Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Google Security United States IT

Google and NSA Teaming Up 125

i_frame writes "The Washington Post reports that 'Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google — and its users — from future attack.'"
This discussion has been archived. No new comments can be posted.

Google and NSA Teaming Up

Comments Filter:
  • by elrous0 ( 869638 ) * on Thursday February 04, 2010 @09:29AM (#31021970)

    NSA: We need complete access to your gmail system.

    Google: Alright! This is to help us with the recent China break-in, right?

    NSA: Um, sure...

  • Google and the FCC could get in cahoooooooooooo crap hope I didn't give someone a bad idea...
  • by muckracer ( 1204794 ) on Thursday February 04, 2010 @09:35AM (#31022038)

    As part of the agreement a new slogan to be used jointly by both Google and the NSA has been implemented:

    "No Such Evil" ...

  • Defend its users? (Score:5, Informative)

    by sakdoctor ( 1087155 ) on Thursday February 04, 2010 @09:38AM (#31022074) Homepage

    I can defend myself perfectly well, by using the correct tool for the job:

    Self hosted mail server: Business, personal, anarchism.
    Gmail: Fwding Lolcats.

    • by Pojut ( 1027544 )

      I've been considering setting up my own mail server...the service provided by my Domain Hoster (prouddomains) is fairly stable and rock solid, but I still like the idea of having complete control over my email.

      I suppose the question is should I build a seperate box, or just incorporate it into a server I already have running as an archive and (non-HD) media streamer...it's already far overpowered for the task (Core 2 Duo E8400 and 4 gigs of ram), I doubt adding email duties to it would be too big of a deal.

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        Your "media streamer" system has 125 times the amount of memory, about 70 to 100 times the processing power, and probably several hundred times the storage space of the mail server I set up for a company with 40,000 users back in the late 1990s.

        Thanks to Sun hardware and Solaris, that system handled the load just fine, and even did some rudimentary spam filtering. I doubt you could even generate a similar load on your system. If it can't handle a small fraction of what we could easily handle over a decade a

        • by Pojut ( 1027544 )

          Like I said, it's already overpowered for the tasks given to it :-) But it's what I had laying around, so...

        • by ae1294 ( 1547521 )

          I doubt you could even generate a similar load on your system. If it can't handle a small fraction of what we could easily handle over a decade ago, then something is really fucked up.

          Yes but he was talking about exchange not qmail... Plus we often times forget to "think of the hackers's" when we decide on minimum hardware requirements.

    • Re:Defend its users? (Score:5, Interesting)

      by Lord Ender ( 156273 ) on Thursday February 04, 2010 @10:21AM (#31022608) Homepage

      Cloud computing has interesting security implications.

      The IT security team protecting Gmail are better at security than the team protecting your average datacenter, and they are FAR better at security than your average small business or home user "IT security team."

      But on the other hand, far more attackers are going to try far harder to get into gmail than to get into your small business mail server.

      So how do these factors balance out? On the whole, I think medium-to-large businesses with dedicated IT security staff will provide better security than you would get by cloudsourced IT; but the small businesses with no dedicated IT security staff really would be better off, from a security perspective, sending their IT systems to "the cloud."

      • by Anonymous Coward on Thursday February 04, 2010 @10:36AM (#31022784)

        Wait a minute. I'm a manager, and I've been reading a lot of case studies and watching a lot of webcasts about The Cloud. Based on all of this glorious marketing literature, I, as a manager, have absolutely no reason to doubt the safety of any data put in The Cloud.

        The case studies all use words like "secure", "MD5", "RSS feeds" and "encryption" to describe the security of The Cloud. I don't know about you, but that sounds damn secure to me! Some Clouds even use SSL and HTTP. That's rock solid in my book.

        And don't forget that you have to use Web Services to access The Cloud. Nothing is more secure than SOA and Web Services, with the exception of perhaps SaaS. But I think that Cloud Services 2.0 will combine the tiers into an MVC-compliant stack that uses SaaS to increase the security and partitioning of the data.

        My main concern isn't with the security of The Cloud, but rather with getting my Indian team to learn all about it so we can deploy some first-generation The Cloud applications and Web Services to provide the ultimate platform upon which we can layer our business intelligence and reporting, because there are still a few verticals that we need to leverage before we can move to The Cloud 2.0.

  • Comment removed (Score:4, Insightful)

    by account_deleted ( 4530225 ) on Thursday February 04, 2010 @09:41AM (#31022110)
    Comment removed based on user account deletion
  • by RobotRunAmok ( 595286 ) on Thursday February 04, 2010 @09:43AM (#31022140)

    If anyone thinks this is the first collaboration between Google and the NSA, I've got a wall in China I want to sell you.

    • > If anyone thinks this is the first collaboration between Google and the NSA,
      > I've got a wall in China I want to sell you.

      You do? NICE!! PM me... :-)

    • Re: (Score:1, Interesting)

      by Anonymous Coward

      wasn't their first cto or cso former head of nsa?

    • If anyone thinks this is the first collaboration between Google and the NSA, I've got a wall in China I want to sell you.

      I know you're joking but it's true, so really: The US has decided to publicly announce collaboration between Google and the NSA. It's Diplomacy by other means.

  • I find it hard to believe the NSA really has better computer experts than Google...the real question is, what is Google really getting out of this?
    • Re:IDK... (Score:5, Insightful)

      by Zen Hash ( 1619759 ) on Thursday February 04, 2010 @10:08AM (#31022436)
      The NSA has probably captured additional communications related to the attack, aside from what went through Google's network. I'd imagine they generally have far more extensive resources and experience than Google, when it comes to capturing/analyzing communications.
    • by gnieboer ( 1272482 ) on Thursday February 04, 2010 @10:18AM (#31022554)

      I've said it before, but if Google's investigation points to Chinese government IPs, they must tread on careful ground because they have employees in China that could go to gulag if Google gets too curious.

      Involving the NSA allows them a certain level of deniability/immunity, and let's face it, the NSA probably has been tracking Chinese Gov't IP's a lot longer than anyone, so I think it's not a question of 'better' experts, it more a question of experts experienced in doing what Google wants.

      I still believe that Google is still holding cards to their chest. I mean, how many other corporate hacks have occurred where the corporation has publicly requested the assistance of the NSA?? I'm not aware of any (though I'm sure someone will post a link showing how little I know!). So I think Google already has very good evidence that the Chinese Gov't was behind it, but is afraid to make that information public.

    • by AHuxley ( 892839 )
      If the NSA indexes the web, people would notice, track back, mess with bots.
      If google does it and then 'sells the NSA the web (all of it with the robot pages sorted too) its ok.
      US embassy staff mapping your streets? They would be followed in every city in the world.
      Google can do it and sells it back to the US gov.
      The US wants to track a phone, with NSA in the network, nobody uses a phone.
      With google location marketing, its just a pest, but the tech stays on as you walk.
      Google is more dual use, anythin
      • The corporate State considers that private enterprise in the sphere of production is the most effective and usefu [sic] instrument in the interest of the nation. In view of the fact that private organisation of production is a function of national concern, the organiser of the enterprise is responsible to the State for the direction given to production.

        State intervention in economic production arises only when private initiative is lacking or insufficient, or when the political interests of the State are in

    • I doubt the NSA has beet computer experts than Google but I would guess that while the security experts at each institution are top notch the NSA has a lot more of them than Google.
    • by zill ( 1690130 )

      I find it hard to believe the NSA really has better computer experts than Google..

      I don't have enough evidence to counter your assertion due to the shroud of top secret surrounding NSA. But I'd still like to point out two non-classified facts:

      1. NSA is the biggest employer of Mathematic PHDs in North America.

      2. In 1991, the "discovery" of differential cryptanalysis was publicly announced. But then people soon realized that the concept was already guarded against in IBM's DES cipher published back in 1976.

      In 1994, IBM publicly admits that it knew about differential cryptanalysis i

    • I find it hard to believe the NSA really has better computer experts than Google...the real question is, what is Google really getting out of this?

      Why is that? They done major linux developement [nsa.gov] in SELinux and have been using computers since hollerith cards and magnetic drum storage. Their own website [nsa.gov] talks about things like

      We develop the means to dominate the global computing and communications network. .... Imagine working with the most sophisticated tools available and over-the-horizon technologies that won't come into commercial mainstream use for many years. ... Today, our work takes us into the worlds of knowledge discovery, advanced mathematics

  • from the Backoffice

    to the FrontOffice

    We define whats evil!

  • Microsoft?
    Does google need that in a powerpoint slide via someone from Rick's rolodex?
    Or does he only know CIA people
  • by peter303 ( 12292 ) on Thursday February 04, 2010 @10:08AM (#31022424)
    The Chinese people would love to hear about their bribes and mistresses. The NSA must have these if they exist.
  • OK so part of me says well why don't all of us start off by blocking all IP addresses assigned to China ... oh wait isn't that what China wants to do anyway? Block their people from getting to the Internet ... kinda sorta.

    It might not be a bad idea for networks with no intention of communicating with China.

  • by netsharc ( 195805 ) on Thursday February 04, 2010 @10:19AM (#31022576)

    Google has always been able to use the things people are looking up for evil: if someone using Apple's IP googles a particular microchip's specs, you might infer from that that they might be thinking of using that chip soon.

    How about a Chinese IP googling "openssl 0.9.6 exploit".. especially if that IP was just visiting www.$SOMESITE.gov, where the HTTP-headers mention it's using "openssl-0.9.6". Or a Saudi Arabian IP googling for flight info inside the US, and a few seconds later, a Yemeni IP opening up the same URL (hmm, although without that site's cooperation, the NSA won't be able to see that, or are they..?)

    Such powers would be interesting, for the wielder. Not so much for victims of its inevitable abuse.

  • No evil (Score:5, Funny)

    by McGiraf ( 196030 ) on Thursday February 04, 2010 @10:23AM (#31022626)

    Do no evil, with a little help from Satan.

    • Re: (Score:3, Insightful)

      by mcgrew ( 92797 ) *

      The motto isn't "don't do evil", it's "don't BE evil". Not a human alive has lived without doing evil, although some of us try very hard to not do evil.

    • The whole “Don’t be evil” motto is a joke.
      It is factually impossible for a human to willingly do something that he thinks is evil.
      He will either justify it in some way, no matter what... Or he will say that something forced him, which takes him out of the responsibility.

      I think, subconsciously everybody who created that slogan, is perfectly aware of that, and did choose it because of that.

  • So what (Score:3, Informative)

    by koan ( 80826 ) on Thursday February 04, 2010 @10:26AM (#31022666)

    ATT routes all (yes all) their traffic thru the NSA
    http://arstechnica.com/tech-policy/news/2007/11/ex-att-employee-nsa-snooping-internet-traffic-too.ars [arstechnica.com]

    This move from Google is more political the security oriented.

    • by dbcad7 ( 771464 )
      I doubt that.. It's more like they can route anything they want to through it easily, splitting a stream copy. Yes I imagine they can monitor and search a large number of streams looking for something, it's the monitor everything part that I doubt. And in a small room in San Francisco.. You would need incredible storage capacity to save even 10 minutes of all the internet traffic on just AT&T's network.
      • by koan ( 80826 )

        By monitor I mean "filter" (and you can filter everything and store what trips the filters) in other words looking for specific things, but I'm no expert so I can't really say what they're doing.

      • I doubt that.. It's more like they can route anything they want to through it easily, splitting a stream copy. Yes I imagine they can monitor and search a large number of streams looking for something, it's the monitor everything part that I doubt. And in a small room in San Francisco.. You would need incredible storage capacity to save even 10 minutes of all the internet traffic on just AT&T's network.

        They're not re-routing traffic through the NSA's secret room. If they were, the increase in latency alone would enable people to detect it. They are passively mirroring the circuits running through that facility, so that the communications are duplicated into the NSA's secret room. I would agree that it's not practical to store everything going into that room, but only certain people with the right authorization would know exactly what is being done with it at that point.

        • by koan ( 80826 )

          Thank you for the clarification, re routing is the wrong term, mirroring is a better term.

  • The information gleaned from Google will probably give the US a little bit of an advantage in the coming cold war against China. Additionally, this kind of cooperation without divulging proprietary code or sacrificing anyone's privacy would serve as a much needed template for other US companies to share vital attack info with the US government. Right now every Chinese company probably gives the Chinese government full and unfettered access to their systems, a considerable advantage for the Chinese. Democ

  • why NSA hate? (Score:2, Insightful)

    by Lord Ender ( 156273 )

    The NSA are experts in systems security. We use their hardening guidelines to secure our servers. They really contribute good stuff to Linux security. They really do want to keep US systems secure. I don't think anyone has ever seen them doing something truly shady, like injecting backdoors into popular software. As far as I can tell, they break codes in one department, and help secure systems in another department. These are the good guys (unlike the FBI, who are media-whoring, civil-rights-abusing porno-

    • Re: (Score:3, Insightful)

      They wiretapped US citizens in the US without a warrant. That's illegal and immoral, and goes against their charter and policies.

      Some people may think that it is not a big deal, but really it is. First, it means (IMHO) that they think they can do anything they want. Based on the lack of political and legal fallout, apparently they are right. So, they have carte blanche to do whatever they want in terms of wiretapping, email reading, decrypting, etc. and there is nothing you can do about it. Second,
      • Sniffing Internet traffic is more like listening to radio signals than wire-tapping, in my opinion.

        It would be nice to have the laws regarding this stuff clarified, though.

      • As a former member of NSA, I can assure you that domestic eves dropping is definitely not allowed. The NSA can (and do) listen to communications originating outside the USA. If an intercept triggers certain key words or phrases, then the channel is fully monitored. If the other end of the connection is inside the US, then so be it. The original intercept was targeted at a location external to the US.

        If you live inside the US and never make or receive calls overseas, you have absolute - repeat, ABSOLUTEL
    • They let people in the NSA look at /. Who knew?

      Aside from that quip- 'the good guys' would probably want to do things in the open like the Linux community does. Sharing data and methodology and so on. I do not see a lot of that coming from the NSA. I'd be happy to be proven wrong.
    • Re: (Score:2, Insightful)

      by Webster9 ( 1156495 )

      These are the good guys

      Sure. As long as your definition of "Good Guys" includes domestic warrantless wiretapping.

    • Re: (Score:2, Funny)

      by Leebert ( 1694 ) *

      These are the good guys (unlike the FBI, who are media-whoring, civil-rights-abusing porno-police).

      Dick Gordon: National Security Agency.
      Martin Bishop: Ah. You're the guys I hear breathing on the other end of my phone.
      Dick Gordon: No, that's the FBI. We're not chartered for domestic surveillance.
      Martin Bishop: Oh, I see. You just overthrow governments. Set up friendly dictators.
      Dick Gordon: No, that's the CIA. We protect our government's communications, we try to break the other fella's codes. We're the good guys, Marty.
      Martin Bishop: Gee, I can't tell you what a relief that is... Dick.

      (shamelessly copi

  • I wonder what the NSA's hourly rate is. Surely Google is going to be paying them, right? If the spooks are being paid by tax dollars and working for the public sector there is something shady going on there. I'm all for the NSA and Google working together to make Google a more profitable comapany... Wait, no I'm not! Given Google's current stock valuation, they can go right ahead and kick down some cash to the Treasury. We're facing a how many trillion dollar deficit?

    • by zill ( 1690130 )
      I bet NSA doesn't get paid with money (they can just sudo into Department of the Treasury's computer and print a few tons of Benjamins).

      I bet their hourly rate is 666 LoC worth of emails.
  • "Want a simple fact about privacy? Privacy's Dead!" - Shepard Smith.

Technology is dominated by those who manage what they do not understand.

Working...