How it worked is they saw their victim visit LinkedIn or Slashdot, identified them based on their account, and then shot an exploit at them using packet injection. So there was no "fake" slashdot page, just an injected exploit packet.
The real frustrating thing is this is exactly who the NSA is supposed to be spying on. Foreign leadership is specifically in-scope.
The problem I have is the methods: if its anything like how Belgicom was hacked (using "QUANTUM", namely, packet injection to exploit a tech's computer and then using the 'lawfull' intercept capability built into the phone switches), this would be something that the US would clearly call a criminal act, and possibly call an act-of-war.
If France, say, hacked AT&T using these techniques to monitor cellphones in Washington DC, "ballistic" wouldn't even begin to describe the US response.
The private company surveillance is out of control. Facebook and Google record almost every web page you visit (Yes, Facebook LIKEs your taste in porn) thanks to those ubiquitous trackers and advertisers. Data brokers collect information, resell it, repackage it, data mine it, and do all sorts of other skivvy things with it.
The private spying is ALMOST as out of control as what the NSA is doing, and also needs to stop.
Except for that whole "reputational damage" thing...
Having the companies modify their infrastructure for the benefit of the NSA means although it may be "legal" to tap foreign communications, it means that the US companies are now complicit in attacking their own customers (just not the US customers).
The reputational and economic damage that the NSA is causing dwarfs the few million dollars the companies are gaining. US/UK technology companies now must be considered to be hostile if you are outside of the US/UK.
Web hosting is generally public, providing public facing information. The data of real note is email, internal documents, and other such critical systems. It is that data which should flee the cloud.
And where should the data run? Why inhouse: businesses which need confidentiality (Law firms, and any business with significant international competition) should forget about outsourcing to the cloud at all.
The strange thing is, DES was NOT weakened by the NSA!
A strange coda to the story however. DES was NOT weakened by the NSA. The design's subtle tweaks by the NSA ended up being used to counter differential cryptanalysis, and although the key length was somewhat short, it was still uncrackable at the time of development (now its crackable in a day or less).
Because to someone like me, DROPMIRE sounds like a lifecycle attack: building in a backdoor into the commercial product itself at the factory.
If the NSA is using lifecycle attacks, or even if there are just credible rumors of the NSA using lifecycle attacks, US network hardware and security companies are now in the same position that Huawei is in.
The US government has no notion of "its already out there": If a document is classified Top Secret, having it discovered on an unclassified computer is bad, VERY BAD. The easiest cleanup procedure usually is "wipe the whole computer".
It doesn't matter if copies of the document are on the front page of every newspaper in the country, scattered across a hundred flyers, and sent a thousand times to every general, colonel, and corporal in the army, its still classified.
The NSA defines "collection" as when they actually use the data and get some result from it, with the probable unstated admission that it is only "collected" if they use the data, get some result, and ADMIT that they used the data and got the result.
Its the same linguistic BS that allows Obama to say with a straight face that he only launches robot flying assassins against Americans who are an "imminent" threat, with "imminent" being defined in his lexicon as "well, perhaps, kinda sorta, and its too much of a pain to try to capture or do anything like that so lets just send in the robot flying assassins and be done with it"
I'd suspect also that it was 50% AFTER "expenses" which Prenda padded mercilessly. If Mike can get in touch with Mr Pilcher, it might be worth asking about that, since with all the other difficulties, I wouldn't put hollywood-level accounting past the Prendarists.