Thursday, June 12, 2014

Advice for today


HMS Defiant said...


I know you have a different perspective on crypto. It seems all the "cryptologists" we pay have been spying on us for decades in utter silence and in violation of what we used to think passed for Law.

I was a crypto officer, in a fashion. No, not your fashion. I was crypto security at a number of places. Rule #1 was, nobody trusts you. Nobody better trust you. I got shoved into the COMSEC world because of Walker and Whitworth. DIRNSA instituted nuclear weapon type security protocols among those charged with securing our comms crypto after they finally learned that we were being sold out by our cryppies. We got Two Person Integrity out of those losers.

I know, I know. That's not how you "trusted" crypto guys work anymore. After all, you let people like Snowden (and EVERYBODY ELSE) have access to your data, networks, information systems, secrets and everything else just because, YOU TRUSTED HIIM.

I'd ask how that worked out but I doubt a single person lost his job, went to jail or was demoted because he/she trusted Booz Allen's contractor support.

Like I said, my exposure to your world was just on the "keep the Soviets out of our information streams" end. I did that. [Admittedly, I have zero doubt that some loser compromised all the keys and the CRIBs and everything else that made what came after KW7s uniquely pointless. Nevertheless, I thought that many of the protocols were worthy and as a COMSEC guy, I implemented the same sort of procedures to TSCO and other jobs. I figured I couldn't go wrong as I applied the rules of CMS 2K and 2L to the game of information security. Probably the only one that mattered was that I limited access to those with a need to know. I didn't set the limits. I just didn't give everybody the combination to all the safes.

We kind of fucked up though. We let the SCI spies make the rules in their own little vacuum and their rules were every bit as lame as the CMS rules before Walker and Whitacre screwed over our patch. They didn't learn. Nobody ever held the process or the people in charge of Hansens and whossname accountable. Compartmented was all the security that was needed....except to those who enjoyed access to all the compartments.

Trust your cryptologist?

I do. I trust them to spy on me with complete disdain for the Constitution and an unseemly and unprofessional contempt for the people who really do know better than them.

Seriously, just how stupid does one have to be to put all the TS/SCI crap on a network that any single disaffected turnip can access, download and publicize?

Did any of your fellow cryptologists swing or go to prison for coming up with that utterly stupid and indefensible idea?

Been there, done that and don't care about your comms said...

I applaud Mike for the transparency in permitting a straight up troll response to pass his moderation.

HMS Defiant's post speaks for itself.

Dude, check your medicine cabinet. There's probably a bottle or two in there that with pills that your're supposed to be taking that have some things that can help take the edge of your bitterness.

After that, your eyes might open to some historical facts. While the pathetic parade of the traitorous (from we can start with the Walkers if you like, and move forward to today) is also part of history, there are few force protection, campaign or foreign intelligence success stories that have taken place in the last century without the foundational efforts of cryptologists.

You can believe this, or return to yelling at your TV.

Seth Lawrence said...

If you really believe that yesterday's or today's Cryptologic professionals are, or have been, deliberately and unlawfully spying on the American public then you have truly bought into the ingorance that is the public opinion. It always pays to seek to understand before trying to be understood, but IMHO over 90% of America does that in the reverse order and get caught in the infinate do loop of spouting hate and discontent as a result.

The Snowden scenario could just have easily been blamed on the Network security professionals or myriad other entities as he had to get the data that they were chartered to secure off of their network, out of the building, etc. Instead most of the Cryptologic professionals are remaining silent hoping that the ignorance will ultimately die out instead adding to the lack of true comprehension of what happened that presents itself as hate and mistrust in the America we all support and defend.

At the end of the day, we should trust each other regardless of what side of the equation we are on (we have to IOT be successful long term). Yes, that trust should be earned; yes, there should be accountability all around; and yes, there should be proper oversight and law guiding what we do. Don't get caught up in finger pointing as it results in nothing but further mistrust, but rather, direct that energy toward making corrections/recommendations. If you feel strongly that something should change then do more homework and write your military leadership or Senator and share your thoughts.

On a side note, I have to date enjoyed your thoughts on here to date and look forward to seeing more of them.

Anonymous said...

@HMS Defiant: Just as an aside, Walker and Whitworth were Radiomen charged with running COMSEC programs. That doesn't make them cryptologists. If you were in charge of a COMSEC program, then you weren't a cryptologist either. I won't comment on the rest of your rant, because that is all it is.

HMS Defiant said...

Thank you all. I believe each of us have made our positions clear.

None of you had access to, or knowledge of, the 2 million pages of NSA data that Snowden leaked from YOUR FILES. You just weren't paying attention.

"Dude" all things considered, your ignorance is unbecoming. Did I lie? Make stuff up? Exaggerate? No. The facts speak for themselves. I played the game in crypto security. I would that everybody on our team still played the cryptographic security game.

Seth, I know you believe you are a pro. That said, the evidence speaks for itself. The NSA does, in fact, spy on all of us. No officer working there, wearing our uniform, can tell me different. The evidence is out there now.

I don't ask any of you to violate your oaths any more than you already have but seriously, I'm not who trashed his oath to the Constitution. You 'susan powers' yourself to claim that what Snowden revealed was some sort of violation of network security protocols and not a blanket revelation of all out anti - American spying. No. USN personnel were the sweepers. They collected it, analyzed it, stored it and disseminated it. Seriously, that was pathetic. Don't worry, you may not have known because right up until some pathetic idiot put all that compartmented stuff on an SCI network, NOBODY KNEW.

I'll go on Seth. Your comment, "At the end of the day, we should trust each other regardless", disturbs me profoundly. That was not how we in crypto security played. Is that how you guys play?

I have no reason on earth to trust you unreservedly. What makes you demand that I trust you?

The whole entire meaning of accountability involves FINGER POINTING. You can't accept accountability without demanding finger pointing.

Yet it happened. It happens again and again and you guys always come out as either the most clueless ignorant idiots on earth, or Google: "Trust us not to be evil."

How on earth could you expect me to believe that you think the entire Snowden revelation is "network security's" fault? Honestly? How stupid do you think we are? He spewed YOUR POWERPOINTs into the open. COMSEC guys don't even know how to spell pwrpiont.

I honestly don't expect even one professional to answer any of that. By your oaths, you cannot. I only post this sort of thing because I think you might have lost the meaning of the words to the oath. To me that means that some people lie under oath. That's unacceptable.

My point was, why would I trust somebody like that? Do you?

For that last poster above, I'm OK with the hate. I understand you are limited in your ability to express yourself. Why don't I say it again.

The essence of CRYPTOLOGY is to make it secure. That was my role. I didn't ever say that I was somebody who spied on all Americans and our allies, did I?

What part of that did you miss, anonymous?

Tell Mike you don't want me on his porch and if he says go, I'll be gone. Trust me.

and yes, I'll go.

LTJG Justin A. Rogers (1120) said...

As we say in the Submarine force - 'Silence on the line, silence on the line: trust your cryptologist!! '. Also, please communicate succinctly. Everyone posting previously uses too many words. One must use as few words as possible to keep the audience's attention. HOOYAH!!!

Anonymous said...

I firmly believe defiant's acct has been hacked.

Mike Lambert said...

HMS Defiant

I don't know where you are coming from on this topic.

Anonymous said...

Good points all around from HMS, anonymous, Seth, and Justin.

At the end of the day "ignorance is bliss" on both sides of the argument since no one has a full story and is filling in the gaps with their own prejudiced opinions. Some will hate while others try to clean up the mess in an optomistic way, we see that here.

Anonymous said...

Well that rant by HMS Defiant is a great example of, "Better to remain silent than to speak and prove your ignorance."

Anonymous said...

I was the anon post on Jun 13 @ 10:07 -- there was no hate in my post. I was only trying to point out that there is a difference between COMSEC and Cryptology. They are not the same. The essence of COMSEC is to make it secure, not cryptology. Thank you for the sly slight.

HMS Defiant said...

Wasn't me. See your own post about these two:

Rule #1: Trust nobody
Check, Double-check, Verify.

Somebody around here led me to believe that cryptologists and Intel Officer are the same thing, at least so far as the Navy is concerned.

HMS Defiant said...

I forgot, whole body polygraph. Trust is a non-existent commodity in your realm. It was my mistake to presume that all of your readers understood my Initial Point in answering. In the SCI realm, nobody trusts and nobody should. That's why we have BI, SBI, poly, and hopefully, security people that ACTIVELY look for people that don't abide by their oaths and security protocols.

My comments were not intended as any sort of attack on cryptologists.

I took issue with the blanket, "Trust Your Cryptologist" part of your post. It's not how we work.

Crocodilian, "seen enough?" Dsbegt%43##2&87+gh$H3.

LCDRLDO/6440 said...

"Cryptologists and Intel Officers are the same thing". Nobody in the Navy thinks this except the Intel Officers. Like COMMO's, they think they know but in reality they don't.

Anonymous said...

There are no more 1810/1830 Flags and we are swapping CO/XOs willy nilly. So how far away are we from "same thing"?

(obtw 1810s haven't been cryptologists for years.)