New Snowden Interview in Wired

There's a new article on Edward Snowden in Wired. It's written by longtime NSA watcher James Bamford, who interviewed Snowden in Moscow.

There's lots of interesting stuff in the article, but I want to highlight two new revelations. One is that the NSA was responsible for a 2012 Internet blackout in Syria:

One day an intelligence officer told him that TAO­ -- a division of NSA hackers­ -- had attempted in 2012 to remotely install an exploit in one of the core routers at a major Internet service provider in Syria, which was in the midst of a prolonged civil war. This would have given the NSA access to email and other Internet traffic from much of the country. But something went wrong, and the router was bricked instead -- rendered totally inoperable. The failure of this router caused Syria to suddenly lose all connection to the Internet -- although the public didn't know that the US government was responsible....

Inside the TAO operations center, the panicked government hackers had what Snowden calls an "oh shit" moment. They raced to remotely repair the router, desperate to cover their tracks and prevent the Syrians from discovering the sophisticated infiltration software used to access the network. But because the router was bricked, they were powerless to fix the problem.

Fortunately for the NSA, the Syrians were apparently more focused on restoring the nation’s Internet than on tracking down the cause of the outage. Back at TAO's operations center, the tension was broken with a joke that contained more than a little truth: "If we get caught, we can always point the finger at Israel."

Other articles on Syria.

The other is something called MONSTERMIND, which is an automatic strike-back system for cyberattacks.

The program, disclosed here for the first time, would automate the process of hunting for the beginnings of a foreign cyberattack. Software would constantly be on the lookout for traffic patterns indicating known or suspected attacks. When it detected an attack, MonsterMind would automatically block it from entering the country -- a "kill" in cyber terminology.

Programs like this had existed for decades, but MonsterMind software would add a unique new capability: Instead of simply detecting and killing the malware at the point of entry, MonsterMind would automatically fire back, with no human involvement.

A bunch more articles and stories on MONSTERMIND.

And there's this 2011 photo of Snowden and former NSA Director Michael Hayden.

Posted on August 14, 2014 at 1:02 AM • 86 Comments

Comments

ygjdsfvcAugust 14, 2014 1:48 AM

The CloudFlare blog posted in 2012 a detailed analysis of the Syria internet outage that happened on November 29 that year. In the post, CloudFlare noted how there were also brief ~15 minute internet drops for most of Syria 4 both days and 2 days prior to the full outage. So perhaps NSA was modding that router on those 2 days in preparation for their firmware upload on the 29th.
http://blog.cloudflare.com/how-syria-turned-off-the-internet

Amazing that a country operates with just one central router.

Ch'GansAugust 14, 2014 2:00 AM

The second link "articles" in "Other articles on Syria." is broken, it points to 2 URLs: "http://www.theguardian.com/world/2014/aug/13/snowden-nsa-syria-internet-outage-civil-war%3Cbr%20/%3Ehttp://www.nationaljournal.com/tech/snowden-the-nsa-caused-a-massive-internet-blackout-in-syria-20140813"

ygjdsfvcAugust 14, 2014 2:03 AM

Also, two more outages for Syria happened in May 2013, first on the 7th then on the 15th, about 6 months after the 2012 NSA outage.

Perhaps one or both of the May outages were related to NSA too? They probably still wanted to exploit that router once it came back online after they crashed it in 2012. On the other hand, it would be pretty surprising if they screwed it up three times.

https://news.yahoo.com/syria-blames-internet-outage-technical-problem-200245828.html
http://mashable.com/2013/05/15/syria-internet-outage/

VictorAugust 14, 2014 2:08 AM

It would be great if the bricked router could be recovered and properly investigated. That sort of (presumably) expensive hardware is probably not just chucked out when it fails. Or was it flashed and reused?

Rolf WeberAugust 14, 2014 2:27 AM

It is highly unlikely that Syria has just one central router, since it has several uplinks and upstreams.

I mean, it of course is possible to design a BGP setup in that a broken way that a failure of one router will cause a complete outage. But how likely is this?
And even if, how likely is it that it takes more than 2 days to fix it? Close to zero, I guess.

It is much more likely that Snowden ... uh, I promised to not repeat the ugly word here again ... so that Snowden just got something wrong.

StephaneAugust 14, 2014 2:58 AM

"It is highly unlikely that Syria has just one central router, since it has several uplinks and upstreams."

You have to remember the context here: spy agency would like to eavesdrop on most communication of a country.

This means that rooting a single router would not accomplish that goal: it would fail to capture the traffic going through the alternate routes.

This means that, in order to perform their attack, the NSA folks would have to either first manipulate the target network so that all traffic will be sent to that one system they intend to capture or replicate their attack on more than one system.

But even leaving the above aside, I wouldn't be surprised if taking out a single core router wouldn't result it taking out large part of the Internet in some places: just like the power grid, removing one important node in network mesh can result in a sever overload of all neighbors, culminating in a global outage.

CuriousAugust 14, 2014 3:21 AM

Some speculative thoughts below:
Maybe MONSTERMIND were a name of a cooperation project/effort and not so much just a piece of software?

Imagine a bunch of people in an assortment of Nato countries with their cyber war departements working together, as if they were one group. A command or instruction is fed from the top (maybe one person) and then everyone everywhere beneath the top command level would simply hop to it so to speak. Any decision to purposely attack anyone on the internet could be hidden by a myth of sorts, of there being a secret and automated system for purely defensive purposes. All they had to worry about was not attacking each others networks.

Rolf WeberAugust 14, 2014 3:24 AM

@Stephane

"This means that, in order to perform their attack, the NSA folks would have to either first manipulate the target network so that all traffic will be sent to that one system they intend to capture or replicate their attack on more than one system."

Your first suggestion would mean a very high risk of being detected. Most networking people have bandwidth utilisation graphs and frequently check them.
The second is not what Snowden claimed, he spoke of one router. And it would be very unlikely that NSA killed several routers simultanously.

"But even leaving the above aside, I wouldn't be surprised if taking out a single core router wouldn't result it taking out large part of the Internet in some places: just like the power grid, removing one important node in network mesh can result in a sever overload of all neighbors, culminating in a global outage."

Sorry, but I doubt you understand much of BGP routing.

ATNAugust 14, 2014 4:15 AM

> MonsterMind would automatically fire back, with no human involvement.

Remind me of the oldish film "War Games".
I wonder if MonsterMind can play chess or tic-tac-toc - so that we can live a bit longer after MonsterMind detects an attack.

James SutherlandAugust 14, 2014 5:07 AM

"Amazing that a country operates with just one central router."

A single ASN, though, and a single set of routes, I could imagine - and if the NSA guys screwed up inserting their compromise in such a way that it broke external routing, they couldn't then get back in again. Not really "bricked", just beyond their reach. (Remember, if Snowden wasn't involved in this himself, we're getting third-hand stories of what happened, probably filtered through people who don't know BGP from IGMP: easy enough for "we'd dropped all the sessions so there was no way back in to the router" to get simplified into "we'd bricked it, there was no way we could get back in".)

Normally, of course, you'd be internal to the network concerned - but as an external attacker, if you accidentally close off your own path to the target, you're stuck. War-dial looking for an insecure modem inside the target network? Tricky, when you want to stay undetected and avoid leaving a trail - and then logging back in to the target router, which has now been "faulty" for a while and will be being investigated by the ISP staff to figure out what you'd done to it?

"Nope, can't see why it suddenly dropped all the routes ... let's stick Wireshark on the management interface, see what - ooh, hello Telnet connection from one of our own modems, you're not supposed to be there!"

wiredogAugust 14, 2014 5:30 AM

"One is that the NSA was responsible for a 2012 Internet blackout in Syria"
I would take that claim with a very, very, large grain of salt. Snowden is reporting hearsay he got from one source, a few years ago, with no documentation to back it up. Something like, two guys in the latrine, and one says "Hey, Eric, did ya hear we took down Syria last week? Yeah, people were scrambling over in other_division_I_don't_like."

CallMeLateForSupperAugust 14, 2014 6:50 AM

"MonsterMind would automatically fire back, with no human involvement."
Joe says it at ain't so (but what does he know?).

A fully autonomous offensive weapon. That sounds more like a like-to-have, a wet dream of some out-of-the-box-er, than a reality. It is such a dangerous idea, I think, that even our wonky NSA would not adopt it, much less implement it. But that's not to say that the NSA does not play with the idea.

WillAugust 14, 2014 7:12 AM

The journalist writes it as though there was a single router, but that may not be what Snowden said exactly.

Its not shocking that pretty much any story is littered with technical inaccuracies; anyone who has ever been interviewed knows this.

This doesn't detract from the gist of it all, and its unlikely that the journalist fabricated Snowden saying that the NSA took down Syria by mistake.

JoeAugust 14, 2014 7:12 AM

Some beautiful security theater that would fit perfectly in the NSA star trek command center: map.ipviking.com pew pew pew!

MementoMoriAugust 14, 2014 7:43 AM

@Joe

Fascinating! With that and the vidalia map-view panel, who needs a home entertainment systemt!

JacobAugust 14, 2014 7:45 AM

Since the Administration has repeatedly claimed that cyber attack against critical infrasturcture can bring grave danger to the country: damage gov functions, disrupt social fabric and hamper the delivery of essential utilities, they declared such an act a declaration of war.

So if the gov creates an auto fire-back system without human involvement, I wonder if they plan to extend that automation to the ICBM system?
If they do, may I suggest they first consult with the good Dr. Strangelove.

FourAugust 14, 2014 8:12 AM

Four types of scary:
1. NSA stuff already disclosed by Snowden
2. Stuff still forthcoming
3. Snowden's insurance file
4. NSA capabilities so highly classified and compartmentalized that Snowden couldn't access it.

What Snowden doesn't know (#4) is what scares me. We've only seen #1, and it's extensive and powerful. But the NSA must have capabilities that are so sensitive that someone in Snowden's position could never access it. What might that include?

PiAugust 14, 2014 8:29 AM

Fifth type of scary: the CIA running a bunch of rickety old systems, losing files and materials left right and center, relying mostly on outdated technology whilst feeding the public perception that they are super reliable and on the cutting edge of technology.

JacobAugust 14, 2014 8:33 AM

@ Four

One known class of information that belongs to #4 is the names of companies who have back-doored their products on behest of the NSA, and the details of said subversion.

BenniAugust 14, 2014 8:50 AM

I am the only one who notices that this "MonsterMind" software is similar to these plans of the german secret service BND?

http://www.bnd.bund.de/DE/Themen/Reden%20der%20Leitung/Redetexte/Rede_BfV-Symposium2014.html

the BND president said here on a project for which the service wants additionally 300 mio euros:

"In detail, this can look like this: With our foreign signals intelligence, we recognize a Cyper Attack on french companies or institutions with a new, and unknown malware. We then give this information to the office for security in information technology and to the german service for the protection of the constitution. They then can take measures that appropriate firewall settings are used in germany"

The question is just: What does the BND have to sniff in data packets of french companies?

Anyway: in order to prevent any malware from entering germany, sniffing on just some french companies would not suffice. Instead the BND application would have to sniff on every datapacket that gets on german ground, similar to this NSA MonsterMind program.
At the moment, the difference between the BND project and MonsterMind is just that BND did not announce automatic attack capabilities. But perhaps the BND president just saved this for the classified part of the definition of his project. Nevertheless, the dangers for privacy are exactly the same in MonsterMind and this BND project.


In the article http://www.foreignpolicy.com/articles/2014/07/29/the_crypto_king_of_the_NSA_goes_corporate_keith_alexander_patents

on Alexander selling his spyware, it is noted that US companies refused to have their traffic checked by NSA spyware.
"His attempts to make the NSA a cyber-watchdog on corporate networks were seen as a significant intrusion by government into private business."

And therefore, Alexander is selling his spyware now as a former spy to american companies.

In order to work, MonsterMind would have to be deployed not only on government sites. NSA somehow have to get a foothold into companies, making them install their spyware on company systems.

Perhaps Alexander's move into the consulting world is just the NSA's way to install monsterNind at more servers....


However, I would like to read some slides on MonsterMind. Are there any?
And what does Snowden want to day with this: "In addition to the possibility of accidentally starting a war, Snowden views..."?

Are there people at NSA who want to let MonsterMind take over control of drones?
What exactly are the attack capabilities of MonsterMind if it could start a real war? Can it cut a country of the net or what?
Der Spiegel mentioned before in an article that is only available in germany http://www.spiegel.de/spiegel/print/d-126149146.html

"In October 2012, Barack Obama signed a top secret directive which should transform america to a new age. He authorized the army to get ready for a regular war in the internet against other nations. The goal of the preparations should be to manipulate, interrupt, weaken, block or destroy foreign information systems, networks and computers. It is mentioned explicitly that USA reserve the right for doing a preemptive cyber attack.
With this order, DNI Clapper and the generals were ordered to create a list of potential systems, processes and infrastructures that the united states of america should develop offensive cyber attack capabilities against.
Welcome in the world of the war tomorrow."

So, well should I combine these Spiegel revelations with that new Snowden leak, and assume that these offensives against other states will be initiated and done automatically?


If that is the case, then they clearly should let monstermind take control of the atomic missiles and the drone fleet. Just to recreate the terminator movies in the real world....


2nd most wantedAugust 14, 2014 8:55 AM

US government sabotage in Syria, likely with lethal consequences considering the public-safety situation. Open-and-shut ICJ case. Russia would be in a good position to bring the suit.

"Prosecution and punishment of responsible State officials may be relevant to reparation, especially satisfaction"
[Yearbook of the International Law Commission, 2001, vol. II, Part Two, as corrected, Note 840]

bemolAugust 14, 2014 9:01 AM

@2nd most wanted

Why do you think the USA doesn't participate in (or even recognize) the International Criminal Court justice system? Yeeeeeeeeeeha!

2nd most wantedAugust 14, 2014 9:57 AM

This is the ICJ, not the ICC. It's too late for the USG to worm out of that.

And anyway the ICC is just one forum for universal-jurisdiction law. Any country (or some undreamt-of ad hoc tribunal) can grab a fugitive spook - like they do to Robert Lady wherever he pops up. Even little banana republics like Panama can play!

rainpenAugust 14, 2014 10:32 AM

@Bruce

Bruce, could you please run this forum as a Tor hidden service to prevent readers and contributors from being harassed and added to watch lists?

Nick PAugust 14, 2014 11:34 AM

@ rainpen

If you even use Tor, you can be sure NSA's collection systems are watching you more closely. Their systems like QUANTUM might even auto attack you. NSA is also more likely to do something irrational if they're operating in the dark. Strange as it sounds, members of this forum are better off if the NSA can see that what goes on here is nothing for them to worry about. Anyone feeling a need to protect his or her identity from NSA* is still free to do so. It's not a problem for most of us, though.

* Good luck on that, btw.

FrogGrogAugust 14, 2014 11:41 AM

@Citizen DO

"the NSA's software can identify faces even when the targets were wearing different hair styles and facial hair."

That is in fact very easy to do. The key to automatic facial recognition software is generally to triangulate the distance between the eyes and the nasal bridge. Unlike humans, automatic facial recognition software does not go by physical appearance, it is basically a geometric calculation. Facial hair, hats, hairstyles, etc. don't make a difference. In some cases, beards actually aid automatic facial detection because they act as a frame, highlighting the location of diagnostic features on your face for the software.

You can play with facial recognition yourself using OpenCV, which now comes with a facial recognition algorithm and even a gender classification algorithm.

If you want to fool automatic facial recognition (and you probably do, since it has been rolled out in most public transport systems by now), simply cover your eyes and nasal bridge (e.g. by wearing big sunglasses). You can also grow a ridiculously long fringe or wear silly makeup to confuse the software (but you will look like a douche).

rainpenAugust 14, 2014 11:49 AM

@Nick P

As a matter or principle, I do want to make it as difficult as possible to track, profile and log my online activities.

I don't subscribe to the "Tor will make you stand out argument". The NSA is already monitoring virtually all internet traffic (certainly this blog's traffic), so making it harder for them to do so -- almost to the point of unfeasibility -- by operating as a hidden service, is a very attractive prospect.

In a nutshell: I agree with Bruce's position that we need to make ubiquitous surveillance too expensive once again.

FrogGrogAugust 14, 2014 11:59 AM

Am I going senile, or was there a message in this thread signed by Citizen DO that has just disappeared?

Nick PAugust 14, 2014 12:11 PM

@ rainpen

That all sounds great until you realize Tor only works if it's running on an unhacked machine and NSA has 0-days for all mainstream OS's. The NSA hacker in leaked documents describes just creating a filter in their collection system to identify specific items of interest (eg Tor), then the filter triggers an action like storing for further analysis or automatically exploiting the system. Traffic not matching their targeting criteria is mostly ignored far as anyone can tell.

So, not using Tor means they passively collect and toss out your Internet traffic. Using Tor means you probably trip a targeting rule, get your box constantly monitored/analyzed, maybe get your box autohacked, and now they have more access to your Tor keys than you do. The only way to make surveillance harder on them is to combine hard to hack PC's with privacy-preserving protocols and software. Without endpoint security, they just ignore the protocols and hit the endpoint.

Like Bruce often says, the crypto is usually the strongest link. So, attackers target a different weakness. Modern systems have bullseyes all over them. And NSA has quite the arsenal to choose from. ;)

BenniAugust 14, 2014 12:11 PM

@raipen:
You mean this network here: http://pando.com/2014/07/16/tor-spooks/
or is it this here: https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack or is it this here, which shows that an agency listening at the exit nodes and internet backbones can de-anonymize 80% of all tor users in several weeks?: http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf
Against the NSA, tor just gives you several weeks before they can de-anonymize you by correlation attacks. And if you are downloading tor, you are just placing yourself on their watchlist, according to NSA's xkeyscore rules: http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html

DanielAugust 14, 2014 12:21 PM

@Four "But the NSA must have capabilities that are so sensitive that someone in Snowden's position could never access it. What might that include?"

The original and thus real copy of Obama's birth certificate.

AndrewAugust 14, 2014 12:24 PM

MONSTERMIND is hardly a new or unique concept. The idea of automated intrusion response or 'hack back' has been around since the early 2000s, at least in concept. See for example this BlackHat paper from 2003 (http://www.blackhat.com/presentations/win-usa-03/bh-win-03-karnow-notes.pdf) and a quick Google search will show many academic proof-of-concept tools that have been developed over the past decade. Here's a report from a university security course on exactly this, automated strikeback in response to attacks (http://courses.cs.washington.edu/courses/csep590/05au/whitepaper_turnin/strikeback-report.pdf)

rainpenAugust 14, 2014 12:33 PM

@Benni

Correlation attacks do not work on Tor hidden services. There are no exit nodes on Tor hidden services.

name.withheld.for.obvious.reasond.August 14, 2014 12:43 PM

@ Benni

He authorized the army to get ready for a regular war in the internet against other nations. The goal of the preparations should be to manipulate, interrupt, weaken, block or destroy foreign information systems, networks and computers.

I'm afraid it is more problematic than most realise. I've commented before that the power to execute war, constitutionally an article 1 power, is turned on its head by EO/PPD regs that which is vested with Congress. But it gets worse by order of an magnitude. From a relativistic measure of how the framers saw the use of the power of war to inflict great casualties on your own population I dare say we are worse offf then the colonists.

Madison's theories on government and the use of military power to project "noble" desires with impunity. Thomas Paine also speaks to the great injustice delivered with malice on peoples that if the context of nation state legitimate use of power were scaled to individuals the rationale for murdering your neighbour due to his failure to comply to demands falls under the rights of states to kill out of the need (perceptually) to avoid danger. "I am the government, and because I believe you will kill me in the future--I must kill you now!" By the way, that's what the DoJ calls a lawful killing (just look a the drone policy). It is the unlawful use of murder that need be punished.

Not only is there the lack statutory law authorising the executive to commit unspecified declarations or acts of war--the real punch line is that this power has devolved all the way down to IC department head(s). And DoD claims this authority is needed down to the combatant commander. So the headline would be "The department of war has the self proclaimed power to not only carry out these acts--but to authorise them as we'll"

I bet I know who's guarding the hen house...I save what I consider the final nail in representative democracy, however flawed it was, for another day.

NovaAugust 14, 2014 12:46 PM

Monstermind was implied in the article about the NASDAQ hacking which came out a few weeks ago, however what was not implied was that they auto-fired back, though it was implied they had full access to all data coming into and going out of the US.

Snowden has really been thinking hard on these issues, and it shows from his comments. I suppose that is also partly attributed to Bamford.

I was actually unaware of the House vote, though must have seen the headlines and chalked it off. I just went to confirm, and it does appear that it has to go and get passed by the Senate. It very well could be the Senate could smash it but allowed the House to pass it for political favors for their partisan supporters and allies there.

http://arstechnica.com/tech-policy/2014/06/house-votes-293-123-to-cut-funding-for-nsa-spying-on-americans-building-backdoors/

So, I do think - unless I missed a story which is entirely possible - that this "cutting out wiretapping all Americans" is yet to be. And likewise that it may never be. Also, just because they are saying they are going to do this, does not mean they will really stop. But they may continue, just to regain PR and reverse damage to American corporations trying to sell abroad. (Specifically, on that last point, that this bill also demands stopping of backdooring US products.)

I wish I could say otherwise, but I have to remain a cynic here. Alexander (as just one example), is out there in his convertible smoking it up and throwing cash in the air while making out with millions stolen from his work at the NSA. In such an environment, corruption is the norm, not the exception.

Spying on all Americans is just about the worst thing anyone in foreign intelligence could ever do. I do not think **any** totalitarian country has ever achieved such a goal before, though, admittedly, I am sure they would, if they could.

But they have no pretensions to do otherwise, and surely no constitutional rights against such activity. America's founding documents are very strong against these sorts of measures. I am not sure what team they think they are on doing such things. These sorts of activities reverse all the hard work done by everyone who has condemned totalitarianism. Over the decades. Inside the government and outside.

Everyone might as well have just stayed home all these decades, but these corrupt ones are reversing all the work done by anyone.

In wars, in cold wars, now, in rights movements, anywhere, at any time.

From the money a lot of these people are making, it does appear that they have had a primary motive of money and are living as if there is no tomorrow. Somehow, they are persuading people they are on mission. I do not know how, especially not when the founding documents warn so strongly against these sorts of attitudes in government: pride, hypocrisy, self-rightousness.

While I often bemoan the fact that kids in school are not taught on the dangers of the past (including the pitfalls of totalitarianism), I have not bemoaned the fact that they are not taught about these things in studying the founders and the founding of the States. Clearly, a little blow, a little cash can make them sell out any such information.

Hard statements, but they should be said. Obviously, plenty of strong people in all sorts of agencies and organizations. But it is also obvious there is a very deep, nasty smelling rot working its' way through the governmental infrastructure.

Snowden's statements that singular victims stand out, while millions end up as mere statistics are very good statements. Which can partly help explain the lack of outrage and motive to fix the problems. Also, his statement pointing out on some issues, like PRISM, Americans are more up in arms. (Apologies for the many American focused points here, as all "five eye" countries have severe problems, but on specifics I am most familiar with the States.)

I do believe, however, that the problem is explanation. These are highly technical matters, though they can seem trivial to comp sec experts... so this can be hard to fathom.

I also believe this is because of corrupt leadership. When these sorts of crimes go unpunished, as they have recently and in past decades, it corrupts the people. You can go back many millenia and see how this effects nations. That we have nice words and some positive action from some of the leaders means very little when they excuse such gregarious crimes.

This can lead to a sort of loyal complacency, apathy. People become immune to the hypocrisy of their leaders and learn from it: words like "justice" they read as "crime", "liberty" as "slavery", "humility" as "pride". It changes the meanings, though the words remain the same. People forget - or never knew in the first place - all these abhorrent authoritarian nations espouse noble causes with noble words.

Lastly, sometimes I get from people, "oh you are saying evvvvvvveeeeerrryyybbbbodddy". Far from it. Furthermore, if something sticks to you: you very well may be a guilty party. That is between you and your conscience. I also do not advocate law breaking. That only gives the bad guys in authority ammo. Nations have murdered plenty of guilty people history has forgotten, but innocent martyrs murdered by them... history does not forget.

Speaking of, Snowden, by my book is innocent. I believe attempts to paint him otherwise, such as trying to blame him for material which did not come from him is immoral and symptomatic of individuals way past that line they never should have crossed. I do not believe people should be seeking to go "Aha" and be supreme finger pointers at individuals clearly risking all to make matters right -- anymore then I believe whistleblowers should be persecuted, the innocent should be cruelly treated and jailed, while the criminals applauded.

There is in these things, I believe, a sort of "ass kissing" behavior which can overcome people. They want to be with the party they work for, or at least, identify with. So, they make pains to become even more zealous then others they know. Does not matter if that zealousness is purely by instinct and entirely absent from reason and conscience.

Clive RobinsonAugust 14, 2014 12:49 PM

@ FrogGrog,

To hide your eyes you can as many street kids know wear a baseball cap with a longer than usual visor and an overly large hoodie Also as many French street kids do wear what looks like d neck scarf that is actually a carbon particle air filter for cyclists, I'm told it's quite effective against CS and peper sprays, especially if you also have a one piece painters eye mask in your pocket as well...

These are things that the French Gov have baned or are in the process of banning as it's what the protesting street arsonists wear.

BenniAugust 14, 2014 12:50 PM

@rainpen
"Correlation attacks do not work on Tor hidden services. There are no exit nodes on Tor hidden services."

When tor hidden services can be accessed from the outside internet, then correlation attacks work against them as usual, says wikipedia: http://en.wikipedia.org/wiki/Tor_(anonymity_network)#Hidden_services

The correlation attack doe not work against a tor hidden service that can only be accessed from within tor. How the FBI tackles these sites is long known: http://www.wired.com/2014/08/operation_torpedo/ and it has to be assumed that NSA TAO specialists have much better exploits for them than some FBI police men....

BenniAugust 14, 2014 1:07 PM

name.withheld.for.obvious.reasond

Well, even the german army has a unit for electronic warfare. So the fact that obama ordered his generals and secret services to get ready for electronic warfare is not scary. In a war, better turn off the radars of the enemy missiles.

The real problem with the directives from Obama that are cited in the SPIEGEL article http://www.spiegel.de/spiegel/print/d-126149146.html is this here

"It is mentioned explicitly that USA reserve the right for doing a preemptive cyber attack."

So Obama gave the permission to the NSA and the US army that the United States want to be the first who damage or block foreign computers or computer networks. The problem is that they want to use this offensively..

I do not know why Spiegel never translated this important article in english. In fact with the exception of only two NSA stories on Quantum this http://www.spiegel.de/spiegel/print/d-126149146.html is the only article that did not appear in english on Spiegel international. The politics of the magazine usually is to put its most valuable articles only in the print edition. But with their NSA stories they mostly translated their articles to english and put them online for free with this text being a rare exception.

Nick PAugust 14, 2014 1:16 PM

@ Bruce Schneier

It was a great article. I think it provides a thorough psychological picture of Snowden that dispels much of the nonsense people say about his motives, actions, or background. Still other critiques, for sure. The smartest thing I saw in it is that he knows he'll likely slip up in a way that gets him hacked or geolocated. He's quite cautious. This combo of pessimism and prudence might make him last a while.

New Evidence Reinforces My Risk Assessment

The most disturbing part of the article is the pornography claim. Critics of NSA mass surveillance, like myself, pointed out that the largest risk to democracy is that NSA gets blackmail material on Congress and Supreme Court. J Edgar Hoover used this to successfully control U.S. government just enough to turn FBI into the most powerful LEO in the U.S. Much of that power lasted and was expanded over time. The NSA's surveillance capabilities are exponentially greater than Hoovers, allowing automatic collection and analysis of all key people simultaneously. Snowden's activity shows they could've also done it covertly. It's even easier if one or more operators had dedicated, non-logging connections to the systems.

Pro-NSA people like "Skeptical" say abuses have only been occasional and not agency-directed. Yet, we now have a case of the agency trying to collect blackmail material to use against specific dissidents. That's they *exact* situation I predicted would happen. That they're already doing it (and lying about it) means we must assume they'll do it to others. Congress and courts are biggest threat to the NSA. Even as NSA tricks them, they mostly go along with what NSA is doing. That NSA already has leverage on them was my hypothesis.

That they're actively gathering blackmail on opponents creates a new hypothesis: NSA must be brought under true control of Congress or NSA might eventually control Congress. It's in Congress's self-interest to take dramatic action. Even if NSA has leverage, they need to risk taking action anyway because NSA will turn the inch they're given into a mile. My mantra still applies: power + money + secrecy + criminal immunity = ideal breeding ground for evil and corruption. Always true throughout human history. People need to quit thinking NSA is going to be the one righteous exception. That's just naive and foolish.

karma chamaleonAugust 14, 2014 1:18 PM

Contrary to popular believe, the NSA doesn't go about pwning anything that moves willy nilly.

1. 0-day exploits are expensive and difficult to come by, especially for certain families of OS. FinFisher, for example, is currently only able to offer exploits for Windows XP and Vista. Wasting your 0-days on automated attacks week in week out would be a very poor use of resources.

2. There are over 2 million Tor daily users. Flinging payloads around the internet to 2 million boxes will not go unnoticed.

3. Exploits are dangerous to use. Most savvy users will smell foul play when their systems behave unexpectedly and are likely to look into it (disturbed MBRs, excessive CPU usage, unusual network peaks and troughs...). IT Security experts will be able to locate and reverse-engineer your payload / rootkit and air all your dirty laundry. Honeypots are a very real threat.

4. Hard as it may be to believe, there are legal restrictions governing the NSA. People can still get into a lot of trouble for compromising certain systems from certain people.

To anyone with any insight into how the NSA works, the idea of shooting automated 0-days to all 2 million daily Tor users is simply ridiculous.

BoppingAroundAugust 14, 2014 1:21 PM

Potentially capable of holding upwards of a yottabyte of data, some 500 quintillion pages of text, the 1 million-square-foot building is known within the NSA as the Mission Data Repository. (According to Snowden, the original name was Massive Data Repository, but it was changed after some staffers thought it sounded too creepy—and accurate.) Billions of phone calls, faxes, emails, computer-to-computer data transfers, and text messages from around the world flow through the MDR every hour. Some flow right through, some are kept briefly, and some are held forever.

It really should be called Aquinas.

NovaAugust 14, 2014 1:22 PM

On various responses:

on "what Snowden did not know":

I think it is very reasonable to consider that there is stuff Snowden did not have access to, but further, there is stuff even guys like Clapper and Alexander do not know about. One, consider interagency reluctance to share. Two, consider the problem of moles. Three, consider the problem of setting up programs only to have some new guy with zero intel experience shutting down perfectly valid programs.

I think it is reasonable to assume there can be hidden bad things, like secret surveillance used for extortion, and hidden good things.

On Syrian hack being hearsay:

It does sound like hearsay, and I noticed at least one person on ARS stating this, but it also does sound like a very plausible story. Both that the US crashed the routers, and that their intelligence was so very thorough on Americans and very poor on Syria.

On using encryption products:

There is an issue with using encryption that can single you out. I believe both opinions are valid: the attitude to not encrypt anything and just be as upfront and clean in person as in private, and the attitude to be this way but encrypt everything.

There is also valid middle ground.

I have hung with friends who insist on encrypting everything, and with friends who insist on encrypting nothing. No one I have hung with has engaged in any sort of illegal or unethical activity. (Exception there being friends in totalitarian countries with criticism and read critical material may be very illegal in their countries.)

Fact is you have a right to "privacy", which I put in quotes because without quotes: you have a right to free speech, a right to free belief, a right to not be considered "guilty before proven innocent", a right against warrantless search and seizure.

Zero Day Against Americans Using Encryption Products Because They Are Using Encryption Products:

If the US Authorities insist on hacking you simply because you are using encryption products... or if this is the case in any nation with their authorities... they are breaking the law and very likely revealing their own sources and methods of very secret surveillance. So it is also wise to have a upwire system that sniffs all traffic downstream and is as immune to zero day as possible. Once the downstream system is hacked, you can forget about all protective tools on that system, of course.

That zero day and those surveillance products they are likely to use are expensive. Typically, governments will rely more on plausibly deniable, 'already known bugs', and surveillance software used by clear monetary oriented hackers in the wild.

However, it can be also noted that tech people are often hacked by "friends", under the auspices of just being nasty people... when, in reality, they are either directly working for the governments or indirectly (extorted confidential informants and the like).

Monstermind:

I recall the hackback theories posited way back when, and recall them being laughed out. I also vividly recall years before that when I was just starting out noting my home run website was under ICMP attacks "from the Pentagon". Likely forged, though maybe not.

(I just ran a simple security tools review site.)

The Bloomberg story implied there was such a system on the NASDAQ hack, if one pays attention to the details. It points out how there is some sort of - at least - nation boundary IDS. No mention of something as absurd as a hack back, but there was mention of secret rules being applied from previous discovered state sponsored APT. (Secret because this was attack rules observed secretly, so one can make such a likely inference.)

This has got to be one of the most stupid plans ever implemented, to auto-hack back. Not only does this reveal the rule sets of such a system, but, as Snowden pointed out it can be used to force launched attacks against whomever an attack wishes.


BenniAugust 14, 2014 1:42 PM

@karma chamaleon:

"2. There are over 2 million Tor daily users. Flinging payloads around the internet to 2 million boxes will not go unnoticed."

No, they only deliver exploits to certain users that browse to hidden services of NSA's interest.

For the rest, they are doing this here: http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf

If you ask the tor project about the above work that shows they can de-anonymize 80% of all tor users in several weeks, you will get the answer that "this model assumes an attacker monitors an internet exchange point, but overlooks how hard it is to control this very aspect of the internet". You can then reply that you know at least one internet exchange point, namely de-cix, which has, according to the german government, to "provide a complete copy of all communications" to the german secret service BND, meaning that NSA/BND/GCHQ indeed have enough data do do the attack outlined in this paper. The tor project,if you ask them this, is not able to deny this.

And no, 2 million users are an extremely small number of users. Note that they sit on international fibers. With ptoject Rampart A they get a traffic of 3.4 tbit/s.
The 2 million tor users are, for NSA, a welcomed honeypot. A place where they find 2 million interesting targets, who want to be anonymous for some reason, at once.

This is even in the tor stinks files: "Criticam mass of targets use tor. scaring them away might be counterproductive". So their own slides say that they have a nice honeypot there.

"3. Exploits are dangerous to use. Most savvy users will smell foul play when their systems behave unexpectedly and are likely to look into i"

Please tell this nonsense to J.J Quisquater. Academic Cryptographers are "prime targets" according to NSA whistleblower Binney. And so a malware infected Quisquaters computer that transmitted encrypted data over Belgacom servers, which were hacked by NSA:
http://www.pcworld.com/article/2093700/prominent-cryptographer-victim-of-malware-attack-related-to-belgacom-breach.html

Without the Belgacom servers being revealed as hacked by Edward Snowden, Quisquater would probably still live with his exploit on his laptop....


"To anyone with any insight into how the NSA works, the idea of shooting automated 0-days to all 2 million daily Tor users is simply ridiculous."

So you are having insight how the NSA works?

And from your insigths you can tell that slides like "How the NSA Plans to Infect ‘Millions’ of Computers with Malware"

https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/

are completely ridiculous?...

So, if you actually have NSA insights in form of some fancy slides, please give them to Spiegel. Here is its email with pgp key:

http://www.spiegel.de/international/guidelines-for-informants-how-to-contact-spiegel-securely-a-930031.html

Nick PAugust 14, 2014 1:54 PM

@ karma

My point is less that they target all Tor users and more that they can. I've always said I believe their actual targeting is more specific. That said, I've also claimed that Bruce's involvement with the Snowden documents makes him a high priority target of collection and NSA's peripheral targeting policies mean anyone reading his blog is watched closely as well. Anyone commenting is doing two-way communication with him and sympathizers. They'll be rated as higher risk in the scoring system. If a human analyst looks at it, they might add additional rules for specific commenters or their IP's.

So, you use Tor (risk +1), are critical of NSA (+1), and associate with a high priority target (+1). At some point, they might decide you're worth hitting. Then, Tor does you little to no good. Assuming it could protect you from them to begin with. Tor programmers don't claim it works against an opponent with NSA's backbone access and resources. The wise one's, anyway.

BoppingAroundAugust 14, 2014 1:57 PM

Nova,

Spying on all Americans is just about the worst thing anyone in foreign intelligence could ever do. I do not think **any** totalitarian country has ever achieved such a goal before, though, admittedly, I am sure they would, if they could.
Spying on Americans specifically or the citizens of that country? If the latter, then the DDR had been steadily achieving that. Unfortunately, the DDR got dissipated in 1990. But their work has so far been alive and well. /This is sarcasm, of course/
I do not know how, especially not when the founding documents warn so strongly against these sorts of attitudes in government: pride, hypocrisy, self-rightousness.
The same way it is done anywhere else — wise and nice words, foul actions. I see this sort of behaviour literally everywhere. Hear nice things, expect the crap to surface soon.

karma chameleon,

when their systems behave unexpectedly and are likely to look into it (disturbed MBRs, excessive CPU usage, unusual network peaks and troughs...).
Frankly, I think this issue is long gone for medium-quality malware at least.

James SutherlandAugust 14, 2014 3:17 PM

So, given the auto-reprisal feature, how many seconds do we think it would be before this system detects a "massive attack" from 127.0.0.1 and nukes itself, or similar?

To counterattack autonomously, this system will need to be absolutely infallible in identifying both that an "attack" is happening, and the actual origin of that attack (botnet anyone?!) - and even then, it could well be dangerous. Knock out an ISP by using their network for launching a small "attack" you know will trigger much greater NSA reprisals (sort of "suicide by cop"), trigger a "cyberwar" by tricking the NSA and one of their foreign counterparts into attacking each other ...

Worst of all, at best it would knock the hostile traffic source offline - achieving the same thing as a router ACL but at far greater cost and risk. Why bother?!

keithAugust 14, 2014 3:59 PM

Would they really blame Israel? There was a story from The West Wing where they sneakily killed a foreign politician and got found out, but they were more worried about Israel being blamed because it would be an excuse for lots of people getting killed.

NovaAugust 14, 2014 4:00 PM

@Mike P
[i]Hey, @Nova, lookup tl;dr, will you?[/i]

Thanks for the note! I will try and make shorter posts, though I do not condemn and often enjoy the longer posts here. As I am an irregular poster and you are probably more regular, I will take that as an instinctive consideration for comment quality.

@BoppingAround

[i]Spying on Americans specifically or the citizens of that country? If the latter, then the DDR had been steadily achieving that. Unfortunately, the DDR got dissipated in 1990. But their work has so far been alive and well. /This is sarcasm, of course/[/i]

Very amusing. :-)

[i]The same way it is done anywhere else — wise and nice words, foul actions. I see this sort of behaviour literally everywhere. Hear nice things, expect the crap to surface soon.[/i]

Aye, well said.


@karma chameleon

[i]On zero day vectors..... and some of the problems there.[/i]

Yeah.

And would note: Intel doesn't like giving up their expensive to obtain, secret surveillance tools -- be it zero day or be it hardware or be it zero day malware.

One, they are very cognizant that the code be discovered and a double cross (XX) system could be employed against them (once one is found, they can apply this across the board); and, two, it could be used against them or against their friendlies... even with their effectively official imprimatur on it.

IMO, very good reasons to employ extensive and sophisticated honeypots, and very good reason to at the very least have strong, upstream, non-responsible IDS/sniffing system that are well vetted and have a very minimal attack surface.

@Nick P

'Posting here puts you on a high target list for various reasons & TOR creators do not say it can evade governmental level attackers'

Yep. Though depending on how hot you are, nothing can much protect you. One attitude is to not encrypt anything to show how open and routine one is in everything they do. Another attitude is to encrypt everything so when anything sensitive is done it does not stand out. And another attitude is to have a strong honeypot strategy.

Yet another posture is to 'operate as if under surveillance' at all and any time. This is a more dangerous approach for everyday citizens, but is effective for well organized and implemented double cross programs.


Nick PAugust 14, 2014 4:24 PM

@ Nova

"Yet another posture is to 'operate as if under surveillance' at all and any time"

Basically my posture. Most stuff I do openly so they'll be calm. People that want me to PGP them, protect data they give me, etc get extra protection. I might switch over to full OPSEC in future if I feel it's necessary. Right now it's an unjustifiable cost given it just increases risk for me against main concern (NSA).

Gerard van VoorenAugust 14, 2014 4:43 PM

@ Nick P

"The smartest thing I saw in it is that he knows he'll likely slip up in a way that gets him hacked or geolocated. He's quite cautious. This combo of pessimism and prudence might make him last a while."

He probably lives in Moscow. The CIA probably also knows exactly where he is and what he does every day. Because if I was in charge of the CIA I would have donated a couple of million dollar to the local Russian Mafia with the request to find that out.

So assume that they know that. Yet he is still not kidnapped or killed. Why not? That is obvious. He has his "insurance policy" and is a too well known guy. That is why I am not afraid that in the case he gets an asylum in Germany he is gonna be kidnapped by the CIA. It just doesn't make sense.

NovaAugust 14, 2014 6:11 PM

@Nick P

"Yet another posture is to 'operate as if under surveillance' at all and any time"

Basically my posture. Most stuff I do openly so they'll be calm. People that want me to PGP them, protect data they give me, etc get extra protection. I might switch over to full OPSEC in future if I feel it's necessary. Right now it's an unjustifiable cost given it just increases risk for me against main concern (NSA).

I think the sorts that would be likely to investigate someone like your self, or others on this forum are the sorts who are not concerned about even pretending to follow any legalities.

I recall one poster here, months back, declaring that governmental abuses are actually investigated. Unfortunately, there is but a din of crickets to that sort of claim. You can search for these sorts of abuses being investigated and prosecuted, and will not find them.

Lawlessness prevails.

name.withheld.for.obvious.reasonsAugust 14, 2014 6:16 PM

@ Benni
The central thesis in my comment is that government authorities from both the statutory and organisational/executive rule making that is not about binding and making operational standards that harmonise rationale and lawful functions of government that squares with court opinions, history, and a large population that identifies readily with the principals that are foundationally sound but operational flawed.

There is a concerted effort to make efficient the function of government--and with more than marginal success--Germany in the 1930's never attained the coherency necessary to repress dissent or criticism that is coaleasing around the 0.01%ers. It is that the tools of conformance come in small plastic bodies with lithium-ion batteries instead of Panzer tank.

As our government extends the distance between the true sovereign--it effectively undermines its legitimacy. The number of patriots in this country, not militia, but true patriots that for example cite the 3rd amendment of the Bill of Rights and knows that true power can only emminent from the people themselves--who cares about a sociology economic that views your position in society as a subject? Otherwise, we are just sheep.

But the next shoe to drop is pretty ugly--

Mike AmlingAugust 14, 2014 7:17 PM

@rainpen
"Bruce, could you please run this forum as a Tor hidden service to prevent readers and contributors from being harassed and added to watch lists?"

How would using a hidden service be better than just using https://www.schneier.com on the Tor browser?

Also, anyone with a Tor relay could set up a hidden service that forwards xyz.onion to www.schneier.com without Bruce's cooperation. One problem is your browser sending an HTTP header "Host: xyz.onion", while the server wants to see "Host: www.schneier.com". But you can get around that if you have your own DNS server, or can override it with, say, /etc/hosts, by mapping www.schneier.com to an IP address on the LAN (or 127.0.0.1) that forwards port 443 to xyz.onion through a Tor instance.

NovaAugust 14, 2014 7:22 PM

@Gerard van Vooren

'US Gov is probably hiring Russian mafiya and champing at the bit to murder Snowden but maybe can not get away with it because the FSB is too hard core for them'

I think that they want to kill Snowden as if he were Jesus Christ himself.

I could imagine them spending well over a hundred million, if not hundreds of millions, trying to kill Snowden.

They have a far bigger problem, however: a free press, free media, rights to public speech, easibility of creating and publishing **damning** information to the people.

Attempting **that** task - with stealth, as it requires for them - is enormously more expensive.

NK is getting undermined left and right from videos from SK. Now that the US monster has her mask ripped off, they really have to work on overdrive. They are working against the clock -- and against a world that they can not police who is also very interested in explaining the situation.

Like anyone, all these guys thrive on ego and justify their soul selling activities. They see themselves as James Bond and Rambo put together, and explain the money and power they make in a sort of gangster sort of way. Reality is, of course, they are as glamorous as fattened fleas, ticks, mosquitoes.

Ok, enough air time for me here, outta here.

SkepticalAugust 14, 2014 8:32 PM


There are some things that are interesting, and some things that are less so.

On the uninteresting side, there are lots of little nuggets of BS sprinkled about. For instance, Snowden claims that he intended the US government to have a good idea of what he took. Really? Why not ask Gellman or The Guardian to give the US government a copy then? In fact, why not have Poitras, and any others, arrange to transfer a copy of what they have to the US government too?

That won't happen, because Snowden's claim is almost certainly BS.

More interestingly (aside from what has been noted in the original post):

- Bamford states that he searched "his [Snowden's] cache" at "various locations" and could not find "some" documents that have been published. He then adroitly pivots to speculation that Snowden was not the source for the Merkel story. Such speculation is highly dubious. Certain other documents though - and I continue to doubt that the TAO catalog is among them, though this is idle speculation on my part - may qualify, particularly those which might be accessed if one had a source of one kind or another inside the German Government.

- He states that Greenwald lost (or perhaps never had) access to a portion of the documents, and that the purpose of Miranda's courier mission was to restore Greenwald's access. It's unclear what Bamford's source is for this information.

- He states that three groups have copies of the documents Snowden took: First Look Media, which includes Greenwald and Poitras, Gellman & Associates, and the somewhat haphazardly formed Guardian/NYT partnership. Since Poitras has access to documents which Greenwald does not, however, this should likely be split into four groups.

- He speculates that neither Snowden nor the custodians are aware of everything significant in the documents. This may be a plausible claim with respect to Snowden, but it seems less likely with respect to the custodians, who have had over a year to work (more or less) full time on the documents with an unknown number of assistants and outside consultants.

- On the human interest side of things, he notes that Snowden appears thinner and is living on "New York time." This implies to me that Snowden is spending most of his hours physically alone with a computer and is not eating well. I hope that someone will remind Snowden that, as an aging man in his 30s (no doubt some who read this blog can, however dimly, recall their 30s), he will need to pay more attention to his health than he may have in his 20s. He may wish to consult with local fitness guru Vladimir Putin, though I caution him not to accept any invitations to "friendly sparring judo match".

I do find it curious, and even now, disappointing, that Snowden continues to reveal what would be, if his claims are true, legitimate foreign intelligence operations.

I have a few other thoughts as well, but will need to let them sit for a while.

As usual, I find much of the comments quite interesting (occasionally exasperating of course, but surely that's the price of admission).

AlanSAugust 14, 2014 9:47 PM

@Nick P

"Pro-NSA people like "Skeptical" say abuses have only been occasional and not agency-directed."

I think the focusing on the NSA is too narrow. The issue isn't have or haven't there been abuses (e.g. the sort of spying the FBI was doing back in the 1960s and 1970s), but move to more authoritarian forms of government and the associated risk of abuses.

On this blog back in 2005 at least a couple of people mentioned Carl Schmitt, a political philosopher and lawyer who played an important role in legitimizing the extra-constitutional executive power of what became the the Nazi state. (here and here). I don't think he's been mentioned since. Maybe it is time to bring him up again.

Schmitt's political/legal philosophy grows out of a concern to address problems inherent in liberal democracy. He was very influential on thinkers who are currently enormously influential in America, the U.K. and elsewhere e.g. Hayek, Friedman and other members of the Chicago School, et al. (There was a precedent for the latter's involvement with Pinochet regime in Chile.) When Hayek and company talk about freedom they mean freedom of the individual within a 'market'. Their notion of freedom may not be yours or mine. And for them it is legitimate when circumstances arise that threaten the functioning of the 'market' for normal democratic processes to be suspended and for authoritarian rule to be imposed.

So what has all this to do with the NSA? Not a few people have observed that it was a Schmittian political rationale that was invoked by the Bush-Cheney administration post 9/11 (and later in response to the financial crisis--although with less enthusiasm, maybe because of the inherent contradictions in the failure: the market didn't fail because of external threats.).

For more on this see:

Horton, Scott The Return of Carl Schmitt

Kutz, Christopher. Torture, Necessity and Existential Politics. 2005.

Dean, Mitchell. From Liberal Authoritarianism to the Signature of Power. 2013.

GrauhutAugust 14, 2014 9:55 PM

@ name.withheld.for.obvious.reasond "I bet I know who's guarding the hen house...I save what I consider the final nail"

To late, Forbes leaked it years ago in 2009. ;)

"BlackRock sells a range of risk-measuring systems, including something called Aladdin, which is like a dialysis machine for portfolios. All of BlackRock runs on Aladdin, which it clones for 37 clients so they can watch in real time where their investments stand, including orders, confirmations, executions and compliance, as well as monitor risks. BlackRock also sells daily risk reports on investment portfolios, even if it doesn’t manage those assets. Its Swat team swoops in to analyze portfolios in special situations and also runs the Fed portfolios."


My best bet: [tinfoilhat] We are all ruled by something like Blackrocks Aladdin system now, economy fubar in full matrix mode, and Keith will have to protect this private property Frankenbaby somehow in his new position. In order to fulfill this mission he needs to cooperate with the trigger finger guys on the internet kill switches, because the Aladdin ghost needs internet connectivity for its operations, datamining and HFT manipulations. No way to take it offline, airgaps mean a lot to much latency in this arena. If some crazy hax0rs find a backdoor they will need to be able to pull them, if they see them by DPI and dont find a way to stop them in a more traditional fashion... [/tinfoilhat]

FigureitoutAugust 14, 2014 11:08 PM

I think the focusing on the NSA is too narrow. The issue isn't have or haven't there been abuses (e.g. the sort of spying the FBI was doing back in the 1960s and 1970s), but move to more authoritarian forms of government and the associated risk of abuses.
AlanS
--Agreed. And it's not just FBI either, it's DIA, DEA, DHS, ATF, Secret Service, and now a load of other "civilian" agencies that are getting their own swat team, and then National Guard and then state police, and then all the local cops, which vary highly from "good cops" to "bastards abusing power". Then all the private "War-making" companies selling bombs and guns worldwide and then selling frickin' tanks, drones, and body armor to local cops...

The overall picture is a police-state that will protect the rich when the economy collapses, why else would they continue building up when average citizens today carry *at most* a pistol or a knife if they live in a bad area.

Chris AbbottAugust 14, 2014 11:41 PM

@rainpen:

In spite of correlation attacks, merely connecting to TOR nodes is enough to get you flagged. We all slip up and simply can't use TOR for everything. Sometimes we need to use a plugin or make a large download that requires speed. This is enough to get you QUANTUMed.

@Nick P:

Nearly all women and men (in my age range at least) have accessed internet pornography at some point in time and many on a regular basis. Congress members and other government officials are human as well. An attacker could get a lot of mileage out of this. Some congress members have inquired about NSA spying on congress due to the risk of such blackmail.

On congressional control: Laws made by congress won't fix that problem. We now know that they don't give a shit about the law and break it on a regular basis. They'll still have the technology to blackmail lawmakers. Things like universal crypto are the only solution.

@Karma Chameleon:

The NSA has the computational power and bandwidth access to record all of the phone calls in a given country and then some. They certainly have the ability to collect on two million a day. That's nothing.

@AlanS:

Authoritarian governments and even Western governments with authoritarian traits are not going away anytime soon. Snowden is right, we can't wait for democracy and justice to prevail. We have to use security technology to defend ourselves. That's the only answer. It's also the permanent answer, because even if governments become security and privacy friendly, there will always be malicious attackers up to no good.

BenniAugust 14, 2014 11:46 PM

Wired wrote:
"In addition to the possibility of accidentally starting a war, Snowden views MonsterMind as the ultimate threat to privacy because, in order for the system to work, the NSA first would have to secretly get access to virtually all private communications coming in from overseas to people in the US."

"It’s no secret that we hack China very aggressively,” he says. “But we’ve crossed lines. We’re hacking universities and hospitals and wholly civilian infrastructure rather than actual government targets and military targets. And that’s a real concern.”

Skeptical wrote:
"I do find it curious, and even now, disappointing, that Snowden continues to reveal what would be, if his claims are true, legitimate foreign intelligence operations."


Yeah, a system that can "accidentially start a war" and can only work if it is analyzing "virtually all private communications coming from overseas to people in the US" is a legitimate foreign intelligence operation. As Well as "hacking universities and hospitals and wholly civillian infrastructure" in china, or cutting off an entire country from the internet by accident.

For Skeptical these are all legitimate foreign intelligence operations...

I think that even at NSA, most people would disagree on calling an autonomous system that can "accidentially start a war" and only works if it is analyzing 100% of all communications coming to the US, as a a "legitimate foreign intelligence operation". Perhaps not even the most conserative republicans from the tea party movement will come up with similar excuses.

By the way, when you at NSA finally have activated skynet which you codename as MonsterMind, please be so kind and leave a note at this blog, since once Skynet is activated its time for peoples to take some protective measures....

Clive RobinsonAugust 15, 2014 12:16 AM

@ Karma Chameleon,

Honeypots are a very real threat.

To whom?

I've posted on this blog a number of times just how easy it is to detect Honeypots that are run on virtual machines --as nearly all are-- by using a fairly simple "script kiddy" attack.

I've since refined it to also detect honeypots that are made of multiple machines that are not --as used to be the case-- setup to avoid detection.

NovaAugust 15, 2014 1:13 AM

@Skeptical

On the uninteresting side, there are lots of little nuggets of BS sprinkled about. For instance, Snowden claims that he intended the US government to have a good idea of what he took. Really? Why not ask Gellman or The Guardian to give the US government a copy then? In fact, why not have Poitras, and any others, arrange to transfer a copy of what they have to the US government too?

Reverse engineering your statement here, there is only one conclusion: you are operating on the belief that Snowden was directed by Russian intelligence, and furthermore, that Snowden's statement there was given to him by Russian intelligence.

And everything else is just smoke & mirrors.


I am the Larval King. I can do aaaannnnything. :-)

Anyway, thanks for the FYI -- got any angel dust? My pinky ring is emptttty. :O


(I do not believe you of course, nor would anyone else.... :( )


Ever seen Holy Motors? Great movie. Never knew anyone could be so bad ass at accordions! Sheesh. Wowzers! :-)


NovaAugust 15, 2014 1:18 AM

@Clive Robinson

"Honeypots are a very real threat.
To whom?

I've posted on this blog a number of times just how easy it is to detect Honeypots that are run on virtual machines --as nearly all are-- by using a fairly simple "script kiddy" attack."


This term often messes with me. Back in the sixties it only meant a person (or situation or company... etc). Only decades later did it come to imply "only computer code".

I often see it nowadays used as a sort of bluff, like pretending someone has night vision cameras or security they do not have.

If you rely on honeypot sort of strategies, you would never see you do anywhere. Obviously.

name.withheld.for.obvious.reasonsAugust 15, 2014 6:19 AM

@ Skeptical

As usual, I find much of the comments quite interesting (occasionally exasperating of course, but surely that's the price of admission).

You could reduce your payment(s) by being less obstinate and belligerent in the style of discourse that is your moniker. I cannot elevate my own position in any manner (we both share the same "stature"). I hold no superior position, my writing here is part of a larger effort to answer the failure of our socio-political institutions and in an attempt to mitigate the destruction that corrosive corporate and government policies are having on the body politic.

Access to Bruce's intellectual generosity and the gift that is this blog is due much. I think participants must give deference to the character of our gracious host--that one must recognize the unfailing quality of analysis, perception, observation, and understanding of complex issues that rarely raise to the level to inform. Smart people tend to be marginalized because idiots don't understand what others are stating. I've never known Bruce to come from a place of superiority or coming off as condescending.

Bruce's integrity, character, manner, and patience that he consistently exercises is not a common feature--especially in the United States. When people in positions of responsibility employ cliches, slogans, and care little for how things like Newtonian physics works, can in a moment tell me whether I can fly or not--I get upset. When the only growth and production is an expanding inventory of failures in reasoning and rational thinking. That we make larger the hole and cannot find the clarity to reach what seems to me a matter of simply treating problems with sound action that is the result of embracing sound ideas--not the lies that have lead the way.

SkepticalAugust 15, 2014 7:47 AM


@Nova: Reverse-engineering failure, then, since I don't believe Snowden was directed by the Russians. I would guess that he probably understands all of these interviews as part political/PR campaign, part information op, for the cause of liberty. I think he receives substantial advice, and perhaps practice, from various persons, some who may be indirectly associated with the Russian Government, but I also think the decisions he makes are his own.

Other thoughts on Snowden:

Every now and then, between the well polished talking points, one glimpses what I think to be Snowden's genuine worldview, which is a curious mixture of simplistic understandings about how institutions and people work and much more sophisticated insights.

For example, he seemed to believe that the US Government might have the Triads kill him. To me this indicates a complete lack of understanding of what is required before the US can undertake a covert action, and the circumstances under which it is done. It indicates, to me, that he doesn't quite understand the rules and norms that actually govern behavior of intelligence officers or other operators.

He also indicated that he believed the US Government would kill a journalist if that journalist were a "single point of failure." The US has never done so, even when covert actions were much less formally governed than they are today.

Then let's take his curious interpretation of the email he received back from the NSA's General Counsel's Office when he asked a question. The email answered his question, and invited him to call if he wanted to discuss further. He took this to mean "stop asking questions." Taking him at his word as to his interpretation, that's a paranoid way to understand the email he received. It's as though he didn't quite get the way people were actually interacting with one another. (An alternative view is that he was feeling paranoid because he was essentially acting as a mole of sorts, at that point, and this paranoia simply colored everything he saw - something that's probably not unusual for persons in those circumstances).

Finally, though I'd hesitate to place too much emphasis on this, there are hints of what psychologists would call splitting. This is a tendency for an individual to view other persons, and perhaps things that are personified to them, as either all good or all bad. Greenwald may have picked up on some this when he described how Snowden perceived himself, though I'm not sure Greenwald was fully aware of what he was sensing.

This all makes me feel a little sorry for him. If my reading of him is correct, then he's felt somewhat under siege for most of his life. It's also admirable that he's battled back in a brave, resilient manner. It says a lot about his underlying character. But his skewed understanding of the world, in my very humble, highly speculative, opinion, unfortunately led him to choose the wrong strategies and tactics.

hen budweiAugust 15, 2014 11:38 AM

"a complete lack of understanding of what is required before the US can undertake a covert action, and the circumstances under which it is done."

Yes, secret agent 008, whip our your license to kill and reassure us about the painstaking scrupulosity of the US government when it with grave reluctance decided to blow King's brains out,

http://www.thekingcenter.org/sites/default/files/KING%20FAMILY%20TRIAL%20TRANSCRIPT.pdf

and the even more grave and agonized formally-governed decision to shampoo the carpets with Todashev's brains last year,

http://whowhatwhy.com/2014/05/17/todashevs-killer-no-wonder-his-identify-was-secret/

"The US has never done so, even when covert actions were much less formally governed than they are today."

Especially not poor ol' Gary Webb who shot himself in the head. Twice. What? It happens, don't laugh.

Every single glottal stop's a lie.

Nick PAugust 15, 2014 12:12 PM

@ hen

One of my favorites was recent. I can't find the link as Google is giving me nonsense, but I'm sure we discussed it here. The guy was CIA with a long history, including allegedly saving a President's life. He apparently was going to blow the whistle on something. He was driving with a briefcase (classified files?) in his car.

Cops pulled him over. He showed his CIA ID. The cop decided it was fake. It was revealed the cop was told he was a con artist and to find any reason he could to arrest him. It was never revealed exactly where that information and order originated. The spook realized what was going on, panicked, and tried to outrun the cop. This being real life, he eventually pulled over surrounded by more cops. They wanted him on the ground. He pleaded the importance of what he was carrying and reached for the briefcase to show them. They killed him on the spot. The briefcase was apparently seized and its contents not revealed.

So, there's how most people are handled by the government and then special treatment for some. It's clear that the guy made off with something that threatened the regime and they handled it like a proper police state. They could've arrested and charged him under Espionage Act. Yet, they instead tried to pull a parallel construction to invent false charges, the situation ultimately resulting in his death. I wish I got to see what he was carrying as I put money on it being at least as damaging as Snowden's information. Probably more interesting as NSA trying to intercept everything was unsurprising to anyone knowing it's what they were founded to do (foreign at least).

SkepticalAugust 15, 2014 12:14 PM


@hen - You think that the US government killed MLK? To me that's 9/11 Truther territory, though to you it's obviously the truth. Let's agree to disagree. Rehashing theories like that, whether one considers them paranoid conspiracy theories or plausible explanations, just results in endless threads of pointless discussion.

65535August 15, 2014 1:19 PM

@ Benni

“I am the only one who notices that this "MonsterMind" software is similar to these plans of the german secret service BND?”

Good links. I think MonsterMind is an abomination to democratic societies. I don’t think it actually protects individual people – Big corporations – but not the little guy. If this weapon propagates in to a free-for-all fight between nations things will get ugly fast.

@ Nick P

“Critics of NSA mass surveillance, like myself, pointed out that the largest risk to democracy is that NSA gets blackmail material on Congress and Supreme Court… power + money + secrecy + criminal immunity = ideal breeding ground for evil and corruption.” – Nick P

That is my thought. I wonder how far it has already gone. If powerful Senators can’t even get out and “Executive summary” from the CIA without huge redactions – it has gone too far. The Congress funds these spy organizations so it hard to imagine the CIA/NSA not having some leverage over them at this point.

Empty wheel has some examples of redactions in civilian reports and they are enormous [pages of complete redaction]:

http://www.dni.gov/files/0808/Final%20046.First%20letter%20in%20resonse%20to%20FISC%20questions%20concerning%20NSA%20bulk%20metadata%20collection%20using%20pen%20register-trap%20and%20t~1.pdf

[and see Internet Dragnet Materials, Working Thread 1
http://www.emptywheel.net/2014/08/11/internet-dragnet-materials-working-thread-1/

If Senators and Congressmen are getting anything close to this type of material then they are either intimidated by the NSA or are the pad with the NSA.

Worse, we are using our First and Fourth Amendment rights to discuss legitimate public policies on this blog yet some are suggesting we go underground/Tor for fear of NSA retaliation. That is a horrible state of affairs in a democracy!

‘…Snowden says, the revelations will keep coming. “We haven’t seen the end,” he says. Indeed, a couple of weeks after our meeting, The Washington Post reported that the NSA’s surveillance program had captured much more data on innocent Americans than on its intended foreign targets…’ –wired

http://www.wired.com/2014/08/edward-snowden/

If the above statement is even close to being true then the NSA is infected with terminal “mission-creep” and must be restrained.

@ Victor

"It would be great if the bricked router could be recovered and properly investigated."

Yes. I wonder how many American routers the NSA bricked? Those routers would then be possible to properly investigate. They are probably out there.

The stench of abuses by the NSA/CIA/FBI, Vupen, Gamma, Zero-day exploit vendors etc., makes me want to vomit!

To add insult to injury the average Joe funds porn peeps and end-to-end eves-droppers. I say cut-off their funding until this mess can be brought under control

hen budweiAugust 15, 2014 1:33 PM

Here we have skep, so desperate to fellate his revered government murderers that he runs from forensically-tested fact as decided by a jury of his peers in King Family v. Jowers. And what's he got instead? Government-issued labels dating back to the Sixties. "Truther blah blah blah paranoid conspiracy theories blah," lots of extra blahblahs to try and make it sound urbane. It's like magic words for them, they seem to think it's ever so convincing. With a species of low cunning, skep doesn't touch the case of Todashev, which really rubs his nose in his betters' contempt for law and honor.

Same with the weasels at NSA/CIA, State, DHS, DoD. It's like they get a little desk plaque for being full of shit. Like it doesn't matter if you're a laughingstock, as long as you can keep a straight face. This is how the Warsaw Pact fell - your type became a joke and it just got too humiliating to go on. Then everybody worth his salt did a Snowden all at once. That was fun. It will be even more fun when it happens to you.

Hey, NSA, good luck recruiting brilliant young people with exceptional mathematical maturity! I'm sure skep will convince them real good and win you your battle for domestic hearts and minds.

J LennoxAugust 15, 2014 6:05 PM

@Skeptical
It seems you are micro-analysing Snowden's behavior.

All that in an attempt to draw all sorts of conclusions about something of which you do not have enough raw data.

What you should do is to be more skeptical of your own ideas.

MattNYAugust 15, 2014 6:07 PM

MonsterMind is an RIAA wet dream. They tried to get automatic hacking of p2p sharers legalized a few years ago but failed. Share a movie - blammo! Your computer is now a paperweight.

It would also make a dandy tool for censorship.

SkepticalAugust 16, 2014 6:56 PM


@JLennox - Of course. That is why I called my ideas highly speculative. I'm not attached to my speculations, and I don't buy into some of the more hostile theorizing I've read about Snowden.

Some of his more obvious lies, though, may be highly revealing. Why, for instance, claim that you really wanted the NSA to know what you took, when it's quite clear that you didn't?

One highly speculative hypothesis: his comments on the subject are intended both to elevate a personally important sense of superiority over the NSA while simultaneously continuing a relationship with the NSA. Perhaps he rationalizes such comments by thinking of them as part of a PR strategy, but that may not be the true underlying purpose.

This would be consistent with a theory that he feels, in general, that his world is insecure, a feeling caused by various formative experiences, which he defends against partly by striving to maintain an incredibly high regard for himself (high self regard may allow one to feel less vulnerable to the world). Moreover, driven in part by the need to maintain that defense, and driven in part by a sense that his world is riven with a latent fragility, he seeks to discover that fragility (in whatever close interpersonal network he has made a home in) by probing, peeking, testing. He'd have a need to, almost an obsessive drive to, discover cracks. Doing so would alleviate, to some extent, the underlying anxiety that the cracks are there and must be discovered; doing so would also allow him to distance himself from others whenever he began to feel threatened or vulnerable.

These two cognitive habits of coping with fragility in his world - maintaining an extremely high self regard, and obsessively seeking cracks - likely made him an extremely driven individual, one uneasy in close interpersonal relationships, and one highly vulnerable to any sense of threat to himself, including any sense that he was, or could be, valued at less than he needed to be.

All of us have some of the above characteristics, to varying degrees. In other circumstances, Snowden may have made a highly effective entrepreneur, though likely one with some particular difficulties in his personal life (not so uncommon for persons in any walk of life, and nothing that could not be overcome). Unfortunately, via a combination of professional circumstance, a lack of social and interpersonal "reality checks" on some of the more self-destructive tendencies inherent in those cognitive habits, and perhaps even with some encouragement via new interpersonal relationships he formed, he ended up walking down his current path.

That path has in some ways led him where his old cognitive defense mechanisms are most comfortable: at a distance from those he is now most intimate with, and able to role-play the part of untouchable hero.

Ultimately though, he'll find this unfulfilling. He'll need to find his way back, through the halls of introspective mirrors, out of his achieved isolation. That will be difficult. The obvious suggestion - therapy - would, shall we say, be challenging in his present conditions. Perhaps he could do so remotely, if he found a sufficiently trustworthy psychiatrist or psychologist, who followed whatever security precautions he thought necessary. The individual would need to be in a country in which he could not be forced to testify. The US is one such country, and undoubtedly there are many more in the Western world, though he'd want to familiarize himself with the limits of doctor-patient privilege in the relevant jurisdiction.

I don't think such therapy would lead him to recant, repent, and return to the US. But, it may enable him to better nurture the relationships that he has, to develop new ones, and to free himself of some very hobbling cognitive frameworks and habits. To the extent it does, he may find himself able to find a middle path out of the wilderness.

That was a bit longer and more detailed than I intended. No, I don't really expect him to begin therapy - but were it technically possible to do so securely, I don't think it would be a bad idea either. As I said, all highly speculative, and speculation in which I am not invested. But occasionally my speculations are close to the mark, so who knows.

Clive RobinsonAugust 17, 2014 1:54 AM

@ Nick P, 65535,

Not all people can be blackmailed. Some because they don't align with the societal view that is used to make the blackmail possible, others because they have not been found to have transgressed in a way that can be used.

Which gives rise to the question what do those who wish to control rdo next when blackmail fails. The simple answer is to destroy the person some way. Idealy an occurance evereybody believes is a tragic accident disposes of the problem, but forensic methods are making this steadily much harder. Then there are other more obvious methods ranging up to engineering "suicide by cop", but all these only work when you can physicaly get at the person, and they have not taken precautions.

But if they have taken precautions and made themselves unavailable what do those who wish to control do next.

Well one method of old is if you can not stop the messenger then stop the message, but in a world of increasing global communications the message will get through one way or another.

This leaves them with the "not one of us" tactic, it's what underlines most of the unpleasent "-isms" such as racism. Put simply they try to find differentiators to invoke base trible instinct, when these are not sufficient then the "traitor", "terrorist" or "bad" and "therefor mad" cards are played, against the individual or their family. This is done to make the message appear of a diseased mind and thus get it relegated in most peoples eyes to "mad ramblings".

And as we know the way to stop that is by producing original documents in such vast numbers that even ordinary Joe Sixpack lounging on the couch can see that no single individual could have invented them, nor any small collection of journalists etc.

So currently technology is with the whistleblower in that they can get out millions of documents more easily than they have at any previous time, and also technology can enable whistleblowers to put the equivalent of a "dead man's switch on a doomsday device" for those who wish to destroy them.

Thus the game switches to one of high stakes brinkmanship, where although the whistleblower may want to reveal all they know they can not, as it's only the fear of what they still hold or that is held by others on their behalf that stays the hand of those who would otherwise send out the death squads or drones that we have seen be used against those accused of terrorism often with little or no evidence.

As we can see we appear to have reached the "bad and mad" phase with Ed Snowden, but the weight of documents is showing this to be a pointless tactic, as the message is clearly independent of the messenger.

Thus the tactic says more about the limitations and sanity of those trying to use it than it does about whom they wish to target. They have obviously failed to realize that society has moved on from the Freudian view point that a mans adult actions can clearly be seen as a result of a boy repressing supposed anal and other fantasies to fit in with societies morals.

Sancho_PAugust 17, 2014 9:28 AM

@ Skeptical:

I see your intent to “understand” the messenger just to avoid the message itself.
But I’m afraid you won’t succeed.

Why, for instance, claim that you really wanted the NSA to know what you took, when it's quite clear that you didn’t?

The question itself is insane because is foots on an assumption (you may call that “evidence”, but it is nothing more than a …):
when it's quite clear that you didn’t?

Hint:
- The absence of knowledge is not proof of absence.
- They tend do deny, probably they found it but did not tell YOU about?

Next you are going to explore Snowden’s personality at length.
Funny, reminds me to ELIZA, a droid “analyzing” a human.
Useless, to say the least.

May I suggest a different “therapy” to our “patient”:

As your nation insists in wrongdoing:

Skip your remaining patriotism and engage in Russian IT security.

Russians will love it,
we need it,
your nation deserves it.

Your personal situation will improve.
Whatever you do, they will call you a traitor anyway, just don’t care.

SkepticalAugust 17, 2014 12:56 PM


@Sancho: I see your intent to “understand” the messenger just to avoid the message itself.

It's an interview with Snowden, mostly about Snowden. So yes, this one is about "the messenger."

Believe it or not I think we're all capable of talking about both.

They tend do deny, probably they found it but did not tell YOU about?

Certainly another possibility. As I said Sancho, everything is highly speculative.

Next you are going to explore Snowden’s personality at length.
Funny, reminds me to ELIZA, a droid “analyzing” a human.
Useless, to say the least.

:) And how do you know it's useless? You don't. It is, of course, highly speculative. But is it that far off the mark? Probably not.

@Clive: as the message is clearly independent of the messenger.

Er, yes, it is, but since this is an interview with the messenger, complete with stylized photographic portraits of the subject every other page, it's fair to discuss the messenger here.

They have obviously failed to realize that society has moved on from the Freudian view point that a mans adult actions can clearly be seen as a result of a boy repressing supposed anal and other fantasies to fit in with societies morals.

Nothing I said relies on a Freudian analysis. I think most of what Freud had to say is nonsense.

Most of what I said relies on the simple premise that, as we grow up, we develop certain cognitive habits of dealing with the world. Think of them as adaptive behaviors, both mental and physical. If they achieve a result that strengthens them as habits, they become increasingly automatic and ingrained.

Problems arise when circumstances change such that these habits are no longer adaptive, and yet we continue to use them. Because they are so automatic, because their assumptions and framework is so deeply embedded in our way of viewing the world, it may take some work for us to become aware of them; and once we do, we can, with some more work, change them.

You may not realize it, but you yourself relied on such an analysis, starting from the same premise, in remarking upon teaching a child habits of self-reliance.

Nor, I would emphasize, did I say anything that reduces Snowden in any way. If anything, I rendered him a little more human than the caricatures I commonly read by his ardent supporters and his equally ardent detractors. He's an ordinary human being, with all the ordinary problems and history that human beings have.

Nick PAugust 17, 2014 1:43 PM

@ Skeptical

You're analysis of him is misleading at best. Here are the things we know about him:

1. He joined government service after 9/11, supporting his claim it was probably patriotism related.

2. He was trained as a covert operator, exposed to the sneaky crap our government does, and did some of it on behalf of U.S.

3. He rose through the ranks, acquiring more secret knowledge of what our government does.

4. He saw what they were telling the American people and what they were doing were as different as night and day.

5. He also saw abuses that showed these programs had many dangers and no effective oversight.

6. He saw that numerous people trying to deal with corruption internally had been ignored or attacked, so they had to leak instead.

7. He decided to leak the data.

The government admits 1-3. Number 4 is supported by looking at government promises and claims, then comparing them to the leaks. Hint: many contradictions on critical point. Number 5 is supported by leaked documents and was also contradicted by the government officially. Number 6 has been reported on extensively. So, the facts alone paint a picture of an extremely corrupt, deceptive organization that *could* be a major threat to democracy if left unchecked. (Hoover's vastly inferior FBI *did* undermine democracy for over a decade, so there was a precedent.)

He might have been an honest, scheming, or whatever kind of guy. It actually doesn't even matter. Any moral person in an environment like this, seeing what Snowden saw, would consider doing No 7 on the list. Everyone who tried to do it a different way paid a price without any changes happening. That the accountability measures are merely for show is obvious by the fact that provable corruption has occurred (eg Trailblazer, DOD's "revolving door") without any prison sentences for those involved or dire consequences for the agency. That means Legislative and Executive branch weren't handling it. That leaves the voters and the Judicial branch. And to act, they have to know what's going on.

So, the person sees they're misleading Americans, a threat to government, abusing their power, and never punished for any abuses. Leaking was the only moral (and effective) choice in such a situation. If anything, you should be analyzing why Snowden was one of only a handful that made the moral choice while the others remained complicit. That has much more serious implications for discussions of government corruption or bad policy in classified programs.

Note: My argument is only for the evidence of US mass collection. I've already said he shouldn't have leaked the foreign operations.

SkepticalAugust 17, 2014 2:29 PM


@Nick - my analysis of Snowden does not imply that his leaks were either justified or not justified. The profile I provided is consistent with both.

Let me briefly illustrate what I mean by looking at something less controversial than his leaks: joining the military.

He enlisted via the 18X program, designed to provide a path directly into Special Forces (provided one satisfactorily completes all training and qualifications). Ordinarily one may attempt to qualify for transfer to SF only after a minimum amount of time in service, but for obvious reasons there was high demand for SF personnel, and so this program was activated.

You say: he did so because patriotism after 9/11.

I say: patriotism is only part of it. The drive to become SF will involve something more than patriotism. It will vary by individual, but in Snowden's case I might look at a desire for distinction and achievement, a desire to become strong and capable with respect to the world, perhaps even a desire to escape and to connect with others, as well as some exposure to the idea of military service. Keep in mind that he joined in 2004, not 2001, and selected 18X over other options. "9/11 and patriotism" doesn't fully capture the reasons one might do this.

Does my additional analysis take anything away from his decision to enlist? Of course not. It simply recognizes that "patriotism" isn't a sufficient explanation. "Patriotism" doesn't ever fully explain why an individual enlists, much less why an individual decide to attempt to join SF.

So, what about the leaks? Here again a simple focus on a single trait, like patriotism, doesn't explain the panoply of choices he made, the analysis he says he applied, or certain statements he continues to make. You have to look a little deeper.

Looking deeper doesn't mean you must conclude that his actions weren't justified. It does mean recognizing that there are important factors in human behavior outside of moral philosophy, and that these play a highly significant role in how we view the world and how we act.

Mike AmlingAugust 18, 2014 5:04 PM

@rainpen
As an experiment, I've set up hidden service jrv4mei33npvagpv.onion. It accepts on TCP port 443 only, and forwards it to www.schneier.com's port 443 (through Tor). I'll leave it running for a month.

Note: I also have some software that can get around the "Host: www.schneier.com" problem I noted above. Post a comment if you would like me to put it on, say, pastebin.com.

Note: I still don't see how using a hidden service is better than just opening https://www.schneier.com in the Tor browser.

IndependentAugust 19, 2014 2:56 PM

Regarding Tor:

Let's accept, as has been argued here, that using Tor would, at /best/, be of little help against a TLA-level adversary (and might actually /increase/ one's vulnerability to such.)

What about snooping and tracking by one's ISP and any number of corporations (to whom ISPs apparently sell their customer's data)? How effective can Tor be against these privacy and data pirates?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.