The Secrecy of the Snowden Documents

Last weekend, the Sunday Times published a front-page story (full text here), citing anonymous British sources claiming that both China and Russia have copies of the Snowden documents. It's a terrible article, filled with factual inaccuracies and unsubstantiated claims about both Snowden's actions and the damage caused by his disclosure, and others have thoroughly refuted the story. I want to focus on the actual question: Do countries like China and Russia have copies of the Snowden documents?

I believe the answer is certainly yes, but that it's almost certainly not Snowden's fault.

Snowden has claimed that he gave nothing to China while he was in Hong Kong, and brought nothing to Russia. He has said that he encrypted the documents in such a way that even he no longer has access to them, and that he did this before the US government stranded him in Russia. I have no doubt he did as he said, because A) it's the smart thing to do, and B) it's easy. All he would have had to do was encrypt the file with a long random key, break the encrypted text up into a few parts and mail them to trusted friends around the world, then forget the key. He probably added some security embellishments, but -- regardless -- the first sentence of the Times story simply makes no sense: "Russia and China have cracked the top-secret cache of files..."

But while cryptography is strong, computer security is weak. The vulnerability is not Snowden; it's everyone who has access to the files.

First, the journalists working with the documents. I've handled some of the Snowden documents myself, and even though I'm a paranoid cryptographer, I know how difficult it is to maintain perfect security. It's been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it's almost certainly not enough to keep out the world's intelligence services.

There is a lot of evidence for this belief. We know from other top-secret NSA documents that as far back as 2008, the agency's Tailored Access Operations group has extraordinary capabilities to hack into and "exfiltrate" data from specific computers, even if those computers are highly secured and not connected to the Internet.

These NSA capabilities are not unique, and it's reasonable to assume both that other countries had similar capabilities in 2008 and that everyone has improved their attack techniques in the seven years since then. Last week, we learned that Israel had successfully hacked a wide variety of networks, including that of a major computer antivirus company. We also learned that China successfully hacked US government personnel databases. And earlier this year, Russia successfully hacked the White House's network. These sorts of stories are now routine.

Which brings me to the second potential source of these documents to foreign intelligence agencies: the US and UK governments themselves. I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades.

Those government hacking examples above were against unclassified networks, but the nation-state techniques we're seeing work against classified and unconnected networks as well. In general, it's far easier to attack a network than it is to defend the same network. This isn't a statement about willpower or budget; it's how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462­456 twenty minutes into the game. In other words, it's all offense and no defense.

In this kind of environment, we simply have to assume that even our classified networks have been penetrated. Remember that Snowden was able to wander through the NSA's networks with impunity, and that the agency had so few controls in place that the only way they can guess what has been taken is to extrapolate based on what has been published. Does anyone believe that Snowden was the first to take advantage of that lax security? I don't.

This is why I find allegations that Snowden was working for the Russians or the Chinese simply laughable. What makes you think those countries waited for Snowden? And why do you think someone working for the Russians or the Chinese would go public with their haul?

I am reminded of a comment made to me in confidence by a US intelligence official. I asked him what he was most worried about, and he replied: "I know how deep we are in our enemies' networks without them having any idea that we're there. I'm worried that our networks are penetrated just as deeply."

Seems like a reasonable worry to me.

The open question is which countries have sophisticated enough cyberespionage operations to mount a successful attack against one of the journalists or against the intelligence agencies themselves. And while I have my own mental list, the truth is that I don't know. But certainly Russia and China are on the list, and it's just as certain they didn't have to wait for Snowden to get access to the files. While it might be politically convenient to blame Snowden because, as the Sunday Times reported an anonymous source saying, "we have now seen our agents and assets being targeted," the NSA and GCHQ should first take a look into their mirrors.

This essay originally appeared on Wired.com.

EDITED TO ADD: I wrote about this essay on Lawfare:

A Twitter user commented: "Surely if agencies accessed computers of people Snowden shared with then is still his fault?"

Yes, that's right. Snowden took the documents out of the well-protected NSA network and shared with people who don't have those levels of computer security. Given what we've seen of the NSA's hacking capabilities, I think the odds are zero that other nations were unable to hack at least one of those journalists' computers. And yes, Snowden has to own that.

The point I make in the article is that those nations didn't have to wait for Snowden. More specifically, GCHQ claims that "we have now seen our agents and assets being targeted." One, agents and assets are not discussed in the Snowden documents. Two, it's two years after Snowden handed those documents to reporters. Whatever is happening, it's unlikely to be related to Snowden.

EDITED TO ADD: Slashdot thread. Hacker News thread.

EDITED TO ADD (7/13): Two threads on Reddit.

EDITED TO ADD (7/14): Another refutation.

Posted on June 22, 2015 at 6:13 AM • 56 Comments

Comments

Rolf WeberJune 22, 2015 7:08 AM

Strange that Bruce obviously doesn't even take into account the most likely explanation: That Snowden did *not* "forget" the key.

It still seems to be quite hard to even raise doubts on the infallibility of the messiah ...

GeoffJune 22, 2015 7:11 AM

The Sunday Times story tells us more about manoeuvrings in the UK Home Office, and their need to spread FUD in order to outflank controls on surveillance, than it tells us about Russia and China.

Harald KorneliussenJune 22, 2015 7:15 AM

"I know how deep we are in our enemies' networks without them having any idea that we're there. I'm worried that our networks are penetrated just as deeply." Seems like a reasonable worry to me.

It does not seem a reasonable worry to me. At one point during your penetration of their networks, you're going to discover their penetration of your networks. And vice versa. It seems pretty likely that one side has the edge.

I don't think security was lax per se. Rather, Snowden seems to have been an unusually empowered sysadmin. I can completely understand why they have an unusually empowered sysadmin - because they want to get work done. When you lock down the system too much you cripple yourself, and looking for the most security-competent guy around and give him dictatorial sysadmin powers is a naturally tempting thing to do. Just because Snowden got the docs, doesn't mean anyone could have.

fajensenJune 22, 2015 7:26 AM

@Rolf Weber:
Maybe it is all a whole lot simpler: Snowden was an off-site contractor and yet he could rummage trough NSA's "stash" for years, without leaving enough traces to be found out.

There is probably about 50 thousand similarly employed, skilled and woefully UN-supervised personnel exactly like Snowden. *All* it takes for the beans to spill, is just one or two of those people liking money and everything money can buy (or even ideology) more than their far-away managers.

I bet there are dozens of these "freelancers" doing private work on the side and then several real agents, trained at Chinese, French or Russian Engineering Academies, who all graduated top-of-their-class and now works for leading tech providers in "the west".

IOW: The dum-dums are running the "intelligence" services and they have no clue!

EvanJune 22, 2015 7:26 AM

@Harald

Snowden was an external contractor. If one external contractor, however extraordinary, can be given that access, then others can do. Even if Snowden was the first, he certainly wasn't the last or only - and that's not to get into the full time employees that would have been the first targets for foreign HUMINT. Remember how long Hansen and Ames got away with selling secrets.

ArthurJune 22, 2015 7:27 AM

> Strange that Bruce obviously doesn't even take into account the most likely explanation: That Snowden did *not* "forget" the key.

Yes because i don't know the difference between :

> he no longer has access to them

or

> All he would have had to do was encrypt the file with a long random key, break the encrypted text up into a few parts and mail them to trusted friends around the world, then forget the key.

and destroying the files.

We can see in Citizen Four the way he decrypt the files in the hotel.

d33tJune 22, 2015 8:59 AM

If the timeline in this Snowden bio is accurate, NSA had from 2009 until May of 2013 to stop their gross violations of US Constitutional rights via the FISA flavored US Kangaroo court. NSA of course could have just never started violating the US Constitution in the first place, but they did have a fair amount of time to stop once they started their clock ticking the very second they contracted a person who was capable of having a crisis of conscience and not just another order following robot with clearances.

On the other hand, had Barack Obama actually remained true to his statement on repealing the Patriot Act while campaigning for a seat in the US Senate and his promises while campaigning for the office of President, there again would have been ample time to correct the current US Government policies of violating US citizen's constitutional rights multitudes of times per second. Obama had almost 4 years from the date he took an oath of office to "preserve protect and defend the Constitution of the United States", until late 2013 when Edward Snowden finally felt forced to report these institutionalized treacheries outside the chain of command in order to actually have them heard with some level of transparency.

Or Wyden (appears to have a conscience), Feinstein (appears to love grandstanding for revenge or money) or any other current / former member of the Senate Select Committee on Intelligence (or House of Reps version of a fake oversight committee) could have done their sworn duty and exposed these crimes themselves without beating around the bush for over a decade.

At least two Presidents (likely 3, and coming up 4) and several versions of the "gang of eight" chose to remain silent and complicit with these ongoing, and currently unpunished high crimes. Some while Snowden was still attending community college.

By their action or inaction most of these people in government certainly appear to have no real desire to protect "state secrets" or "assets" from their enemies. Remember Valerie Plame?

If British ops and assets have truly been so exposed by Snowden's revelations, why is a foreign power's intelligence apparatus so dependent upon US secrecy? If this is the case with the British as well as many other foreign powers, why do these programs cost the US tax payer so much money? If the US is still a capitalist state, I'd like to see some dividends.

wiredogJune 22, 2015 9:05 AM

"agents and assets are not discussed in the Snowden documents."
Sources and methods certainly were.

Clive RobinsonJune 22, 2015 9:08 AM

For those questioning that Ed Snowden "did not forget the key" you need to think if your argument holds water.

Ed Snowden new that as soon as he left for Hong Kong he had painted a target on his back. He would also know that the difference between being proved absolutely guilty and suspected of being guilty was how well he secured the file(s) against "his own people". Thus he would have picked a very strong key for the files.

Further he would also have known from his days at the CIA that certain types of tourture do work even against the most strong willed person, after all even a diamond can be ground down.

The problem with "knowing a password/phrase/key" is that it is trivialy easy if the tourture has the file(s) to test if the person being tourtured has given the right password or not. And as far as I'm aware there are no "duress key" crypto algorithms that could not be detected as being such.

Thus for his own safety he would have not used a memorable password/phrase/key.

All he would have to do would be to arange a "side channel" to send the password/phrase/key to Hong Kong. There are very many ways to do this and some work in quite odd ways.

For instance a way he might have initialy concidered would be that in Hawaii have he would have had very easy --and if not then under surveilance-- untracable access to printed newspapers or magazines from Hong Kong or other parts of the world. The only hard part would be ensuring he could get a "back copy" of the newspaper or magazine when he got there, in reality this is not realy a problem if you pick wisely. This would give him any length of text to use as a key to encrypt any truely random password/phrase/key that he had created. All he then needs to do is in effect post the encrypted password/phrase/key to be picked up later when in HK.

I say "initialy concidered" because he would know that there was a possibility that a posted letter might be intercepted and photo copied etc. However there are several ways that this issue can be avoided and I'm reasonably certain that he would know of some of them. Likewise there are other methods he would probably know to set up a secure side channel to get a truly random password/phrase/key he would have no hope of remembering to Hong Kong.

The main take away point is what ever method he chose to use, it would have to be both believable and to a certain extent provable. Thus he would be able --to try-- to convince any potential tourtures that it would be pointless to tourture him.

For those interested in ways you might be able to do this in a more technological way, it has been discussed here in the past with regards getting encrypted laptop data across a national boarder such as that of the USA.

SJJune 22, 2015 9:45 AM

@Clive,

For some reason, I'm reminded of a card-based method called "Solitaire" in a novel written by Neal Stephenson.

(Yes, I know that Bruce advised Stephenson about that method of encryption...)

However, I don't know if there many Hong-Kong newspapers that publish Bridge columns, or if Snowden could convincingly state that he's forgotten/lost the key for that particular instance.

Could the key-information be created in some other way from a newspaper in Hong Kong?

JerryJune 22, 2015 10:37 AM

@Bruce:


We know from other top-secret NSA documents that as far back as 2008, the agency's Tailored Access Operations group has extraordinary capabilities to hack into and "exfiltrate" data from specific computers, even if those computers are highly secured and not connected to the Internet.

hmmm so how does NSA exfiltrate data from computers that are not connected to the Internet?

Quantum Teleportation? Ad-hoc networks utilizing sound cards and microphones communicating with each other? something else?

Does this mean any x32/x64 computer is vulnerable, whether connected to internet or not?

gordoJune 22, 2015 11:16 AM

@ Jerry, see these at El Reg:

Air gaps: Happy gas for infosec or a noble but inert idea?
Spooks and boffins jump 'em, but real-world headwinds remain strong
Darren Pauli | The Register | 11 Feb 2015
http://www.theregister.co.uk/2015/02/11/air_gap_feature/

Israeli boffins hack air gap, fire missiles on compromised kit
Slow command and control code uses PC hot spots to murmur secrets
Darren Pauli | The Register | 25 Feb 2015
http://www.theregister.co.uk/2015/03/25/israeli_uni_boffins_fire_missiles_in_hot_new_air_gap_attack/

JonJune 22, 2015 12:05 PM

What I still find hilarious is their insistence that the NSA never did industrial espionage, that they never shared their information with publically or privately owned corporations.

Except when Mr. Snowden was gathering such evidence, he had access due to his being an employee of Booz Allen Hamilton, a corporation...

Yeah, there were 'firewalls' in place. Yep. I believe NOT.

J.

Nick PJune 22, 2015 12:11 PM

@ Bruce

It's a good essay. Yet, it has a huge failure: sounding a bit too speculative when there's little to speculate about. The U.S. government, including intelligence agencies, have been telling us for years that our secret programs are repeatedly compromised by spies and hackers. This, esp specific reports, should be mentioned so they get press & government's real situation hits public consciousness. Not OPM or White House: military, police, and defense organizations getting robbed of secrets important to national security. Apples for apples. Cite examples showing just how pervasive the attacks are and by so many different actors. Hint that they couldn't protect (insert specific technology) despite all the security. So, clearly the enemies were using similar methods on contractors like Booz with poor security on a hiring spree.

Sample report. Combine that with Mandiant's or another showing TB of data exfiltrated by hackers from defense contractors. The combo of thorough HUMINT & SIGINT compromise means it's believable when Putin says they already knew the capabilities. The papers indicate Russia had about every secret we knew at one point. Situation is probably still pretty bad given that China is flying *a stealth fighter* very similar to ours.

Like us on eOPF/EPIC!June 22, 2015 12:35 PM

Bruce is right, there's no way Snowden was the first guy to make fools of NSA.

The statist Snowden propaganda is two-pronged:

1) SNOWDEN RUSSIAN COMMIE SPY!!!! for the low-normal audience;
2) "Snowden's better than Manning" for people of intellect.

To reiterate No. 2 they recently trotted out Hodding Carter. The purpose here is to avoid the obvious implication: NSA have had years to adapt their sources and methods. If their OPSEC can't handle a dump by now, the agency deserves to get defunded down to zip. Poitras should announce a complete dump because that data is ours, not NSA's. Every new disclosure of state crime makes that clearer.

Now we all know that your government's real enemy is human rights:

http://www.theguardian.com/uk-news/2015/jun/22/gchq-surveillance-two-human-rights-groups-illegal-tribunal?CMP=twt_gu

We know where Rolf Weber gets his orders when he's reciting Number 1:

https://firstlook.org/theintercept/2015/06/22/controversial-gchq-unit-domestic-law-enforcement-propaganda/

Nobody needs NSA or GCHQ, total tits on a bull.

82de478ea93bdd87June 22, 2015 12:40 PM

The Sunday Times article looks as a biased editorial on a pro-NSA newspaper. Agreed, it does not follow the standards of professional journalism at all.

May Russia and China have copies of some of the documents stolen by Snowden two years ago? Sure, they can. But it does not mean that Snowden has given them a copy of the documents. May these documents have been stolen from journalists laptops? Indeed, why not? However, even a security illiterate is able to protect a computer using an air gap. Just buy a cheap computer, never connect it to the Internet, and do a one way transfer of files to non airgapped computers, never reusing the media on the airgapped computer. Easy.

We all know, in some way, how intelligence agencies operate. It is much easier to think on these documents being stolen by other agencies.

FVEY members share communication networks, databases and document repositories. There is a weakness here. These documents and databases are shared over international networks, either public or classified. When a intelligence agency needs information from their own citizens (something that they cannot legally gather themselves) just ask their friends at other FVEY agencies to do the work and gave them access to captured data.

They are listening on international links, this is the way all their illegal programs work.

To me, it is easier stole data directly from the repositories managed by the intelligence agencies than from a few devices owned by journalists.

On the other hand... I do not understand the encryption issue. Snowden himself may not have access to the documents stolen from the NSA, but it is obvious there are journalists that have full access to these documents.

No Place to Hide is clear on this point, the journalists have full access to the documents carried by Snowden. They read these documents on the plane to Hong Kong. So the documents cannot be considered "protected by unbreakable encryption".

I think that Snowden did a great service -- perhaps not to the United States government, but to the citizens, not to say to people that lives out of the United States. However, in my humble opinion these documents should have been released to an international team of experts on security, not to journalists.

albertJune 22, 2015 2:38 PM


RE: Snowden,
He was one of many contractors working in the IC. This is but one downside of privatizing IC functions. (Actually, privatizing _any_ govt entities or private infrastructure always has serious downsides.) If you care about security, using contractors is not the way to go. Better to make them all military, subject to military law. (e.g. Manning vs. Snowden). They are easier to scapegoat, punish, and marginalize...and catch. The deeper moral and legal analyses are being ignored here, as well as the kind of society that contributes to this sort of behavior, not to mention US foreign policy, which is foreign to the planet.
.
RE: Air-gapping,
There was a huge discussion here recently. While everyone is working on clever but far out schemes to defeat it, it seems to me that air-gapping offers orders of magnitude more security than any other scheme. Hacking air-gapped computers requires close proximity, or some sort of hardware/software hack to enable larger effective distances. The Internet is fast and convenient. Ordinary folks like that, so does the CEO of the energy company, so he can check out his nuke plants on his iPad before he goes to bed, or demo it to his golf buddies. Programmers can program control systems from anywhere in the world (Iran knows this well).
.
We can start by reducing the 'operator error' factor, and we need some common sense thrown in. Air-gapping needs to be required for critical infrastructure controllers. If someone can plug in a CD, or USB device, then air-gapping is useless.
.
Face it, 99.9%% of the NSA data stores are useless for stopping 'terrorism'. They may help 'track back', but often there's no one to track back to. They may help in punishing the evildoers; the gov't seems to enjoy punishing people; it's not a policy of prevention. However, these data stores are VERY useful for harassing, marginalizing, perverting, persecuting, or prosecuting individuals or groups that the govt considers terroristic (see @Skepticals list in the preceding post), which can be conveniently adjusted to fit any scenario. It's also handy to have a list of folks who criticise govt policies, and with Congressional approval ratings in the toilet, so to speak, that's a BIG list. Don't forget folks who keep bringing up the pesky 'free speech' issues. The nerve of them! Damn the 1st and 4th Amendments, full speed ahead! Fascist states already know their enemy. It's EVERYONE:)
.
The Elite need to churn out more window dressing. The system is getting unstable.
.
"You can piss off some of the people some of the time, but not all of the people all of the time." P.J. Barnum.
...

ErikAnJune 22, 2015 5:46 PM

I don't get why people don't reverse engineer all the never seen before software that is running on the possibly compromised computers. Even the most complicated software like Stuxnet and Flame could be shown and disabled with tools like Sysinternals Autoruns, despite that they had fake certificates that showed up, they could be flagged as unknown and therefore suspicious software that had to be reverse engineered.

AndrewJune 22, 2015 6:12 PM

@erikan
That is a common missconception, "rootkit-like" malware or code hidden into BIOS or HDD/USB firmare cannot be detected with common methods, sometimes with ANY method.

65535June 22, 2015 6:41 PM

@ Mace Moneta

"That's more likely to be due to the OPM hack."

I agree.

The data in the SF-86 is more accurate and contains more links to actual human individuals.

Those links could be friends and family members in the Agency and branch links to people who introduced them to the Intelligence Community.

I would not doubt that Snowden and his family are in those documents that were stolen.

BluntJune 22, 2015 7:41 PM

There's a symmetric imbalance here. While the US police state is all offense and no defense, civil society is overwhelmingly defensive.

There's a reason for that. Freedom of information threatens this criminal state more than privacy. As a privacy advocate, ioerror gets government funding. As a freedom-of-information advocate he's subjected to vindictive prosecution and extralegal harassment. NGO work on freedom of information is consequently highly legalistic, playing by the rigged rules with which the government conceals state crimes. Meanwhile CIA is busily destroying evidence, from torture to JFK assassination records opened for disclosure.

Civil society can get some offensive capability by moving into the transnational space. INGOs and the international community relax constraints on information freedom. Russia is the current leader here. Its countermeasures to US interference hit US government legitimacy by disclosing state crimes.

Comey is demanding that the public submit to continuous digital cavity search. A finger up his own butt would quickly fish out proof of FBI's complicity in serious crimes including assassination of prominent dissidents, the Lockerbie bombing, OKC, WTC, AMERITHRAX and 9/11, and the Boston Marathon Bombing.

The real crown jewels are not pedophilia at DoD or peculation at DEA. It's not how much weed I smoke. The real crown jewels are records showing armed state attacks on civilian populations, torture, murder, and aggression. Anybody think China and Russia do not have this? They know they will need it for thorough de-Baathification after WW II 1/2. Anybody think Saudi or Israel would hesitate to rat the US out?

State crime is getting harder to conceal as CIA disperses to metropolitan areas under post-9/11 COG and COOP plans. The fusion centers are a juicy attack surface, with dumber apparatchiks and distributed C3I. That's one reason why the Boston Marathon party line is breaking down in record time. Take this - https://www.blackhat.com/us-15/briefings.html#pen-testing-a-city - and factor in superior SCO intel capacity, and you've got CIA scumbags swingin like Saddam in droves.

Brian DellJune 22, 2015 10:02 PM

How long was Snowden in Hong Kong before he declared that "the United States government has committed a tremendous number of crimes against Hong Kong. The PRC as well" and went on to detail the IP addresses the NSA was monitoring in China? Even Greenwald could come up with no other explanation besides “What motivated that leak though was a need to ingratiate himself to the people of Hong Kong and China.”

He then goes to Russia and loses all need to "ingratiate" himself with his hosts?

Bruce's angle here is too convenient by half. Should it get to the point that there's no longer any denying the damage done to Western interests, "would've have happened anyway" just excuses it all? We all realize that a murder victim would eventually die anyway, right?

gordoJune 22, 2015 10:54 PM

@ Brian Dell,

He then goes to Russia and loses all need to "ingratiate" himself with his hosts?

Russia seems fine with the ongoing publication of leaked documents.

China, maybe not always.

Fake CanucksJune 22, 2015 11:15 PM

Look at persona Brian Dell trying to fool you with cheap tricks for dimbulbs. Brian Dell quotes Greenwald about the people of Hong Kong and China. Then Dell tries a lame-ass switcheroo, substituting the word hosts for people to imply the government-issue propaganda line: Snowden is reporting to the Government of Russia. Snowden is informing the people. Brian Dell wants you to think that Snowden is informing the government but he can't come out and say so. So he engages in furious handwaving to obscure the distinction between a spy and a rights defender.

Then Dell tries a variation on the same trick, whining about damage to 'Western interests,' though he means damage to the legitimacy of US government organizations that breach the Vienna Convention on Diplomatic Relations, the ICCPR, the ECHR, the IACHR, and the non-interference principle.

Dell, this is not like your base, there are smart people here.

rgaffJune 23, 2015 1:10 AM

@Brian Dell

As long as Snowden embarrasses the USA, that's enough to ingratiate himself with Russia. He doesn't need to hand over secrets that they already have. All the leaks and ongoing headlines and interviews and everything continue to embarrass the USA, so he's in.

And this embarrassment is well deserved. All you who destroy the constitution and all human rights and promote war crimes deserve that and much much worse. You deserve long prison sentences. You are treasonous war criminals.

albertJune 23, 2015 10:15 AM

Dell talks about "...damage done to Western interests...". I don't recall any evidence of this, except proclamations by the govt. US gov't proclamations have an extremely poor track record in the area of truthfulness. The Cheney/Bush admin actually create their own private IC, because the established IC wasn't giving them the 'right' answers about Iraq.

Amazingly, there are still folks who think the Vietnam War was justified, which puts them in the nutters, along with the holocaust deniers, phrenologists, flat-earthers, and most theistic religions.

So it becomes a question of whom you want to believe. The Snowden documents are available. They can be studied. That's objective and rational. Anything else is religion.

.
...

SkepticalJune 23, 2015 1:15 PM

The comment by Harald, above, articulates well what I thought to be a weak point in the essay.

Snowden and Manning were insiders who turned hostile. But other than compromises by individuals like Manning and Snowden, we have not heard of any by others within the NSA who were acting as agents for a foreign government.

If a state of nearly complete network transparency existed between technologically advanced governments, AND if Russia and China had agents inside NSA, then we would expect at least one of those agents to have been caught and prosecuted over the last 20 years (making certain reasonable assumptions).

Yet that hasn't happened. Leaving aside paranoid fantasies of secret extra-judicial measures taken against any that were detected, that absence of expected event strongly implies that either the US has not fully compromised Russian or Chinese networks, or that neither Russia nor China have managed to acquire an agent inside the NSA with the capability to export the amount of information that Snowden has.

Of course there are lines of attack other than via a hostile insider. It's very difficult to argue, though, that because certain of those other lines have succeeded against some targets, that therefore all targets must have been compromised.

rgaffJune 23, 2015 1:47 PM

@Skeptical

"Snowden and Manning were insiders who turned hostile."

Being hostile to criminal behavior is a good thing. Lest you say "but it's legal"... no, the Constitution, the higher law of the land, says it's not, and the courts agree more and more as time goes on... And using various forms of trickery to attempt to stop constitutional challenge to such bad laws is treasonous. Your buddies all belong in prison. You support criminals and criminal behavior. This is what you are. This is what you do.

JustinJune 23, 2015 2:13 PM

@ rgaff

Skeptical does well to remain somewhat aloof to comments such as yours.

I am strongly in favor of the Constitution, but I do not see Snowden and Manning as supporters of my Constitutional rights. In fact, they betrayed the defenders of my Constitutional rights.

Our rights are not free. They require defense. And that defense requires intelligence.

You seem hostile to our entire system of constitutional government, to the point of advocating an extreme lustration. I don't know what else you advocate for, but your ideas are foreign to my country and my Constitution.

gordoJune 23, 2015 4:44 PM

Like almost most everything about this story, "We don't know what we don't know".

Said such discussion threads are like Diceware shake boxes [ctrl-f/shake]. Each tangent a new round; each comment the next die on the slide; should I slide from the right or from the left; is that one or six dots I see on the die; am I biased in my ordering; if so, by how much?

@ Skeptical

Snowden and Manning were insiders who turned hostile. But other than compromises by individuals like Manning and Snowden, we have not heard of any by others within the NSA who were acting as an agent for a foreign government.

That's a loaded statement or two. Here's a rewrite [feel free to improve upon, it if you wish]:

Snowden and Manning were insiders who leaked United States government secrets. Including the compromises by individuals like Manning and Snowden, there is no evidence of anyone leaking secrets from within the NSA who is or was acting at the behest of or as a agents for a foreign government.

More on those other two leaks:

"The US Intelligence Community has a Third Leaker"

Bruce Schneier | Schneier on Security | Posted on August 7, 2014

Everyone's miscounting.

https://www.schneier.com/blog/archives/2014/08/the_us_intellig.html

@ Justin,

I base my opinions on a preponderance of the evidence.

As for a simple punishment, if not rehabilitation matrix, depending upon the severity of an offense, and going from most to least:

1. Imprisonment

2. Fines
3. Censure
4. Community service
5. Combinations of 1-4

rgaffJune 23, 2015 7:00 PM

@ Justin

I see you want to "save" the Constitution by destroying it too then... Outlawing all privacy goes against the constitution. Law enforcement scooping up and monitoring everything everyone says or does goes against the constitution. Government officials can do what they want with impunity and not fear anything, according to people like you. Like perjury before Congress? pfff... nothing. What's your job that you want that kind of power?

I am fine with people remaining aloof to my comments. Here's a secret: I'm not really talking to those who are entrenched and unchangeable in their naziism.... but the rest of the readers. When I put an @ in front it often means a reply to that person's content, not a reply to that person ;)

SkepticalJune 23, 2015 7:19 PM


@gordo: I'm fine with either. I doubt Snowden was a Russian agent, and I've been clear on that point for a long time. The question isn't whether individuals have leaked, or whether some individuals will leak, classified information to the media.

My point is that, taking Schneier's conclusions about Russian/Chinese compromise of US protected networks, and about US compromise of Russian/Chinese protected networks, we can derive with high confidence a testable empirical prediction: the existence of prosecutions of Russian and Chinese agents inside the NSA.

But that prediction fails. And that's a good reason to doubt the theory.

gordoJune 23, 2015 10:58 PM

@ Skeptical,

As you read it, you know that Mr. Schneier is not speaking of only insider hacks of unclassified systems. From his Wired piece:

Those government hacking examples above were against unclassified networks, but the nation-state techniques we're seeing work against classified and unconnected networks as well.


[...]

I am reminded of a comment made to me in confidence by a US intelligence official. I asked him what he was most worried about, and he replied: "I know how deep we are in our enemies' networks without them having any idea that we're there. I'm worried that our networks are penetrated just as deeply."

Here are a couple of examples that give more weight to that argument:

Joint Strike Fighter -- Face of Cyberwar?
Richard Bejtlich | TAOSecurity | July 05, 2010

Does anyone remember this story from April 2009?


Computer Spies Breach Fighter-Jet Project

Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project -- the Defense Department's costliest weapons program ever -- according to current and former government officials familiar with the attacks...(par. 1-2)

http://taosecurity.blogspot.com/2010/07/joint-strike-fighter-face-of-cyberwar.html

...one from 2013:

Report: Chinese hackers breach top weapons designs
The charge by a defense panel comes a month before visit by China's president to California.
Doug Stanglin | USA TODAY | May 28, 2013

The compromised weapons designs include, among others, advanced Patriot missile system, the Navy's Aegis ballistic missile defense systems, the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter and the F-35 Joint Strike Fighter. (par. 2)

http://www.usatoday.com/story/news/nation/2013/05/28/chinese-hackers-post-designs-breached-compromised/2364969/

...and one from 2014:

Hacking Trail Leads to Russia, Experts Say
Malicious Code Found at U.S. Firm Where Military Secrets Were Kept
Danny Yadron and Siobahn Gorman | The Wall Street Journal | Oct. 28, 2014

“I worry a lot more about the Russians” than China, America’s top spy, Director of National Intelligence James Clapper, said at a University of Texas forum this month, speaking of cyberattacks.


A U.S. official said differentiating between Russian criminal hackers and government hackers is difficult because the government uses cybersurveillance tools created by criminal groups and criminals use tools developed by the government. (last two paragraphs)

https://www.reddit.com/r/russia/comments/2kl93l/hacking_trail_leads_to_russia_experts_say_wsj/

...and then, there's this:

How Snowden did it
Richard Esposito and Matthew Cole | NBC News | Aug 26 2013

As a Honolulu-based employee of Booz Allen Hamilton doing contract work for the NSA, Snowden had access to the NSA servers via "thin client" computer. The outdated set-up meant that he had direct access to the NSA servers at headquarters in Ft. Meade, Md., 5,000 miles away. (par. 5)

http://www.nbcnews.com/news/other/how-snowden-did-it-v20197183

coda:|

I read the the news today, oh boy . . .

Hidden MoleJune 24, 2015 7:56 AM

It is standard intelligence practice not to act on information provided by a hidden mole in order to hide the existence of the mole. The NSA has admitted that they do not know what Snowden uncovered. That means to some degree that anything obtained through a mole pre-Snowden is now fair game to be acted upon as the NSA will not be able to attribute the leak to a different breach.

Of course, it could be that the NSA knows exactly what was taken, and lied about that to help discover other leaks.

SkepticalJune 25, 2015 7:07 AM


@gordo: As you read it, you know that Mr. Schneier is not speaking of only insider hacks of unclassified systems.

Yes, but it's not an easy argument to begin with examples of network compromises 1 to n, and then claim that therefore all networks have been compromised. The number of assumption one would have to make are many, and so I don't find it very persuasive.

I also find it unlikely that there could be a complete compromise of US classified networks that would go undetected. The behavior of the state which had done so would give away the secret (as Soviet behavior did for every major penetration).

Obviously a state would prefer to conceal the fact of its penetration, but that's actually difficult to do effectively as the value of acting on the information acquired rises.

gordoJune 25, 2015 11:31 AM

@ Skeptical,

The claim is not that all networks have been compromised, but that all networks can be compromised, and, for that matter, not just computer networks.

This would be Rumsfeld's "unknown knowns". In this sense, the common refrain, "if you believe that you haven't been breached, you either don't know it, or you will be", holds. It's a risk assessment.

The examples cited show that degree of difficulty is no barrier.

The focus on detection is due to the inability to prevent. The newer emphasis on response is due to the inability to detect.

The unsubstantiated claims in the Sunday Times headline merely show how this state of affairs can be put to use.

Attribution is no longer source, but method.

SkepticalJune 25, 2015 2:35 PM


@gordo: the claim is that classified networks have long since been penetrated, including those to which Snowden had access. The examples cited certainly do not demonstrate that ANY network can be penetrated by means other than insider compromise.

As to your "unknown known"? I think you meant to write that whether a network has been compromised is at best a "known unknown", i.e. a question the answer to which we know that we don't know (there are known unknowns - things that we know we don't know - there are known knowns - things that we know we know - and then there are unknown unknowns - things that we don't know that we don't know).

Two things. First, you again miss the point that if each nation has penetrated the classified networks of the other, then both would likely be aware of those penetrations. So, given the assumptions in the essay, in fact network compromise is unlikely to be a known unknown - it'll more likely be a known known after you stumble across the penetration of your network while roaming about the foreign network that you've penetrated. How awkward for everyone!

Second, even if only one nation had succeeded, the penetrated nation still may be able to estimate with some confidence that it has been penetrated - the level of confidence depending in part on what information its networks hold and how the penetrating government behaves.

A third point - if an adversary is indiscriminate and hungry enough, one may well quite willingly part with a large amount of sensitive information if one is able to include a few key pieces that will cause serious indigestion - to the point of ruining the meal - after the adversary has begun to eat.

That last point relates in part to a classic counterintelligence problem: how do you determine whether a defector is genuine, or whether he has been sent to sow disinformation?

One way would be to simply measure the cost to the adversary of parting with the verifiably good information which would be packaged along with any disinformation. If that cost obviously exceeds any benefit the adversary could gain via successful disinformation, then the defector is likely genuine.

This may be an issue Snowden considered in deciding what information to take - which has formed part of my concerns about what he may have done.

BuckJune 25, 2015 7:14 PM

@Skeptical

First, you again miss the point that if each nation has penetrated the classified networks of the other, then both would likely be aware of those penetrations. So, given the assumptions in the essay, in fact network compromise is unlikely to be a known unknown - it'll more likely be a known known after you stumble across the penetration of your network while roaming about the foreign network that you've penetrated.
A known known to those doing the penetration or getting penetrated, probably... Though it's a pretty big assumption to suggest that they would let anyone else know about it -- especially those who foot their bills. It'll only get awkward when folks who don't play that game start to air the big boys' dirty laundry.

gordoJune 25, 2015 10:36 PM

@ Skeptical,

You wrote:

the claim is that classified networks have long since been penetrated, including those to which Snowden had access. The examples cited certainly do not demonstrate that ANY network can be penetrated by means other than insider compromise.

Yes, my example set was limited. We are, however, starting to see more evidence of other insider leaks, albeit anonymous whistleblowers. That we don't see all the results of insider-mole espionage is, by definition, quite natural. Same applies to phishing. Please read on.

As to your "unknown known"? I think you meant to write that whether a network has been compromised is at best a "known unknown", i.e. a question the answer to which we know that we don't know (there are known unknowns - things that we know we don't know - there are known knowns - things that we know we know - and then there are unknown unknowns - things that we don't know

Re: "Unknown knowns":

On this point, I agree with Mr. Gray (see his article cited below) and apply it to our knowledge of that broad swath of breaches of classified government systems, and their apparently inherent security weaknesses, which, from the evidence we've seen, seem "intrinsically impossible to protect" [Ctrl-f/intrinsically].

A Point of View: See no evil
Magazine BBC News | 10 January 2014

“Some things we know but prefer not to think about, says John Gray - whether it's the truth about the invasion of Iraq or the failures of the financial system that led to the banking crisis.”

http://www.bbc.com/news/magazine-25680144

Two things. First, you again miss the point that if each nation has penetrated the classified networks of the other, then both would likely be aware of those penetrations. So, given the assumptions in the essay, in fact network compromise is unlikely to be a known unknown - it'll more likely be a known known after you stumble across the penetration of your network while roaming about the foreign network that you've penetrated. How awkward for everyone!

Please see my response to your previous item. Yes indeed! -- "How awkward for everyone!”

Second, even if only one nation had succeeded, the penetrated nation still may be able to estimate with some confidence that it has been penetrated - the level of confidence depending in part on what information its networks hold and how the penetrating government behaves.

See, again, “Re: Unknown knowns” above, and my response to your next item.

A third point - if an adversary is indiscriminate and hungry enough, one may well quite willingly part with a large amount of sensitive information if one is able to include a few key pieces that will cause serious indigestion - to the point of ruining the meal - after the adversary has begun to eat.

>> They’re not indiscriminate. As opposed to “pure intelligence [Ctrl-f/pure]”, it’s just more difficult to hide or keep secret some kinds of intelligence product. With trade-offs like that, what's a little indigestion?

That last point relates in part to a classic counterintelligence problem: how do you determine whether a defector is genuine, or whether he has been sent to sow disinformation?


One way would be to simply measure the cost to the adversary of parting with the verifiably good information which would be packaged along with any disinformation. If that cost obviously exceeds any benefit the adversary could gain via successful disinformation, then the defector is likely genuine.

This may be an issue Snowden considered in deciding what information to take - which has formed part of my concerns about what he may have done.

That’s ad-hominem. Mr. Snowden is not a defector. O2.

gordoJune 27, 2015 11:36 AM

Below is from Part 3 of a Washington Post series on The History of the Internet. Part 3 was published after a discussion thread on the first two parts was started.

The excerpt below is another example of how we ignore threats in the face of evidence, i.e., the idea of "unknown knowns".

NET OF INSECURITY
A disaster foretold — and ignored
LOpht’s warnings about the Internet drew notice but little action

As for the security issues they once highlighted for the U.S. government and the world, the news is far worse. Hackers — the black-hat kind — have consistently outrun efforts to impose security.


Wysopal offered this grim precedent: Cities were once vulnerable to disastrous fires, which raged through dense clusters of mostly wooden buildings. It took a giant fire in Chicago to spur government officials into serious reforms, including limits on new wooden structures, a more robust water supply for suppressing blazes and an overhaul to the city’s fire department.

“The market didn’t solve the problem of cities burning down,” Wysopal said, predicting that Internet security may require a historic disaster to force change. “It seems to me that the market isn’t really going to solve this one on its own.”

But here’s a frightening fact: The push to create tough new fire-safety standards did not start after the Great Chicago Fire in 1871, which killed hundreds of people and left 100,000 homeless. It took a second fire, nearly three years later in 1874, to get officials in Chicago to finally make real changes. (these are the last few paragraphs of the article)

http://www.washingtonpost.com/sf/business/2015/06/22/net-of-insecurity-part-3/

One criticism of the Sunday Times piece was that it was an attempt to divert attention away from the ineffectiveness of mass surveillance or bulk collection in stopping acts of terrorism. That, as the saying goes, is to say the least.

TomTrottierJune 29, 2015 3:15 AM

While you may be the reigning guru of security, your nuanced Wired article was obfuscatory. Just say, "China & Russia probably had all of Snowden's 'revelations' long before Snowden gave them to the journalists."

I still disagree. Traversing air gaps is hard without a human agent. There are likely layers upon layers, shells around shells, gap after gap, protecting each of Snowden's documents - and others. Only someone with admin access could accumulate a substantial number of them, and only then over a substantial amount of time.

Since the revealed documents are mainly management stuff (rather than program/maintenance documentation) used by probably 2nd level managers and above, it seems likely that even with 10k employees in the NSA, maybe only a hundred or three used them, with only 3-6 system admins to manage the systems and files, depending on how they were organized. One of these few was Snowden. They probably did watch the sysadmins' finances, marriages, & travels, but missed any warning signs.

Then again, would the journalists appreciate low-level documentation? More keeps coming. It stands to reason that the management presentations are easier to analyse and present, but the material is aging...

gordoJune 29, 2015 12:55 PM

@ TomTrottier, you wrote:

your nuanced Wired article was obfuscatory. Just say, "China & Russia probably had all of Snowden's 'revelations' long before Snowden gave them to the journalists."

Was Mr. Schneier nuanced or contextual?

I want to focus on the actual question: Do countries like China and Russia have copies of the Snowden documents?


I believe the answer is certainly yes, but that it's almost certainly not Snowden's fault. (par. 1-2)

Was Mr. Schneier obfuscatory or stating plainly?

Which brings me to the second potential source of these documents to foreign intelligence agencies: the US and UK governments themselves. I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades. (par. 7-8; emphasis added)

@ TomTrottier, you also wrote:

Since the revealed documents are mainly management stuff (rather than program/maintenance documentation) used by probably 2nd level managers and above, it seems likely that even with 10k employees in the NSA, maybe only a hundred or three used them, with only 3-6 system admins to manage the systems and files, depending on how they were organized. One of these few was Snowden. They probably did watch the sysadmins' finances, marriages, & travels, but missed any warning signs.

...digging back in time, a bit:

US doesn't know what Snowden took, sources say
Michael Isikoff, Matthew Cole, and Richard Esposito | NBC News | Aug 20 2013

NSA had poor data compartmentalization, said the sources, allowing Snowden, who was a system administrator, to roam freely across wide areas. By using a “thin client” computer he remotely accessed the NSA data from his base in Hawaii.


One U.S. intelligence official said government officials “are overwhelmed" trying to account for what Snowden took. Another said that the NSA has a poor audit capability, which is frustrating efforts to complete a damage assessment. (par. 5-6; hyperlink added)

http://www.nbcnews.com/news/other/us-doesnt-know-what-snowden-took-sources-say-f6C10964007

See also:

Both These Things Cannot Be True
Published August 20, 2013 | By emptywheel
https://www.emptywheel.net/2013/08/20/both-these-things-cannot-be-true/

Lastly, like Sunday Times' discrediting itself and NSA's past poor security hygiene, this discussion is nothing new:

How Snowden got the NSA documents
A report confirms what was likely all along, that Edward Snowden's contractor job gave him unrestricted access to a mountain of sensitive materials for which he had no legitimate need.
Larry Seltzer | ZDNet | August 26, 2013

Right now, based on the NBC News article and what Snowden was able to get away with, it appears that very little scrutinizing is going on at the NSA. With 2 levels of security access, "Top Secret" and "Unfettered", it's surprising that a Snowden-like leak didn't happen long ago. Perhaps it has happened, but all of those leakers went straight to the Chinese and Russians and didn't bother with the press. (par. 8; hyperlink added)

http://www.zdnet.com/article/how-snowden-got-the-nsa-documents/

JustinJune 30, 2015 6:13 PM

@TomTrottier

Only the encryption keys themselves need to be exfiltrated from the air-gapped systems. Then, when the journalists communicate those documents to each other encrypted, they can be decrypted at will.

"layers upon layers"

Not likely, and even in theory, that wouldn't help more than one good layer anyways.

"Traversing air gaps is hard without a human agent."

Yeah. "Without a human agent." Now isn't that a big assumption to make concerning Russia and China? How about a black-bag job? Plant a hardware keylogger on the keyboard of their famously air-gapped system. Come again and collect those passphrases and private keys.

gordoJune 30, 2015 9:56 PM

@ Justin,

Though I was speaking to reports of apparently past poor data compartmentalization practices in general at NSA, and not air gaps per se, there does seem, however, to be official government support to the view that a culture of password sharing at an NSA facility led to key logging.

More on that here:

NSA employee implicated in Snowden probe resigned, memo says
Ellen Nakashima | Washington Post | February 13, 2014

A Reuters report last fall said that “a handful of agency employees” had given their log-in credentials to Snowden and were removed from their assignments. Snowden, the report said, “may have persuaded between 20 and 25 fellow workers” to give him their log-ins and passwords by telling them they were needed for him to do his job as a computer systems administrator.


[...]

The memo stated: “Further, at Mr. Snowden’s request, the civilian entered his PKI password at Mr. Snowden’s computer terminal. Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information.”

https://www.washingtonpost.com/world/national-security/nsa-employee-implicated-in-snowden-probe-has-resigned/2014/02/13/44f37a3e-94c7-11e3-b46a-5a3d0d2130da_story.html

See also:

Exclusive: Snowden Swiped Password From NSA Coworker
Michael Isikoff | NBC News | Feb 14 2014
http://www.nbcnews.com/news/investigations/exclusive-snowden-swiped-password-nsa-coworker-n29006

Snowden denies stealing passwords to access secret files
Greg Miller | Washington Post | January 23, 2014
https://www.washingtonpost.com/world/national-security/snowden-denies-stealing-passwords-to-access-secret-files/2014/01/23/d1f7d9e4-8472-11e3-8099-9181471f7aaf_story.html

-----

Regarding your second point and @ TomTrottier's statement, "Without a human agent":

Fake background checks aside, the following item tells of what may only be the most recent hack of background check files held by OPM (recall that OPM had no IT staff until 2013, let alone security personnel).

Hacks Bring Down US Background Check System — But the Worst Is Yet to Come
Justin Rohrlich | Vice News | June 29, 2015

Further, there's no way to know if any SF-86 applications were surreptitiously altered on behalf of an enemy agent who wouldn't have otherwise made it through the application process.


"If that's the case, then we can no longer trust the foundation of the security clearances that have already been issued," ThreatConnect CEO Adam Vincent said. "There could be people with top secret security clearances working inside US intelligence agencies right now who were improperly cleared by secretly edited SF-86es." (par. 14-15)

https://news.vice.com/article/hacks-bring-down-us-background-check-system-but-the-worst-is-yet-to-come

The CYA list keeps getting longer.

WaelJune 30, 2015 10:54 PM

@gordo,

Fascinating! NSA, no less, made such a mistake! They should have distinguished between "user authentication" and "device authentication" -- multi-entity authentication (not multi-factor)!

Had they done that, this scenario would have failed, flagged and detected:

Further, at Mr. Snowden's request, the civilian entered his PKI password at Mr. Snowden's computer terminal. Unbeknownst to the civilian, Mr. Snowden was able to capture the password...

There is one more thing: The PKI password is supposed to protect the private key which implies Snowden got a hold of the private key (in a wrapped format) then was able to use it once he captured the password. This "attack" would have failed had the cert been protect and bound to the civilian's computer by something like a TPM... Oh, well... If the certificate was software-protected say on Windows, and marked as "not exportable", then Snowden must have been able to export it to his computer (using tools like jailbreak (not Android jailbreak)) which implies he either had physical access and or admin privileges to the civilian's computer.

Nick PJune 30, 2015 11:06 PM

@ Wael

That's a good point. I thought they used CAC's which did PKI stuff, including authentication, on-chip. Maybe I misread some material on it or Booz wasn't using those. I'm leaning toward the latter given their general lack of security.

Cheap skates should've hired real engineers like us doing real security. They didn't. Now they're paying for it. Lulz.

WaelJune 30, 2015 11:27 PM

@Nick P,

A CAC is a two-factor authentication "thing". Smart cards authenticate a user, not a device. Even in that case, how was Snowden able to use the "password" without access to the civilian's smart card, did he clone it? Something fishy here. But maybe I missed something or made an erroneous assumption somewhere... It's easy to criticize ;)

Cheap skates should've hired real engineers like us doing real security. They didn't. Now they're paying for it. Lulz.

Why would they? We're giving free consultation already. I say @Bruce should start charging them a fee :)

JustinJuly 1, 2015 12:20 AM

@gordo

Will horrors never cease?

Further, there's no way to know if any SF-86 applications were surreptitiously altered on behalf of an enemy agent who wouldn't have otherwise made it through the application process.

They're looking for petty issues on form SF-86; overly broad generic HR-type concerns. The real stuff, the things they do secretly, they're not even going to find when they do a cursory background check. Almost all real enemy agents that have been caught passed a background check with no issues whatsoever. Whether those were altered or they already had a cover that checked out before they applied, who knows? But when it comes time to renew their clearance, are they still going to check out?

They have a matrix of issues that are general concerns. But what's the real question? Is this person likely to be a good, conscientious, honest employee, and not an enemy agent? They tried to answer this question in a bureaucratic way, with voluminous bureaucratic forms to fill out, and the usual careless bureaucratic processing of those forms. They are so stifled by the bureaucracy that can't even maintain the integrity, much less the confidentiality, of the hiring process.

gordoJuly 1, 2015 1:14 AM

@ Wael, Nick P,

Thank you for helping to make that clear to me, of the uninitiated masses, and a non-adept!

I think that you've nailed one side of the CYA coin.

Supporting materials here:

Deciphering How Edward Snowden Breached the NSA

Jeff Hudson | Venafi CEO | November 12, 2013
https://www.venafi.com/blog/post/deciphering-how-edward-snowden-breached-the-nsa/

How Did Snowden Do It?
Experts piece together clues to paint possible scenarios for how the NSA contractor accessed, downloaded, and leaked secret agency documents on its spying operations
Kelly Jackson Higgins | Dark Reading | November 13, 2013
http://www.darkreading.com/attacks-breaches/how-did-snowden-do-it/d/d-id/1140877

The below story, from NPR, however, was referenced in the Dark Reading story cited above, came out a couple of months prior to Venafi's and other reports, and may account for the other side of the CYA coin.

The NPR story seems to lend itself to Mr. Snowden's claim that he had not "ever stolen his co-workers’ passwords or otherwise tricked them to gain access" to the leaked documents.

Could an information sharing regime, of the sort described in the excerpt below, account for Mr. Snowden having possibly unfettered(?) access to the leaked documents? If so, then the key fabrication, pun intended, may be exactly that.

Officials: Edward Snowden's Leaks Were Masked By Job Duties
Tom Gjelten | NPR | September 18, 2013
http://www.npr.org/2013/09/18/223523622/officials-edward-snowdens-leaks-were-masked-by-job-duties

According to the officials, the documents Snowden leaked — the memoranda, PowerPoint slides, agency reports, court orders and opinions — had all been stored in a file-sharing location on the NSA's intranet site. The documents were put there so NSA analysts and officials could read them online and discuss them.


"Unfortunately for us," one official said, "if you had a top secret SCI [sensitive compartmented information] clearance, you got access to that."

The importance of such information-sharing procedures was one of the lessons of the Sept. 11, 2001, attacks. Law enforcement and intelligence agencies were unable to "connect the dots" before the attacks because they were not always aware of what other agencies knew.

As a systems administrator, Snowden actually had the responsibility to go to the NSA intranet site and move especially sensitive documents to a more secure location. The assignment was the perfect cover for someone who wanted to leak documents.

"It's kind of brilliant, if you're him," an official said. "His job was to do what he did. He wasn't a ghost. He wasn't that clever. He did his job. He was observed [moving documents], but it was his job."

[...]

The NSA will now be "tagging" sensitive documents and data with identifiers that will limit access to those individuals who have a need to see the documents and who are authorized by NSA leadership to view them. The tagging will also allow supervisors to see what individuals do with the data they see and handle.

Open to correction.

WaelJuly 1, 2015 2:02 AM

@gordo, @Nick P,

Unfortunately for us," one official said, "if you had a top secret SCI [sensitive compartmented information] clearance, you got access to that."

That's a role misappropriation weakness. Snowden's "role" was to move documents from one pkace to another. His role should not grant him access to clear-text documents. It's also a violation of a basic security principle; least privilege. He was granted more privilege than needed to accomplish his assigned task. One way to fix this is to add more granularity of privileges, for example: read, write, move, delete, etc... Snowden (from the job description) only needed the "move" privilege (no read privilege should have been granted.) ABAC could be a good thing there. If the role requires "read" privilege and "move" privilege, then it's time to apply another principle: Separation of duties / segregation of roles! Divide the task between two different entities (people), etc... "You got access to that" is too coarse a granularity of privileges.

The "move" privilege should default to end-to-end protection from source to destination.

The NSA will now be "tagging" sensitive documents and data with identifiers that will limit access to those individuals who have a need to see the documents and who are authorized by NSA leadership to view them. The tagging will also allow supervisors to see what individuals do with the data they see and handle.

'Sounds" like Attribute Based Access Control (ABAC) that NIST advocated in January 2014.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient, an IBM Company.