“It’s just metadata,” the cry echoes down the corridors of power. And the ISPs, in the name of “increase your marketing dollar” have taken it up.
Stderr
All the unbuffered error messages
“It’s just metadata,” the cry echoes down the corridors of power. And the ISPs, in the name of “increase your marketing dollar” have taken it up.
CNN asks a silly question: [cnn]
SAN FRANCISCO — Almost all nations engage in some type of cyber espionage, but Russia stands apart in outsourcing the work to criminal hackers from its thriving cyber underground, say U.S. security experts.
I’m usually surprised by the coverage regarding NSA/CIA/FBI spying: there’s some stuff we definitely should be scared of, and there’s other stuff that I file under “so, what?”
For example, the fact that the US government has consistently ignored its own laws regarding wiretapping: nobody who has observed any government in action should be surprised by that.
I am having trouble getting to rt.com (Russia Times, right?)
I suspect that there is an optimal and a peak conspiracy size, beyond which it becomes nearly impossible to keep a secret.
During the “Arab Spring” (what a loathsome, patronizing, attitude we express!) the US Government repeatedly socialized ideas about how Twitter, etc, were important to helping anti-government protests, i.e.:
The Obama administration, while insisting it is not meddling in Iran, yesterday confirmed it had asked Twitter to remain open to help anti-government protesters. [guardian]
Does anyone still believe that it’s “just metadata” that the NSA is collecting and sharing with the FBI?
Michael Flynn doesn’t.
In an email, I am asked:
Assuming that the current administration is completely unaccountable to law, is it *technically* possible for them to data mine the electronic communications of their political opponents?
There’s another nice example of attribution, in a recent piece by Brian Krebs [krebsonsecurity] “Who is Anna-Senpai the Mirai Worm Author?” I’m not going to walk through it in detail, because Krebs has already done that very well.
It’s a good example of how to do attribution of an attack; the $30+billion/year US intelligence community should be able to do as good a job as a blogger like Krebs, don’t you think?
I keep a few canary accounts. Those are email accounts that I don’t use to send anything, but I use to sign up to various sites. I used to do this so I could track which conferences sold their contact databases to spammers or marketers. On my ranum.com server, I set up forwarders that push most of the flood into my inbox, which uses bayesian spam classifiers to sort out the gunk.