HideOnly 2 days left to get your copy of the CIA's declassified training game by backing CIA: Collect It All on Kickstarter »
HideOnly 2 days left to get your copy of the CIA's declassified training game by backing CIA: Collect It All on Kickstarter »

Bruce Schneier: Sure, Russia & China Probably Have The Snowden Docs... But Not Because Of Snowden

from the because-espionage dept

Given all the fuss over the ridiculous article this past weekend -- which has since been confirmed as government stenography rather than actual reporting -- security maven Bruce Schneier has written up an article making a key point. It's quite likely that the underlying point in the article -- that Russian and Chinese intelligence agencies have access to the documents that Snowden originally handed over to reporters -- is absolutely true. But, much more importantly, he argues, the reason likely has almost nothing to do with Snowden.

First, he notes, it's quite likely that Snowden -- as he has said -- no longer has access to the documents. But other people do. And they're not as knowledgeable about encryption and spycraft as Snowden is.

First, the journalists working with the documents. I’ve handled some of the Snowden documents myself, and even though I’m a paranoid cryptographer, I know how difficult it is to maintain perfect security. It’s been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it’s almost certainly not enough to keep out the world’s intelligence services.

There is a lot of evidence for this belief. We know from other top-secret NSA documents that as far back as 2008, the agency’s Tailored Access Operations group has extraordinary capabilities to hack into and “exfiltrate” data from specific computers, even if those computers are highly secured and not connected to the Internet.

These NSA capabilities are not unique, and it’s reasonable to assume both that other countries had similar capabilities in 2008 and that everyone has improved their attack techniques in the seven years since then.

But, the second point is an even bigger one, which is that it's highly likely that Russian and Chinese intelligence got these documents long before Snowden gave them to the press, because that's what spies do.

Which brings me to the second potential source of these documents to foreign intelligence agencies: the US and UK governments themselves. I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they’ve penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades.

Those government hacking examples above were against unclassified networks, but the nation-state techniques we’re seeing work against classified and unconnected networks as well. In general, it’s far easier to attack a network than it is to defend the same network. This isn’t a statement about willpower or budget; it’s how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game. In other words, it’s all offense and no defense.

In this kind of environment, we simply have to assume that even our classified networks have been penetrated. Remember that Snowden was able to wander through the NSA’s networks with impunity, and that the agency had so few controls in place that the only way they can guess what has been taken is to extrapolate based on what has been published. Does anyone believe that Snowden was the first to take advantage of that lax security? I don’t.

Remember, this is the same government that's now reeling from the Chinese hacking of OPM getting all the secrets of government employees, including those with security clearances. It was a hack so impressive that even Michael Hayden -- former CIA and NSA boss -- can't hide his appreciation of the work that was done. Hayden called it "honorable espionage work" by the Chinese and further notes that he "would not have thought twice" if he had the ability to get the same info from the Chinese.

These are the games that intelligence agencies play all the time. Schneier's piece has a lot more in it, but the idea that the Russians and Chinese learned anything particularly new or useful from the Snowden documents -- or that they even got them from Snowden's document dump -- seems quite dubious.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ninja (profile), 17 Jun 2015 @ 9:29am

    Does anyone believe that Snowden was the first to take advantage of that lax security?

    The Government?

    reply to this | link to this | view in chronology ]

  • identicon
    Baron von Robber, 17 Jun 2015 @ 10:54am

    "No secrets"

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jun 2015 @ 11:01am

    Trust us...

    We're from the government. We're here to help. Let us and our corporate brethren hold your information for you. Or at least give us golden keys to it all. It will all be perfectly safe. We promise. Trust us.

    reply to this | link to this | view in chronology ]

  • icon
    Agonistes (profile), 17 Jun 2015 @ 11:12am

    At this point, I actually put more clout in the Chinese denial of the hack than anything .gov tells us.

    reply to this | link to this | view in chronology ]

  • identicon
    Self-declared Non-kook, 17 Jun 2015 @ 11:13am

    Glad it's B.S.! Otherwise just another conspiracy kook speculating at random on details he can't possibly know!

    THIS is what I come to Techdirt for: another version of The Official Sub-sub-story, instead of whether the seven top internet corporations are in cahoots with globalists besides NSA. It's safe and doesn't disturb.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Jun 2015 @ 2:28am

      Re: Glad it's B.S.! Otherwise just another conspiracy kook speculating at random on details he can't possibly know!

      Seriously, you can't even parody right.

      One tip, blue; if you want to stop giving yourself away, stop fucking around with Tor. Your posts always come through so the double IP address-posting is useless.

      reply to this | link to this | view in chronology ]

  • icon
    ottermaton (profile), 17 Jun 2015 @ 11:14am

    the agency’s Tailored Access Operations group has extraordinary capabilities to hack into and “exfiltrate” data from specific computers, even if those computers are highly secured and not connected to the Internet.

    How is this even possible? I looked through the linked article and found no mentions of this capability. I understand that in their operations where they intercept packages and add mal/hard-ware to products these could then be subverted to access another network that is connected to the "target" PC/network, but if the systems are fully isolated (and not having wireless capability built-in or attached) I don't see how this could be possible.

    I suppose part of the payload they add to a package could be wireless transmitters and they could set up receivers nearby, but that's the only situation where I can imagine getting access to a fully isolated system. Or am I missing something?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Anonymous Coward, 17 Jun 2015 @ 11:19am

      Re:

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Jun 2015 @ 11:22am

      Re:

      There are many ways.

      Plant mal-ware on the systems before they even arrive at their destination.

      Use standard virus techniques and wait for someone to move a usb drive from one machine to another.

      Bribe someone to put malware on the machine.

      Inflitrate another computer, say from an AC vendor, that ends up near a wi-fi access point for the secure network.

      Insert malicious code on the users phones and use it as a stepping stone to access the computer.

      Once a machine is infected, there are all sorts of covert channels to move the data out. My favorite is ultra-sonic communications through the speaker.

      I've been told about an air gapped network that was hacked as far back as the late 80's, and I haven't even tried to find out how far back it goes.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 17 Jun 2015 @ 11:42am

        Re: Re:

        Wim van Eck wrote his paper in 1985 about copying CRT transmissions through electromagnetic radiation, that was probably the first air gap compromise that I'm familiar with. I'm almost positive though that there must be something further back perhaps WWII and figuring out the codex for Engima, though that was a network in itself so wouldn't count.

        reply to this | link to this | view in chronology ]

      • icon
        nasch (profile), 22 Jun 2015 @ 6:49pm

        Re: Re:

        Inflitrate another computer, say from an AC vendor, that ends up near a wi-fi access point for the secure network.

        If it has a wifi access point, can it really be considered a secure network?

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Jun 2015 @ 12:19pm

      Re:

      During one of the penetration test exercises, the vendor was about to give up because they couldn't get in, until someone plugged in a laptop, which bridged the secure network with a "guest" network. Leveraging that bridge they were then quickly able to exploit a network printer which provided a more robust connection. Went downhill from there on.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Jun 2015 @ 4:24pm

      Re:

      You're missing something...

      NSA and CIA agents.

      Oh, and USB sticks.

      The classic method was used to infect Iran with Stuxnet, and it has been repeated with Duqu (although with Duqu 2.0 they appear to have gone for the social engineer via email method).

      All it takes is someone with 10 seconds of unobserved access to a USB port of a computer that might share passing communications with the airgapped computer in question -- an update server, for example. Since nothing malicious will be happening on that computer itself and the attack is targeted, it will likely go undetected. Then, as soon as the right circumstances present themselves... bam. Data is transferred and malicious system is set up. On the next update, the collected data goes back to the transfer medium to be sent back up to a networked machine.

      And this is fancy cloak and dagger stuff; the standard kind is to have someone walk in when they know the device is unattended, slip a hardware bug (with transmitter) into the computer in question, and leave. Such methods are detailed in the Snowden documents, and have been going on since at least 2008.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Jun 2015 @ 9:02pm

      Re:

      Look up the Equation group. A cool-sounding psuedonym for NSA's TAO

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Anonymous Coward, 17 Jun 2015 @ 11:16am

    Are Both True?

    North Korea hacked Sony.

    China hacked OPM.

    Take government accusations with a grain of salt the size of our moon.

    The likelihood of someone having beaten Snowden to the documents he took is high. On the other hand Snowden was looking to embarrass (erm reveal duplicity of) the Government, and others might have been looking for something else.

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Self-declared Non-kook, 17 Jun 2015 @ 11:18am

    Glad it's B.S.! Otherwise just another conspiracy kook speculating at random on details he can't possibly know!

    THIS is what I come to Techdirt for: another version of The Official Sub-sub-story, instead of whether the seven top internet corporations are in cahoots with globalists besides NSA. It's safe and doesn't disturb.

    reply to this | link to this | view in chronology ]

  • icon
    wereisjessicahyde (profile), 17 Jun 2015 @ 12:46pm

    Spies doing secret err..spiey stuff, whatever next? The worlds gone mad I tell you.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jun 2015 @ 2:04pm

    i still think the main aim of the article was to put more credence on to the plans of that dangerous UK Home Secretary, Theresa May. she wants to be able to hack into any computer, anywhere in the world, open any and all emails, txts, and letters, as well as able to hear actual conversations!

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 17 Jun 2015 @ 2:07pm

    No 'maybe' about it

    The only reason the NSA knows that Snowden grabbed anything is because he told them. If their internal security is that pathetic, it is absolutely guaranteed that other government spy agencies had, and quite likely continue to have, access to NSA files, whether it's through hacking in, or having someone on the inside feeding them intel.

    Trying to blame Snowden is just a pathetic attempt at saving face, so they don't have to admit that their systems and security were/are so full of holes that anyone who put even moderate effort could have gained access.

    reply to this | link to this | view in chronology ]

    • identicon
      observer, 17 Jun 2015 @ 5:21pm

      Re: No 'maybe' about it

      It's what I've been saying throughout. If one rogue sysadmin can pwn the mighty NSA so hard it doesn't even know how hard it's been pwned, what chance does it have against the Russian or Chinese government?

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jun 2015 @ 5:49pm

    Michael Hayden? Expert?

    It was a hack so impressive that even Michael Hayden -- former CIA and NSA boss -- can't hide his appreciation of the work that was done.

    Shows you how much Mr. Hayden knows about computer security. If the reports are correct, the only difference between those servers and a wet paper bag would be that the wet paper bag would have been harder to break into. I am actually more surprised that nobody else broke in. And when I mean is I am not trusting anyone who says that "they" (whether it be China or someone else) were the only ones with access to the system. And how would they know...they accidentally discovered the break-in they found. How can they have any idea who else was there?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jun 2015 @ 5:51pm

    If they have the shit on every federal employee why not this also? Seems to be the American government mind set, we don't need to solve the countries problems, we need to find a scapegoat.

    reply to this | link to this | view in chronology ]

  • identicon
    Stephen, 17 Jun 2015 @ 7:37pm

    Did TechDirt Read the Comments Section?

    If they had they might have seen the one I posted, which read as dollows:
    Mr Schneier should go read the Globe and Mail's article titled "Snowden’s lawyer slams Times story claiming leaks ‘betrayed’ British spies".

    In that article the lawyer, Robert Tibbo, who was Snowden's lawyer in Hong Kong, in an interview is quoted as saying "'There was no data in a cloud. He passed the data on to the journalists and that was it. Any actual copy he had with him was destroyed [before he left Hong Kong], precisely to avoid it from being seized or intercepted. I was a witness to all of that.'"
    That article can be found at:

    http://www.theglobeandmail.com/news/national/snowdens-lawyer-slams-times-story-claiming-leaks-bet rayed-british-spies/article24986059/

    There we have an eyewiitness to Snowden's claim that he erased his copy of the documents before he left Hong Kong.

    But that aside even if the Sunday Times article WAS true, think about it. Any knowledge the Brits might have that the Russians or the Chinese had cracked Snowden's files would surely be highly classified. Yet a British government goes and blabs about to the British press, thereby alerting the Russians and/or the Chinese that the British know. So now the Brits have their own Snowden to deal with. That is, someone (in their Home Office) leaking unauthorised material to the press.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jun 2015 @ 10:46pm

    Bruce makes a good point about journalists getting hacked. I believe Glen Greenwald has stated that someone broke into his house and stole one of his laptops. Plus what happened to his partner at the UK airport.

    Just think what's happening to all the other journalists out there. Electronic security is really really hard.

    reply to this | link to this | view in chronology ]

  • icon
    Sorgfelt (profile), 18 Jun 2015 @ 3:52am

    it is not true

    Knowing how government intelligence operates, my first reaction to this is that the government story is totally false. There were no documents decrypted. They are just using this false story as an excuse to degrade support for Snowden in preparation for an extraordinary extradition.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Jun 2015 @ 8:20am

      Re: it is not true

      I only hope that Putin's version of the KGB is on their toes. With public opinion swinging even more toward Snowden and away from the government (like it's possible to get farther away!), The US government is starting to sound a little desperate to grab him.

      reply to this | link to this | view in chronology ]

  • identicon
    GEMont, 18 Jun 2015 @ 1:37pm

    When a leak is not a leak....

    One other way that these documents could end up in the hands of the Chinese and others, was missed by the article.

    And a very common and familiar method it is.

    And that method is that the USG itself "leaked" most of the documents to foreign powers in order to discredit Snowden in the public forum and to give phony "substance" to their claims that Snowden "gave" these foreign governments access to the documents.

    Once they can get most of the US pub "behind the plan", through such subterfuge, they can Barrack O-bomber Drone Snowden's sanctuary and finally kill the man who bared their crimes to the public.

    Considering the lax attitude the USG has had in past with leaking very, very sensitive documents for exactly this sort of purpose, I would suspect this to be the most likely method used.

    ---

    reply to this | link to this | view in chronology ]

    • identicon
      observer, 21 Jun 2015 @ 10:48pm

      Re: When a leak is not a leak....

      Except that Snowden's sanctuary is in Moscow. You can't drone-bomb it, and if you tried then you'd start World War III. For all the US and UK governments and their apologists/propagandists are somewhat irrational in their hatred of Snowden - what exactly would all the grotesque revenge fantasies you see in newspaper comment threads accomplish at this stage? - I doubt they're quite THAT irrational.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.