Hard News by Russell Brown

Read Post

Hard News: Snowden and New Zealand

126 Responses

First ←Older Page 1 2 3 4 5 6 Newer→ Last

  • Paul Campbell,

    I notice the budget includes $75m for the GCSB, and $40m for the SIS - we spend almost exactly the same amount on economic espionage as we do on actual research (the Ministry of Science and Innovation) .... but oooh scary the terrorists are winning

    Dunedin • Since Nov 2006 • 2623 posts Report

  • Paul Campbell, in reply to Stephen Judd,

    For the non technical, CentOS is a kind of Linux operating system, VMWare is a technology for making one big grunty server behave like a lot of small servers so you can consolidate services on less hardware – they aren’t nefarious tools for doing bad.

    yes - but if the reason you need the experience is so you know what to do once you've broken info one or more of these it's a bit more nefarious.

    Dunedin • Since Nov 2006 • 2623 posts Report

  • Rich of Observationz, in reply to Chris Waugh,

    Yeah, but they probably didn't have large chunks of fairly important infrastructure like supermarkets and banks sending traffic over VPNs rather than leased lines.

    Having the supply of money, fuel or groceries dry up might actually convince NZers not to vote for the government that caused such a situation.

    Back in Wellington • Since Nov 2006 • 5550 posts Report

  • nzlemming, in reply to Paul Campbell,

    yes – but if the reason you need the experience is so you know what to do once you’ve broken info one or more of these it’s a bit more nefarious.

    Now that is truly paranoid, and I speak as one who... let's say "is convinced beyond a reasonable doubt" that there are dirty dealings done dirt cheap at the 5Eyes crossroads. Any hacker worth her salt (govt or private) would regard these things as basic elements of her craft, and they're both downloadable quietly in the background - you don't have to advertise the fact by issuing an RFP.

    Waikanae • Since Nov 2006 • 2937 posts Report

  • Trevor Nicholls,

    You can never "operate outside the framework of the law" when the law allows retrospective amendment, q.v. recent NZ legislation...

    Wellington, NZ • Since Nov 2006 • 325 posts Report

  • llew40, in reply to Stephen Judd,

    Plenty of people wrote to the minister also saying that the definition of a network operator was not actually broad enough to achieve the purpose of the legislation. That is, there are many forms of communication that are not regarded as networks, e.g. Skype, Viber and the hundreds of other OTT comms. Yet traditional networks are obliged to incur the cost of compliance, not the OTT providers. So the legislation becomes ineffective anyway by not keeping up with technology changes.

    Since Nov 2012 • 140 posts Report

  • Sacha, in reply to TracyMac,

    too bad if something goes tits-up there while I'm on call

    and you can bet it's exactly the sort of mismatch between business needs and theoretical security that sees someone log you in on their credentials. #fail

    Ak • Since May 2008 • 19745 posts Report

  • Chris Waugh, in reply to Rich of Observationz,

    Having the supply of money, fuel or groceries dry up might actually convince NZers not to vote for the government that caused such a situation.

    Well, there are two key differences between NZ and China. Perhaps a more realistic comparison would be this: I can only see things like YouTube, the NY Times or the Guardian if I turn on a VPN to put me virtually on the other side of the Great Firewall. That censorship is done for a variety of reasons, some of which are somewhat legitimate (though not so much in the cases of those three websites I just named). What would be to stop the GCSB from playing silly buggers with the internet, leaving the supply of money and similar necessities untouched, but severely restricting access to less essential services, selling this silly buggeriness to the public as necessary for the maintenance of national security and public order, until the ISPs comply with GCSB's demands? Much of the political and public opinion groundwork for such a scenario has already been done....

    Wellington • Since Jan 2007 • 2401 posts Report

  • Russell Brown, in reply to Stephen Judd,

    For the non technical, CentOS is a kind of Linux operating system, VMWare is a technology for making one big grunty server behave like a lot of small servers so you can consolidate services on less hardware – they aren’t nefarious tools for doing bad.

    No, no, Daniel wasn't saying that and neither was I.

    But that map identifies Waihopai as a location for X-Keyscore, which is the "spy Google" created by the NSA, to which our spooks have access. Daniel just spotted pre-Snowden that GCSB had issued an RFP for exactly the same kit as the NSA uses. Perhaps it's not that unusual, but it's interesting in retrospect.

    There might be an interesting discussion over whether that part of Waihopai is an NSA or a GCSB facility, of course.

    Auckland • Since Nov 2006 • 22850 posts Report

  • Russell Brown,

    Here's a goodie:

    A document included in the trove of National Security Agency files released with Glenn Greenwald’s book No Place to Hide details how the agency’s Tailored Access Operations (TAO) unit and other NSA employees intercept servers, routers, and other network gear being shipped to organizations targeted for surveillance and install covert implant firmware onto them before they’re delivered. These Trojan horse systems were described by an NSA manager as being “some of the most productive operations in TAO because they pre-position access points into hard target networks around the world.”

    Has photographs.

    Auckland • Since Nov 2006 • 22850 posts Report

  • Rich of Observationz, in reply to Chris Waugh,

    What would be to stop the GCSB from playing silly buggers with the internet, leaving the supply of money and similar necessities untouched, but severely restricting access to less essential services

    Lack of skills and information, as in not knowing which IP addresses were part of essential infrastructure.

    Or solidarity: what we need is a tech equivalent of the National Union of Miners who brought down the UK government in 1974 by a strike that disrupted electricity supplies.

    Back in Wellington • Since Nov 2006 • 5550 posts Report

  • Sacha, in reply to Rich of Observationz,

    the National Union of Miners who brought down the UK government in 1974

    resulting in Thatcher?
    #nothanks

    Ak • Since May 2008 • 19745 posts Report

  • Sacha, in reply to Russell Brown,

    whether that part of Waihopai is an NSA or a GCSB facility

    sovereignty and all that

    Ak • Since May 2008 • 19745 posts Report

  • Ian Dalziel, in reply to Russell Brown,

    There might be an interesting discussion over whether that part of Waihopai is an NSA or a GCSB facility, of course.

    Murray Horton could engage you on that, I'm sure...
    Catch him in Te Aroha this morning, Tauranga tonight,
    and Whakatane & Opotiki on Monday
    Itinerary

    Christchurch • Since Dec 2006 • 7953 posts Report

  • Russell Brown,

    From a reader not in a position to comment publicly, on security clearances and employment:

    1. Vetting by the SIS is only for Confidential (CV), Secret (SV) and Top Secret (TSV). (Not Restricted as mention by Mark) There are also levels above TSV.

    2. There is a big back log for vetting – months.

    3. For SV (possibly) and TSV (certainly, I know!), you are interviewed by the SIS as well as your referees – so it is a time consuming process.

    4. A security clearance is normally good for 5 years.

    5. Your clearance not only controls what info you can see but which rooms/sections/floors of buildings you are allowed. (as well as which computers etc.) If you are on one of those floors/sections and your clearance expires without being renewed in time you will removed from the space.

    6. External contractors have always been required to have clearances, when required. One only has to think of the big vendors who provide big iron and network gear to certain parts of the Government.

    7. If you lose your security clearance you can lose your job if it is part of your job description.

    Auckland • Since Nov 2006 • 22850 posts Report

  • Paul Campbell,

    My guess is the real reason for having someone with a security clearance is so that the GCSB has someone in place in every ISP to use when the time comes to start tapping someone aggressively, they also need someone they can tell "don't fix that bug, we're using that"

    I hope that any ISP cover their arses by getting all requests in writing rather than just taking the say-so of the person with the clearance

    I find myself in an interesting position, I work for an off-shore VOIP provider, while we don't explicitly market our service in NZ people buy them and import them and we'll happily take their money. There are only 2 NZ employees ... do I need to register? need a clearance? can I be forced to get a clearance? is the choice "get a clearance or quit your job"?

    (there's a bill of rights violation right there - but then the GCSB doesn't seem to respect "Everyone has the right to be secure against unreasonable search or seizure, whether of the person, property, or correspondence or otherwise.")

    Dunedin • Since Nov 2006 • 2623 posts Report

  • Steve Barnes, in reply to Paul Campbell,

    – we spend almost exactly the same amount on economic espionage as we do on actual research

    Well, its cheaper to steal good ideas that do the research.
    Oh, you didn't mean that?
    ;-)
    /coat

    Peria • Since Dec 2006 • 5521 posts Report

  • Rich of Observationz, in reply to Sacha,

    Thatcher got in 5 years later. She or one of her cohorts would probably have rolled Heath had he stayed in office and won/lost an election in late 74/75.

    The real problem was the divided and compromised nature of the Wilson/Callaghan governments (all those "tribal Labour" right-wingers). With North Sea oil coming on stream, a left wing Labour government could have taken the UK down a very different path.

    Back in Wellington • Since Nov 2006 • 5550 posts Report

  • Rich of Observationz,

    Anyway, history apart, I think what we really need is a "Get a Warrant Act" (the name is from Australia, and obviously the real act would have a proper name).

    It should be illegal to read private information (of any kind, including metadata, locations and so on) by any means (including interception, searching and copying devices or obtaining information from a foreign power) without a warrant.

    Warrants would only be issued for serious crime or military threats, and there would need to be an audit process as to whether warranted investigations are genuinely being progressed (e.g. arrests made or defensive action taken).

    Such an act would bypass the details of security service organisation, which would obviously derail any enquiry more or less forever.

    Back in Wellington • Since Nov 2006 • 5550 posts Report

  • Matthew Poole, in reply to Paul Campbell,

    I’m happy to see that the GCSB’s list of rules is marked twice on every page “UNCLASSIFIED” … sadly I guess that means that there are other rules that people all have to adhere to that are classified

    Every document that comes out of GCSB has a classification marking. You cannot read anything into the presence of those markings other than that the contents are not classified.

    Auckland • Since Mar 2007 • 4097 posts Report

  • Steve Barnes,

    Ok now its a nitpick but an unclassified thing, document or whatever, just means it hasn’t been classified, so you couldn't tell if it were meant to be secret or not, It is like no-one has looked at it and made that decision yet.
    they could, I suppose, classify a document as “Public” and refuse to let you see it on the grounds that it is “classified”.
    Typical lazy spies and their use of language.

    Peria • Since Dec 2006 • 5521 posts Report

  • Matthew Poole, in reply to Steve Barnes,

    Ok now its a nitpick but an unclassified thing, document or whatever, just means it hasn’t been classified, so you couldn’t tell if it were meant to be secret or not, It is like no-one has looked at it and made that decision yet.

    Not true. Unclassified is a classification (See SIGS that nzlemming linked to back on page 1). It’s not a lack of classification, it’s a deliberate course of action to mark something as able to be released outside the community of people who hold security clearances at the appropriate level.
    If what you are suggesting were true, nothing could ever be released to the public because there would be no form of classification decision available to make that so.
    A document that is marked as “unclassified” has been purposefully considered to contain no risk to any of the categories of security that are considered by such things. “Unclassified” != “not yet classified”.

    Auckland • Since Mar 2007 • 4097 posts Report

  • Paul Campbell, in reply to Steve Barnes,

    Ok now its a nitpick but an unclassified thing, document or whatever, just means it hasn’t been classified, so you couldn’t tell if it were meant to be secret or not, It is like no-one has looked at it and made that decision yet.they could, I suppose, classify a document as “Public” and refuse to let you see it on the grounds that it is “classified”.Typical lazy spies and their use of language.

    it may not be laziness "I know a secret and secret and you don't" is a power game that the human animal plays from about age 5

    Dunedin • Since Nov 2006 • 2623 posts Report

  • Matthew Poole, in reply to Paul Campbell,

    There are only 2 NZ employees … do I need to register? need a clearance? can I be forced to get a clearance? is the choice “get a clearance or quit your job”?

    You need to do two things.
    1) Read the damned law, instead of speculating wildly and inaccurately about how it affects you. I've already told you you don't understand it, but you're still talking about it in exactly the same terms as you were before my post.

    2) Speak with your employer and/or your employer's lawyer. It's the provider who decides who gets put forward to apply for vetting to Secret. If your employer wishes to put you forward and you do not wish to comply, that's an employment matter not a legal one.

    Auckland • Since Mar 2007 • 4097 posts Report

  • Ian Dalziel, in reply to Steve Barnes,

    Does it take a Taxonomic Genus & 'Filer' to Classify...?

    Typical lazy spies and their use of language

    Interestingly 'spies' looks a lot like an anagram of Sepsis
    (sans largesse perhaps)?

    Sepsis: (Greek, putrefaction and decay) is a potentially fatal whole-body inflammation (a systemic inflammatory response syndrome or SIRS) caused by severe infection.

    Seems to me that spies are a similar symptom,
    that something's not good in the system...

    Christchurch • Since Dec 2006 • 7953 posts Report

First ←Older Page 1 2 3 4 5 6 Newer→ Last

Post your response…

This topic is closed.