How Many Leakers Came Before Snowden?

Assume it's really true that the NSA has no idea what documents Snowden took, and that they wouldn't even know he'd taken anything if he hadn't gone public. The fact that abuses of their systems by NSA officers were largely discovered through self-reporting substantiates that belief.

Given that, why should anyone believe that Snowden is the first person to walk out the NSA's door with multiple gigabytes of classified documents? He might be the first to release documents to the public, but it's a reasonable assumption that the previous leakers were working for Russia, or China, or elsewhere.

Posted on August 29, 2013 at 1:13 PM • 37 Comments

Comments

anonymousAugust 29, 2013 1:37 PM

on another article

"The NSA still doesn’t know exactly what Snowden took. But its forensic investigation has included trying to figure out which higher level officials Snowden impersonated online to access the most sensitive documents .... Investigators are looking for discrepancies between the real world actions of an NSA employee and the online activities linked to that person’s computer user profile"

So this is a log monkey job of finding every users that were impersonated

bryanAugust 29, 2013 1:53 PM

Prior to this Snowden fiasco, I assumed a level of competence within the NSA. If they still haven't determined what was taken one would have to conclude they are, in the main, incompetent.

David GerardAugust 29, 2013 1:54 PM

New NBC story says:

“Every day, they are learning how brilliant [Snowden] was,” said a former U.S. official with knowledge of the case. “This is why you don’t hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.”

http://investigations.nbcnews.com/_news/2013/08/...

Man. NSA jokes really need to have the punchline "one who can read, one who can count, and one to keep an eye on the two intellectuals."

KorayAugust 29, 2013 2:05 PM

I didn't think that anybody thought that there'd never been another leak. Secret services have never worked on the assumption that there'd be absolutely no switching sides and double agents.

That NSA have no idea of what Snowden took is probably disinformation.

shallowthroatAugust 29, 2013 2:18 PM

What about NISP?

http://en.wikipedia.org/wiki/...

Seems they don't comply with their own rulebook. This leak, however far-fetched it sounds, looks intentional, done on purpose. Some deep actors gave the keys to kingdom to Snowden. There's no way this could happen if things are done according to NISPOM, and NSA probably has something even more stringent.

michaelAugust 29, 2013 2:27 PM

If Russia had a lot of these documents before Snowden came along, that would be a valuable asset that is greatly depreciated by the leaks. I guess that could give a new motivation behind Putin's desire for Snowden not to leak any more information as a condition for asylum.

Stephen SmoogenAugust 29, 2013 2:28 PM

Internally their counter intelligence people are going to always assume that there are leaks and that probably 1 in 100 or so employees are on the take to some other agency (most of them are just leaking to other federal agencies.. maybe 1 in 10,000 are leaking externally.)

Externally, what they have to sell Congress, Executive management and the public is that this is absolutely the first case and if we turn the screws hard enough IT WILL NEVER HAPPEN AGAIN. Because anything but that will get them screwed over in funding and limelight which they don't want. The public doesn't want to know that It wants a nice black and white answer. And then they can go to sleep until the next leak comes up and they wake up again.

luvtorideAugust 29, 2013 2:37 PM

My experience is that the government agencies that make the rules don't follow them. How could they? Not only do the rules change with the phase of the moon, if you ask 3 security officers how to interpret the rules, you'll get 6 different opinions from those 3 people!

AnonAugust 29, 2013 2:39 PM

There was a time not so long ago that I was working for a PC Recycler... we had a batch of old Navy computers that we were overhauling, anything that wouldn't POST was scrapped and anything that would was repackaged to be forwarded on to the third world (in this instance IRAN actually, the owners had connections there)

Several of the machines had disks left in their cd rom trays, not only did I get a windows 98 disk but I also found a disk marked secret that had a number of videos and pdfs covering marine interdiction and disabling ships.

I wonder how many times that sort of data leak has occurred...

Fajensen August 29, 2013 3:07 PM

Maybe "they" are worrying too much about leaks while they should be worrying about what information was planted? And data integrity & stuff.

Would it not be funny if lots of "upstanding citizens" suddenly ends up on "no-fly" lists, f.ex?

NtKAugust 29, 2013 3:17 PM

What happened to need-to-know?

Why are documents even stored as plaintext?

Here's an idea: encrypt documents with a key, distribute the key to those who have a need to know.

Too simple? Why wouldn't it work?

AndyAugust 29, 2013 4:07 PM

I assume with the priviliges Snowden held a log sanitizing job is only a few shell commands / scripts far away, or are logging mechanisms tamperproof these days, even with root access? Alternatively he could just have killed the relevant log daemons for the duration of his grab and clone run.

They might never find out the full extent...

AndyAugust 29, 2013 4:11 PM

Man. NSA jokes really need to have the punchline "one who can read, one who can count, and one to keep an eye on the two intellectuals."

Sorry for the double post, but this made my day. Thanks

Nick PAugust 29, 2013 4:12 PM

Many comments here worth highlighting and replying too. :)

@ shallowthroat

"What about NISP?"

I've posted that manual here a few times. It's worth adding to a bookshelf. Two things I'll say about NIPSOM manual:

(1) The one I read said it was for Special Access Programs. If so, it's requirements would only apply to these programs if they're SAP's.

(2) The real point: yes, the US government regularly doesn't follow their own advice.

For instance, the Bell paper I posted in debates here mentions DOD policy is to put only high assurance (i.e. EAL6-7) components at points where untrusted and sensitive networks connect. Yet, NSA has been advocating solutions like NetTop, HAP and MDDS that use EAL4 (low assurance) OS's for this. This is despite the existence of at least three, highly robust platforms that did these things in the past. So, the rules say they must use highly secure components, they have highly secure components, and they are using/advocating insecure one's instead.

I'm sure they have this inconsistency in quite a few areas, including surveillance programs. ;) To be clear, though, there are few to no solutions that can deal with an untrusted administrator. That's a hard problem. Only pieces of it can be effectively solved and the others still have risk. That there was no strong auditing of admins is... a different matter.

@ michael

"If Russia had a lot of these documents before Snowden came along, that would be a valuable asset that is greatly depreciated by the leaks. I guess that could give a new motivation behind Putin's desire for Snowden not to leak any more information as a condition for asylum."

That's a nice point. One thing that can maintain the value of a stolen secret is if the enemy thinks it's safe. This is especially true for operational intelligence. Russia might know enough to be able to avoid NSA at times, feed them disinformation at others, and so on. Snowden might be a liability to them if he keeps talking. So, cutting a deal for his safety in return for his silence might be a good idea.

@ Fajensen

"Maybe "they" are worrying too much about leaks while they should be worrying about what information was planted? And data integrity & stuff."

Integrity is the most important problem in INFOSEC. In both government and criminal forensics, I've often worried about tampering with data. Courts usually assume this isn't the case. The government might too for most systems. The exceptions that check provenance and integrity are mostly used by intelligence agencies. So, the problem still stands, it certainly merits consideration in a TLA, and I don't think the INFOSEC field has done enough to address it.

@ Ntk

"Here's an idea: encrypt documents with a key, distribute the key to those who have a need to know. Too simple? Why wouldn't it work?"

An insecure underlying system...
Governments' many stringent rules about processing classified information...
Revocation...
Tracking of distribution to others...
Foreign interoperability...
Conflicting certification standards...
Compatibility with existing tech standards...
Vendor-neutral purchasing policies with vendor-chosen tech...

There are so many things preventing simple solutions to the DOD's problems. DOD is extremely complicated in many ways. This means solutions to its larger problems are often complicated as well.

DOD operations just need a total redesign and reboot...

AndyAugust 29, 2013 4:36 PM

I didn't think that anybody thought that there'd never been another leak. Secret services have never worked on the assumption that there'd be absolutely no switching sides and double agents. That NSA have no idea of what Snowden took is probably disinformation.
Would the disinformation theory not be adding insult to injury, kind of shooting your foot for good measure, while the wound from someone else shotgunning your kneecaps is still bleeding? What / where would be the benefit for the NSA to misinform on this issue?

Also all the tactics and procedures regarding possible double agents and how to prevent / locate / deal with them might have got stuck somewhere in the analog age after the cold war ended. This was a time when paper files contained the juicy bits and decent vaults for locking them where the hurdle to overcome in acquiring them. But maybe I am off base here with my assumptions.

NobodyspecialAugust 29, 2013 4:38 PM

You outsource your IT system to the cheapest bidder, they hire subcontractors who know they will be fired the moment it is more profitable to do so and it's all run by career politicians who everybody despises.
And yet everybody assumes that a WWII Bletchley park, take the secrets to the grave, attitude would be the default ?

Chilling EffectAugust 29, 2013 5:02 PM

There seems to be an intense competition between the NSA and the TSA to earn the most distrust and enmity of the American public. Although the TSA has a head start and the advantage of public visibility, the NSA may now be winning. If they can't keep track of their contractors' activities and ensure the security of their own documents and data, how can we possibly trust them to locate foreign terrorist plots while protecting the privacy of Americans? I doubt that even the TSA's Goebbels-award-winning propaganda master could prevaricate, distort, and obfuscate away this looming PR disaster.

KorayAugust 29, 2013 5:17 PM

@Andy

I couldn't know what the benefit for the NSA would be. "Do you know what he took?" is not a question that one should expect an answer to from the NSA. At least an honest answer.

Publicizing his "brilliant" feats at defeating access control may even be an attempt to save face. "We don't suck at chess; we just lost to Kasparov." Also, let's talk more about "Snowden, the man" and not about other things.

They'll later tell us that people like him will no longer be a problem due to a new "insider threat detection program" (similar to existing successful programs such as the "future hall-of-fame athlete", "math prodigy" and "fortune 500 CEO" programs).

They're not stupid. The masses are.

MingoVAugust 29, 2013 6:07 PM

"... it's a reasonable assumption that the previous leakers were working for..."

... other agencies of the federal government: FBI, CIA, DIA, etc.

EHAugust 29, 2013 7:12 PM

Yeah, well, this "brilliant" guy is the same person they called a high-school dropout low-level admin when the stories first broke.

GweihirAugust 29, 2013 8:00 PM

@EH: Well, that is a classic: If it turns out that you are significantly more stupid than the person that successfully attacked you, then he _must_ be a genius!

The only message from these claims is that the NSA is stupid and dishonest. Maybe the strongest reason to stop them from doing what they do.

Dirk PraetAugust 29, 2013 8:32 PM

@ Ntk, Nick P

Here's an idea: encrypt documents with a key, distribute the key to those who have a need to know. Too simple? Why wouldn't it work?

Because it's easier said than done. Adding to the elements @Nick P already summed up, any organisation sitting on a huge stash of documents is likely to use a document management system (DMS/ECM) for management, access and control. Default encryption will make it very hard to do content searches or find anything back unless proper attention is being paid to metadata. I've seen more than one organisation giving up on the idea because it just didn't work out, reserving encryption for a very small percentage of highly sensitive stuff only.

"Need to know" at the technical level translates to implementing controls both at the OS (e.g. MLS, MAC, RBAC) and application (e.g. identity and access management system) layer. Operating systems that can properly do the former in recent years seem to have been deprecated almost everywhere in favour of COTS systems that are much easier to set up and maintain. You can easily find tens of thousands of MCSE's/MCITP's even in the most remote areas of the planet, but the number of folks with, say, expert knowledge of Trusted Solaris (Extensions), SELinux or TrustedBSD is significantly lower.

Anybody who has ever been involved in setting up either an MLS or an identity & access management system in an enterprise context can tell you that it's a real bitch, the technical issues being only the simplest part of the equation. The most difficult part of the implementation is charting the structure of the organisation, then establishment and company-wide adoption of business specific access policies and procedures that are also compliant with applicable laws and regulations. This can be an exceptionally daunting task, especially in heavily compartimentalised organisations with a Mexican army of managers all requiring exceptions for themselves, their staff and their equipment. Without full upper management understanding and support, as well as some skilled diplomats and politicians on your team, failure is guaranteed.

Unfortunately, it doesn't stop there. After roll-out, rigorous auditing and control procedures are needed to maintain system integrity, as well as constant evaluation of policies when and where required. Failure to do so will inevitably weaken the system because both users and administrators will always be asking for additional access rights in order to get their job done in a more efficient or convenient way. Allowing such requests to derail or failing to fully understand their implications is generally where things start going horribly wrong.

wumpusAugust 29, 2013 9:48 PM

When it came out than Manning simply helped himself to Terabytes of readily available top-secret and above information (and the secrecy industry did nothing but attack Manning) it was getting obvious that they could care less if China, Russia, France, Pakistan, Saudi have the complete database that Snowden and Manning were dipping from, they were just incensed that the real enemy, the US citizen, was allowed to know what was going on.

There are plenty of theories that are cut to ribbons by Occam's razor. Some of the remaining include levels of incompetence that defy belief (but could have been easily included enough cronies during recent scaling up of the secrecy industry) and a basic principle that *anybody* can find *anything* they want about US [top] secrets, but as long as they don't let the US public know about, they simply don't care.

StephenAugust 30, 2013 8:17 AM

Number one thing to remember, in the NSA they think everything is secret. Even the bathrooms are classified.

Seriously, you make a document and store in electronic form and its not locked down and encrypted and you have humans who can see them, well guess what someone will read them.

If its on a network its no longer secret. If you want secret, you have to be in total control of that info. at all times.

Still knowledge once in someone brain is very hard to remove and to let them live.

Folks have no clue how the revolving door of gov contractors really work. its all a game of money, 99% of this stuff is not secret nor does it need to be.

just my TS clearance point of view.

Unknown RootAugust 30, 2013 9:20 AM

@ Fajensen
"Maybe "they" are worrying too much about leaks while they should be worrying about what information was planted? And data integrity & stuff."

"They" have write access, so delete access.
I wonder how much it costs on the black market for a drug/arms dealer or "terrorist" to be removed from some database like the no-flight list, or have every information about a name totally removed... even from backups.

PaeniteoAugust 30, 2013 10:03 AM

> previous leakers were working for Russa, or China, or elsewhere

Or "spies", as those would commonly be called..?

GlenOAugust 30, 2013 10:13 AM

For me, this whole thing just highlights a basic fact: government secrecy is most often used to cover up incompetence and stupidity.

name.withheld.for.obvious.reasonsAugust 30, 2013 4:25 PM

@GlenO

I don't know, the incompetence has been a bit obvious. Oh, and the stupidity IS obvious.

paulAugust 30, 2013 6:44 PM

So: the contracts with all these outsourced body shops: do they have clauses about what happens when you completely screw up the architecture of the system you're building, or don't build the system according to the specs, or don't enforce any of the work rules incorporated in the contract by reference.

Back when I started reading and reporting about this stuff in the blankets-over-blackboards days, it was axiomatic that "system-high" -- open within, tight perimeter -- was how you ran things when you didn't really know how to do your security right. At the very least they should have had logging going in ways that a sysadmin doing anything else couldn't touch.

(Of course, the logs of which high official looked at what are also probably top secret or above, so there might not actually be anyone with the clearance/trust to run code for perusing them)

somebodySeptember 1, 2013 2:10 PM

NtK:

"What happened to need-to-know?"

It was replaced by "Responsibility-to-share". In general, the old "Need-to-know" is in the way. However, sharing information freely amongst 5000 people, contractors and their grandmothers is a REALLY stupid idea. Information need to be shared freely amongst those who need it, when they need it - and with noone else.


"Why are documents even stored as plaintext?"

Have you ever worked with computers? Once you read something it remains unencrypted in memory of the computer. Encryption is only useful if you are not touching the data. Read Bruces books and things will become clear.

AnonSeptember 1, 2013 9:55 PM

Has it been confirmed that Snowden took the data out of usb drives? After wikileaks, DOD claimed to have implemented a two man rule for writing classified to removable media. Why was NSA not in compliance or if the rule only applied to siprnet, then why did DOD implement higher security for their secret system than their TS/SCI system?

haikuSeptember 2, 2013 6:00 AM

Has anyone considered the possibility that the "high-school dropout low-level admin" might have had assistance from others working at the NSA, i.e. he's just the point-man ?

NtKSeptember 2, 2013 8:59 PM

somebody:
""Why are documents even stored as plaintext?"

Have you ever worked with computers? Once you read something it remains unencrypted in memory of the computer. Encryption is only useful if you are not touching the data. Read Bruces books and things will become clear."

The user who needs to access/modify the data, decrypts it temporarily to a RAM disk, which is perhaps in a VM which gets disconnected from the host system. RAM gets wiped after the file has been closed, encrypted and copied back to persistent storage. How can that fail?

The data is never in a decrypted state while anyone unauthorized is accessing the computer and storage.

Peter SullivanSeptember 4, 2013 4:52 AM

In the recent report says that every day 100 of Hackers tries to hack Google, NSA and other top US sites. Its not about your doing your job its about by hacking your going to make a crime for that country. Thats why Snowden is count as a spy not a hero. No matters how much data he has break down to help USA.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..