Everybody’s in

One of my shipmates, an engineer who served with me on the Elliot, posted a comment to one of my NSA Facebook posts that made me think. Referencing my cryptologic technician past, he said.

You should have been an engineer. No one would care what you say or think.

This implies that I have something worth listening to – which as anyone who’s ever read this blog knows is patently ridiculous. Tales of my past as a crypto tech are about as far removed from James Bond as possible. It would bore anyone to tears.
Continue reading

Mystery web traffic from DoD contractors identified?

A few years ago I noted very strange web requests coming from military bases and large defense contractors. Several of these sites were requesting a specific URL in my collection of over a decade of posts. That struck me as something highly unlikely for a casual web visitor to do, so I became alarmed at the possibility that these defense contractors and military units were compromised by a malware agent, perhaps planted by a foreign government. I emailed one of these groups, doing my patriotic duty by alerting them to this possiblity. Ususally when I point out potential hacking to a fellow sysadmin I receive some sort of thank you email in return. In this case I received no response (I’ll dig up my email and post it here if I can find it). I found the lack of reply unusual (and, well … rude), but kept open the possibility that I’d reached the wrong person.

Today, Techdirt had a story describing how a simple search through LinkedIn turns up a vast trove of resumes containing secret codeword programs. There’s obviously money to be made in surveillance – Edward Snowden made upwards of $200k per year – so analysts advertise the programs for which they have training. The corollary to this is that there are companies willing to pay for this experience – perhaps companies on the list I noticed knocking on my website door.

I can’t help but wonder if the unusual web traffic I noted might be part of one of these secret programs. Whatever it is (or was), it was obviously coordinated, so the only question is whether it was the bad guys or the good guys (i.e. Americans). Viewed through Occam’s razor, it’s more likely that these highly-secure defense contractors aren’t compromised (or at least they have some clue about network security), which leaves the possibility that the traffic came from some as-yet-unknown system. At least I hope our side’s responsible for it – we’re in a world of hurt if it’s not.

So, do I breathe easier knowing these massive defense contractors are not likely compromised as I once thought, or do I lie awake at night scared shitless that they appear to be spying on anyone and everyone?

Discovering Names Of Secret NSA Surveillance Programs Via LinkedIn | Techdirt

While the NSA can use the Internet for spying on law-abiding citizens, the same citizens can use it for spying on the NSA. One Internet sleuth searched LinkedIn for a few of these codeword programs and turned up several resumes full of programs:

So, over the weekend, the Washington Post revealed some of the code names for various NSA surveillance programs, including NUCLEON, MARINA and MAINWAY. Chris Soghoian has pointed out that a quick LinkedIn search for profiles of people in Maryland with codenames like MARINA and NUCLEON happen to turn up profiles like this one which appear to reveal more codenames:

+Skilled in the use of several Intelligence tools and resources: ANCHORY, AMHS, NUCLEON, TRAFFICTHIEF, ARCMAP, SIGNAV, COASTLINE, DISHFIRE, FASTSCOPE, OCTAVE/CONTRAOCTAVE, PINWALE, UTT, WEBCANDID, MICHIGAN, PLUS, ASSOCIATION, MAINWAY, FASCIA, OCTSKYWARD, INTELINK, METRICS, BANYAN, MARINA

TRAFFICTHIEF, eh? WEBCANDID? Hmm… Apparently, NSA employees don’t realize that information they post online can be revealed.

via Discovering Names Of Secret NSA Surveillance Programs Via LinkedIn | Techdirt.