Edward Snowden's Boss at Booz Allen Hamilton Speaks

Interesting. I have no idea how much of it to believe.

Posted on November 2, 2016 at 6:48 AM • 52 Comments

Comments

wiredogNovember 2, 2016 7:02 AM

I used to work for BAH and that seems like a reasonable situation for a lead associate. I saw my Booz lead maybe once a week, as he was on a different project. Same building out in Chantilly, but we just had no reason to interact. It was a multi-contractor team (Harris, Booz, a couple of others) on the project.

Seems like FBI was much more uptight about access control and insider threats, but they got badly burned by Robert Hanssen. FBI logged everything, and had people checking the logs. Woe betide the person who looked at something they weren't authorized to.

GabrielNovember 2, 2016 7:44 AM

"He didn’t understand the programs. He didn’t understand the oversight."

Nobody seems to have understood your so-called "oversight," buddy, including Congress.

rNovember 2, 2016 9:05 AM


I understand the oversight, it's called a "woops".

AKA Overlooked something.
AKA Oversight error.

rNovember 2, 2016 9:06 AM

In the world of parallel construction intentional oversights and intentional oversight fail hard.

You want people to trust you?

This is kind've opaque but... BE MORE VISIBLE.

Another KevinNovember 2, 2016 9:26 AM

How much truth is in the article? It almost doesn't matter, because there is so much implied in its context.

Let me see if I get this straight. The guy was fired over the sort of security peccadillo that's ordinarily punishable by a few hours of training - and reports that many heads rolled in what was effectively a guilt-by-association complaint. He reports that harm - for which he blames Snowden, not those who did the firing - in the same context as the harm that Snowden allegedly wrought upon our national security.

He reports that his first reaction to learning of the breach was, "I am [unfairly] going to get the blame for what someone else did."

Moreover, he writes zealously to defend the culture of secrecy and fear. He's unemployable in his former profession, through only minimal fault of his and still writes passionately to defend his own downfall - why? Either he is so thoroughly indoctrinated that he believes that the agencies defending us must be above the law to work effectively, or he is still afraid of further consequences. The only thing that would astonish me if I learnt that he wrote the article under threat would be the fact that learnt it - that the wall of silence broke that far. If he did receive an ultimatum, "we fired you already. We can jail you. Stump for us," who would be surprised?

A culture of secrecy, blame avoidance, and incessant demands for productivity that cannot be achieved without rulebreaking is all too familiar. In such a culture, psychopaths rise to power. In my more cynical moments, I think that is the natural order of all human society. Feudal social structures, in which the masses concede to their own bully to avoid being taken over by the worse bully who rules their neighbours, are stable for centuries while other social orders flourish and fade. Stockholm syndrome is a natural adaptation to such an order.

rNovember 2, 2016 9:32 AM

WAIT,
Look at this leak (from the article):

"I’m going to be the fall guy"

How should we interpret that?
Was he worried about the Chinese?
Or public outcry?

...fall guy... as opposed to fired?

Joe KNovember 2, 2016 9:36 AM

"He didn't understand the programs. He didn't understand the oversight. I understand the Fourth Amendment concerns, I understand the issues that he brings up.[…]"

Ah, I see. It's one of those lost-in-translation things.

Let me get out my New Revised American dictionary of Middle-Management-speak:

understand (v. trans.) 1. to know about something and not give two shits about it.

@Another Kevin

He reports that his first reaction to learning of the breach was, "I am [unfairly] going to get the blame for what someone else did."

That part was hilarious. His first concern was whether he had sufficiently covered his ass. Classic.

A culture of cringeing toadies.

Sergeant SchultzNovember 2, 2016 10:05 AM

Just goes to show, when you hire intelligent people the danger is, they might start to think for themselves. They might stop helping you shit on privacy, freedom to seek and obtain information, freedom of association, freedom of expression, or other human rights.

"he didn't understand the oversight and compliance, he didn’t understand the rules for handling it, and he didn’t understand the processing of it" Bay thinks, if only Snowden were sufficiently indoctrinated into the secret bureaucratic red tape, he wouldn't have exposed NSA. Wrong. Snowden knows a Stasi when he sees one.

When the Soviet Union collapsed, everybody was a Snowden. Now it's our turn.

Clive RobinsonNovember 2, 2016 10:09 AM

Now lets have a look at this, by cutting out the fluff to see the meat ;-)

The man who was Edward Snowden’s boss when the National Security Agency (NSA) leaker fled the United States is now speaking out about his experiences and how to counter insider threats.

Hmm lets think about that last bit with respect to,

Bay said he wanted to highlight that there are a few technical solutions that can help. Digitally classifying data and tracking its movement, employing network monitoring and building rule sets that send alerts when classified data leaves the network, and blocking file sharing websites that are not specifically approved by the company are three ways to help deal with the challenge of an insider threat

Now remind me again just how much of that would have stopped Ed Snowden,

That’s one of the interesting things about his story is that people don’t realize, he never actually had access to any of that data.

Oh... So those three things...

I could go on but I sense a hand up that guys jumper working him like a dummy...

So lets skip that and look at the fifth to last paragraph,

Losing his NSA access meant losing his work with the agency. Bay said he had to find a new position within Booz Allen or he had to leave, since he was no longer billable with NSA. Bay ended up getting a gig with the company’s commercial team in late 2013, and in June of this year he left Booz Allen.

Hmm anyone get the feeling he's kind of looking for work, because he is not upto the commercial demands of BAH?

Finally back to "dummy with hand up jumper mode" with an added dash of "it's not my fault dudes, I knew the company line to walk"... But also admitting he was less smart than Ed his junior in all ways that count. Because as,Bay says of Ed “He didn’t understand the programs. He didn’t understand the oversight." but knew enough about how to work them like a pro and not leave a trace of all that he had done...

Sorry just get a realy cynical feeling about the whole interview. Along the lines the guy can not hack it in the commercial world and wants absolution so he can crawl back under the safety of the "Government Contractor" rock. Where the ability to act dumb and fill the "hours billable time sheet" for "time served" is more important than actual proactive work. And if that does not work try to pan handle his way on his "NSA association"...

ThothNovember 2, 2016 11:04 AM

@Clive Robinson

"Where the ability to act dumb and fill the "hours billable time sheet" for "time served" is more important than actual proactive work."

I guess that's the normal work culture in the Governments these days with a good amount just "doing what they are told" and not what they should do. The usual,"I am just following orders" excuse always works wonders.

"Bay says of Ed “He didn’t understand the programs. He didn’t understand the oversight." but knew enough about how to work them like a pro and not leave a trace of all that he had done"

Snowden was only known when he decided to reveal himself to the world. So much for all the "smart brains" that the NSA and US Govt have in their "arsenal".

The fact that there are so much leaks on the NSA and US Govt programs in the recent years besides Snowden and now there is those "Russian hackers" and other hacktivist makes me wonder if NSA and the US Govt are even capable of the missions they are suppose to execute.

paulNovember 2, 2016 11:08 AM

@Clive Robinson:

Hmm anyone get the feeling he's kind of looking for work, because he is not upto the commercial demands of BAH?

According to the article, he left BAH, but my interpretation, given that they yanked his access for an infraction that might not have been a big deal if not for the destination, is that his bosses never wanted him on the commercial side in the first place, and made it clear his career was unlikely to go anywhere good. So after a "decent interval" they parted ways.

Of course, it's not the technical lead's job to figure out whether someone is a security risk, or is it?

albertNovember 2, 2016 11:20 AM

In the movie, Snowden is shown as -not- having access to certain NSA surveillance programs(IIRC), but is able to see what they do, through a colleague. He also used a computer belonging to another colleague who had higher clearance. If true, then Snowden had social engineering skills as well. How do 'technical solutions' stop this sort of thing?

Technical solutions may tell us who opened the barn door, and what horses they took, but that's it. Attribution and retribution, that's what it's all about. Damage control's impossible in the Internet Age.

. .. . .. --- ....

RatbastardNovember 2, 2016 11:21 AM

Booz Allen has always been clandestine. Look up Miles Copeland. And when you join the crime family, you do not leave, you do not rat them out. They tried to diversify by combining government and commercial work. The two sides fought like cats and dogs at all but the highest levels. What tore it was the NOCs. On some jobs most of the purported staff would be classic spooks, zero technical capacity, unable to fake it, skulking around disguised as trees. The commercial guys were not pleased to think they might get locked up as a spy because some gold brick on their job got caught. So they spun off Booz and Co. That locked Booz Allen into low-margin, massive-volume projects that gave government clients life-and-death power over whole profit centers. So of course Booz Allen will play ball, whatever rule has to be broken. What Booz Allen calls insider threats are really more like mafia informants. With the collapse of legitimate US authority they're going to NGOs and the international community to inform. Recall that Russia is publicizing more of its take - it's more useful as a bill of indictment. That's the germ of truth in the new red scare: Russia's now the G-man, busting organized crime.

Kernel HoganNovember 2, 2016 11:29 AM

@Sergeant Schultz,

Frustrate musicians are told, "There's music, and there's the music business."

Innocent victims convicted of a crime are told, "There's justice, and there's the legal system."

There's surveillance, and there's the surveillance system.

All are corrupted.

The Phisher KingNovember 2, 2016 12:30 PM

"I have no idea how much of it to believe". Yeah the simple truth can be hard to take when you are looking for a complex conspiracy.
Frankly the first red flag was that a guy "who really knows his stuff" was prepared to work as a flunky in a such a low-level position. For that reason alone, someone shoujdl have been fired.
Everyone who thinks the NSA are largely masters of their own fate by being too opaque for no valid reason, are correct.
Having worked there for several years, 70%+ of what they do could be and should be visible to pretty much any citizen, as should their inner workings.
So why are they not?
The NSA are run to an outdated, old-fashioned, irrelevant military model, by outdated, old-fashioned, irrelevant senior miltary personnel.
It has lost it's way, become a plaything for retiring generals on their way out the door and frankly, bloated, slow and horribly inefficient.
The NSA needs desperately to become a civilian agency, have all the military people flushed away, and run in an open, cooperative and far more modern way.

Dan HNovember 2, 2016 2:31 PM

I read an article last week and Snowden wasn't divulging the NSA information for the good of the American people or the world. Apparently he was in trouble at work (his transgressions weren't discussed) and he did this as a disgruntled employee.

Dan HNovember 2, 2016 2:41 PM

"The NSA needs desperately to become a civilian agency..."

It already is, just as the CIA, NRO, NGIA, State. DIA is military under DoD.

Just because the NSA/CSS is headed by active duty military doesn't make it military anymore than the Secretaries of the Army, Navy, Air Force being civilian makes the respective branches civilian.

StanNovember 2, 2016 3:26 PM

@The Phisher King

Plenty of people who know their stuff work in a low level position if they want a job that they can coast through.

What would functionally change about the agency if it were to become civilian-based instead of military?

JamesNovember 2, 2016 3:34 PM

Why was Steven Bay's security clearance taken away from him, but the NSA refuses to take away Hillary Clinton's security clearance.

Both of them violated protocol, yet one of them is being treated with a double standard and allowed to keep their security clearance.

Arguably Hillary Clinton is the worst offender of the two. Storing and transmitting classified information on a unsecure private email server in the basement of her home.

What did Steven Bay do to lose his security clearance? Copy and paste some mission information into a Word document and giving it Snowden a few feet away in the office?

Yet the NSA yanks Stevens security clearance over one Word Document while allowing Clinton to send thousands of classified email over unsecured channels. Anthony Weiner's laptop is not a secure channel.

This is why I no longer have any respect at all for US law. Clearly it's full of double standards with guilt and innocents being determined based on one's financial and social standing.

Prosecuting Attorney General Loretta Lynch, holding a private meeting with Hillary's husband Bill days before deciding not press charges just reinforces my fact based beliefs about the US justice system's corruption.

Rolf WeberNovember 2, 2016 4:04 PM

Much of Snowden's work at NSA is still a mystery, pretty much because his former employers release very little information, and because it's not very smart to only rely on unproven (and absurd) Snowden claims.

What we know for sure is that at least in August 2012, half a year before Ed first escaped to China and then to Russia, his actual job at NSA was obviously a Microsoft Windows admin, responsible to support end users with Microsoft Word problems. We know this for sure from FOIA documents, see for example:

https://twitter.com/twrweb/status/739558093630152710

Of course you nevertheless may believe that this Microsoft Windows admin had a clue about the programs he revealed. As well as you are free to believe in Santa Claus and Easter Bunny.

A little bit more elaborated, what we know for sure about Snowden's time at NSA:

https://plus.google.com/+RolfWeber/posts/J8vgV9Zfsau

Clive RobinsonNovember 2, 2016 5:50 PM

@ Rolf Weber,

You should have stopped before your first "and". The rest was in cloud cuckoo land as is you chosen want these days.

VICTAH, I'm With Huh!November 2, 2016 7:10 PM

After all this time, with the entire world coming together to counter NSA duplicity and sabotage that Snowden exposed, we still have government heel-clickers trying to discredit the messenger. We have Dan H feebly impugning his character with the "disgruntled employee" catchphrase. We have inveterate shill Rolf Weber showing us he has no idea how Booz Allen works; Rolf can't see how Snowden could read managerial-level powerpoints. (Kudos, though, for the nasty dig at Snowden's skills with the "Windows Admin" slur. Enormously insulting!)

The apparatchiks' problem is, Snowden's a star. He changed the world and now he's living safe and sound with his hot girlfriend in a country with awesome cultural endowments, the only Champagne appellation outside France, and world-class cuisine including better cheaper grouse than you can get in Britain.

Bond is a hunchfaced sourpuss. The FBI sells kiddy porn. Football heroes are brain-damaged vegetables. Now every top-flight student wants to be Snowden instead. Wait till this cohort infiltrates Washington. They'll euthanize it toot sweet.

Peter S. ShenkinNovember 2, 2016 7:23 PM

@James "Why was Steven Bay's security clearance taken away from him, but the NSA refuses to take away Hillary Clinton's security clearance."

Because:

In the case of Snowden, an actual security breach (exposure of secrets to others) occurred, and it occurred intentionally on the part of Snowden. Bay was punished for not suspecting Snowden in advance.

In the case of Hillary, no security breach occurred; there is no evidence that confidential information got to America's enemies; and in any case, if it should be found that her server was breached, the exposure was accidental.

Clive RobinsonNovember 2, 2016 8:37 PM

@ Peter S. Shenki,

Tell me what part of your post was not supposition on your behalf?

For instance your statment,

In the case of Hillary, no security breach occurred; there is no evidence that confidential information got to America's enemies;

We actually have no idea what so ever if Hillary Clinton's server was breached or not, because it got "sanitized" prior to it being examined.

But we also have reason to believe that there is a reasonable posibility that the "missing emails" removed during the "Yogagate" sensitization have been found on another laptop that connected to the server via an insecure method. Apparently the "personal" computer concerned was not in any way secure and not under any kind of control of Hillary Clinton --or those staff that implemented and ran her illicit server-- as the "personal" computer was used by another party in all probability for the commission of one or more crimes that are currently being investigated by the authorities...

You also say "there is no evidence that confidential information got to America's enemies". Do I need to remind you that the lack of evidence in no way proves that classified information did not get to one or considerably more of America's enemies. After all it is known that NSA targeted the communications of senior politicians of US allies undetected for some considerable time. Thus it is highly likely that the Signals Intelligence entities of one or more other nations targeted all of Hillary Clinton's communications for a considerable period. Importantly she and the political party she represents give every indication that they believe this has most defiantly happened...

Joe KNovember 2, 2016 11:58 PM

@VICTAH-IWH, Clive R
Re: @Rolf Weber

At least Rolf employed the correct word: Snowden escaped.

The [:DEL:]two minutes of hate[:DEL:] article uses "fled" in the opener.

So predictable.

tinkererTailorHackerSpyNovember 3, 2016 1:05 AM

It is all quite true, and evidently so.

I did find this nugget interesting, and so should you. Especially conspiracy theorists out there wondering about spies among you:

xxx begin quote

Snowden’s interview took place in February 2013, Bay said, and he and his technical director were impressed with the man who had moved to Hawaii to work at an NSA facility originally as a Dell employee.

...

“I get frustrated by things like people considering Ed an expert in all things NSA, even though he was kind of a junior analyst and had a relatively junior role there. He’s not the foremost expert on this stuff. He’s a smart guy, don’t get me wrong, and he had experience, but he wasn’t some senior level person,” Bay said. “And the second part is, in my mind, Ed’s not a hero.”

“He didn’t understand the programs. He didn’t understand the oversight. I understand the Fourth Amendment concerns, I understand the issues that he brings up. But the reality is it seems to be everything he did was self-serving, and I don’t think he was altruistic as everyone believes him to be. And I think he’s done far more damage to our intelligence and national security,” he added.

[The above was from the article, the below is from the below article, years before.]

http://www.reuters.com/article/usa-security-snowden-dell-idUSL2N0GF11220130815

David Frink, a spokesman for Round Rock, Texas-based Dell, declined to comment on any aspect of Snowden's employment with the company, saying Dell's "customer" - presumably the NSA - had asked Dell not to talk publicly about him.

xxx end quote


To put it on the table: Snowden was hired to Dell. Dell paid for him to move to Hawaii.

Snowden was already working at Dell when this interview took place, one which certainly was covert. Covert to Snowden himself.

Had Snowden failed, he probably would have performed innocuous Dell work for awhile, and then, perhaps, been fired. Or, perhaps, he also did have some position they could use him for, while keeping him believing he was just working for Dell.

You see this a lot.

Dell company management knew there was a secret us government organization working within their Hawaii office. They as much have admitted this, including in the above.

How many other regular US companies out there have such fictitious divisions and organizations among them?

Did the OPM breech sweep up any of that sort of covert work?

Has this sort of disclosure really happened before, and if so, when, and what were the circumstances? I do recall something vague about some cia radio station in europe or something....

But, otherwise, this seems to be news.

There was some information in the sentry eagle disclosure... wasn't there?

Or, maybe I am just reading all of this wrong?

I fail to see how this does not interest computer security conspiracy theorists? (No reason to belittle that label, after all, every intelligence analyst is effectively a conspiracy theorist.)


Could there be such a group in Google, or Microsoft, or Yahoo?

And, shock, and surprise. Snowden didn't really know anything.

Has Snowden even talked about the ethics of a legitimate american corporation allowing an intelligence agency to use them for a front?

What about the Bin Laden hit? That was another one. Unavoidable disclosure, of course. They were using an aid group in town as a cover.

In WWII the FBI attempted to create their own company, instead of work this way the NSA did here, and that did not work well, at all.

Maybe they learned better?

tyrNovember 3, 2016 2:26 AM


@Clive

The whole thing is classic CYA by a management
science grad type. The horrifying part is that
he was allowed near anything important, but Peter
Principle works for the IC too.

DroneNovember 3, 2016 2:44 AM

And when our corrupt and dysfunctional Government takes over the U.S. health care system, there will be people far dumber than even Snowden's boss who have full access to your health care records.

Dan HNovember 3, 2016 6:52 AM

@Peter S. Shenkin "In the case of Hillary, no security breach occurred"

If you actually believe the Secretary of State, who is one of the most powerful people in the world, didn't have her private, unsecured email server hacked, then you're ignorant, or just plain stupid.

The Pentagon, White House, State, OPM, DNC, Clinton Foundation, Sony, Target, Jimmy Johns. The list goes on and on, of organizations that have been hacked. What do all of them have in common? Security. What did Hillary not have? Security.

So you believe all of those other organizations were able to be hacked, but not the Secretary of State using a Windows-based, unsecured email server? Her server was impenetrable?

Hillary also used off-the-shelf Blackberry devices because she wouldn't use a State-issued secure device. On her first Asian trip her unsecured Blackberry had a vulnerability and the speculation is that she was hacked by China. Her entourage also left classified documents in the hotel room in China which was noted by USMC personnel.

During the Commander-in-Chief forum debate a few months ago, Hillary was asked a question about her email server and classified information. Her reply was she takes classified information seriously, and always used two systems, one unclassified and one classified for all of her work; this is a complete lie. She then went on to say about her server possibly being breached, that there was no proof it was, and even if it was "it doesn't matter because the State Dept and White House have been hacked."

BotboyNovember 3, 2016 8:25 AM

The audience fails to agree with state Juche on Snowden as perfidious devil, so a new friend comes and starts an argument about politics.

Nobody cares. Hillary's a CIA figurehead. Win or lose, she'll do what she's told and sink without a ripple. Snowden's a free human being, a refusenik. He's helping to excise the USA police state. You want to divert us, start an argument about Chelsea Manning or Sibel Edmonds or someone else who matters.

CallMeLateForSupperNovember 3, 2016 9:15 AM

@VICTAH, I'm With Huh!

"... toot sweet."

Snort! Your petticoat is showing.

SnoopermanNovember 3, 2016 11:26 AM

Botboy,

You call what Mr. Ed is living through freedom? Of all the perfidus things to say, you must be a blochead.

Psst, here's a secret: none of us are 'free'. We are all on somebodies payroll hen.

SnoopermanNovember 3, 2016 12:18 PM

Hot girlfriend?

Ah, spare some man power send me some girl power.

How sweet.

You mean not Ms. Anna Chapman? Or did they have kids already?

I digress, it must be universal that a whistle blowers whistle needs to be wetted up on occassion.

Atta boy.

Nick PNovember 3, 2016 4:16 PM

@ Bruce, all

His story is plausible as we know Snowden has some devious aspects about him. He conned his workers out of passwords for example. He might have made some shit up to cover time at home doing the leaker project. As Clive notes, the measures he recommends probably wouldn't work for a subversive with access to others' systems. A prior article here showed the most basic practices used in enterprise security would've stopped Snowden's methods. The Booz guy certainly doesn't admit that. The other thing missing is Snowden's CIA background which gets hit and miss reporting. It's different protecting oneself from a CIA-trained spy with technical knowledge in low-security position than the general case he describes. He also wasn't just a Dell employee: he worked on the government side of their business. That might give him knowledge of common configurations or deployment situations.

Note: The amount of effort the U.S. government inadvertently put into their own infiltration and leak is possibly what these descriptions intend to minimize. It's fucking embarrassing to admit that while telling America to trust mass surveillance or Patriot Act where secret agencies will stop unknown adversaries if we just accept a police state. *cough* bullshit *begin cough fit* 9/11, mass shooters, Boston, Manning, Snowden, OPM *end cough fit*

The one thing I can instantly call bullshit on in his claims is the myth I've seen here before that he just grabbed and published PowerPoints. Most that have been published are quite consistent, provide shared context, and have past or present tense. As in, they're real stuff in progress. We also see some code names in people's LinkedIn profiles and state-sponsored malware. The response to the leaks, like grounding diplomatic flights, was pretty strong for someone with speculative PowerPoints vs leaking field secrets. More likely he grabbed lots of PowerPoints and files that represented communications of Booz and NSA people on the tech they were using in the field with occasional one speculating about future capabilities. Fits with the data much better.

Nick PNovember 3, 2016 4:25 PM

@ Rolf

Your 0-day analysis is weak. You also leave off regular exploits that rely on delay between knowledge of problem and application of patches. One of those rootkiting a server that doesn't have regular, clean installs of OS is all it takes. Russians would consider using either on anything Hillary uses for private communications given her importance to them. That's without considering any recent news or the elections. She's simply too elite for them not to spy on. They'd *love* for her to make it this easy. So, I suspect they did and acted on it.

Additionally, an attack on the crypto protocol shouldn't be dismissed so easily. Non-technical people get bogus warnings all the time. They usually just ignore them. Even if she wouldn't, we should consider that they might also subvert RIM internally given it is used for sensitive info all over the world. Their downward spiral post-iPhone would only make it easier for smart infiltrators to get in there replacing skilled workers or proposing changes for competitiveness. Russian-connected firms under DST also took over Facebook and started pushing AeroFS into big companies. That's one surveillance company with global reach plus one that stores company secrets. Locally, many billionaires got smashed or chased out for not being Putin-friendly but surveillance- and data-oriented IT companies are doing great. :)

I wouldn't put anything past the Russians seeing the overlap between the State and IT companies' activities. Even ignoring speculation, there's too much reason for them to smash Hillary's little server. And they have the skill for it.

ab praeceptisNovember 3, 2016 4:36 PM

Nick P

The one thing I can instantly call bullshit on in his claims is the myth I've seen here before that he just grabbed and published PowerPoints.

Indeed. It' after all, not his fault if the nsa mid and upper echelons do "magic crpyto and sec." with powerpoint.

In fact, I remember quite well what I felt when the material came out. I didn't know it yet then, of course, but I very strongly assumed that nsa was a largely powerpoint (plus some excel) driven "super-duper-high-end blabla magic crypto" organisation. Simple reason: Their whole administration and major parts of industry are ticking like that. Of course, one is to assume that the nsa actually has some (probably locked away and not well fed) high-end math and crypto people but all in all, of course, nsa ticks the same way the whole country does.

So, I wasn't shocked about that. I was shocked *how blunt* and how incapable - and grossly law ignoring - they acted. Lots of powerpoint slide and the occasional "you get 10 mio $ for weakening your 'secure' stuf" thrown in along with the frequent power games like having "friend nations" intel agencies mirroring and feeding to nsa complete networks.

That said, I (evil guy that I am) still have doubts re. Snowden. For one, he was a rather low level guy. So either he had someone much higher up feeding (and using?) him or nsa's OpSec is even far worse than we suspected.

SamNovember 3, 2016 7:09 PM

@tinkererTailorHackerSpy

"Dell company management knew there was a secret us government organization working within their Hawaii office. "

What are you on about? Dell (along with most other giant computer companies) have a Professional Services department that consults on IT matters to various other large companies & government agencies. In this case, they were contracted to NSA. This isn't really news....

Nick PNovember 3, 2016 10:52 PM

@ Sam

It's not secret, either. Right here:

Federal Government Solutions at Dell

There's one for local governments, too, per search results. Not bothering to post it though. Only thing weird was the Dell Secure Consolidated Solution wasn't anywhere obvious in the product list. Wonder if it got left behind or restricted to DOD. I'm not endorsing it so much as curious since it was the commercial application of INTEGIRTY-178B and MLS middleware to desktops. I didn't have high hopes for adoption or longevity. ;)

Hillary Played Well The Confused GrandmaNovember 4, 2016 1:41 PM

Of course you nevertheless may believe that this Microsoft Windows admin had a clue about the programs he revealed. As well as you are free to believe in Santa Claus and Easter Bunny.

Indeed. I'm sure underplaying one's skills and intelligence is nothing you'd see in the world of the spooks. Or feminism. Or everywhere.

tinkererTailorHackerSpyNovember 4, 2016 1:58 PM

@Sam, NickP

No, I am not talking about a vendor representative. Yes, there are vendor representatives who work at major software and hardware companies whose job position does require clearance. For instance, security software vendors who have supplied software for the DoD have had to have workers with clearance to work with the DoD customers in order to ensure they meet their internal regulatory compliance efforts. This clearance is necessary because they often have to be privy to customer data as well as have access to such things as specific rules being implemented.

We have well documented what Snowden and his group was doing there, and it was not operating as Dell employees working on government contracts.

Dell was being used as a cover for their work.

Further, this is not a case where Dell was effectively operating as a defense contractor. This is another case where you might have clearance requirements for workers. Many mainstream companies, of course, do also produce products for the defense and intelligence agencies.

It is not unusual for such agencies to have some employees work there, and have direct connections, otherwise, to contractors who are working directly on their projects.

This, too, is not the same as a company which is being used as a cover.


I do not follow this case nearly as well as either of you two, however, I am quite sure. So, maybe you could correct me on this. Maybe Snowden and his crew there were not using Dell as a cover.


It is known that governments use their own corporations and own organizations as cover, so no big deal there, this is true. But, it is an interesting angle to this story, from my perspective. One, I do not see being taken up.

That is, Snowden effectively blew the cover of that entire division, so they would have had to dispose of it, clean it up, move it.


CarpetCatNovember 7, 2016 12:17 PM

@tinkererTailorHackerSpy

https://en.wikipedia.org/wiki/Non-official_cover

It's quite common! After all, everyone, EVERYONE coming and going, here to fro from any government outpost, consulate, embassy, lemonade stand, is photographed, timed, profiled, etc.

Remember the movie, the falcon and the snowman? "We understand you had to come here first, but never do it again."

I think that what's upsetting you is not that spys would use a bussiness as cover. Instead, it's that spys are using business cover while on HOME SOIL.

If you use the Socratic method, and ask the question: Why do spies hide? The answer is: So that the enemy cannot find them.

So if a spy hides at home, the enemy must be the citizens???

My InfoNovember 7, 2016 6:57 PM

@tinkererTailorHackerSpy, CarpetCat

I would consider myself a citizen of the U.S. except for being stripped of my rights for the rest of my life by the false slander of "mental illness" which is second only to "terrorism" on the list of our sorry and decrepit nation's bug-a-boos.

I'm not just paranoid; I do have a lot of enemies on HOME SOIL. Spies and spooks with their so-called "clearance" -- I am not privy to any of that -- have even more enemies. At the same time I see that term get thrown around quite casually, and it seems to take on a certain meaning of its own beyond any administrative requirement for access to certain government information.

Seems to be a requirement for way too many jobs in way too many areas.

Which means that that classified information is not as well protected as it should be, which means that frankly it is already in the hands of major enemy nation-states, and the "clearance" requirement amounts to little more than membership in a certain club, and moreover there is significant "classification inflation" to levels far above top secret for any information that actually is deemed to need protection for legitimate reasons of national security.

This another bug-a-boo closely related to "terrorism."

My InfoNovember 7, 2016 7:05 PM

For instance, what are the effects when "TOP SECRET" information is leaked to international circles that operate at a merely "SECRET" level?

Hungry spies are eating every morsel, no doubt.

AnonNovember 7, 2016 7:11 PM

@Rolf Weber

Who are you trying to convince? You do know where you are, right?

If you seriously think her server was not hacked, then it is not air I'm breathing.

Just by being in a senior position in the USG makes her a target for spies. They will do anything and everything possible to find out what she knows, and how she knows it.

Let's suppose for a moment they didn't even try to hack her server: she still had classified information on an unofficial server outside of a secure location without authorization, and drastically increased the probability of that information being hacked.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.