There is no single party responsible. There are many. The entire government is to blame. We are talking about people, bureaucrats, who haven't the slightest idea of how a hard disk works or how their computer connects to the internet, and they think that they know everything about computers and can single-handedly swipe technological rights out of the American people. See Carmen Ortiz above.
It's the entire government. The sooner people understand this, things like these won't happen.
Im sure there was a USB backdoor open somewhere. So who's fault is it if the US can't protect its own data? Blame others! That seems to be the way they operate!
do politicians even know how to turn a computer on? seriously tho, this was the same argument that was given when the internet was introduced to the public a few decades ago. instead of holding technology and their creators accountable, the government needs to hold the individuals that use and abuse it accountable.
most of the "bad guys" i know of who make viruses and spread bad stuff around the internet are not usually the ones starting up companies and trying to make a product people will be able to use. the government has a tendency to point the finger and blame the small guys instead of taking responsibility and training their employees how to use the resources given to them... and then complains about being under-funded w/ their technology program.
if the RIAA (which i respect but don't agree with) can kick around little old grannies and people who died a decade ago, can't the government track down someone on their own set of networks sharing information? not to mention... haven't they heard of simple port blocking? >o<
Of course it is the Vendor's responsibility. But if the NSA, CIA, FBI, Homeland Security, Secret Service or any other government group gets in the way how much of the blame goes where when the shit hits the fan?
Most vendors will patch if they know about issues. Who is at fault when a hack happens and the the US government could have prevented it by divulging.
That’s awful but why is the onus on random sys admins around the world to deal with this correctly and not the government hosting the problem entities?
The previous administration is actually partially responsible for this allowing to be done without government intervention. See this hacker news post [0] for some more information.
whoever is behind it I find it hard to blame them. As they write on their blog:
>> Governments have an obligation to protect the private data of its employees and citizens. In addition, the exposure of proprietary government data can be used for great means of manipulation and for other destructive purposes. While the NCIIPC operates a Responsible Vulnerability Disclosure Program, the recklessness and avoidance of communication represents the complete opposite of a responsible program. <== from https://johnjhacking.com/blog/indian-government-breached-mas...
Enough has been said by people inside and outside of India about UIDAI / Aadahaar[0][1] and it's many horrible side-effects and risks it creates. This situation that has been created years ago after loud warnings of researchers and citizens who have meanwhile been silenced by the Modi government (who are the real culprits here).
India has done this to its people already years ago, therefore breaches here today are mere symptoms of incompetence (not the cause).
But I have seen people treat computer security is some sort of joke.
I think it unacceptable this happened, but the US govt hasn't paid much attention securing itself from cyber attacks while spending billions on NSA wiretapping.
It's similar to the banking fraud. People in power need to taken accountable for not taking their jobs seriously.
and the realistic in me believes its impossible to make the people in power listen without some reasonably horrible thing from happening - things need to get worse before it gets better. Remember the amount of money the govt poured into the Iraq war due to the "perceived" threat.
If history has told us anything, it's that this won't be fixed until we wake up one day and the majority of the computers in the world are bricked. Then the government will act. Not before.
Different branches of the same government means there’s only a single entity with all the keys. Pretending otherwise is maliciously naive.
Every entity or group of entities I can think of you suggesting has a pretty well documented history of undermining the legal rights their countries ostensibly provide.
Before you of course get to the elephant in the room: governments are notoriously bad at keeping super critical shit like this under wraps, and once it inevitably leaks literally everyone is fucked.
My suggestion for any nonsense laws like this would be: if the keys are ever leaked, misused, shared with any other entity, the country shall be required to pay full cost of replacement of every impacted device. They shall be liable for all downstream costs. The management and directors of every agency that had access to the material are personally liable for costs as well, as is every elected official that supported or approved the legislation. Claiming that they can’t be responsible for the mistakes of others is not permitted as a defense: there is already a defense against mass invasion of privacy and these incompetent fuck ups are constantly trying to pass legislation like this that removes that defense.
Much as I hate to get the government more involved in software development, I really wish someone would hold companies accountable for this behavior. Just think of how many peoples' computers are vulnerable to these exploits.
I'm not sure they are in complete control, although it's a great image of master manipulation to imagine they are. I'm waiting until I really understand the whole story to start assigning any blame.
I'm more interested at this point in figuring out what this means for the future. Do we live in a world now where state-actors will target specific companies and basically try to rip them to shreds and extort them? Now I'm supposed to personally defend my company and my network against state-sponsored targeted persistent threats?
It should be possible to lock down individual machines which aren't ever supposed to be networked. That's hard enough. I'm personally of the belief that any networked device is ultimately hack-able up to the physical constraints of the network. It's all about how much it will cost an attacker to gain access, and how much they can steal once they get it.
If governments start routinely sponsoring these attacks, I'm very concerned the cost-levels we impose today are 5 - 6 orders of magnitude too low, and the network bandwidth 5 - 6 orders of magnitude too high, to deter these types of attack.
I'm trying to understand your position. Are you saying this is partially (or fully) the government's fault because they didn't regulate the IoT device market to force it to be open source? And if they had done so this attack could have been avoided?
Then we need a scan of all government machines to see if there was a precedent of it being installed across many thousands of machines to suggest that this was not an actual individual breach of policy. and show that the government was remiss in its ability to enforce the policy at all.
I suspect they allowed it to happen to justify genociding all of them or something of the sort. There's no way they can be that incompetent. I refuse to believe it. They spy on everyone, crack every computer, infiltrate and compromise every organization, plant assets everywhere, we non-government people are forced to live in constant paranoia because of these assholes. And they get surprised by a bunch of terrorists? Might as well just close down those useless agencies, they're good for nothing, total waste of money. We're living in this cyberpunk hellscape because of them and it's all for nothing.
a government installing a software without notice or consent onto their population's devices is not something a healthy functioning democracy does, it's what a psychotic paranoid despot does. if the Mass Gov truly wants to minimize harm this is the opposite of what needs to be done. all this will do is drive conspiracy theories and deepen a very legitimate mistrust in the institutions that plague the USA (which helped give rise to people like donald trump)
It's the entire government. The sooner people understand this, things like these won't happen.
reply