Ed Snowden Covered His Tracks Well; How Many Other NSA Staffers Did The Same?

from the gone-baby-gone dept

As we’ve seen, the NSA’s story on “abuses” keeps changing. First there were no abuses at all, then there were a whole lot of abuses (but all unintentional) and now we know that there also were a bunch of intentional abuses. But here’s the thing: these are only the abuses that the NSA caught. And, even then it’s sketchy. As Marcy Wheeler has detailed, many of the “unintentional abuses” look like they were merely classified that way, when, in reality, they may have been intentional. Thanks to the magic of the NSA’s special dictionary, they redefine abuses that exceed legal authority but are “performing the mission that the NSA wants them to perform” not as “abuses” but as “mistakes.”

Either way, that only counts the abuses and “mistakes” that the NSA’s audits discover. As we pointed out, it appears the NSA still has no idea what Ed Snowden took, which calls into question how good these so-called “audits” are. The latest reports coming out reveal that Snowden carefully bypassed or deleted the logs concerning his downloading actions:

The U.S. government’s efforts to determine which highly classified materials leaker Edward Snowden took from the National Security Agency have been frustrated by Snowden’s sophisticated efforts to cover his digital trail by deleting or bypassing electronic logs, government officials told The Associated Press. Such logs would have showed what information Snowden viewed or downloaded.

The government’s forensic investigation is wrestling with Snowden’s apparent ability to defeat safeguards established to monitor and deter people looking at information without proper permission, said the officials, who spoke on condition of anonymity because they weren’t authorized to discuss the sensitive developments publicly.

Remember when Snowden claimed that, from his desk, he could run searches on anyone, and various NSA defenders like Rep. Mike Rogers scoffed at the idea and called him a liar? They claimed that any such searches would turn up in the audits. But, of course, if you can delete the log files, then those audits are meaningless.

And, if Snowden could do it, it’s very, very likely that he’s not the only one employed by the NSA or contracting for the NSA who knows how to cover their digital trail. And that leads to a very obvious question: sure, the NSA knows about thousands of unintentional violations and a bunch of intentional violations — but what about all the violations it has no idea about because someone was able to bypass or delete the log files? Given that NSA employees almost certainly know that searches are audited, you’d have to imagine that nearly everyone who decided to willfully violate the law to, say, spy on a love interest (hello: LOVINT) or, perhaps, a personal enemy, would also seek ways to do so without leaving an incriminating log file. Snowden’s efforts show that’s possible — meaning that it’s likely others knew that as well.

And, given that it appears that top NSA brass may have been taken by surprise by this rather basic revelation (no audits are perfect, and smart folks like ones the NSA employs often know how to get around such things), it seems quite likely that the number of intentional NSA violations is much, much, much higher than is being reported, in part because the NSA itself still hasn’t been able to figure out what happened.

Filed Under: , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Ed Snowden Covered His Tracks Well; How Many Other NSA Staffers Did The Same?”

Subscribe: RSS Leave a comment
Dave Xanatos (profile) says:

Re: Smarter mice

Exactly. The problem isn’t the audits, the oversight, the leakers, the love interest spying, the secret courts and secret laws or any of that. The problem is YOU HAVE THE DATA. You have information you have no business having. If it didn’t exist as a collection (that you made) it would never ever be abused. And if the only way to get information that you need was through a narrowly defined court order, it would be much more difficult to abuse. And if all those orders were public, or at worst had a temporary seal, the likelihood of abuse is further diminished.

tldr: don’t collect more than you need, and stop doing things in secret and abuses go away.

Addendum: Hollow Man was not a good movie, but I love this line from it: “It’s amazing what you can do… when you don’t have to look at yourself in the mirror any more.” Hide everything and the mirror goes away along with the desire to follow all the little societal norms that enable trust to exist.

Anonymous Coward says:

Re: Re: Still not the point

No it isn’t pointless. It is the ENTIRE REASON that the leaks occurred in the first place and there is a story AT ALL. Ask yourself this, why exactly were those provisions added to the Constitution in the first place? The answer is EXACTLY to prevent the problems that are being revealed. They can try to dodge it and worm their way around it all they want but they can’t escape it as long as the point keeps being raised.

Anonymous Coward says:

Re: Re: Re: Still not the point

The partial problem is these problems did not exist when the constitution was written. Those people were not unintelligent. They tried to anticipate the social problems as they would exist for their era and anticipate what these are today but computers did not exist then and neither were there any televisions or radios or cars.

cffrost says:

Re: Re: Still not the point

“That point was made, and it got the situation no where. Relentlessly beating on a point that those in power have chosen to ignore is rather pointless[.]”

It most certainly is not pointless; rather, it is crucial (in my opinion) to continue to communicate that Constitutional violations may not be swept aside in favor of the endless lies, equivocating, and instances of limited-hangout they’re selling us as a distraction.

To play along with their charade is tantamount to saying (during an imaginary murder trial), “Alright, enough about the murder of your wife — we really need to talk about the verbal abuse. What were the arguments about, and had you ever been drunk on those occasions? These are the important matters to focus on.”

out_of_the_blue says:

Google Engineer Fired For Spying On Teen Users; Serious Privacy Concerns Raised


Auditing is intentionally easy to defeat because no spooks want to see more than a single bad ice cube in their iceberg of evil.

And by the way, Snowden was not an “NSA staffer”, merely a contract employee of Booz Hamilton, didn’t have high privileges.

Anonymous Coward says:

Of course NSA employees are justified in spying on people like their ex-girl friends who cheated on them and then deleting the evidence!

Who knows if your ex-girl friend might just be… an EVIL TERRORIST! After all, she left you for some guy with a beard! That’s good enough evidence that she’s into men who are terrorists!

out_of_the_blue says:

Another possibility is that they're simply lying that auditing even exists!

No high manager — already a knowing criminal running a spy network that definitely snoops on Congress and UN — is going to want an audit trail, and of course WE don’t have any way to check that there actually ever was such, so they can lie with impunity: we’re merely assuming what WE’D do, and believing the assertions of criminals. Yot, even I began by assuming there IS an audit trail! — As I told you, trust absolutely nothing and no one that’s been anywhere near NSA. They’re WAY ahead of us.

nasch (profile) says:

Re: Re:

I have redundant syslog servers for my lame setup that make me barely no money. You know, just in case. These cost next to nothing… just storage, and we all know they have plenty of that.

Talk about epic failure. And these are the experts? Just wow.

Redundant log backups alone don’t protect against this situation if the same person has access to both sets of logs. It would need to be set up so that the admins who have access to the primary logs do not have access to the backups, and vice versa. I’m not sure how easy that is to do, but apparently beyond the capability (or interest) of the NSA. Presumably they’ll be looking into it now.

madasahatter (profile) says:

Flaw in the Audits

You are assuming that logs are kept. If logging is minimized or not done then there is no trace.

Alternatively if logs are deleted on a very regular basis, say every 8 hrs audit trails would be very difficult to reconstruct.

Either way, it would be impossible to reconstruct what happened if the events occurred more than a few hours earlier.

Hephaestus (profile) says:

They probably are running huge drive arrays that do not have NTFS on them. Hence the lack of logging. Or maybe snowden had access to the backup system. Which would give him full access to pretty much anything.

Or this being the government, they probably forgot to enable Auditing.

Truth be told if he had access to the password files … he could have pretended to be anyone after about a week of number crunching, faster if CUDA’d it.

The Original Anonymous Coward (profile) says:

The answer was here earlier in Techdirt

Remember this article?


This is the best quote:

Schmidt, 73, who headed one of the more infamous departments in the infamous Stasi, called himself appalled. The dark side to gathering such a broad, seemingly untargeted, amount of information is obvious, he said.

?It is the height of naivete to think that once collected this information won?t be used,? he said. ?This is the nature of secret government organizations. The only way to protect the people?s privacy is not to allow the government to collect their information in the first place.?

tqk (profile) says:

Re: The answer was here earlier in Techdirt

The only way to protect the people?s privacy is not to allow the government to collect their information in the first place.

So, he’s saying there is no way to prevent it since that’s now proved to have failed to have any effect. Otherwise is like hoping for charity and mercy from a slavering predator as it circles you preparing to make a meal of you.

John Rocha, Jr. says:

Re: The answer was here earlier in Techdirt

These questions about permissions really irk me. And the questions about the release of information that you aren’t ever supposed to know or have any ideas about bother me greatly because there are no defenses against misuse of such information. I am allowing that the privacy issues that IT have about this are not really private but in such csses the longer the association the greater the chances for inference of those things you aren’t supposed to know. Do you see how imaginative this is? I have 40 yesrs behind me involvjng schizophrenia. If the NSA is so secret then you might be able to see some of my own issues about playing God and exactly what God is. E Snowden is being very explicit about what he knows and what he has discovered, but what of the implicit ideas that the NSA has educatsd him about these very ideas.IDEAS am personally very sensitized about questions that aren’t answerable by anyone that should be answerable at an explicit level of awareness. He violated his oath

Steven (profile) says:

“only the abuses that the NSA caught”

You mean ‘only the abuses the NSA has voluntarily admitted to, while our only means of verification is leaked documents.’

Given that congress is only getting what information the NSA deems it needs, and the FISC is only getting the information the NSA gives it, there is (as far as I know) no oversight to the NSA that actually has access to information on the NSA that doesn’t come from the NSA.

Anonymous Coward says:

They have lied every step of the way. Everytime they’ve come out with a claim of we don’t do that, the next day or two says, yeah they do do that.

I now understand that there is no truth in these matters coming from official sources. So that means future releases attempting to cover it up or make it sound better; they are lies too. Creditability is nil. The time is long past when they could have told the truth. Now is too little, much too late.

Congress will be coming back in session and they have frittered away what possible good will they could have had over coming clean with these security abuses. The question now is, how many changes, to whom, and how serious is congress about remaining in good light from their voters?

It is very plain that status quo is no longer defensible and no longer justifiable.

vastrightwing (profile) says:

Drain the GAS!

So the NSA wasn’t totally full of bumbling idiots. It’s clear one employee had some sense of what he was doing: he knew the system well enough to keep his trail clean. So much for the rest. They can’t even lie well enough to make credible statements. They can’t hide their own trail of miscreant deeds. So one lone wolf has the smarts to do what none of the other employees can do: hide their own tracks. Snowden needs to be the new head of the NSA. Clearly he has much more sense.

To be fair, the NSA thought they were above reproach, above the law: safe. I think in the end, they may be. I believe the politicians will fabricate some excuse to absolve NSA and their ilk of the wrong doing. They will just keep coming up with new excuses, new definitions (a la Bill Clinton), new interpretations of the constitution and wear the citizens down. The media will continue to attack Snowden and vilify him, call him a traitor, etc, etc. Never will they ever admit the people who should be vilified are the ones who created this debacle in the first place: the people who lied and lied and kept secrets from its own citizens. No, that won’t do. Attack the whistle blower instead. He’s one target, as opposed to multitudes of duplicitous insiders who enabled this mess.

My next question is what is Snowden not revealing to us? I see the current revelations like an ice berg: we can see the very top, but not the rest hidden under water. I think what we’re seeing is only what’s palatable to the public. I think what is hidden is so bad we don’t have the imagination to consider it.

My solution is easy. Defund. Remove the fuel. We can’t undo what was done, but the machine is so big and so thirsty, defeating it is simple. Remove the gas, the money or whatever euphemism you want to call it. That will do just fine. It’s completely simple and then the money can be put to better use.

Anonymous Coward says:

Re: Drain the GAS!

“My solution is easy. Defund. Remove the fuel.”

I think it may be too late – we have passed the tipping point. Imagine what happens if a load of well paid spooks suddenly find themselves on the jobs market.
Ability to infect and own a computer from the other side of the world is probably of little interest to Wallmart or McDonalds so there will suddenly be a large number of cyber-terrorists for hire, just as many former KGB operatives went into some very disreputable occupations when they lost their day jobs.
I suggest that after de-funding the NSA the people who are let go either by the NSA or by private enterprise should be rendered immediately to Gitmo as they are much more likely to become terrorists than most of the current occupants.
Is there an ice-cube’s chance in Hell of this happening? I think not

Anonymous Coward says:

I wonder how many NSA employees engaged in blackmail or corporate espionage? Would’ve been easy with that setup.

Well, since they apparently don’t create log backups or somesuch, I suppose we’ll never know.

(…Now I wonder how many of the top brass still defending the NSA’s spying capabilities were making money from it on the side. Maybe the easily deletable logs were set up that way intentionally?)

DB (profile) says:

The press stories were written for a non-technical audience. The congressional briefings were probably at the same level.

It’s likely that searches were done through a designated application, which produced the logs and audit trail. If you didn’t use that application, no logs were produced.

This approach is pretty much required with massive databases. Imagine a 1TB database is on a network file system, and the whole database needs to be scanned to get possible matches. You can record the query, which is probably a single line of text, you can record the results, which could be millions of records with an unexpectedly loose search, or you can record ever block read, which would be a very large list of every block in the file.

So it may be that the possible set of compromised files is every one that his machine had access to.

Anonymous Coward says:

All it takes is one hacker to get access to the largest collection of data ever to completely fuck shit up. It’s not a matter of if but when.

Identity theft is already easy and you don’t even need 100% correct information you just need the right support operator and it’s all over. Social engineering can go a long way and with complete data any average Joe could pull it off with no social engineering skills period.

Social engineering is far more than just lying to someone you’re evaluating every little thing of the person you’re talking with.

Are they tired? This can be good or bad depending on the person and it’s relatively easy to to judge if they are.

Are you able to throw them off with questions about the company? If so it’s very likely they’re new.

Can you make a personal connection with their personality?
If so try bullshitting with them and if they’re laughing you got them because they’re connecting with you therefore lowering their guard. That means while you’re scamming them all you have to do is keep them laughing while resetting data to give you fresh passwords even if I only knew about 40% of the security information. They’ll chock it up to me being a moron who cannot remember their security info. It happens so much operators overlook that it’s easily abused.

It gets easier at the end of the week because they want to go home. Same goes for weekends because people hate working weekends.

With perfect information I wouldn’t have to do any of that to get what I wanted.
In the past I’ve done this all in person almost flawless over 200 times. Although mine was not to seal identities, but to forge prescriptions for narcotic pain killers. They both work the same way.

Now lets look at what happens when a leak happens. It’s going to be nearly impossible to prove who you say you are unless it’s in person. It would flip the online banking world upside down. Any website with account recovery options would be forced to disable it.

That type of database should not exist EVER it’s a fucking atomic bomb with with no visible timer.

HG (profile) says:

In a journalism textbook, this article would be an excellent example of shoddy reportage. Like many people covering this topic of late, Mr. Masnick unquestioningly accepts everything Mr. Snowden alleges as irrefutable fact. Mr. Masnick also speculates with utterly no attribution and then “reports” his own conclusions as “facts.” The headline writer — quite possibly not Mr. Masnick — then compounds these flaws by making a factual assertion even Mr. Masnick’s shoddy article does not proffer.

That One Guy (profile) says:

Re: Re:

You know, for all your claims about how Masnick is somehow wrong, I notice you didn’t provide a single piece of counter-evidence, or even pointed to what he got wrong, but rather spent the entire comment just attacking his ‘shoddy article’ and him personally.

Honestly, the NSA needs to pay you PR damage control guys more if this is the best they get currently…

John Rocha, Jr. says:

I have a simple problem with all of this reportage. It is a charade to seek information. The dates and times are off and they are very current and the sensitivity of the system I am using…
What implicitness are you inferring about my explicitness? Maybe you and I aren’t just machine, excuse me, artificial intelligences.
Ignorance is bliss? You sure could fool me.
In this world you have to know what is happening before you can defend. But where are the proofs?
Agencies like the NSA have them.The machines that these agents work on are always in jeopardy every moment they live. It becomes easier with experience to become slotted into someone’s drawer in a typical bureaucratic sense.
If you are working for the government you cannot abet anyone that runs the risk of taking money from her. It means the security of a position in jeopardy. If you are this person then it means your financial security. And God forbid, we can’t change that.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...