Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
mike_d a day ago

> I suspect a strong link between mass surveillance [...] and the very recent targeting of the senior Iranian nuclear scientist and military officers at their homes in Iran.

We all like to imagine this super cool clandestine hacking operation using peoples mobile phones to secretly track people who visit nuclear facilities back to their homes.

The much more logical explanation is someone approached a low level employee at the MEAF who turned over a USB stick with the governments org charts and payroll records in exchange for their kids getting a full ride to a prestigious foreign university.

michaelt a day ago | parent | next [-]

> The much more logical explanation is someone approached a low level employee at the MEAF who turned over a USB stick with the governments org charts and payroll records in exchange for their kids getting a full ride to a prestigious foreign university.

If there are spies in foreign countries going around offering life-changing sums of money for USB sticks, which people are accepting

is it not also plausible that folks at google/samsung/apple/aws/cloudflare/microsoft are getting offered life-changing sums of money for leaving their work-from-home laptop unattended for 5 minutes?

AnthonyMouse 20 hours ago | parent | next [-]

This is the thing that has always concerned me about Cloudflare. The structure of their operation is "we do a MITM on most of the encryption on the internet". Even if that doesn't make you immediately suspicious that it was set up as a spying operation on purpose (compare "encryption added/removed here" Snowden slide), it makes them a massive state espionage target. Do they really have the ability to resist that level of persistent targeting from every country in the world?

scripturial 16 hours ago | parent [-]

Cloudflare is a US company right? One assumes it’s controlled (if not directly, then indirectly) by US intelligence interests. That would protect it from non US intelligence influence would it not?

AnthonyMouse 15 hours ago | parent [-]

Does the US intelligence apparatus protect its networks with some kind of theurgy preventing the government of Russia or Iran from finding any 0-day before they do from time to time, and have a source of infallible humans immune to bribery or extortion?

heavyset_go a day ago | parent | prev [-]

Yes, this happens. Industrial espionage is popular.

From what I've seen with bribes, it doesn't even take life-changing amounts of money.

bawolff a day ago | parent [-]

I imagine in a country like Iran where there is a sizable minority that hates the regime, someone might have done it for free.

boramalper a day ago | parent | prev [-]

Israel, like any other state, must be using a variety of methods including good old "human intelligence" so it's not either-or.

In addition, saying that

> someone approached a low level employee at the MEAF who turned over a USB stick with the governments org charts and payroll records in exchange for their kids getting a full ride to a prestigious foreign university

is an oversimplification on multiple levels:

1. Low-level employees typically don't have access to sensitive information.

2. With human intelligence, there is always a risk that the person you (e.g. Israel) are in touch with (e.g. an Iranian officer) who pretends to be a "double agent" (e.g. leaking info to Israel), is in fact a "triple agent" (e.g. actually working for Iran to mislead Israel).

3. You can send your kids to foreign universities but not your siblings, your parents, your wife's family, and so on... Some of your beloved ones are almost certain to suffer the consequences of your actions. High treason is no joke.

bigfatkitten 10 hours ago | parent | next [-]

> 1. Low-level employees typically don't have access to sensitive information.

Snowden was a contract Sharepoint admin. He was on the absolute bottom of the org chart.

SirHumphrey a day ago | parent | prev [-]

> 1. Low-level employees typically don't have access to sensitive information.

You would think, but when I was interning (well, it was a paid internship) for a company, I was fixing an excel spreadsheet with payroll information for an entire department of a few hundred people. Not the best piece of "opsec", but when you are in a hurry (pay was due in a couple of days) and most people are on vacations "hey the junior kid can probably fix it, he seems fine" is a way too common approach. And it is fine - sometimes for a long time. Until it isn't.

aswanson a day ago | parent [-]

Yeah I recall being a new hire at a defense contractor, getting a login, and accidentally opening an excel sheet with a ton of management user names and logins. People are sloppy.