How do you know if this caller is from the NSA for real? I could get up to all sorts if mischief. Either I can make the NSA look bad, or I can social engineer my way into ISPs by pretending to be the NSA. Good on this ISP though!
When I worked for a data center/ISP, there would be occasional government calls. The protocol was to get the persons name, then call them back through the official list of contact numbers (FBI, NSA, CIA, etc).
There's an old scam that's been going round, where a person calls up a mark claiming to be from their bank.
They say that there are some security issues with their bank account and for security reasons, they should call the phone number on the back of their credit card.
The mark hangs the phone up, but the scammer stays on the line and plays a dial tone the line, when the mark picks the phone up, they hear a ring tone and then dial the number. The user thinks that they have got through to the bank, but really they are on the phone to the scammer.
From that point, they scammer has the mark's trust and can do all sorts of damage.
I haven't used a landline in years now, but when I was a kid it worked that way: one end hanging up wouldn't disconnect the circuit, and if the other end took the phone off-hook shortly afterwards it'd still be connected.
This would sometimes wind up being the deciding factor in the eternal battle of "which sibling gets to use the phone"
In my memory it never relied on both parties hanging up here in New Zealand, but on a trip to the UK as as child I noticed that the phone line disconnecting relied on both parties hanging up. I'm 31.
On landlines the call isn't finished until the caller hangs up. This allows features such as "call waiting" to work: the receiver flashes the hook in a certain way to switch to the other call. If flashing the hook would disconnect the call, "call waiting" wouldn't work.
It did at one time, and could still in some places. I can recall growing up in rural North Carolina in the late 70's and early 80's, when one party staying on the line, after the other hand hung up, would keep the connection open.
In the UK it does. On a standard BT residential line the caller can hold the call open even after the callee has put down the handset. When the callee lifts the handset again they won't be able to begin a new call until the caller terminates the call.
I also live in Scotland and I've had this happen to me in the past.
It almost never happens by accident - the person keeping the line open is paying for it, after all. (Or, traditionally, was, with bundles and free evening/weekend calls, I've no idea if people actually pay for landline calls any more.)
Yep. The broad principle is never to give out account numbers, your social/government ID number, or any other such thing on a call you didn't initiate.
The NSA/CIA never (rarely?) call. Everything is (almost?) always routed through the FBI. If someone contacts you claiming to be from the CIA or NSA, and you are not employed by the DoD, they are very likely to be frauds.
From there, you can get the supposed agent's field office, look it up on fbi.gov and call them back.
Be advised that each field office has satellite offices within their jurisdictions. Satellite office addresses and phone numbers are published on fbi.gov also.
I wonder how many would actually comply to such a call (before this whole PRISM thing came up) and how it would move on. I mean - why are they calling? Do they expect them to spell out their root passwords?
I call bs on this one, time will tell. Lennard Zwart is a guy who clearly has an economic interest in playing the 'don't host in the US' card. He wrote another article in 2012 about this with the same angle (see below, hit google translate if you can't read Dutch) and is totally vague about the call, does not explain why a C level exec would receive a call like that and did not report on making the required effort to verify the caller was indeed from the NSA.
I've received a number of calls over the years from people claiming to be law enforcement, and a whole bunch of email to boot, only a very small fraction of those were actual law enforcement on sanctioned missions, the rest were just impersonators and to do a first round of verification is par for the course in cases like this. "She said so" is not nearly good enough.
I'm a customer there, and from interactions I had with them they take data security and privacy very seriously.
Of course there is an economic interest in showing the disadvantages of hosting European data in the US. But what's wrong with that? That is simply true. For example: in some cases you break Dutch privacy laws when hosting data about individuals in the US (without taking special precautions).
Relatively, we probably have the highest number of phone taps in the world. In total there probably are over 25.000 phone numbers being tapped. Also, metadata of different types of communications are stored.
The scary word here is "probably", because the government consistently refuses to release that data.
Although I'm fairly confident we're gonna win the legal and political battle over that issue in time. The Dutch government may be no better than that of the US on an ethical level, the legal balance between privacy protection and state secrecy is very different.
They don't. Just like a police officer doesn't need you to tell him how fast you were going (hint: he knows). It just works sometimes, which is a lot easier than going through the normal process, and worth a shot.
The NSA officer didn't hang up the phone and think "How dare he refuse to cooperate, it's the law!". Instead she thought "darn, that didn't work" and then called the next phone number on her list...
If the superpowers weren't countries but were instead the search engines of today then we could probably agree upon who would be Google and who would be Bing and so on. Do Google's users generally care about Bing, what Bing does, or what Bing thinks? (To stretch the metaphor almost to the point of breaking.) Most of Google's users don't think of Bing as a savage search engine but they do consider it irrelevant.
What an utterly useless post. I had to double check I was on ycombinator and not reddit after reading this.
Isn't this a general behavior of typical sterotype (you can't even speak english correctly) european? Most them believes europe as theland of the law and anything else is savagery.
Why even bother making posts like these? We get it, america and therefore vicariously all americans are horrible people, the devil, and should be wiped off the face of the earth. We get it, europeans hates americans. Can we all move on with our lives now?
Um...er.....I do hate to say it, but you've kinda proved the point of the post you called useless.
Ironic that your post is equally useless, but much longer. So, even more than "utterly useless". Which suggests that, yes, you do need to move on with your life.
Now, I have to sit and think about how useless this reply might be. See what you have started?
I never meant, Americans are horrible people. I actually meant it to be the answer of why NSA (or someone from NSA) would believe US law holds true in NL.
I am sorry if the stereotypical american meant all of those, but I had in my mind picture of a naive NSA employee who didnt think twice before making the call to an international company.
They don't and this story is likely bogus, smart marketing on the part of the lead character in the story who managed to get the name of his company out front on a hot button issue.
When you host internet services, it doesn't take too long before one of your users do something that leads to police investigation. So that's quite normal, unfortunately. There are also unofficial & malicious requests, like 'private investigators' simply trying to grab data.
Just tell them that they don't have any authority, and you're not interested to hear any manipulative reasoning. - Have a nice day.
I'm mostly impressed that they just pick up the phone and call. Must've been a not-very-experienced NSA employee. Or NSA performing social engineering scams, but I doubt that.
Hm, what’s wrong with just calling? It is probably the easiest way to find out whether someone is generally willing to cooperate, and if they don’t, the NSA doesn’t lose much either?
NSA was long nicknamed "No Such Agency" for a reason - they were, and to an extent still are, notoriously secretive compared to other US intelligence agencies. I'd expect them to approach it via intermediaries.
Frankly it sounds more likely to me that this was a poor attempt at social engineering rather than a genuine contact from the NSA.
Frankly it sounds more likely to me that this was a poor attempt at social engineering rather than a genuine contact from the NSA.
Seems like you could really play this NSA stuff up in social engineering attack, especially if you were willing to put some work into it. Imagine grabbbing the NSA logo off their website, and make some fancy looking, seemingly authentic laminated plastic ID cards, then show up at someone's office asking for data/access/etc. and claiming to be from the NSA. Even hand then a "National Security Letter" and carefully explain the gag order to them, and let them know that doing so much as picking up the phone to call anybody else to ask about cooperating could result in them being jailed. Subtly hint that "jailed" might mean "disappeared to Guantanamo".
Since everybody knows that the NSA is kinda "in the shadows" and lots of people have heard of NSL's and gag orders by now, I imagine you could get a lot of people to go along with this. Especially if you had two big, physically imposing guys in nice suits to play the roles.
(edit: I am, in this case, mainly talking about inside the USA, where NSL's have authority, etc.)
My working assumption is the NSA has God power and root on everything and everyone. They do not need to call anyone. This is timely PR posturing that NSA is mortal and deserves our sympathy and further budget aid.
"Gawdammit Senator, our people actually have to get on the phone to ask these people for this kind of information, and frankly, its downright embarrassing!"
I suppose that they could break into any system and have stockpiled a lot of exploits. The problem is that it is usually a one shot thing. The moment it goes public this means it cannot be used anymore. So it is a bit like the Martin Fury - one hit kill but only limited charges.
