Rather Than Not Spying On Everyone, NSA Is Getting Rid Of 90% Of Its Sysadmins
from the you're-doing-it-wrong dept
The latest NSA plan to stop the next Ed Snowden is to get rid of 90% of their sysadmins and automating many of their jobs. I would imagine that more than a few sysadmins might have an opinion or two about the ability of the NSA to really automate away their jobs, but that’s an interesting move nonetheless. Here’s NSA boss Keith Alexander:
“What we’re in the process of doing – not fast enough – is reducing our system administrators by about 90 percent.”
Considering that sophisticated techies aren’t very interested in working for the NSA these days, perhaps it all works out for them. But, really, another option for avoiding an Ed Snowden like situation might be — and I’m just tossing this out for suggestion — is to not spy on everyone and then not lie to Congress and the American public about it. Just a little tiny suggestion.
Also, this more or less confirms what was fairly obvious (due to the NSA leaks by Snowden) that sysadmins have near universal access in the NSA’s system, and the recent claims that “only 35 analysts” had access to key information was — as James Clapper liked to say — one of those “least untruthful” claims coming out of the intelligence community.
Filed Under: ed snowden, nsa, nsa surveillance, sys admins
Comments on “Rather Than Not Spying On Everyone, NSA Is Getting Rid Of 90% Of Its Sysadmins”
watch, they outsource all their tech support to the chinese.
Re: Re:
Ya mean like the UK did with their porn filters?
Re: Re:
They would never outsource tech support to the Chinese. They’ll outsource it to India just like everyone else.
Re: Re: 'In short, we pay ourselves to hose ourselves'.
Who will then outsource it to china, who will outsource it to a company in the US.
Re: Re: Re: 'In short, we pay ourselves to hose ourselves'.
nah, nobody is outsourcing to US companies any more, can’t trust ’em.
Re: Re: Re:2 'In short, we pay ourselves to hose ourselves'.
Good point, though it does rather ruin the joke.
Not just them
All large enterprises are moving this way, using new automated technologies combined with virtualization to eliminate admin and engineering positions. Its the next step in the technological revolution. The jobs they are able to replace with automation at this point are a step or two higher then the last 20 years. Cant wait to see what happens next.
Re: Not just them
Yeah, that’s what the cloud providers keep telling us, but it’s far from clear that it’s actually true. We’ll see.
Re: Not just them
I’ve been saying this for a long time, tools like Puppet https://puppetlabs.com/ and Chef http://www.opscode.com/chef/ WILL reduce the need for system administrators.
Facebook uses chef, they have teams of 2-4 people that manage each cluster of ~10k servers. source: http://www.youtube.com/watch?v=SYZ2GzYAw_Q
Now that we have tools that allow four people to manage 10k machines where will all the unneeded sysadmins work? I guess we will still need people working minimum wage to swap broken parts at the datacenter.
Of course the NSA is automating, all large orgs and many small ones are doing the same thing. The sysadmins who do not learn these new automation technologies are the ones who will be looking for jobs.
In response to John Fenderson these automation tools work just as good on physical servers as they do virtual servers in the “cloud”
Re: Re: Not just them
Yes, but the NSA says it is laying off sysadmins because they’re moving to the cloud, not because they’re using these tools in-house.
Scapegoats
So, they’re implying that the sysadmins are the problem? The sysadmins under their employ should take grave exception to this. Here’s hoping against hope that they’ll leave the NSA en mass.
Re: Scapegoats
It was my thought that there’s a 90% chance that more info will be leaked. Nothing like having a soon to be terminated sysop looking for revenge. My guess is every one of them are loading up thumb drives as we speak.
So at the same time as they are building up the world’s biggest database of private information, they are also pissing off hackers around the world, and getting rid of 90% of the people who maintain their computer security. What could possibly go wrong with that.
Re: Re:
?We live in a society exquisitely dependent on science and technology, in which hardly anyone knows anything about science and technology.? ?Carl Sagan
The end is on the horizon...
Automation is fine and all but who’s going to fix the automation when it screws up? I think we are witnessing beginnings of the actual end to the NSA’s programs. It will eventually eat itself and no one will be around that can fix it when it does.
Re: The end is on the horizon...
Correction – the people who can fix it will have been laid off. Whether they would take their old job back once it became apparent that they are necessary is a good question.
Re: Re: The end is on the horizon...
That is exactly what I meant. Furthermore, they will have effectively alienated 90% of the pool of new talent that they can hire from to replace them when they realize they need them again.
More propaganda that NSA is supposedly changing,
hurt, and disgraced. But IF anyone read the original — instead of the intended take as Mike parrots it — then it’s plausibly planned long before. — Oh, and surveillance is NOT being reduced, just turned over to more computers. Happy day, indeed.
Re: More propaganda that NSA is supposedly changing,
What are you even responding to? Can you even be called a troll at this point?
I know senile grandparents that sound like you.
Re: Re: I know senile grandparents that sound like you.
Touches nose with finger
This is another admission that the NSA lied
If they don’t — which is what the NSA has repeatedly claimed — there is no increase in security by laying off 90% of them.
Admin automation
Either:
1) The NSA has thrown out a percentage of a certain type of job they would like to automate with very little plan
or
2) They have been employing people in positions with a great deal of information access that they did not have to have and they are just now deciding that it would be a good idea to stop doing that
Re: Admin automation
Or
3.) The sysadmins they hired are the “hackers” that are leaving en masse because of all the spying that’s going on.
http://www.techdirt.com/articles/20130805/02354124062/us-government-war-hackers-backfires-now-hackers-wont-work-us-government.shtml
So, the NSA is announcing it’s going to blame 90% of the people with the same job as Edward Snowden for what Snowden did by firing them for Snowden’s actions.
Well, what could POSSIBLY go wrong there? Surely none of those 90% will get pissed off enough to say, leak more documents. And surely none of the 10% will decide to do so either when they see the NSA decide punishing 90% of the people with the same job wasn’t good enough.
Re: Re:
This has nothing to do with stopping additional leaks.
The actions by the NSA and the executive branch right now are about making enough noise to distract the people from removing Obama from office and forcing a change to the laws that are allowing them to continue these programs.
i would have thought an even better option would have been to get rid of 100% of the sysadmins, after getting rid of everyone else in the NSA starting from the top and working down. after all, if we started at the bottom and worked up, we might be lied to and told that the top brass have gone when they are really still there, hidden behind a false FISC report or a ‘secret interpretation of a spying law’!
Moving to the cloud
In the ArsTechnica article, they said they could do this because they’re going to “move everything to the cloud.”
I think someone should tell this uninformed douche-canoe that the “cloud” ALSO consists of servers (that likely have sysadmins; at least one would think).
For fuck’s sake…is there ANYONE in that agency who has something of a clue?
Re: Moving to the cloud
Sure, the cloudy servers has sysadmins — but those aren’t sysadmins the NSA has to hire. The entire point of going to the cloud is to save cash by being able to get rid of your in-house IT staff.
Re: Re: Moving to the cloud
That makes PERFECT sense, then!
Per the Ars article:
http://arstechnica.com/information-technology/2013/08/nsa-directors-answer-to-security-first-lay-off-sysadmins/
“Moving to an automated cloud provisioning system, he explained, would cut the number of hands that touch the NSA’s internal systems and address vulnerabilities?such as a sysadmin loading data onto a thumb drive and walking out with it.”
So now instead of NSA sysadmins having the ability to walk away with vital data, you’ve now outsourced that responsibility to a cloud provider!
MUCH, MUCH safer.
I think I’ve answered my original question about anyone there having a clue. It’s clearly “no.”
Re: Re: Moving to the cloud
Given that…I am beginning to wonder what sort of damage the Smith-Amash Amendment would have done considering part of it was shaving the NSA’s budget.
The company my mother works for (the one that audits hospital Medicare and Medicaid insurance forms and bills) recently cut all the nursing staff under her that manually do the systematic reviews of the audits…this was done in favor of saving money and automation. In her line of work, the states that contract the company and this contract require human eyes to do the review work sent over to the auditor’s database by law for a specific reason…in an automated systems environment for auditing, there is no way to tell if someone accessed the information to alter what to look for. The main issue is that humans are not as calculated and are better suited towards handing statistical anomalies.. We don’t crash.
Re: Moving to the cloud
The good news is that the cloud providers have plenty of spare capacity now that the NSA has driven all their non-US customers away.
The NSA isn’t all that bright. By automating those jobs they leave themselves wide open to renegade hackers and other potential problems. At the end of the day, you need actual people monitoring those systems not to mention the rabid fervor that this is going to cause with American voters.
Oh god no. Anyone with even the slightest hint of intelligence in a managerial position knows that you NEVER piss off the guys maintaining your computer systems. NEVER!!! How long until one of the guys being laid off “accidentally” fucks up the entire system?
What could go wrong?
( Warning : Sarcasm Alert! )
Anyone think about those wonderful DMCA takedown systems used by ( MPAA / RIAA ) to name a few?
Do they ever get anything wrong?
Never a false accusation, right?
Always target the right person, correct?
Never once have ID’d content wrong, have they?
So perfect that Error Correction was never implemented or needed.
What could possibly go wrong?
Re: What could go wrong?
“What could possibly go wrong?”
Time for an oldy-but-goody movie reference: “Westworld”
Re: Re: What could go wrong?
1984..
What those sysops could do, aside from leaking more data, is to wipe out the whole database before they leave and put in some code to make the system unable to be restored. In other words, cause a complete system failure. And craft the code so it can spread to all the backups and wipe them out too.
Re: Re:
1) That’d be a great way to get arrested on a variety of charges, and you’d actually be guilty of them, and have little moral high ground to work with.
2) Proper disaster recovery and back up procedures should preclude anything resembling “spread to all the backups”. Worst case they lose like a week of data, tops.
Re: Re:
It’s really hard to imagine sysops that would be willing to do such a thing aside from the single wacko here and there. It goes against the grain of what it means to be a sysop — a bit like expecting a doctor to intentionally kill a patient because the patient is a bad guy.
Crazy but to me this sounds like an evolution of the thinking.. “if we just get rid of those evil protocols…”
You can make improvements in sysadmin load, but you can’t fix stupid.
PRAGMA writable_schema = 1;
delete from USDatabase where type = ‘table’;
PRAGMA writable_schema = 0;
VACUUM;
PRAGMA INTEGRITY_CHECK;
Crackers start your Engines
That is the exact opposite of security. Wouldn’t leaving less sys-admins mean that is easier to exploit your way in with far less eyes watching things? That’s not even getting into the whole anonymous tips from disgruntled ex-sysadmins of “The IP address is vvv.xxx.yyy.zzz and the access is based on foo version a.b port number is cccc, good luck”. Suddenly a world record breaking in traffic and size torrent is out there to everyone.
Re: Crackers start your Engines
You could just exploit the leaving SysAdmin’s too.
The ability of automation...
“The latest NSA plan to stop the next Ed Snowden is to get rid of 90% of their sysadmins and automating many of their jobs. I would imagine that more than a few sysadmins might have an opinion or two about the ability of the NSA to really automate away their jobs, but that’s an interesting move nonetheless.”
The most disturbing part of this is not whether they are capable of it…but the simple fact they are doing it. To quote Denis Nedry…
“You think that this type of automation is easy to come by? Or Cheap? Because if you can find a cheaper guy than me John, I would like to see you try..I really would”
Jurassic Park automation is easily muddied up and clogged.
I’m also reminded of the methods used by the IRS to target Conservative groups filing for non-profit status….using key word searches…imagine that type of targeting on all US citizens…then automate it!
When this system is finally in place I’m half tempted to repeatedly copy and paste the word “bomb” to see what happens to it as a comment to one of these threads.
I work on a team of 20 sysadmins at a govt agency, and we were discussing this and just started laughing. So if they cut 90% of our staff they would be left with 2 sysadmins. We wondered how anything would get done at all, I mean from the daily putting out “fires”, to the patching and remediation of systems to all the other bs that comes up regularly, not to mention projects, upgrades, testing etc etc. We figured whoever the 2 left were would quit within a week.
Another Possible Interpretation
They gave a lot of people sysadmin privileges, so they’ve decided to look at who really should be a sysadmin. In this version, the whole automation thing is a red herring to avoid admitting their system security is lax.