NSA's Latest Euphemism For Security Lapses That Allowed Snowden Leaks: The Leaks Were 'Masked By His Job Duties'

from the in-other-words,-it-was-not-secure dept

We’ve already covered a few times how, despite the NSA’s (and its defenders’) repeated claims that its systems can’t be abused because of its vaunted “auditability,” the fact that Snowden got access to all those documents without anyone being able to figure out what he took shows that the audits don’t work. It became clear that the audits appear to only apply to analysts, but not sys admins like Snowden, and there are around 1,000 of those, leading to the obvious question: how many others also got classified info without anyone noticing it? One officials has tried to make it out that Snowden was “too brilliant” to work for the NSA, since he covered his tracks. While every indication is that Snowden was, in fact, quite good at his job, and able to cover his tracks well, it’s not at all clear that what he did was particularly unique or special.

In fact, the latest spin from the NSA is to claim that he wasn’t that “gifted” at all, but rather than the leaks were “masked by his job duties.”

“His job was to do what he did. He wasn’t a ghost. He wasn’t that clever. He did his job. He was observed [moving documents], but it was his job.”

That report also quotes the NSA’s CTO as saying that now, about four months later, the NSA finally has a “good idea” of what Snowden got:

“We have an extremely good idea of exactly what data he got access to and how exactly he got access to it,” says the NSA’s chief technology officer, Lonny Anderson.

Only took four months. Of course, all of this, once again, raises all sorts of questions. It shows that the NSA’s audits were basically non-existent for a very large number of people. It shows that the NSA has almost no legitimate way to go back and see if there were widespread abuses among others with similar “job duties.” If it was his “job” to do these kinds of things, and there was no real way to track him without many months of work (and even then, only to the degree that the NSA has a “good idea” of what he did), then there’s no real accountability there at all. At this point, it seems reasonable to use this to assume that the NSA’s systems aren’t even remotely secure, and have regularly been abused, without anyone at the NSA even knowing about it. After all, the NSA itself is admitting that someone doesn’t even need to be “that clever” to abscond with tens of thousands of classified info on top secret programs and leave an almost non-existent trail.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “NSA's Latest Euphemism For Security Lapses That Allowed Snowden Leaks: The Leaks Were 'Masked By His Job Duties'”

Subscribe: RSS Leave a comment
23 Comments
silverscarcat (profile) says:

It's a good thing...

That Snowden isn’t a traitor. Imagine if he had as many morals as the NSA does or Obama does…

He could have sold all classified dealings to Russia and China, putting troops in harms way, revealing spies that worked for the CIA, gotten China and Russia HUGE advantages when it comes to economic policies for money.

Or even worse, he could have given it to Al Qaeda secretly so they could kill more people easier in the Middle East.

I bet that there’s at least one person who works for the NSA that would have or could have done that.

Anonymous Coward says:

Re: It's a good thing...

The NSA’s own claims that 20% of those applying to that agency for jobs were Al Qaeda linked does not give one confidence that the NSA is all that secure. It only takes one in Snowden’s position to set all of the security measures as non-existent.

Given that the left does not know what the right hand is doing, exactly how are we more secure with NSAs functions? I’d say it is the opposite. When they have a known, verifiable, leak and can’t tell precisely what was taken, how much easier must it be to be an unknown doing that? Again we see that the functions the NSA wants to continue doing, is highly suspect.

We’re not even talking about how the public views these operations nor how the public is considered the enemy. This is a bad setup, doing illegal things against the Constitution, with no oversight, no accountability, and no method of knowing exactly what anyone is really doing to look at it on the surface.

The more that comes out, the worse it continues to look.

Todd Knarr (profile) says:

Re: Re: It's a good thing...

The number of applicants isn’t a good measure. Anybody can fill out the paperwork and apply. I’d look at the number who got past the point in the screening process where they check your background for links to enemy organizations. And even then, the biggest threats are going to be the ones who had no such connections when they were hired but have acquired them subsequently. Well, the second-biggest threats, the biggest IMO are the employees who aren’t connected to any enemies, they’ve simply decided that the NSA itself is a threat that needs exposed.

Anonymous Coward says:

Re: Re: Re: It's a good thing...

If you throw enough darts at a dart board, sooner or later you’re gonna hit the thing. Throwing applicants at the NSA for hire will sooner or later allow them to figure out how to get by. When they do, exactly how will you know? A sleeper isn’t going to willingly give himself away, he’s going to wait on some good stuff to do whomever the most good.

If they can’t tell now, what Snowden got exactly, how will they tell when the next yoyo comes up to try it? Would they be able for instance to say that all operatives in such and such area are now known and pull them out or would it come down to so many turning up dead before they figure out it isn’t accidents, it’s planned reprisal. Without being able to trace who goes where and does what on an internal supposedly secure network, there’s no clue as what or who is in danger. Much better not to have that supposed data gathered in the same network at all.

Yet we are to trust big brother with this info when even they can’t get a handle on it nor tell with all of it there that there is early warning of some incident happening. With all the clues, with Russia telling them there was a problem with two brothers, with a couple of years advance notice, they still weren’t able to prevent the Boston Bombing. Sure doesn’t sound to me with the risk involved that it is worth having that data, much less collecting it.

Trails on a phone says:

Re: Duh

This problem has been solved in the private sector for some time. A secure auditable system has a separation. The audit log is kept on specific system. People who have access to the audit log cannot access the audited data and vice versa.

That Snowden appeared to have both indicates a key process flaw at the NSA. That this is SOP in regulated private sector should be particularly embarrassing to the NSA.

Nastybutler77 (profile) says:

Four months. And that’s with Snowden comming forward and announcing that he was responsible. Imaging how screwed the NSA would be if they didn’t even know who was leaking this info. So the fact that others could be doing the same thing, but just selling the info to other countries, should be a wake up call to Clapper and the rest of these unscrupulous morons.

SpaceLifeForm says:

Re: from the NSA

Don’t believe your buddy.
I have a very sound clue as to what he did.
And the fact that they say they know, or they don’t know,
has to tell you that they are liars.
That have to have a good idea (since I do), and for
some reason, they don’t really want to admit it.
Which tells you how really insecure their systems are.
When the NSA kicks Microsoft to the curb, maybe, just maybe,
you can start believing what they have to say.
Until then, the NSA is completely non-trustable.

Wiley Q says:

Doesn't the NSA understand...

…that the old rhetoric is part of the PR problem and not the solution?

Every misstep they take in this public relations skirmish could have one wondering – are they really this incompetent and out of touch with their audience, the public? or is it some strategy of three dimensional chess they’re mounting?

I think neither. It’s easy to play dumb when you’ve done something dumb, because dumb never has to apologize or pay penance for being dumb. It’s considered politely excusable. It’s an easy strategy to fade into the shadows, like some juvenal embarrassment…which is where all this sneaky, unconstitutional and perverse behavior by the NSA started.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...