NSA Admits Lots Of People Could Have Done What Snowden Did

from the the-changing-story dept

The NSA keeps changing its story about Snowden. Was he brilliant or a nobody? Did he have access to all these documents or did he have to hack into systems? Did he get the important stuff or not? Each time the story seems to be different. A few months ago, you may recall the NSA insisted that Snowden needed to borrow the identities of others to access the documents he had. They also argued that he must have bypassed or deleted log files. However, in an interview, the NSA's Director of Technology, Lonny Anderson, admits that basically anyone at the NSA with top secret clearance could all access the same stuff and also claims that all the log files were there:
contrary to much of what's been reported about Snowden's work at the NSA, it wasn't his position as a systems administrator and the broad access to networks and databases that came with it that allowed him to steal so many secrets. Rather, Anderson said, "the lion's share" of the information Snowden obtained was available to him because of his top-secret security clearance -- TS/SCI -- which allowed him to access so-called sensitive compartmented information.

That's an important distinction, because it means any number of the thousands of people at the NSA with the same clearance level could have done what Snowden did -- not just the smaller number of systems administrators, who have a kind of "super user" access that isn't granted to all other employees. That helps explain why Anderson couldn't tell the White House that there were no more Snowdens. Theoretically, there could have been thousands of them.
Of course, who knows if Anderson is telling the truth. Later in the interview he seems to contradict himself -- both claiming that Snowden's activities on the network were tracked ("He was not a ghost. It's not like he was so stealthy that we didn't see his activities") and that Snowden was able to get away with what he did because he was "anonymous" on the network.
"Where I think we were negligent -- if we were negligent -- where we were is that we allowed him some form of anonymity as he did that. Someone wasn't watching all of that. So the lesson learned for us is that you've got to remove anonymity from the network."
I guess it's possible that the actions were tracked without the identification of who it was. Amusingly, you could argue that the NSA had the metadata on Snowden's actions, but not the actual details of who he was. Oh, the irony.

The one area where Snowden's sysadmin role apparently did play a part was in being able to get many of those documents off the network without being noticed. Part of his job was, as revealed earlier, to move documents around within the NSA's network, but his sysadmin status allowed him to download those documents without any alarm bells going off.
What Snowden could do as a systems administrator, as opposed to an employee without those privileges, was to "exfiltrate," or remove data from the NSA networks, Anderson said. "That, a normal user would not have been able to do." He acknowledged that the NSA's information control regime is not currently designed to alert officials when documents are being removed by a systems administrator. That's going to change, Anderson said. In the future, individuals will also be locked out of the networks if they remove data without authorization.
At this point, it's difficult to believe anything that the NSA is saying about Snowden, because so much of it seems to contradict what the NSA itself has said in the past. Perhaps that's just part of the disinformation campaign. Or, perhaps it's a sign that the NSA still has no clue what happened.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Charles (profile), Dec 31st, 2013 @ 9:13am

    but they didn't. Thank you Mr, Snowden.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Dec 31st, 2013 @ 9:18am

    So can we now assume that any criminal conviction that relied wholely or in part on evidence found on a computer is now going to be overturned on appeal?

    After all if anything on a computer can be manipulated or changed by thousands of NSA employees etc how can it be relied upon beyond reasonable doubt?

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Me, Dec 31st, 2013 @ 9:22am

    NSA Scumbags

    ""Where I think we were negligent -- if we were negligent..."
    _____________________

    Where the NSA was negligent wasn't in its sysops, but in condoning a culture that plays fast and loose with the rules, and seeing themselves as against the rest of us, innocent Americans and Pakistani terrorists alike. If the NSA had spent a bit more time self-evaluating, respecting and playing by the rules, and focusing on their actual mission instead of accumulating "all the date" (thus making real-world, helpful analysis next to impossible), we might have been able to stop the WTC bombing, 9/11, Madrid, London, Boston and now Volgograd (not to mentioned all the online security breaches: TJ Maxx, Target, Adobe, etc.). Why should the NSA actually stop real threats, terrorist and electronic, when they can justify billion-dollar budgets by creating an overly burdensome process that is self-sustaining in its impotence. When they don't catch the next bad guy, they'll use that failure to justify more money for themselves.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Dec 31st, 2013 @ 9:26am

    Oh the Irony

    So they know my cell phone stopped at Starbucks on 102 E. Main St. and my credit card made a purchase for $5.62 which according to their database is a coffee and a bagel with tax. Later my phone stopped at the bus stop around the corner and travelled to my place of work where my cell phone sat at my cubicle all day.

    But they cannot get their story straight on how Snowden took what.

    Maybe if they were paying attention to stuff that really mattered rather than where my cell phone is and what my credit card purchased they would have detected that Snowden was taking their documents and that the Underwear Bomber and Boston Bombers were about to strike.

    The NSA will Never Stop Anything.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Chronno S. Trigger (profile), Dec 31st, 2013 @ 9:30am

    Does anyone else think it's strange that you can look around the NSA network anonymously?

    If there are thousands of theoretical Snowdens, how many of those theoretical are black hats?

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    KoD, Dec 31st, 2013 @ 9:44am

    Re: NSA Scumbags

    I have a really hard time giving the NSA, or any government agency, the task of securing private networks, such as Target and Adobe etc. Investigate criminal activity after the fact? certainly. But being responsible for stopping breaches in those private networks would insert government agencies into a place they need not be.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Manabi (profile), Dec 31st, 2013 @ 9:47am

    Re:

    There may be another Snowden, although the evidence is a bit slim at the moment. The article by Der Speigel about the NSA interdicting hardware very carefully does not say the info came from the files Snowden leaked. And Glenn Grenwald has stated emphatically that he had nothing to do with that article and also points out they didn't say they were Snowden docs (see here). He says:
    I had no involvement in that Spiegel article, ask them - and they don't say those are Snowden docs.
    So this opens up the possibility that there's another leaker now.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    That One Guy (profile), Dec 31st, 2013 @ 9:47am

    Re:

    Does anyone else think it's strange that you can look around the NSA network anonymously?

    Not really.

    If the system they had was set up so you could actually track who did what with what information, then they'd lose their plausible deniability when someone actually tried to audit what exactly they'd been doing, as there would be actual records. With it set up like they're describing here though, anytime someone comes calling for details, they can just respond with 'no such records have been found', or 'we do not track that information'.

    Rather hard to hold a group accountable for their actions, if there's no records of their actions after all, and you can bet they know this.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Bob E Skunky, Dec 31st, 2013 @ 9:48am

    Useless

    Gathering the worlds data information from all sources and cannot secure themselves...
    Priceless

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    That One Guy (profile), Dec 31st, 2013 @ 9:50am

    Re: Re: NSA Scumbags

    They don't have to be directly involved to have an impact, for example, intentionally weakening computer security standards and programs, as the NSA has done, would have massive repercussions, and that would certainly include private network breaches that their actions enabled or helped.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    Jeremy Lyman (profile), Dec 31st, 2013 @ 10:08am

    Re: NSA Scumbags

    I haven't stopped any terrorist attacks. I must need more federal funding.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Dec 31st, 2013 @ 10:35am

    Re:

    Quite a few are black hats I'd imagine. Why do you think Russia and China's reaction to all the leaks has lacked any sign of them being truly surprised?

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Dec 31st, 2013 @ 10:43am

    What is the mark of a liar? It's never being able to keep the story straight. Here again you see that displayed by talking heads representing the agency to the public.

    If there is anything I've come to expect, it is that the NSA will never own up to it's faults. It will never tell the truth to anyone, no matter who that anyone is, including courts, oversight committees, nor anyone else.

    There is only one cure I see for an agency gone rapid. Remove it's funding, shut it down, and go through it with an impartial committee not beholding to any one group.

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    John Fenderson (profile), Dec 31st, 2013 @ 10:44am

    Re:

    What is the mark of a liar? It's never being able to keep the story straight


    No, that's only the mark of a bad liar. There are plenty of great liars who have no problem keeping their stories straight.

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    Mike Acker (profile), Dec 31st, 2013 @ 11:07am

    THINK

    remember what old Frank Roosevelt told us: "Anytime the government does anything you can bet it was carefully planned".

    cui bono?

    what changes will result from the Snowden leak? it's a puzzle: spooks always make every effort to be sure their accomplishments are not known. if Snowden was allowed to leak then that means what he has leaked -- was generally known to intelligence organizations around the world and all the uproar is is just part of the show.

    we have 2 federal judges conflicting on Section 215 -- setting the stage for a SCOTUS decision

    will NSA intelligence become admissible in court? no parallel detective work required to acquire evidence by legal means ? the "writ of assistance" noted in the 30c3 keynote?

    who are they after, anyhow?

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Dec 31st, 2013 @ 2:54pm

    Remember when top ranking officials were calling Snowden a "High School Dropout"? I was laughing my ass off. You mean to tell me a high school dropout outsmarted the entire US Government?

    What's that say about the intelligence of our government?

    Needless to say, top ranking officials dropped that attack angle, after they realized how dumb they sounded.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Rowan Berkeley, Dec 31st, 2013 @ 8:16pm

    NSA's Director of Technology, Lonny Anderson, is talking nonsense, IMHO

    The whole point about SCI is that it's compartmented. TS/SCI clearance does not confer global access, in fact it confers no access whatsoever by itself. After you get it, you can then be 'read into' whichever specific compartment or compartments are necessary for your work. That's all.

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    BernardoVerda (profile), Jan 1st, 2014 @ 1:14am

    Re: Re:

    That's just dumb enough to be one of those cases where "truth is stranger than fiction".

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    Hephaestus (profile), Jan 1st, 2014 @ 11:43am

    Let me get this straight, Lonny Anderson comments that anyone with a top secret clearance could have done this, contradicting everything said about the security of the system up to this point. Then he turns around and seemingly says we have logs, and can track you if you do this, which seems to be pointed at the people at the NSA, to prevent any repeats of the situation.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Brazenly Anonymous, Jan 2nd, 2014 @ 7:18am

    Re:

    Not at all. I'd be willing to place a fairly solid bet that, if the statements by Mr. Anderson are correct, the NSA was leveraging certain user accounts that anyone with the appropriate access could assume the identity of. Thus, while it would be clear that Snowden logged in as that user on a regular basis and that that user carried out the actions of accessing files, which actions of the privileged user were attributable to Snowden would be impossible to determine.

    Note that Snowden having root access as a system administrator may have originally led them to believe that Snowden was using the root user to retrieve the files, and since they couldn't see the root user doing so they would have assumed he altered log files to cover his tracks.

    Simply (theoretically, in practice it takes a while to sort everything out) swapping to a user-group model and carefully tracking the invocation of root privilege would address this issue. Such a model has been advocated as a best practice for a fairly long time, but as That One Guy pointed out, the NSA were probably resistant to invoking it.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Brazenly Anonymous, Jan 2nd, 2014 @ 7:31am

    Re: THINK

    Roosevelt's quote only applies to government action, and is rather suspect in itself. Even for government action, the bickering between political parties can often result in mid-stream changes that disrupt any kind of plan. "The best laid plans o' mice an' men, gang aft a-gley" applies here as well (oft go astray, if you're one to translate poetry).

    As for whether the leaks were carefully planned government actions, the response of certain government actors have demonstrated that they had no idea how much Snowden took. Further, such a gambit is a stunningly bad play for any entity with the power to actually pull it off.

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    jsf (profile), Jan 2nd, 2014 @ 9:04am

    A Lot of People Have Clearance

    The really funny thing about security clearances, is that a lot of people have them. From the reported numbers in 2010 over 1.1 million people have TS/SCI. About 45% of them being contractors. The other 55% being actual employees of the federal government. At a place like the NSA I would think something like 90%+ of the people there would have TC/SCI clearance.

    So pretty much anyone at the agency had access. Unless you were maybe the dishwasher in the cafeteria.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This