The NSA's Private Cloud

Comments

DriveBy Commenter • October 2, 2014 7:14 AM

NSA’s use of and participation in developing OpenStack has been well-known for years; see e.g. twitter.com/mathrock and search for publicly available talks.

Less well-known is that OpenStack Neutron was previously known as OpenStack Quantum, which is among the most plausible explanation for naming NSA’s QUANTUM family of programs.

Thoth • October 2, 2014 7:17 AM

Cloud computing is simply an extension of machines and as long as machines contain moving parts that are highly complex and are not built from the base with security in mind, it is doomed to go down the same path of simply just yet another machine.

The nature of the private cloud is unlikely to boost security by much significance. Probably the true nature of the private cloud is to extend their computing capabilities for their own goals (break crypto and spy more).

keiner • October 2, 2014 7:19 AM

Manning is not the problem. Neither is Snowden. The problem is the NSA.

SoWhatDidYouExpect? • October 2, 2014 7:20 AM

This smells of FUD, strictly propaganda to redirect people’s attention. If they really had this capability, THEY SHOULDN’T TALK ABOUT IT (or wouldn’t talk about it).

This is what is wrong with that organization…they talk too much. Real spooks DON’T. This smacks more of politics and public relations than any actual accomplishment. Take for example, calling it a “private cloud” (relating to something everybody else does) and how it is built (open source hardware & software, again some type of accepted thing). Since it is (supposedly) internal to their organiation, WHO CARES? It is (supposedly) their own network, their own computers, their own storage, their own access and control, not much different than what I have on my own computer.

By the way, “their own” refers to “stuff” purchased at taxpayer expense, so it really belongs to all U.S. citizens. In essence, it should be called a “public cloud” since it is owned by the public and holds public data (that is, if it really exists, though they likely have “something” of this nature that does “some” kind of work of this nature).

Is Dirk A.D. Smith a shill? Former spook?

FormerSpook • October 2, 2014 8:02 AM

Dirk A.D. Smith’s father worked for the CIA.

http://www.landfallresearch.com/aboutus.html

“Smith was born in Tokyo, Japan where his father was stationed for the CIA. The family later returned to the U.S. where he was raised. He received his bachelor’s degree from Babson College in Massachusetts.”

Other than that, he appears to be a writer of some renown.

uh, Mike • October 2, 2014 8:28 AM

The NSA is all about collecting data, but data reduction is more and more essential as the volume grows. Data reduction is hard, and you can’t get a judge to make it much easier for you.

When adding data about the activity involving each datum, the exponent in the growth multiplies. (Unless, of course, some agents don’t get logged.)

fajensen • October 2, 2014 8:29 AM

… the agency can now track every instance of every individual accessing what is in some cases a single word or name in a file …
To that I can only say: RACF!

RACF is IBM’s (in)famously complicated and comprehensive access control system which, when properly maintained and configured, can probably do full change control and audited configuration management on every. single. bit.

When this “New & More Shiny” version of RACF is eventually deployed, the NSA will fill the entire state of Utah with storage capacity for the audit logs and they will have to stick the virtual paperwork for each access/change somewhere else.

Everything grinds to a halt, quickly someone will setup an “admin”/”password” login to avoid the 6 weeks of processing new user credentials and soon after that all the goodies will be on the internet due to a trivial flaw in the never-updated VPN server which proxies “admin/password” that someone stuck in a closet to allow the contractors to work.

This will be good. I am long popcorn!

uh, Mike • October 2, 2014 8:37 AM

@fjansen, I can imagine using RACF for heavy, heavy configuration management of a very, very critical system. I read about the developers for the Apollo program and how they continuously audited their development process. It took them months to make a small change, but their bug list never left the single digits.

Using that nuclear power plant to watch the global anthill, to blend a metaphor, is just the thing we need to keep the NSA out of our hair for a decade or so.

Moniker Newjerski • October 2, 2014 9:01 AM

It already exists, and is similar to what many major companies do as well. Everything now has to have the stupid “cloud” name attached. It’s almost as bad as “cyber”. I know what’s coming next: A term so cringe-worthy that I might leave the industry and become a bread baker:

“CyberCloud”

Dodo • October 2, 2014 9:26 AM

NSA having its own cloud? So we’ll see soon Alexander Keith naked selfies around.

65535 • October 2, 2014 9:47 AM

It would be a shame if that cloud got infected with a nasty virus

dot tilde dot • October 2, 2014 10:06 AM

oh, and it will be its own administrator and won’t need any trusted janitorial staff. well, seriously?

another thing: i understand that manning was needing to know some of the data he accessed for work he was tasked to do. if i am right, there is a wholly different point to the last sentence cited.

.~.

SmokingHot • October 2, 2014 10:50 AM

I doubt the system is very good. They rushed to get this done, clearly. But here is what really stands out to me: this is no new problem, Robert Hanssen was abusing data systems way back in the eighties. As he is one of the few moles that have been caught, every intel agency should have studied his case and done all they could to fix the problems.

This is… thirty years later.

From an incompetency level, what a competent organization does when they suffer massive failure is you fire the heads. These are people with little experience in these fields, anyway. A problem with democracies is clearly that such organizations routinely change their heads, and usually for political reasons as opposed to competency reasons.

The PR value here is useful from their standpoint. It puts more dread in workers that they dare not do such things. For all the unconscionable actions, only a few have stood up and done anything, though many veterans have come forward after the fact. Those who realized what they were seeing was wrong, and too many others were just going along to get along: all for the team. All for “America”.

Nick P • October 2, 2014 10:51 AM

@ fajensen

LOL. That’s great. Yes, RACF, A1 DBMS’s, and more did stuff like this back in the Orange Book days. Most employees couldn’t stand even CMW-style separation by classification level. Most analysts couldn’t contain data under three broad security levels with some compartments. Now, they’re going to get acceptance and control of word-level access controls (i.e. provenance model)?

Good luck. They’ll also need to install the Evil Bit feature so they can do automated trimming of logs.

BetYouKnewThis • October 2, 2014 10:51 AM

In a related vein, regarding the NSA, their data collection and intelligence, the following question appeared on a major news site:

“How could Obama have ‘underestimated’ ISIS?”

That is because the NSA is so busy collecting data on U.S. citizens. Why? Because it is easy and we let them do it.

Why doesn’t the NSA have data and intelligenc on terrorists in the Middle East (yeah, the question above)? Because it is hard to get and the terrorists don’t let us do it.

That’s all it boils down to.

Doing what is easy and issuing PR statements about it.

Failing to do what is necessary and performing CYA action to avoid getting fired…

WhatsOnYourMind • October 2, 2014 10:54 AM

Did the NSA install Watson (of Jeopardy fame)?

Are they running mainframe computer systems (the RACF reference)?

SmokingHot • October 2, 2014 11:00 AM

@SoWhatDidYouExpect?

There is clearly PR involved in the release. A message to workers, but also a message to the voters: they are “doing something”.

I am pro-Snowden and pro-Manning, but hate incompetency. (What they reported was on the government’s incompetency, and they proved it by what they got from them.)

The NSA are pretty good at not talking, being a “shoe gazer” culture, but they are not real spies. For one, being a “shoe gazer” spy, is horrible. It emanates that one works on secret, important projects. You can pick that sort from a crowd because of their horrible personal skills.

I do not think there is any complexity to the message released beyond what is in the capacity of a junior experienced person in basic PR work. Foreign intelligence and NSA workers will probably take home: this is all fake, they have a real working system already. Because they think so paranoid and unrealistic. It pays for them. “Big threat home base, give us more money”, or “I better not break a single rule, or end my career”.

albert • October 2, 2014 11:03 AM

When you want to collect everything from everyone, you’re gonna have a lot of data. You’ll also need software to analyze it. Human analysis is impossible. This is the problem. Despite the hand-waving and pontification of the theorists, there will never be software capable of any kind of meaningful analysis of that data. There’s just too much. Computers will decide what’s important. There will be abuse of the system, and much of it unintentional (computer generated). We rely so much on computerized systems that we fail to account for their failures. No better examples of this exist than the numerous aircraft disasters caused by lack of good data inputs to flight-control computers. (BTW, many military aircraft are incapable of flying without computer control) These disasters were correctly attributed to pilot error, but the real problem is over-reliance on the computers. The pilots failed to consider the possibility incorrect inputs to the computer, or the consequence of the lack of error detection in the computer itself. Economics dictates limits on ‘what if’ analyses. Safety then becomes a “cross your fingers and hope it doesn’t happen” scenario”.
.
There are no ‘safety systems’ in NSA computers, no protections against bad data, and no standards for screening and evaluation algorithms. Thus the ‘analysts’ are very much like the airline pilots, and yes, in a very real sense, responsible for human lives.
.
I gotta go…

Clive Robinson • October 2, 2014 11:14 AM

I’ve just realised what the NSA are going to do with all those SysAdmins they were going to get rid of… turn them into auditors 😉

Seriously though audit logs have very rarely stoped those who’s intent is to steal data.

One reason is logs are an “after the fact” system, that is you get the data and then maybe somebody looks at the logs.

Another reason is privileges tend not to be revoked, so the longer you are with an organisation the more privileges you have that you don’t need to do your job.

Another reason for to many or to wide privileges is “rubber goal posts” they, don’t so much get moved, just stretched and bent to take all sorts of ad hoc things into account.

I could carry on with a lengthy list but I’m sure others will have their own examples.

But at the end of the day you have these hugh logs, full of exceptions due to a whole heap of reasons, any analyst that does not get a truck load of them is either not working hard or deliberatly trying to avoide suspicion. Further any system that does not produce truck loads of exceptions is probably not fined grained enough to be of any real use for security.

albert • October 2, 2014 11:18 AM

@BetYouKnewThis
.
“How could Obama have ‘underestimated’ ISIS?”
.
The US ‘created’ ISIS. It’s highly unlikely that Obama didn’t know this. If he hasn’t any knowledge of US policy in the Middle East, then he’s a figurehead who should be marginalized and ignored…
.
Wait, maybe all Presidents should be marginalized and ignored….
.
Do our intelligence apparatchiks actually believe US foreign policy propaganda? That would explain a lot…
.
I gotta go…

CatMat • October 2, 2014 11:33 AM

“Had this ability all been available at the time, it is unlikely that U.S. soldier Bradley Manning would have succeeded in obtaining classified documents in 2010.”

Right. So, instead of the classified documents themselves the leak would have been the complete access log of those documents with time-dependent patterns to analyze. But hey, that’s only metadata, right?

SmokingHot • October 2, 2014 11:53 AM

@Albert

When you want to collect everything from everyone, you’re gonna have a lot of data. You’ll also need software to analyze it. Human analysis is impossible. This is the problem. Despite the hand-waving and pontification of the theorists, there will never be software capable of any kind of meaningful analysis of that data. There’s just too much. Computers will decide what’s important. There will be abuse of the system, and much of it unintentional (computer generated). We rely so much on computerized systems that we fail to account for their failures.

That is throwing out the baby with the bathwater. When you confront a serious security problem, you approach it as a problem you can solve. The failings of the Manning & Snowden situation in terms of data security were serious points of incompetency.

Likewise, with the Robert Hanssen case I mentioned.

There were obvious and blatant mistakes made which would have been simple to put controls on top of.

Counterintelligence & Security can not find every mole nor every crack in their system, this is true. But they do not operate in that sort of way, anyway.

No small part of the problem both people exposed was a corrupt environment with very loose controls in general. There are also a lot of strong indicators coming from those cases which show organizations that are highly resistant to positive, meaningful change. High resistance to error correction. Which is, of course, very normal for government agencies.

That is the very culture its’ self is corrupt. As it is with government organizations in general. They have a tendency towards corruption. Secrecy often exasperates the problem, as opposed to helping it. Because secrecy, including disinformation, is used to shield proper blame.

SystemFailure • October 2, 2014 12:15 PM

Awwww, aren’t they sweet! The NSA gets all giddy because they’ve set up their brand new cloud computing system so they call a friendly local journalist to write a cute article about how happy everyone is. Aren’t they just adorable! And such a friendly face to have around! I think I missed the interview on how they set up FOXACID though. Anyone seen that one? No…?

Tualha • October 2, 2014 12:16 PM

Is there any excuse, in 2014, to continue to call her “Bradley” or “he”? Is there anyone left who hasn’t heard the news?

Wang-Lo • October 2, 2014 12:52 PM

The only thing I don’t understand is: why is it a “cloud”?

Bluetooth • October 2, 2014 12:58 PM

@SoWhatDidYouExpect?
If they really had this capability, THEY SHOULDN’T TALK ABOUT IT (or wouldn’t talk about it).

Maybe they release these articles so they get discussed at Schneier’s. Then they check the comments for all the point-of-views that are brought up about the technology. It’s like getting useful feedback without explicitly asking for it.

Wang-Lo • October 2, 2014 1:16 PM

OK, now I get it. When NSA found that massive data mining of their ill-gotten data required too many cross-platform queries, they decided to consolidate the data into one database. But this kind of remediation effort is not glamorous enough to insure reliable funding. Lonny Anderson realized that by calling his new consolidated database a “cloud”, he could make the project obscure enough so that congress would be afraid to mess with it.

Erik Carlseen • October 2, 2014 1:22 PM

So … multiple US government agencies sharing a converged private cloud infrastructure? Please tell me it’s run by a guy named L. Bob Rife…

Clive Robinson • October 2, 2014 3:51 PM

@ Tualha,

Is there any excuse, in 2014, to continue to call her “Bradley” or”he”?

When talking of the “crime” at that time that was the correct name and gender, so legally, historically and geneticaly it’s correct.

However if you are talking about how the person perceives themselves today no.

Also in most parts of the world whilst you can change the name you were given on your birth record (by deed poll) you cannot change the gender recorded, even if it was wrong or you have subsiquently had medical procedures for gender reassignment.

Much as the more liberal parts of society have moved on in these matters the conservative, religious and legal parts mainly have not.

Whilst in time this will probably change as society moves forward, currently we are still stuck in the older viewpoint and thus still has to be given the respect it claims by amongst other things judicial compulsion.

albert • October 2, 2014 5:09 PM

@SmokingHot
.
I was referring to the need to trust software that evaluates ‘targets’ for detailed analysis. I agree with your points about security and access control.
.
I’d like to point out the following regarding Manning and Snowden.
.
How much information would they have been compelled to steal, had the military not engaged in the wholesale murder of civilians, or the NSAs illegal mass surveillance of US citizens?
.
Was the mere exposure of those details even close to the punishment such behavior deserves?
.
Finally, are there any ‘actors’, bad or not, who didn’t already have a pretty good idea about what the NSA and the military were up to? It would be extremely naive to think so.
.
I gotta go…

Whistler • October 2, 2014 9:00 PM

@Clive.
1. Propaganda? Absolutely.
2. I thought from start that snowden didn’t give up the Crown Jewels. He is still breathing. They would have leveled the block/blocks. Plus, nobody is going to allow the really good stuff reachable in Hawaii, not a chance. I think it is isolated.
3. Cloud? I really don’t trust the idea from a security standpoint. If you can reach it remotely so can someone else. The closest I would endorse would be a cold or warm site but not one connected. Backup and hand carry.
4. Of course it depends on what the data is. Pictures of my cat? Who cares. A hospital’s billing and other records? HIPPA is the least of the worries. I can barely imagine what NSA must have. To my mind though, custom network, architecture, OSs, and any number of other precautions better be used.
5. I am curious though if you think such a custom approach is or should be used. Hopefully, jeff goldblum isn’t around with an apple computer. ???? but yes, a little obscurity use but backed up with real security in my example. The military has and does use custom chips. Just a random thought.

Magnus • October 2, 2014 10:47 PM

That article is nothing but a shallow puff piece designed to validate feeble-minded CIOs’ decisions to move systems to the “cloud”. It’s full of buzzwords and just repeats the usual tropes about “cloud” systems, with the occasional technical word thrown in to make the target reader (said feeble-minded CIOS) feel smart.

Nick P • October 2, 2014 10:52 PM

@ Tualha

re Bradley

Bradley is a male. He simply identifies with a female gender, changed his name to a female gender, and acts like a female. His choice. I guess you could say there’s what a person is and what they want to be. There are a tiny minority that is physically both, but Bradley is a man that wants to be a woman. Talking to his face, I’d probably be courteous and call him Chelsea.

There’s a bigger issue, though. Bradley Manning is the name that was cemented into many Americans’ mind. The image was a potentially troubled youth and soldier who leaked what he believed was evidence of wrong doing. That image could bring support by people on both sides of the debate, including conservatives. Dragging the whole gender identity and complex personality issues thing into the debate only leads to a sense of personal detachment from him for many. I usually prefer things to stay genuine as possible but we’re talking about emotions. And they make people react in all kinds of ways (esp unjust or irrational), possibly weakening the effect he had. So, to accomplish his goals I have to talk about him like the man and soldier people thought he was.

Diudaros • October 3, 2014 2:39 AM

So…if you only have a cloud based service you can monitor, who accessed a file, when a file was created, modified, downloaded, copied…..?

Trebla • October 3, 2014 3:45 AM

Even with such a system in place it is still possible to access and leak data for someone who is motivated. A sysadmin could probably, with some manipulation, pose as any user and download documents using other co-worker’s identities.

A better way to handle the problem would be to play by the rules and remove the incentive to leak data in the first place.

Lurker #753 • October 3, 2014 4:12 AM

I’ll offer a countering opinion, two valid reasons for NSA to think/do this.
Firstly, isn’t there believed to be another leaker in there? Forget about needle-in-a-haystack searching, they are far more useful in hunting a trickler who’s still in the building (and this creates a strong disincentive for anyone to trickle – it’s Snowden gulp-and-run or nothing).
Secondly, perhaps the worst damage to the NSA from Snowden was the “You don’t even know what he took? WTF?” aspect. Fine-grained logging would identify what the leaker accessed.

<snark> Though would probably not be able to find their e-mail.</snark>

BJP • October 3, 2014 8:10 AM

@Nick P (@Tualha as well) re “Bradley”

Also, the complaint from Tualha was the first to use the name “Bradley” in the thread, besides the original quoted post. There was no “Chelsea” in 2010. Only to those for whom the sex-change operation is the salient point of this whole sad story is this arbitrary, confusing, distracting detail relevant.

Mad Hemingway • October 3, 2014 10:11 AM

Big Data, n.: the belief that any sufficiently large pile of manure contains a pony with probability approaching 1

The NSA and its cloud for data mining is a complete waste of time, money, and effort.

SmokingHot • October 3, 2014 11:23 AM

@albert

I’d like to point out the following regarding Manning and Snowden.
.
How much information would they have been compelled to steal, had the military not engaged in the wholesale murder of civilians, or the NSAs illegal mass surveillance of US citizens?
.
Was the mere exposure of those details even close to the punishment such behavior deserves?
.
Finally, are there any ‘actors’, bad or not, who didn’t already have a pretty good idea about what the NSA and the military were up to? It would be extremely naive to think so.

Oooh, engaging reply, thank you for sharing your insights.

Yes, on this first bit, that is exactly part of my viewpoint: the corrupt culture is creating moles and whistleblowers.

It is corrupt on many fronts. Most people react to that corruption by their own standard of incompetency. They go along to get along. They do not want to have problems. There is strict oversight, they have routine lie detector tests, there is forensic accounting, and there is scary surveillance capabilities which leads them to dare not take any risks.

But, they add to the corruption. And part of that corruption involves creating the circumstances which enable severe security problems.

They are penetrated deeply by a laundry list of their rivals, adversaries, and allies. One can even include in this list a long list of powerful commercial interests. And… probably unknown parties.

Much of this is simply blind penetration. People do not understand their own allegiances or what information they are giving away and to whom. I view it as, you have the secret cores, and then you have the outlaying areas past those circles of trust.

That goes both ways. Both in giving information and in receiving it.

Then, of course, there are the deep levels of direct penetration, by professionals representing external interests, working in the system under a trusthworthy guise.

Some of these operate like cover and access agents running knowing agents (to use CIA parlance), and some of these operate like illegals, full blown “enemy” agents. Enemy in quotes because they may represent allied countries and mere rivals.

Finally, you have technical penetration. Considering the wealth of information all pooled together, this is obviously a problem for them.

My inclination here, however, to add quite further down here at the bottom is you are probably referring to specific situations as not being how it is presented as. This is, of course, a distinct possibility. Technically.

On that, there are the usual suspects. Of course, it could be that, quite like the movie, the usual suspects really means: the seemingly obvious culprit.

I would only suggest there may even be actors entirely outside of the usual laundry list of potential culprits also at play in these things.

Where “culprit” may be in quotes: because that is a matter of perspective.

Probably some very scary stuff out there.

Clive Robinson • October 3, 2014 2:35 PM

@ Mad Hemingway,

The pile might not contain a pony, but I can absolutly guarentee it’s absolutly filled with bugs…

Serial • October 3, 2014 8:40 PM

So, if the NSA cloud was hacked, this will be a HUGE LEAK.

USA is becoming crazy… laugh at you guyz from europe
There’s no freedom of speech.

Wesley Parish • October 3, 2014 10:12 PM

Well, I have my doubts about how this “new” NSA cloud is going to pan out.

Consolidating data is a laudable goal, and a lot of people and their businesses consider it so. Consolidating access is likewise considered a highly important goal, or why else would militaries the world over, make that a priority …

But the NSA is a organization that has shown a lack of the self-discipline it would need to make this a reality. Analysts would wish to protect their LOVEINTs and their access to such important leads and the LEAKED DOCUMENTS aka “naked selfies” of the Hollywood celebs – there’s bound to be some message encrypted in them, and one won’t go blind from too much analysis thereof … so they would falsify records. Administrators likewise would seek to protect their access to LOVEINTs and the like, so they would falsify records. Managers, directors, etc, would also wish to protect their access to LOVEINTs and such, so they would falsify records.

The new “cloud” of the NSA’s is likely to be as stuffed full of rocks as any cloud formation any pilot has blithely flown into and not come out of.

John • October 6, 2014 8:25 PM

To prevent further leaks , added file security is a plus , but there’s greater fouly at play here , namely lack of morale , as others said above .

Andrew_K • October 7, 2014 5:06 AM

Regarding human analysis a highly beg to differ. It may depend highly on what the analyst wants. Automated analysis is hard. Filtering on the other hand is easy.

So, use cases such as “I want to know everything about Andrew and about those he has facetime/calls/online communication/encrypted communication with” are a different story. And I assume these to be the relevant questions NSA handles. NSA is not about prevention. Prevention is nice if it can be arranged, but no one aims for it. More important is knowledge on hostile persons. Those are already identified and lead to other persons which can be assumed to be hostile, too.
Yes, a human analyst is needed. But his task is just selection of a starting point and filters for analysis plus evaluation of the outcome (I happen to meet with a foreign agant every thursday at the same place and the same time. We joined the same gym. Does this make me a hostile agent? Not more than the 50 persons training with us).

Oh and yes, this is pure PR. Wait and they will offer “secure cloud consulting”.

@ Bluetooth
I don’t know whether I like the idea of this comment section being abused as a free think tank, but it is. And I bet, it’s watched carefully. Not so much for the conspiracy theories as for interesting persons, ideas, and associations.

@ Nick P, Tualha
Regarding Manning’s gender change. I don’t want to sound rude (tough I know it will), but I wonder whether a) this sex change was enforced for humiliation purposes regarding fromer comrades (“real man do not do this!”, compare here for sexual contexted humiliation) or b) it is a strategic advantage to be a woman when facing jail in the U.S.

Thomas_H • October 7, 2014 1:21 PM

@Wang-Lo:
The only thing I don’t understand is: why is it a “cloud”?

Because, given the right circumstances, its contents will either evaporate into nothingness or rain down on its users in manners they least expected.

Doe • October 7, 2014 9:23 PM

No machine is perfect . Turnaround time can be improved on , but there is no end game . In a cloud, hard and soft wares can be forged as needed , but humans are a resource the government will never run out of .

xd0s • October 8, 2014 11:51 AM

“Seriously though audit logs have very rarely stoped those who’s intent is to steal data.”

Logs were never intended to be preventative in nature I’d guess, and rarely have more than a minimal deterrent effect on the non- and semi-professionals.

Sure you don’t want to leave a trail, but if the target is valuable enough, the trail left is not going to stop the action in the first place.

What become interesting in this system IMO is the fact that IF they really log all of this stuff all of the time, they are more likely going to leave evidence of their own use and knowledge of issues and decisions in the logs (they are not the bad guys after all). Leaking that would be potentially devastating to the politics and optics of the situations they know about and let persist, or try to stop and fail etc.

I tend to believe this logging if implemented as described will more likely provide more ill effects for the NSA staff from a “blame game” perspective than positive reduction in leaks.

Comments

Leave a comment Cancel reply