NSA's Latest Euphemism For Security Lapses That Allowed Snowden Leaks: The Leaks Were 'Masked By His Job Duties'
from the in-other-words,-it-was-not-secure dept
We’ve already covered a few times how, despite the NSA’s (and its defenders’) repeated claims that its systems can’t be abused because of its vaunted “auditability,” the fact that Snowden got access to all those documents without anyone being able to figure out what he took shows that the audits don’t work. It became clear that the audits appear to only apply to analysts, but not sys admins like Snowden, and there are around 1,000 of those, leading to the obvious question: how many others also got classified info without anyone noticing it? One officials has tried to make it out that Snowden was “too brilliant” to work for the NSA, since he covered his tracks. While every indication is that Snowden was, in fact, quite good at his job, and able to cover his tracks well, it’s not at all clear that what he did was particularly unique or special.
In fact, the latest spin from the NSA is to claim that he wasn’t that “gifted” at all, but rather than the leaks were “masked by his job duties.”
“His job was to do what he did. He wasn’t a ghost. He wasn’t that clever. He did his job. He was observed [moving documents], but it was his job.”
That report also quotes the NSA’s CTO as saying that now, about four months later, the NSA finally has a “good idea” of what Snowden got:
“We have an extremely good idea of exactly what data he got access to and how exactly he got access to it,” says the NSA’s chief technology officer, Lonny Anderson.
Only took four months. Of course, all of this, once again, raises all sorts of questions. It shows that the NSA’s audits were basically non-existent for a very large number of people. It shows that the NSA has almost no legitimate way to go back and see if there were widespread abuses among others with similar “job duties.” If it was his “job” to do these kinds of things, and there was no real way to track him without many months of work (and even then, only to the degree that the NSA has a “good idea” of what he did), then there’s no real accountability there at all. At this point, it seems reasonable to use this to assume that the NSA’s systems aren’t even remotely secure, and have regularly been abused, without anyone at the NSA even knowing about it. After all, the NSA itself is admitting that someone doesn’t even need to be “that clever” to abscond with tens of thousands of classified info on top secret programs and leave an almost non-existent trail.
Filed Under: accountability, audits, ed snowden, lonny anderson, nsa, nsa surveillance
Comments on “NSA's Latest Euphemism For Security Lapses That Allowed Snowden Leaks: The Leaks Were 'Masked By His Job Duties'”
It's a good thing...
That Snowden isn’t a traitor. Imagine if he had as many morals as the NSA does or Obama does…
He could have sold all classified dealings to Russia and China, putting troops in harms way, revealing spies that worked for the CIA, gotten China and Russia HUGE advantages when it comes to economic policies for money.
Or even worse, he could have given it to Al Qaeda secretly so they could kill more people easier in the Middle East.
I bet that there’s at least one person who works for the NSA that would have or could have done that.
Re: It's a good thing...
The NSA’s own claims that 20% of those applying to that agency for jobs were Al Qaeda linked does not give one confidence that the NSA is all that secure. It only takes one in Snowden’s position to set all of the security measures as non-existent.
Given that the left does not know what the right hand is doing, exactly how are we more secure with NSAs functions? I’d say it is the opposite. When they have a known, verifiable, leak and can’t tell precisely what was taken, how much easier must it be to be an unknown doing that? Again we see that the functions the NSA wants to continue doing, is highly suspect.
We’re not even talking about how the public views these operations nor how the public is considered the enemy. This is a bad setup, doing illegal things against the Constitution, with no oversight, no accountability, and no method of knowing exactly what anyone is really doing to look at it on the surface.
The more that comes out, the worse it continues to look.
Re: Re: It's a good thing...
The number of applicants isn’t a good measure. Anybody can fill out the paperwork and apply. I’d look at the number who got past the point in the screening process where they check your background for links to enemy organizations. And even then, the biggest threats are going to be the ones who had no such connections when they were hired but have acquired them subsequently. Well, the second-biggest threats, the biggest IMO are the employees who aren’t connected to any enemies, they’ve simply decided that the NSA itself is a threat that needs exposed.
Re: Re: Re: It's a good thing...
If you throw enough darts at a dart board, sooner or later you’re gonna hit the thing. Throwing applicants at the NSA for hire will sooner or later allow them to figure out how to get by. When they do, exactly how will you know? A sleeper isn’t going to willingly give himself away, he’s going to wait on some good stuff to do whomever the most good.
If they can’t tell now, what Snowden got exactly, how will they tell when the next yoyo comes up to try it? Would they be able for instance to say that all operatives in such and such area are now known and pull them out or would it come down to so many turning up dead before they figure out it isn’t accidents, it’s planned reprisal. Without being able to trace who goes where and does what on an internal supposedly secure network, there’s no clue as what or who is in danger. Much better not to have that supposed data gathered in the same network at all.
Yet we are to trust big brother with this info when even they can’t get a handle on it nor tell with all of it there that there is early warning of some incident happening. With all the clues, with Russia telling them there was a problem with two brothers, with a couple of years advance notice, they still weren’t able to prevent the Boston Bombing. Sure doesn’t sound to me with the risk involved that it is worth having that data, much less collecting it.
Re: It's a good thing...
The safest assumption at this point is that NSA is infiltrated by various foreign agencies and possibly some major corporations.
Re: Re: It's a good thing...
I might rephrase that as “…NSA is infiltrated by various major corporations and possibly foreign agencies.”
Re: How many were there who did the bad thing?
With their hilarious colander-level security, unaccountability, impossibility to audit – how many of the 1,000 remaining sysadmins HAVE stolen data to sell to China or Iran?
Duh
…he was an admin, with root access to some systems, how hard could it be to cover your tracks in this scenario.
He made the rules, they have no idea how much he took not even a good idea that’s BS just to save face. They see what he let them.
Re: Duh
This problem has been solved in the private sector for some time. A secure auditable system has a separation. The audit log is kept on specific system. People who have access to the audit log cannot access the audited data and vice versa.
That Snowden appeared to have both indicates a key process flaw at the NSA. That this is SOP in regulated private sector should be particularly embarrassing to the NSA.
Re: Re: Duh
Unfortunately, the NSA’s attitude that the normal rules of secure systems engineering does not apply to them (they are “better” than that) is what has hoist them by their own petard.
Re: Re: Duh
“SOP”? Snowden: Operation Pirate
Four months. And that’s with Snowden comming forward and announcing that he was responsible. Imaging how screwed the NSA would be if they didn’t even know who was leaking this info. So the fact that others could be doing the same thing, but just selling the info to other countries, should be a wake up call to Clapper and the rest of these unscrupulous morons.
NSA: Lie lie lie lie lie lie, “authority” lie lie lie “legal” lie lie lie…..
She’s gone from WKRP to the NSA. Oh no, wait, that’s…
We have an extremely good idea of exactly what data he got access to
Everything?
Re: Re:
Good call. I was gonna go with “We have a good idea he got access to all the documents it was his job to move because we gave it to him so he probably has some or all of those we think maybe” but that’s much more succinct.
from the NSA
I have a buddy who is an analyst working on tracking down what Snowden took. They have no clue what he’s taken other than what has been reported or what has been found by looking at the email accounts associated with the reporters.
Re: from the NSA
Don’t believe your buddy.
I have a very sound clue as to what he did.
And the fact that they say they know, or they don’t know,
has to tell you that they are liars.
That have to have a good idea (since I do), and for
some reason, they don’t really want to admit it.
Which tells you how really insecure their systems are.
When the NSA kicks Microsoft to the curb, maybe, just maybe,
you can start believing what they have to say.
Until then, the NSA is completely non-trustable.
funny…in the private sector…a security breach involves fines of millions of dollars…simply for losing silly things like users SSN or DOB.
http://nakedsecurity.sophos.com/2012/03/15/health-insurer-fined-data-breach/
Doesn't the NSA understand...
…that the old rhetoric is part of the PR problem and not the solution?
Every misstep they take in this public relations skirmish could have one wondering – are they really this incompetent and out of touch with their audience, the public? or is it some strategy of three dimensional chess they’re mounting?
I think neither. It’s easy to play dumb when you’ve done something dumb, because dumb never has to apologize or pay penance for being dumb. It’s considered politely excusable. It’s an easy strategy to fade into the shadows, like some juvenal embarrassment…which is where all this sneaky, unconstitutional and perverse behavior by the NSA started.
NSA hacked Belgium Foreign Ministry
http://www.deredactie.be/cm/vrtnieuws.english/News/130919_hacking
Not proven yet, but with the $50 billion dollar guerrilla (sic) in the room, it’s a near certainty.
The NSA is full of duties.
Thanks
We have an extremely good idea of exactly what data he got access to
Everything?