (Score:3, Insightful)
Some people may think that it is not a big deal, but really it is. First, it means (IMHO) that they think they can do anything they want. Based on the lack of political and legal fallout, apparently they are right. So, they have carte blanche to do whatever they want in terms of wiretapping, email reading, decrypting, etc. and there is nothing you can do about it. Second,
Re: (Score:2)
Sniffing Internet traffic is more like listening to radio signals than wire-tapping, in my opinion.
It would be nice to have the laws regarding this stuff clarified, though.
Re: (Score:2)
http://www.columbiatribune.com/news/2009/mar/14/fusion-center-data-draws-fire-over-assertions/ [columbiatribune.com]
Have a read of the "MIAC" report and understand who the NSA where to help target within the USA.
Chuck Baldwin, Bob Barr and Ron Paul supportes.
Re: (Score:1)
If you live inside the US and never make or receive calls overseas, you have absolute - repeat, ABSOLUTEL
Re: (Score:1)
Aside from that quip- 'the good guys' would probably want to do things in the open like the Linux community does. Sharing data and methodology and so on. I do not see a lot of that coming from the NSA. I'd be happy to be proven wrong.
Re: (Score:2, Insightful)
These are the good guys
Sure. As long as your definition of "Good Guys" includes domestic warrantless wiretapping.
Re: (Score:2, Funny)
These are the good guys (unlike the FBI, who are media-whoring, civil-rights-abusing porno-police).
Dick Gordon: National Security Agency.
Martin Bishop: Ah. You're the guys I hear breathing on the other end of my phone.
Dick Gordon: No, that's the FBI. We're not chartered for domestic surveillance.
Martin Bishop: Oh, I see. You just overthrow governments. Set up friendly dictators.
Dick Gordon: No, that's the CIA. We protect our government's communications, we try to break the other fella's codes. We're the good guys, Marty.
Martin Bishop: Gee, I can't tell you what a relief that is... Dick.
(shamelessly copi
Lets see the contract (Score:2)
I wonder what the NSA's hourly rate is. Surely Google is going to be paying them, right? If the spooks are being paid by tax dollars and working for the public sector there is something shady going on there. I'm all for the NSA and Google working together to make Google a more profitable comapany... Wait, no I'm not! Given Google's current stock valuation, they can go right ahead and kick down some cash to the Treasury. We're facing a how many trillion dollar deficit?
Re: (Score:1)
I bet their hourly rate is 666 LoC worth of emails.
Want a simple fact about privacy? (Score:2)
"Want a simple fact about privacy? Privacy's Dead!" - Shepard Smith.