Aurora Attackers Were Looking For Google's Surveillance Database 81
An anonymous reader writes "When in early 2010 Google shared with the public that they had been breached in what became known as the Aurora attacks, they said that the attackers got their hands on some source code and were looking to access Gmail accounts of Tibetan activists. What they didn't make public is that the hackers have also accessed a database containing information about court-issued surveillance orders that enabled law enforcement agencies to monitor email accounts belonging to diplomats, suspected spies and terrorists. Whether this was the primary goal of the attacks as well as how much information was exfiltrated is unknown. current and former U.S. government officials interviewed by the Washington Post say that the database in question was possibly accessed in order to discover which Chinese intelligence operatives located in the U.S. were under surveillance."
First HOSTS! (Score:2, Funny)
Should have used a HOSTS file for better security.
Google, Big Brother's Helper ? (Score:3, Informative)
What they didn't make public is that the hackers have also accessed a database containing information about court-issued surveillance orders that enabled law enforcement agencies to monitor email accounts belonging to diplomats, suspected spies and terrorists.
Welcome to 1984, man !!
Re:Google, Big Brother's Helper ? (Score:5, Funny)
.. and anybody else, as long as the authority can label them "potential threats"
"Diplomats" is a clearly defined set. The set "suspected spies and terrorists" already contains everybody.
"highering" is right! (Score:2, Flamebait)
Re: "highering" is right! (Score:3, Insightful)
Re: (Score:3)
While there may be laws on the books in the US protecting citizens from the CIA, NSA, DHS, FBI, etc...(goddamn long list of Govt. agencies) those laws have been ignored for a dozen years.
How can they be sure you're a citizen if they don't spy on you?
Be reasonable.
Re: (Score:2)
Re: (Score:2)
Since there are supposedly laws preventing the C.I.A. and N.S.A. from spying on our own countrymen, countrywomen, country-boys-and-girls-and-cats-and-dogs, supposedly there is a "gentleman's agreement" between the brits, israelis, and ourselves to trade info gathered on one-anothers' countrymen
What passes as fodder for discussion between intelligent people around here is beyond me.
Re: (Score:3)
you can look it up. i won't bother doing it for you. but here's one link:
http://www.aclu.org/technology-and-liberty/nsa-spying-americans-illegal [aclu.org]
Google the biggest fighter against govt data reque (Score:5, Interesting)
That's very much not Google's doing. Google does more than any other company, probably any company in history, to fight against that.
By law, they are required to honor National Security Letters asking them to give up information. Their policy is to refuse to provide the
information, even though the law (since 1978) says they have to hand over the information. Google claims the law is unconstitutional and
therefore void. In Doe versus Ashcroft, the judge agreed. (Courts have gone both ways.)
Just two weeks ago Google filed suit to have these information requests ruled unconstitutional:
https://www.documentcloud.org/documents/680852-googlemotion.html
They are the only company I know of which publicizes how many supeonas and national security letters they get. That itself is thumbing their nose at the
FBI because those letters include a gag order saying Google isn't allowed to talk about them. (Which is why their name wasn't made public in Doe v Ashcroft,
they aren't allowed to reveal the things they revealed in that suit. (It's a pretty safe assumption that Doe was Goog.)
Google has founded an organization to protect their users from such government intrusion and regularly funds other organizations with the same goal.
No doubt, Google wants to HAVE information about you, but they do everything they can to avoid sharing that data with the government, with their
executives actually risking jail time for openly defying the laws requiring them to give up the info. You can't possibly ask them to do more than that.
Occupy Wallstreet (Score:1)
I basically agree, Google are a victim as much as the ones being spied on are victims, they don't like this, nobody does.
I'm calling the people spied on 'victim' here, because it I don't believe this statement:
"The database included information about court orders authorizing surveillance — orders that could have signaled active espionage investigations into Chinese agents who maintained e-mail accounts through Google’s Gmail service"
Right and why would they use Gmail? I think a far more likely s
Hubris. (Score:2)
but to think they spend time and millions of lawyer money fighting the government for the grater good is rather disingenuous
You don't have a clue what it's like to be a billionaire and even less of a clue as to what motivates them to spend money on lawyers. If it was all about financial reward then google would simply give the government everything they wanted with a minimum of fuss and pay a few PR hacks to explain why the can't "fight city hall". I don't claim to know what their motivation is, however it's obvious there's no financial reward to be had that would outweigh the costs of their self-imposed policy.
Re: (Score:1)
The reason you don't see other companies take up the surveillance issue in same way, is that they don't stand to lose as much. Microsoft will still sell Windows and Office lice
Re: (Score:3)
"As any business, their primary objective is to line their own and their investor's coffers."
This is stupid, whilst it may be true in the majority of cases it's not true in all cases. As much as it may upset your cynical world view there are ethical companies out there and it largely depends on who is running those companies.
Born and bred sociopathic business types like Larry Ellison and Steve Ballmer may not give a damn about anything but profit, and hell, it may even be true of Schmidt but counter-balanci
Re: (Score:2)
The government certainly finds it useful to get search warrants and such to look at suspect's email, including gmail.
That's very much not Google's doing. Google does more than any other company, probably any company in history, to fight against that.
By law, they are required to honor National Security Letters asking them to give up information. Their policy is to refuse to provide the
information, even though the law (since 1978) says they have to hand over the information. Google claims the law is unconstitutional and
therefore void. In Doe versus Ashcroft, the judge agreed. (Courts have gone both ways.)
Just two weeks ago Google filed suit to have these information requests ruled unconstitutional:
https://www.documentcloud.org/documents/680852-googlemotion.html [documentcloud.org]
They are the only company I know of which publicizes how many supeonas and national security letters they get. That itself is thumbing their nose at the
FBI because those letters include a gag order saying Google isn't allowed to talk about them. (Which is why their name wasn't made public in Doe v Ashcroft,
they aren't allowed to reveal the things they revealed in that suit. (It's a pretty safe assumption that Doe was Goog.)
Google has founded an organization to protect their users from such government intrusion and regularly funds other organizations with the same goal.
No doubt, Google wants to HAVE information about you, but they do everything they can to avoid sharing that data with the government, with their
executives actually risking jail time for openly defying the laws requiring them to give up the info. You can't possibly ask them to do more than that.
they could just move their mail operation overseas with no US operatives.
they do it for taxes already, so why the fuck not...
Re:they could...move their mail operation overseas (Score:3, Interesting)
Re: they could just move their mail operation overseas with no US operatives.
they do it for taxes already, so why the fuck not...
Hate to break it to you, but they don't really move their money overseas for tax purposes. They only claim to move the money overseas. It's just a sham tax avoidance scheme. See the New York Times article entitled For U.S. Companies, Money âOffshoreâ(TM) Means Manhattan [nytimes.com]:
Apple's $102 billion in offshore profits is actually managed by one of its wholly owned subsidiaries
Re: (Score:1)
I've said it before and I'll say it again.
I'm beginning to suspect that Google is actually a front organisation for the Contact division of some race of well-meaning and meddlesome aliens, who are using it to discretely nudge our society onto the path towards peace, freedom and post-scarcity tech-utopia. Eventually, thanks to them, our descendants will be able to take their place among their peers in the stars.
But maybe I've been reading too much Iain M Banks.
Actually I take it back. It's impossible to rea
Re: (Score:2)
Google does more than any other company, probably any company in history, to fight against that.
By law, they are required to honor National Security Letters asking them to give up information. Their policy is to refuse to provide the
information, even though the law (since 1978) says they have to hand over the information. Google claims the law is unconstitutional and
therefore void. In Doe versus Ashcroft, the judge agreed. (Courts have gone both ways.)
http://en.wikipedia.org/wiki/American_Civil_Liberties_Union_v._Ashcroft [wikipedia.org]
"American Civil Liberties Union v. Ashcroft (filed April 9, 2004 in the United States) is a lawsuit filed on behalf of a formerly unknown Internet Service Provider (ISP) owner by the American Civil Liberties Union against the U.S. federal government. In 2010, it was revealed that John Doe was in fact Nicholas Merrill of Calyx Internet Access."
So that was a small ISP owner doing the right thing, not Google. What do you think Google was d
Re: (Score:2, Insightful)
Yeah, man, court's having the authority to make orders for records after a statutorily defined, and constitutionally restricted due process is totally Orwellian.
(WTF?)
The FBI can simply issue a National Security Letter, which has no actual review or oversight. You don't have any due process. They are not contestable, and it's illegal to tell anybody including your attorney that you even received one.
Google is, in fact, one of the companies attempting to challenge these letters in court: http://www.wired.com/threatlevel/2013/04/google-fights-nsl/
You want Orwellian, you got something pretty damn close right there.
Re:Google, Big Brother's Helper ? (Score:5, Funny)
Welcome to 1984, man !!
If I don't get my 1984 body back then I'm not buying in...
Helpful hint. (Score:5, Insightful)
If you're a spy or diplomat or whatever, don't use Gmail. At the very least it is subject to the US government's laws. Get yourself a secured server somewhere else.
Re:Helpful hint. (Score:4, Funny)
Helpful hint.
If you are in the spy or terror business, and u use email to communicate, u should look for another line of work.
-HasHie @ trypnet.net
Re:Helpful hint. (Score:5, Informative)
nonsense, overt communication of misinformation is a time honored counterintelligence technique. Real messages can also be covertly conveyed in the same channel
Re: (Score:2)
that's what they WANT you to think.
Re:Helpful hint. (Score:5, Interesting)
Steganography plus photos of the "kids".
Last word of every sentence plus a one time pad (NEVER EVER REUSE ONE TIME PADS. IT'S IN THE FUCKING NAME.).
Simple coded phrases that seem innocuous. The garbage can spilled again. You need to stop letting that dog off the leash! I miss you and can't wait to see you next weekend. I want to do dinner at that Szechuan place again, I think it's gotten better.
There are plenty of uses for an email account in intel/cointel. Sending plaintext messages over an uncontrolled service just isn't one of them.
When in the field on an operation without official cover, the agent should assume that all actions and responses are monitored by the local and national cointel groups at all times. Communications should be deniable and overt. Email and public message boards are ideal, as they are fully deniable. The days of taping a tiny cannister full of microfiche to the bottom of a park bench ended forty-plus years ago. It's not hard to run deniable covert operations, you just need to be somewhat intelligent, recruit people who are likewise not stupid or lazy, and NEVER EVER take things for granted or relax.
Re:Helpful hint. (Score:5, Funny)
Steganography plus photos of the "kids".
Another approach is plain text that's so blatant the eavesdropper will assume no one would be stupid enough to send it seriously. For example: kill moose and squirrel.
Re:Helpful hint. (Score:5, Funny)
Re: (Score:2)
Steganography plus photos of the "kids".
Yeah, but in regular e-mails to an address in the PRC intelligence division? Even if they are only about the wife and kids, that's suspicious.
Better to hide the messages in pics of underage teenage girls and post them to 4chan. At least you have a plausible audience in half the male population of China.
Re: (Score:2)
Jive Miguel
He's in from Bogota
Meet me at midnight
At Mr. Chow
Szechuan dumplings
After the deal has been done
I'm the one
Re: (Score:3, Interesting)
Re: (Score:2)
No, they think you're an idiot because your tinfoil is so tight that you think that TLAs are interested in personal messages about their kids, or shopping lists for Trader Joe's.
But not only that, if you're worried about security, you don't trust third parties at all to keep stuff private. You encrypt locally and transmit over whatever you want (even shortwave. google "numbers stations"). If you are sending anything over the interbutt, or any other medium, and you are one white persian cat away from be
Re: (Score:3)
Uhm, like General Petraeus, former head of the CIA? [networkworld.com]
Seriously, if our head of the top spy agency in this country is that stupid, how stupid do you think the rest of the diplomatic or legislative folks are in DC?
Re: (Score:2)
That trick was originally used by Islamic extremists I believe, so hardly that clever. Seriously though, Gmail? What? Use encrypted morse port knocking on some nothing zombie or something.
Re:Helpful hint. (Score:5, Insightful)
Uhm, like General Petraeus, former head of the CIA? [networkworld.com]
Seriously, if our head of the top spy agency in this country is that stupid, how stupid do you think the rest of the diplomatic or legislative folks are in DC?
He was a political appointee, what do you expect? He was actually never in any capacity a spy. He was an infantry officer and a teacher more than he was anything else until 2004 and after when he was overall commander of Iraq then Afghanistan. The director of any agency in the US is an administrator above all else.
He is that stupid. And so are most people. (Score:2, Insightful)
The director of any agency in the US is an administrator above all else. And he didn't really get any on the job training to be a spy. So he believed all the baloney about using "secret gmail tricks" and the "draft folder" with two people logging into the same account to pass messages back and forth. He certainly wasn't going to trust someone else with his sexual escapades and moral turpitude, was he? It's not like your executive administrative assistant, even at the C.I.A., is trustworthy enough to hel
Re: (Score:1)
I believe The Onion had an interesting investigative report [theonion.com] on the topic of that observation applied to national security.
Re: (Score:2)
Uhm, like General Petraeus, former head of the CIA? [networkworld.com]
Seriously, if our head of the top spy agency in this country is that stupid, how stupid do you think the rest of the diplomatic or legislative folks are in DC?
He was a political appointee, what do you expect? He was actually never in any capacity a spy. He was an infantry officer and a teacher more than he was anything else until 2004 and after when he was overall commander of Iraq then Afghanistan. The director of any agency in the US is an administrator above all else.
Yes, exactly. That's why I roll my eyes whenever I hear, "Well if the head of the CIA can't keep his communications private..." Yeah, he's head of the CIA but it's not like he's trained in espionage. The spooks who do the real work generally don't have their communications compromised.
Re: (Score:3)
If you're a spy or diplomat or whatever, don't use Gmail. At the very least it is subject to the US government's laws. Get yourself a secured server somewhere else.
Just them? You'll note it also said suspected spies and terrorists. With "broader definitions" of terrorism coming out every day, and the criteria for being included on a watchlist, paired with these hotlines opening up for anonymous "tips"... pretty much anyone these days can be a suspected spy or terrorist. And being a citizen of the US is very little barrier against invasions of your privacy; They've even talked about revoking citizenship for people simply to avoid any legal hassles.
It might be more accu
Re: (Score:3)
Don't use e-mail. Seriously, how secure is any e-mail server against government surveillance. Maybe using phone modems and sending a message directly computer to computer with full encryption might work. Then maybe not. I'm thinking that if I was involved in something highly illegal my paranoia would jump into overdrive. Given that I'm nobody and have nothing I think I might be safe using Gmail.
Re: (Score:2)
Email is a powerful tool so it is undesirable to give it up, especially when securing it isn't that hard. Even Gmail lets you past in encrypted text.
Re:Helpful hint. (Score:4, Insightful)
If you're a spy or diplomat or whatever, don't use Gmail. At the very least it is subject to the US government's laws. Get yourself a secured server somewhere else.
You are assuming these people were using gmail for clandestine communications. I'm pretty sure even the most basic opsec training would have covered the "don't use email for secret messages" ruie.
What this looks like is a ruse - agents set up email accounts that are never used for spying purposes but are sufficient to attract exactly the kind of counter-espionage actions of getting the US to spy on the accounts. Then grab the list of accounts the US is spying on because that list is in the hands of google who don't have formal handling procedures for classified information and so are an easy target versus some system behind an air-gap firewall. Tada, now you know which spies have had their covers blown. It doesn't tell you which spies are still safe, but it does give positive confirmation of who has been exposed.
Re: (Score:3)
Then grab the list of accounts the US is spying on because that list is in the hands of google who don't have formal handling procedures for classified information and so are an easy target versus some system behind an air-gap firewall.
PROTIP: Involving untrained individuals or organizations in intelligence gathering operations is a bad idea. They tend to leak information to either the targets of investigations or third parties with interests in such surveillance.
Re: (Score:2)
Re: (Score:2)
But I hear that Gmail is trusted by the CIA at the highest levels! Who should I trust now???
Re: (Score:2)
G-Men. Gmail. Coincidence? (Score:2, Interesting)
Chinese Cyberwar (Score:2, Interesting)
One of the big problems is that non-governmental organizations that are not part of the defense industry have no legal responsibility to provide security. In fact, there are not even any meaningful federal level guidelines. This is, to a great extent, due to lobbying efforts on the part of entrenched business interests.
http://articles.latimes.com/2012/aug/03/nation/la-na-cyber-security-20120803 [latimes.com]
Re: (Score:1)
They (Chinese) are doing it to themselves. It's quite sad. With all this new found global fortune and fame, they're managing to piss off the very same nations that would make them great allies. It's as though they feel entitled to take their rightful place in the world without their motives being questioned. In reality, they're just burning their social credibility. I know America had a similar attitude towards the british after the revolution, but that at least is rooted in history. But China? WTF did the
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Bill of Rights? Eroding the Bill of Rights is a good thing, the Constitution is outdated. It needs to die, the sooner the better.
Shouldn't it be amended? What wrong with the Bill of Rights except that it doesn't go far enough?
Re: (Score:2)
More Helpful Hints (Score:1, Interesting)
If you're a corporation, don't use Google gmail or docs. Even if Google were somehow more secure than your own IT could be, uploading your company's spreadsheets to Google - whose primary business is selling advertising to your competitors - is a dumb idea.
Sensationalism in action (Score:3)
TFStory title: "Aurora Attackers Were Looking For Google's Surveillance Database" ... is unknown
TFSummary: "Whether this was the primary goal
Minimal change needed to reconcile the two - "Aurora Attackers Were Maybe Looking At Google's Surveillance Database"
Stuff that matters: there may be something that can be called "Google's Surveillance Database".
Encrypted, no? (Score:1)
Well, call me an elitist jerk, but... (Score:2)