back to article Security researchers face wrath of spy agencies

Researchers tasked with revealing attacks by intelligence agencies are being harassed, locked out of tenders, and in some cases deported, Kaspersky researcher Juan Andrés Guerrero-Saade says. Retaliation by the unnamed agencies is in direct response to news of prominent advanced-persistent threat campaigns that have coloured …

  1. John Smith 19 Gold badge
    Unhappy

    Makes a mockery of any of that "Only machines read everthing and we don't use most of it" BS

    "Biographical leverage" as John Brunner called it.

    Intelligence agencies are exactly like any other kind of bureaucracy that feels threatened by anyone.

    1. Destroy All Monsters Silver badge
      Thumb Up

      Re: Makes a mockery of any of that "Only machines read everthing and we don't use most of it" BS

      John Brunner was a genius. One could do worse than re-read his "Shockwaver Rider" / "Stand on Zanzibar" / "The Sheep Look Up" trilogy. Though influenced somewhat by 68' hippiedom, he saw it coming.

  2. Anonymous Coward
    Anonymous Coward

    Franz Kafka's "The Trial" springs to mind.

  3. Anonymous Coward
    Anonymous Coward

    [*] citation needed

    While at least 99% of it is likely to be true, still. Citation is needed.

    1. Anonymous Coward
      Anonymous Coward

      Re: [*] citation needed

      We could provide a citation, but then we would have to kill you.

    2. Anonymous Coward
      Anonymous Coward

      Re: [*] citation needed

      as an ICT security researcher, discovering then publishing IEEE conference papers on "backdoors" in communications infrastructure etc, in Europe - I wasn't very surprised when I was called into my bank for a 'routine' meeting.

      You're undergoing a 'routine' anti-terrorist financing probe, which under the privacy laws you have to agree to allow - sign here - said my bank. So I signed. Nice of them to ask me! None of my colleagues working on energy security or vehicle pollution have even heard of this bank procedure, ever, in the last 20 years.

      There's also the daily malware .pdfs, .doc, links to dropper sites, and other really innovative stuff that appear every day at work AND at home via email. They threw a virus at my kid's Gmail account too.

      Ho hum, still a bit more work to do, but YES the agencies are playful, trying to be intimidating, if not actually evil, yet, in my case.

      P.S. Have the UK really thought their new GCHQ 'hack' laws through? As they are allowed to do WTF they want to whoever they wish, including MPs, how can any court-case relying on digital evidence now stand? when the possibilities of everything called 'evidence' being faked are such that an honest conviction is no-longer possible.

  4. tony2heads
    WTF?

    Encryption???

    If it needed to be secure, why wasn't it encrypted? Surely the most basic operation of a spy agency?

    Or is it that they don't want us to encrypt and are leading by example.

    1. Anonymous Coward
      Anonymous Coward

      Re: Encryption???

      try and get good <bold>perfect forward secrecy</bold> into your commercial/consumer projects

  5. Anonymous Coward
    Anonymous Coward

    Dammit

    Doesn't encrypt, mostly because 2 years behind bars just for losing/forgetting the key is much too harsh.

    Also knowing my bad luck with computers I'd end up locking myself out of the data because its hard enough to remember a 22 digit alphanumeric let alone a 4096 bit D-H key.

    Just gotta make that data quantum proof already :-)

    That said, what if the incriminating data they "found" was planted, and the individuals involved just appeared to cooperate, leaking just enough information to sound convincing?

    1. Michael Wojcik Silver badge

      Re: Dammit

      its [sic] hard enough to remember a 22 digit alphanumeric let alone a 4096 bit D-H key

      Why would you be using Diffie-Hellman to encrypt data for your own purposes? It's an asymmetric cipher (really a key-exchange protocol).

      Also, of course, no one (or certainly very few people) memorizes a key for a modern symmetric cipher. (No one does it for an asymmetric cipher because that'd be pointless; you encrypt the private key with a symmetric cipher.) They memorize a passphrase that's long enough to give them the strength they want, and then use a derivation function like PBKDF2 to create the actual key for the cipher.

  6. amanfromMars 1 Silver badge

    The Truth is an Omniscient and Omnipotent Ally and Foe, is it not?*

    And what of the treatment of Assange and Snowden by services in the US and UK?

    Were they not just revealing APT ACTive IT Operations?

    *Deny its emergence and reap the whirlwinds of defeat and systems collapse.

    1. Destroy All Monsters Silver badge

      Re: The Truth is an Omniscient and Omnipotent Ally and Foe, is it not?*

      In a country in which Hillary The Liberal Bombardier can be a presidential candidate with her only asset being that she's a feminal state-power-worshipper instead of a male state-power-worshipper, anything can happen.

      1. amanfromMars 1 Silver badge

        Re: The Truth is an Omniscient and Omnipotent Ally and Foe, is it not?*

        I agree, Destroy All Monsters, and whenever something can happen, it invariably always does happen. And a quite magical enablement of portfolios of weird and wonderful things way beyond the power and ken of traditional sources and conventional forces are happening all over the place and in cyberspace.

        It is no totally bad thing at all though, unless one is into provoking and poking it evilly, and in pursuit of an oppressive and regressive inequitable advantage/intellectually challenged status quo position/banked situation.

        And trying to hide and/or ignore that virtual reality mainstream merely exposes and highlights its expanding power in command and control circles and SCADA operations to presumptive powers that be in terminal decline and delusional systems collapse.

      2. tony2heads
        Trollface

        @Destroy All Monsters

        'feminal' - a portmanteau word female+criminal?

  7. Christoph Silver badge
    Alert

    Take a whole lot of top experts in malware and make it impossible for them to get a legitimate job using their skills, while getting them seriously pissed off about it.

    What could possibly go wrong?

    1. amanfromMars 1 Silver badge

      Whenever Dumb and Dumber Execute Plays with the Dumbest of Moves

      Take a whole lot of top experts in malware and make it impossible for them to get a legitimate job using their skills, while getting them seriously pissed off about it.

      What could possibly go wrong? .... Christoph

      A probable move would be to go to work for another regime in another jurisdiction/landscape/Live Operational Virtual Environment, where such skills are highly prized and rewarded and much sought after, Christoph. Smart folk don't normally hang about doing practically nothing, do they? Well, not unless they be outrageously rewarded and prepared to do virtually nothing, I suppose.

      1. Anonymous Coward
        Facepalm

        Re: Whenever Dumb and Dumber Execute Plays with the Dumbest of Moves

        As yet another instance of the remittance wo/man? And with even a laboratory, well off the 'net, so skills are kept sharp for the inevitable next war occurring in 5..4..3..2..1.... The these new cybertreaties are of a form as those that ring-fenced the Great Powers of the First World War.

  8. This post has been deleted by a moderator

  9. Notas Badoff

    When do we recognize the canary's notes?

    As a user of Kaspersky's products, I've been wondering for awhile regarding their situation re: location in the land of Putin. How the heck can they keep the company going? Either they've long ago started on the slippery slope of 'cooperation' in order to keep running or they can get closed down at any point. I don't see any other options. Either it's shit or soon to be shut.

    All those points mentioned in the article about personal vulnerabilities, especially where people reside in the aggrieved country, well, where are the key contributors to Kaspersky located? How would you organize the simultaneous exit of all those people and families? And to where?

    How do you start a company when the terminal trust issue will be "but they are located where <Godwin> does <analogies>!"? And you're not Godwin and don't even know they exist (yet).

  10. Mark 85 Silver badge

    Classic good vs. evil

    The catch is, the definitions of "good" and "evil" change rapidly. A miscreant group pushing malware vs. state actors pushing malware. Both have their goals. The question is: "which one is really evil?". Yes, they both are which for all intents and purposes, the state will drive the researchers out and leave the populace vulnerable to both the state and the miscreants. Not a good scenario any way you look at it.

    What a world we live in... between countries, corporates, and miscreants, we're caught in the middle.

  11. Anonymous Coward
    Anonymous Coward

    Citizenship

    The Canadian party that just lost the election (thankfully) wanted the power to remove citizenship from people, truly scary.

    Even The US Supreme Court has ruled this as out of bounds to govt. previously

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019