Soo finally I'm getting around to posting a few things. Firstly a little background, I have some experience and a few certifications in the cyber-security field working for one of the major ISP's. I don't work for the Gubymint though we do some work for them. I focus mainly on internal stuff going back out. I'll answer what questions I can if any of you have them.
I've been reading about Gubymit consiracies for years and I do LOVE a GOOD conspiracy (keyword here is GOOD). I find that most people are greatly misinformed and or mislead when It comes to cyber-security, Gubermint eavesdropping, hacking ect. You really need to understand why things work the way they do on a starship to be abel to do what they do.
The recent rash of "state sponsored" virus like Stuxnet, and Gauss were developed several years ago. They were "found" only because most likely they served their prurpose. Also what was found doesn't mean that it is the ACTUAL product. We have seen this stuff for awhil now, take Gauss for instance :
On August, 9 2012, Kaspersky filed a press release stating that they had discovered the “Gauss” virus. According to the release Gauss is a, “complex, nation-state sponsored cyber-espionage toolkit designed to steal sensitive data, with a specific focus on browser passwords, online banking account credentials, cookies, and specific configurations of infected machines.”
“The Flame” was the second cyber-espionage toolkit to be discovered, surfacing in May 2012. This piece of malware had the ability to record audio, screenshots, traffic and even keystrokes of an infected computer. It also had the subsequent ability to remotely transmit this information back to a central location. This piece of malware targeted Iran as well, but also had several targets throughout the Middle East and North Africa, including: Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
“Stuxnet,” discovered in June 2010, was the first major cyber weapon to be uncovered, and was created in order to target and disrupt the Uranium enrichment powers of several Iranian companies. According to an upcoming book about cyber-security, sources have apparently confirmed the United States’ and Israel’s collaboration in this project.
These were all developed 3-5 yrs ago, the new stuff wont be found for a few years and thats not even taking into account on what the "other" side is sending back our way in retaliatoin.
All of them appear mainly outside the U.S., why you might ask? well, A) They very easily could have something (like finfisher) here in the CONUS. Then again they don't really need to use anything. B) Thanks to the patriot act a special agent can send over a order to a ISP or telecomm under the auspices of Calea and get all of a persons phone records, text messages, browser history, IM history, Email history, and even get a direct link to a persons computer. Oh and notice I didn't say a jusges order or supeana! NOPE just a SAIC (special agent in charge) sends over a special request and they get a load of information, then if it's determined to be needed they get a more encompassing warrent signed by a judge. I don't do these reports, I monitor the folks that do pull this information. We used to write them up for Code of Conduct violations and breaking certain laws since the information is zipped then sent in the clear with no encryption. WHY you ask? because the agency or law enforcement department usually cant de-crypt files since they either don't know how, have a much older version or have a free version that doesn't allow them to! So much for the Guberment protecting your rights and privacy!!
Here is another little tidbit most people don't seem to understand. TOR is a IP anonymizer and in 3rd world countries it works great! but, some things we in the free world (supposedly) should know. TOR was designed for ...the DOD. It was released later on as freeware by...the DOD. You may be asking yourself "well so what wildcard, whats up with that?" well, do you really think they are gonna release something that could be used against the U.S. Gubermint without creating some kind of back door, especially for the encryption portion? From what I have heard from some folks I took a certification class with, it was released to help "freedom fighters", disadents ect in foreign countries primarily however, they still wanted to be able to monitor what was going on. Another thing to consider for the IP anonymizing portion: information leaves your PC in the form of packets, to get anonymized it goes to a anonymizing proxy server but, before it gets there it has to cross your ISP's gateway and backbone. Guess where the taps are at? (BTW tehy are usually our taps and we just feed the info to whichever agency requires it like NSA). I know they may sound like paraoid ramblings but keep this in mind, I monitor our network, I know how it operates from the inside, I know where the taps are, the loggers, and I know what kind of systems "tehy" use cause its some of the same systems WE use.
This isn't meant to give anyone a feeling of doom and gloom ala GLP. I just think it fair if some of you know some of how things work. For the vast majority of us all, it's really no big deal. Unless TPTB are looking for you, or are monitoring you. Yes it is hard to "find someone doing something", like a needle in a very very large haystack but, if they already are monitoring you, well not much you really can do.
If they aren't monitoring you or looking for you you can make it difficult for them but you can never make it impossible. NSA or any other groups greatest asset is their people, not their systems. I say this because they are just like me, doing the same thing all day long gets really boring and monotenous, when I (or them) get whiff of a scent we are like bloodhounds on the hunt and I am a very tenacious hunter.
Ill post more when time allows and I'll answer any questions and no this isn't gonna be a "im a such and such ask me a question" kinda GLP thread. I won't answer anything that will be illegal or violate confidentiality rules of my company but, if you have a serious question or want to learn more about cyber or network security then I will answer as best I can.