Bruce Schneier: Sure, Russia & China Probably Have The Snowden Docs… But Not Because Of Snowden

from the because-espionage dept

Given all the fuss over the ridiculous article this past weekend — which has since been confirmed as government stenography rather than actual reporting — security maven Bruce Schneier has written up an article making a key point. It’s quite likely that the underlying point in the article — that Russian and Chinese intelligence agencies have access to the documents that Snowden originally handed over to reporters — is absolutely true. But, much more importantly, he argues, the reason likely has almost nothing to do with Snowden.

First, he notes, it’s quite likely that Snowden — as he has said — no longer has access to the documents. But other people do. And they’re not as knowledgeable about encryption and spycraft as Snowden is.

First, the journalists working with the documents. I?ve handled some of the Snowden documents myself, and even though I?m a paranoid cryptographer, I know how difficult it is to maintain perfect security. It?s been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it?s almost certainly not enough to keep out the world?s intelligence services.

There is a lot of evidence for this belief. We know from other top-secret NSA documents that as far back as 2008, the agency?s Tailored Access Operations group has extraordinary capabilities to hack into and ?exfiltrate? data from specific computers, even if those computers are highly secured and not connected to the Internet.

These NSA capabilities are not unique, and it?s reasonable to assume both that other countries had similar capabilities in 2008 and that everyone has improved their attack techniques in the seven years since then.

But, the second point is an even bigger one, which is that it’s highly likely that Russian and Chinese intelligence got these documents long before Snowden gave them to the press, because that’s what spies do.

Which brings me to the second potential source of these documents to foreign intelligence agencies: the US and UK governments themselves. I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they?ve penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades.

Those government hacking examples above were against unclassified networks, but the nation-state techniques we?re seeing work against classified and unconnected networks as well. In general, it?s far easier to attack a network than it is to defend the same network. This isn?t a statement about willpower or budget; it?s how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462?456 twenty minutes into the game. In other words, it?s all offense and no defense.

In this kind of environment, we simply have to assume that even our classified networks have been penetrated. Remember that Snowden was able to wander through the NSA?s networks with impunity, and that the agency had so few controls in place that the only way they can guess what has been taken is to extrapolate based on what has been published. Does anyone believe that Snowden was the first to take advantage of that lax security? I don?t.

Remember, this is the same government that’s now reeling from the Chinese hacking of OPM getting all the secrets of government employees, including those with security clearances. It was a hack so impressive that even Michael Hayden — former CIA and NSA boss — can’t hide his appreciation of the work that was done. Hayden called it “honorable espionage work” by the Chinese and further notes that he “would not have thought twice” if he had the ability to get the same info from the Chinese.

These are the games that intelligence agencies play all the time. Schneier’s piece has a lot more in it, but the idea that the Russians and Chinese learned anything particularly new or useful from the Snowden documents — or that they even got them from Snowden’s document dump — seems quite dubious.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Bruce Schneier: Sure, Russia & China Probably Have The Snowden Docs… But Not Because Of Snowden”

Subscribe: RSS Leave a comment
28 Comments
Self-declared Non-kook says:

Glad it's B.S.! Otherwise just another conspiracy kook speculating at random on details he can't possibly know!

THIS is what I come to Techdirt for: another version of The Official Sub-sub-story, instead of whether the seven top internet corporations are in cahoots with globalists besides NSA. It’s safe and doesn’t disturb.

Anonymous Coward says:

Re: Glad it's B.S.! Otherwise just another conspiracy kook speculating at random on details he can't possibly know!

Seriously, you can’t even parody right.

One tip, blue; if you want to stop giving yourself away, stop fucking around with Tor. Your posts always come through so the double IP address-posting is useless.

ottermaton (profile) says:

the agency’s Tailored Access Operations group has extraordinary capabilities to hack into and “exfiltrate” data from specific computers, even if those computers are highly secured and not connected to the Internet.

How is this even possible? I looked through the linked article and found no mentions of this capability. I understand that in their operations where they intercept packages and add mal/hard-ware to products these could then be subverted to access another network that is connected to the “target” PC/network, but if the systems are fully isolated (and not having wireless capability built-in or attached) I don’t see how this could be possible.

I suppose part of the payload they add to a package could be wireless transmitters and they could set up receivers nearby, but that’s the only situation where I can imagine getting access to a fully isolated system. Or am I missing something?

Anonymous Coward says:

Re: Re:

There are many ways.

Plant mal-ware on the systems before they even arrive at their destination.

Use standard virus techniques and wait for someone to move a usb drive from one machine to another.

Bribe someone to put malware on the machine.

Inflitrate another computer, say from an AC vendor, that ends up near a wi-fi access point for the secure network.

Insert malicious code on the users phones and use it as a stepping stone to access the computer.

Once a machine is infected, there are all sorts of covert channels to move the data out. My favorite is ultra-sonic communications through the speaker.

I’ve been told about an air gapped network that was hacked as far back as the late 80’s, and I haven’t even tried to find out how far back it goes.

Anonymous Coward says:

Re: Re: Re:

Wim van Eck wrote his paper in 1985 about copying CRT transmissions through electromagnetic radiation, that was probably the first air gap compromise that I’m familiar with. I’m almost positive though that there must be something further back perhaps WWII and figuring out the codex for Engima, though that was a network in itself so wouldn’t count.

Anonymous Coward says:

Re: Re:

During one of the penetration test exercises, the vendor was about to give up because they couldn’t get in, until someone plugged in a laptop, which bridged the secure network with a “guest” network. Leveraging that bridge they were then quickly able to exploit a network printer which provided a more robust connection. Went downhill from there on.

Anonymous Coward says:

Re: Re:

You’re missing something…

NSA and CIA agents.

Oh, and USB sticks.

The classic method was used to infect Iran with Stuxnet, and it has been repeated with Duqu (although with Duqu 2.0 they appear to have gone for the social engineer via email method).

All it takes is someone with 10 seconds of unobserved access to a USB port of a computer that might share passing communications with the airgapped computer in question — an update server, for example. Since nothing malicious will be happening on that computer itself and the attack is targeted, it will likely go undetected. Then, as soon as the right circumstances present themselves… bam. Data is transferred and malicious system is set up. On the next update, the collected data goes back to the transfer medium to be sent back up to a networked machine.

And this is fancy cloak and dagger stuff; the standard kind is to have someone walk in when they know the device is unattended, slip a hardware bug (with transmitter) into the computer in question, and leave. Such methods are detailed in the Snowden documents, and have been going on since at least 2008.

Anonymous Anonymous Coward says:

Are Both True?

North Korea hacked Sony.

China hacked OPM.

Take government accusations with a grain of salt the size of our moon.

The likelihood of someone having beaten Snowden to the documents he took is high. On the other hand Snowden was looking to embarrass (erm reveal duplicity of) the Government, and others might have been looking for something else.

Self-declared Non-kook says:

Glad it's B.S.! Otherwise just another conspiracy kook speculating at random on details he can't possibly know!

THIS is what I come to Techdirt for: another version of The Official Sub-sub-story, instead of whether the seven top internet corporations are in cahoots with globalists besides NSA. It’s safe and doesn’t disturb.

That One Guy (profile) says:

No 'maybe' about it

The only reason the NSA knows that Snowden grabbed anything is because he told them. If their internal security is that pathetic, it is absolutely guaranteed that other government spy agencies had, and quite likely continue to have, access to NSA files, whether it’s through hacking in, or having someone on the inside feeding them intel.

Trying to blame Snowden is just a pathetic attempt at saving face, so they don’t have to admit that their systems and security were/are so full of holes that anyone who put even moderate effort could have gained access.

Anonymous Coward says:

Michael Hayden? Expert?

It was a hack so impressive that even Michael Hayden — former CIA and NSA boss — can’t hide his appreciation of the work that was done.

Shows you how much Mr. Hayden knows about computer security. If the reports are correct, the only difference between those servers and a wet paper bag would be that the wet paper bag would have been harder to break into. I am actually more surprised that nobody else broke in. And when I mean is I am not trusting anyone who says that “they” (whether it be China or someone else) were the only ones with access to the system. And how would they know…they accidentally discovered the break-in they found. How can they have any idea who else was there?

Stephen says:

Did TechDirt Read the Comments Section?

If they had they might have seen the one I posted, which read as dollows:

Mr Schneier should go read the Globe and Mail’s article titled “Snowden’s lawyer slams Times story claiming leaks ‘betrayed’ British spies”.

In that article the lawyer, Robert Tibbo, who was Snowden’s lawyer in Hong Kong, in an interview is quoted as saying “‘There was no data in a cloud. He passed the data on to the journalists and that was it. Any actual copy he had with him was destroyed [before he left Hong Kong], precisely to avoid it from being seized or intercepted. I was a witness to all of that.'”

That article can be found at:

http://www.theglobeandmail.com/news/national/snowdens-lawyer-slams-times-story-claiming-leaks-betrayed-british-spies/article24986059/

There we have an eyewiitness to Snowden’s claim that he erased his copy of the documents before he left Hong Kong.

But that aside even if the Sunday Times article WAS true, think about it. Any knowledge the Brits might have that the Russians or the Chinese had cracked Snowden’s files would surely be highly classified. Yet a British government goes and blabs about to the British press, thereby alerting the Russians and/or the Chinese that the British know. So now the Brits have their own Snowden to deal with. That is, someone (in their Home Office) leaking unauthorised material to the press.

Anonymous Coward says:

Bruce makes a good point about journalists getting hacked. I believe Glen Greenwald has stated that someone broke into his house and stole one of his laptops. Plus what happened to his partner at the UK airport.

Just think what’s happening to all the other journalists out there. Electronic security is really really hard.

GEMont (profile) says:

When a leak is not a leak....

One other way that these documents could end up in the hands of the Chinese and others, was missed by the article.

And a very common and familiar method it is.

And that method is that the USG itself “leaked” most of the documents to foreign powers in order to discredit Snowden in the public forum and to give phony “substance” to their claims that Snowden “gave” these foreign governments access to the documents.

Once they can get most of the US pub “behind the plan”, through such subterfuge, they can Barrack O-bomber Drone Snowden’s sanctuary and finally kill the man who bared their crimes to the public.

Considering the lax attitude the USG has had in past with leaking very, very sensitive documents for exactly this sort of purpose, I would suspect this to be the most likely method used.

observer says:

Re: When a leak is not a leak....

Except that Snowden’s sanctuary is in Moscow. You can’t drone-bomb it, and if you tried then you’d start World War III. For all the US and UK governments and their apologists/propagandists are somewhat irrational in their hatred of Snowden – what exactly would all the grotesque revenge fantasies you see in newspaper comment threads accomplish at this stage? – I doubt they’re quite THAT irrational.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...