Amazon Awarded Secret $10 Billion NSA Cloud Computing Contract

The National Security Agency has awarded a cloud computing contract worth up to $10 billion to Amazon, Nextgov reported Tuesday. The Hill reports: The contract, named "WildandStormy" according to protest filings obtained by the outlet, appears to be part of the NSA's attempts to modernize its repository for classified data. The award is being challenged by Microsoft, according to Government Accountability Office records. A Microsoft spokesperson confirmed that it is filing the protest "based on the decision." "We are exercising our legal rights and will do so carefully and responsibly," they added.

Accumulo in the cloud

[mveloso]

Put it where it belongs, "up there."

Partner with SpaceX for LEO region

[mveloso]

AWS needs to partner with SpaceX and fire up a Low-Earth-Orbit region.

Re:

[BeerFartMoron]

AWS needs to partner with SpaceX

Someday that "whoosh" sound could be a Blue Origin rocket but you'll still be an idiot.

If that were the case, "LEO Region is UP! Oh, and it went right back DOWN again." is all you'll ever see on the status board.

What could possibly go wrong?

[shanen]

Vacuous FP branch, eh?

Subject was what I came looking for (as part of the usual futile search for Funny on today's Slashdot). Should have included something about a Bond villain, too.

All searches in vain, eh?

New theory of what happened to Slashdot. Reading The Enigma of Reason by Mercier and Sperber. Still trying to figure it out, but the basic idea seems to be that "reason" is mostly for rationalization and persuasion in the context of social interactions. So my extended hypothesis is that if the Interne

Re:

[dowhileor]

And don't forget to kick Microsoft in the ass first?

internet sales

[harvey the nerd]

No telling what Jeff will find to sell in there...

Re:

[AutodidactLabrat]

It's called "Fact over Fiction" to all the R's scams

Re:

[cusco]

I know you're being facetious, but the AWS data store is very carefully designed so that no matter what permissions any Amazonian has they cannot access customer data without being granted permission by the customer's admins. All anyone at AWS can see is a block of encrypted data X-many bytes long. If they need to move that block from one virtual location to another they can, but only as a solid block. I used to work at AWS and one of the data techs attempted to explain it to me while we were working on

Re:

[bill_mcgonigle]

> no matter what permissions any Amazonian has they cannot access customer data

Can a vm not be started without customer intervention?

Re:

[cusco]

Sure, but if you're not the owner you can't access it so it's just a pile of electrons floating around.

Re:

[iggymanz]

you're assuming no one subverts the Xen virutalization, we already know processors have more holes than swiss cheese for that. it'll happen, someone will do ransomware on the whole big wad.

Re:

[cusco]

There are multiple layers of protections, a large group of scary-smart people worked on it for a long time. It's good enough to convince the CIA and IRS, and both test it regularly. Now apparently they've convinced the NSA as well.

Re: internet sales

[e3m4n]

My concern has always been at the storage layer. I have seen too many times how a bug in storage controllers takes out an entire SAN. Without the storage layer, youve no VM to run. Its always looked like an achilles heel to me. Its not a compromise of data, but if the services are mission critical, they just went offline.

Re:

[cusco]

A decade ago I saw what was supposed to be a video controller firmware update do something weird and hose the firmware on a RAID controller. Shit happens, that's what backups, failovers, and shadow copies are for. AWS sells services for almost-instant failover capabilities if your VM is mission critical, we use it every month to run updates on our systems and most times end users aren't even aware anything has happened.

Re:

[iggymanz]

bullshit, you're spewing the same feel-good Microsoft did before the ransomware storm. There are multiple layers with known exploits, there fixed that for you.

Re:

[cusco]

Really? Well, you'd best inform AWS of their vulnerabilities, if they're real they'll probably offer you a high paying job doing interesting and cutting edge work fixing the largest cloud implementation on the planet. Who wouldn't want that on their resume?

What, you don't actually know of any? What a surprise!

Re:

[iggymanz]

You're hilarious and whistling dixie in ignorance. In my job I've been seeing the destruction in last four month of systems of ignorant people like you (and having to clean up the mess while they whine like bitches). The big ransomware engines have been ported to Linux and several virtualization platforms, only a matter of time.

Re:

[cusco]

Ah, so you don't actually have any "known vulnerabilities" that you can point at, you just have a feeling in your gut that some exist. I'm sure that's a valuable talent, somewhere. There may not be a job waiting for you at AWS after all.

Re:

[iggymanz]

Too lazy to google? The list of vulnerabilities of hardware and virtualization and services that AWS uses is long. You suck, amazon is in danger with your type employed. You're going to get owned.

Re:internet sales

[cusco]

I work in physical security, key cards, alarm systems, cameras, that stuff. I'm aware of our vulnerabilities, we have mitigations in place for most of them (and are moving away from iClass cards as soon as possible). I seriously doubt that the storage team is sitting on their hands waiting for someone else to send them a fix, people like that don't last long at AWS.

Re:

[GoTeam]

It's software, there are vulnerabilities. It's connected to the internet, there are many vulnerabilities. All admins should have that perspective.

Re:

[Cyberax]

you're assuming no one subverts the Xen virutalization

You can get dedicated hardware instances or bare metal instances on AWS to guard against breakouts.

Oh, and if you DO break out of Xen and try to do something interesting, you're in for a lot of surprises. Let's just say that AWS takes the control plane security very seriously (I worked at AWS).

Re: internet sales

[e3m4n]

Is AWS actually Xen? I figured they would be doing something a bit different maybe using it as their base. Given how large the cloud is, pushing the boundaries usually required custom code to deal with issues of scale.

Re:

[Cyberax]

Is AWS actually Xen?

The legacy instance types are on Xen, all the new instance types are on KVM + qemu. Amazon now has its own userspace for the hypervisor (Firecracker) that is used for Lambda and some other stuff. But there are surprisingly few modifications that Amazon makes to Xen or qemu, all the interesting stuff runs as services.

Re:

[iggymanz]

pffft, yeah that's what Microsoft said about Windows security before the last four months of ransomware ownage.

Again, more holes than swiss cheese and yes even exploitable on your bare metal if it has web services or is on same vnet as machine that does.

Prepare for assimilation. Tick tock tick tock, only a matter of time

Can you say

[Otis B. Dilroy III]

Ring...

Re:

[ksw_92]

You mean like Star Wars (3 parts, each with 3 episodes)? We just saw the end of the JEDI (with Bezos holding the red lightsaber) so now Microsoft is starting in with the "Empire Strikes Back"?

Re: Can you say

[e3m4n]

Ok Im usually good with leaps of logic, but help me out here. How did watching peoples cameras without their permission segway to star wars? And then leap back to amazon/microsoft?

Re:

[ksw_92]

Star Wars was envisioned to look loosely like Wagner's Ring Cycle.

The DoD put out an RFP for their "JEDI" cloud computing contract. Microsoft won, Amazon (and Oracle, playing Gov. Tarkin) raised enough legal hell to get the DoD to cancel the JEDI award and later the whole contract. (I think that last is still pending?)

Now we have the NSA awarding a large contract to Amazon. Of course Microsoft is going to strike back.

The only winners in this whole thing are the lawyers.

Re:

[e3m4n]

ahh gotcha. I missed the connection with the jedi contract thing. I remember the deal, but missed it being named JEDI. Damn millennials and their naming conventions, lol. The latest rules for verifying the callerID on the PSTN is now called SHAKEN/STIR. As if callerid has a damn thing to do with Ian Fleming. I think your analogy definitely works since Microsoft was always considered 'the evil empire' back in the early 2000s. So I guess next we have to worry about Arthur Conan Doyle fans, Frank Herbert fan

Re:

[cusco]

You have to admit, the awarding of the JEDI contract was pretty blatantly because the orangutan in the Oval Office was less jealous of Nadella than he was of Bezos.

In this case the NSA has awarded based on the several years of services AWS has been providing to the CIA and IRS without issues, and their own analysis of the capabilities of the two companies.

One of my coworker's previous gig was network support for Azure, when I told him about the JEDI award his first words were, "They're going to regret that.

Crazy

[stabiesoft]

I visited an NSA facility in the 80's. If you brought a tape with software on it into the facility, you did not bring it out. And they would not load it even if you brought it in. Now they outsource it all. Crazy. NSA can get a pretty nice datacenter that they completely control for 10B. And they should.

Re: Crazy

[VTBlue]

Itâ(TM)s not crazy because they cannot actually procure and retain the subject matter expertise needed to deliver solutions when it requires full-stack deployments. Simply having the availability of components or source code does not mean the build and integration work is trivial. They want the cloud because they want to build solutions, not the underlying build, assembly, and integration work.

Re:

[rtb61]

Who is kidding who, corruption created that contract and corruption signed off on it. They don't care how well it works, as long as they spend a whole lot less on it than they charged and they will make it as bad as they can get away with and charge extra, any time they can.

The NSA as supplied by Amazon, who is in charge, the US government or Amazon. Should have been done all in house, trained up staff. So many leaks, all because, Amazon will absolutely do the cheapest worst possible job it can get away wi

Re:

[cusco]

I think you're confused, this isn't HP we're talking about.

Re: Crazy

[e3m4n]

In the 90s, at the FBI headquarters, VA; most everything was connected with fiber so that you could not sniff ethernet packets using a device that read the EM fields caused by current traveling through a conductive material. Imagine what levels of appropriate paranoia are in play in 2021.

Re:

[stabiesoft]

In the 80's buildings where I worked were sometimes tempest rated I believe they called it. No EM left the building. No need for fiber when the entire building is shielded.

Re:

[Pascoea]

You haven't been playing close enough attention lately. Whomever is behind these sock-puppet accounts is just a shit-stirring troll, and gets modded as such.

Re:

[Rhipf]

Tucker Carlson doesn't actually call out anyone. If you listen closely he makes accusations that sound like damning but don't actually have any substance to them. His preferred method of doing this is with leading questions that he never actually answers.
It is very telling that Fox News itself labels Tucker Carlson as an opinion/entertainment show and that no reasonable person would take him seriously.

You Literally Can't Believe The Facts Tucker Carlson Tells You. So Say Fox's Lawyers https://www.npr.org/20 [npr.org]

To people joking about cloud

[Cyberax]

AWS is not really selling access to their public cloud to the NSA. Instead Amazon will build a data center for the NSA that is completely separated from the public Internet.

Technicians that need to access it have to work from SCIFs (Secure Compartmentalized Information Facility) that are guarded by people with machine guns. You also need a clearance from the government. The data transfer is one-way only (from the low-security to the high-security) and only very coarse-grained stats for monitoring flow back.

It's more like AWS selling a classic data center that just happens to have the usual AWS API to manage servers.

Re:To people joking about cloud

[Gravis Zero]

To people joking about cloud

Oh well there goes mister serious-pants and his facts and figures, ruining our fun! Do you also work as a mall Santa just to tell children that Santa isn't real? ;_;

Every loser sues

[bussdriver]

Any big corp situation results in the losers suing. Amazon sued when Trump killed their DoD contract that was practically written for them. Amazon likely is the best provider; we have decades of IBM and MS burning $ with tons of problems costing even more money. I have not heard of Amazon nightmares like I have for decades of the other vendors big enough and "qualified" enough to do these jobs.

None of the contractors look like a great deal for anything government and given the scale it would probably be b

Re:

[gtall]

You are certainly correct. There is a very large conspiracy in the U.S. Government to turn the country over to Amazon. Entire naval ships will become floating Amazonian warehouses. The UFOs that the Space Force is has now agreed to investigate? Those are Amazon UFOs stealing your brainwaves and selling them to Russia. Tinfoil hats? They sell them on Amazon, don't they? I'll bet they even helped Biden steal the election by making the voting machines and then selling them via front companies to the U.S. votin

Political Power

[JBMcB]

You're joking, but you are also correct. Government largesse is the underlying reason for government and corporate corruption.

As a corporation, you can either invest money in making better products, or developing new products. Or, you can hire a few lobbyists, donate a few tens of thousands of dollars to the right politicians, and score a multi-million dollar contract from the government. What's the better return on investment?

There's a voicemail floating around of representative Elanor Norton cold-calling

Re: Cronyism

[e3m4n]

Except that Amazon/Bezos shows up in the paper all the time crying like a bitch every time he doesnt get picked for the kickball team. He is the worst/biggest example of "Im gonna take my ball and go home" I have ever seen.

Re:

[cusco]

Not sure how awarding the contract to the one company on the planet capable of fulfiling it is 'cronyism'.

Microsoft's security certifications provisionally granted on a temporary basis for the JEDI contract aren't going to convince the NSA that they're capable, but AWS's history of supporting the CIA contract over the last several years shows they can actually do the work.

Erm, about that "secret" contract

[greytree]

Don't worry, Slashdotters won't tell anyone .

Here we go again

[Bryan Gritton]

With Microsoft already challenging the award to AWS, I predict they'll tie this up in litigation for 9 or 10 years then cancel the project. The only people who will win are the lawyers.

Not a secret

[Stubbyfingers]

I guess it's not a secret now.