Bruce Schneier: Sure, Russia & China Probably Have The Snowden Docs... But Not Because Of Snowden

from the because-espionage dept

Given all the fuss over the ridiculous article this past weekend -- which has since been confirmed as government stenography rather than actual reporting -- security maven Bruce Schneier has written up an article making a key point. It's quite likely that the underlying point in the article -- that Russian and Chinese intelligence agencies have access to the documents that Snowden originally handed over to reporters -- is absolutely true. But, much more importantly, he argues, the reason likely has almost nothing to do with Snowden.

First, he notes, it's quite likely that Snowden -- as he has said -- no longer has access to the documents. But other people do. And they're not as knowledgeable about encryption and spycraft as Snowden is.

First, the journalists working with the documents. I’ve handled some of the Snowden documents myself, and even though I’m a paranoid cryptographer, I know how difficult it is to maintain perfect security. It’s been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it’s almost certainly not enough to keep out the world’s intelligence services.

There is a lot of evidence for this belief. We know from other top-secret NSA documents that as far back as 2008, the agency’s Tailored Access Operations group has extraordinary capabilities to hack into and “exfiltrate” data from specific computers, even if those computers are highly secured and not connected to the Internet.

These NSA capabilities are not unique, and it’s reasonable to assume both that other countries had similar capabilities in 2008 and that everyone has improved their attack techniques in the seven years since then.

But, the second point is an even bigger one, which is that it's highly likely that Russian and Chinese intelligence got these documents long before Snowden gave them to the press, because that's what spies do.

Which brings me to the second potential source of these documents to foreign intelligence agencies: the US and UK governments themselves. I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they’ve penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades.

Those government hacking examples above were against unclassified networks, but the nation-state techniques we’re seeing work against classified and unconnected networks as well. In general, it’s far easier to attack a network than it is to defend the same network. This isn’t a statement about willpower or budget; it’s how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game. In other words, it’s all offense and no defense.

In this kind of environment, we simply have to assume that even our classified networks have been penetrated. Remember that Snowden was able to wander through the NSA’s networks with impunity, and that the agency had so few controls in place that the only way they can guess what has been taken is to extrapolate based on what has been published. Does anyone believe that Snowden was the first to take advantage of that lax security? I don’t.

Remember, this is the same government that's now reeling from the Chinese hacking of OPM getting all the secrets of government employees, including those with security clearances. It was a hack so impressive that even Michael Hayden -- former CIA and NSA boss -- can't hide his appreciation of the work that was done. Hayden called it "honorable espionage work" by the Chinese and further notes that he "would not have thought twice" if he had the ability to get the same info from the Chinese.

These are the games that intelligence agencies play all the time. Schneier's piece has a lot more in it, but the idea that the Russians and Chinese learned anything particularly new or useful from the Snowden documents -- or that they even got them from Snowden's document dump -- seems quite dubious.

Filed Under: bruce schneier, china, encryption, espionage, michael hayden, russia, snowden documents

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 17 Jun 2015 @ 4:24pm


    You're missing something...

    NSA and CIA agents.

    Oh, and USB sticks.

    The classic method was used to infect Iran with Stuxnet, and it has been repeated with Duqu (although with Duqu 2.0 they appear to have gone for the social engineer via email method).

    All it takes is someone with 10 seconds of unobserved access to a USB port of a computer that might share passing communications with the airgapped computer in question -- an update server, for example. Since nothing malicious will be happening on that computer itself and the attack is targeted, it will likely go undetected. Then, as soon as the right circumstances present themselves... bam. Data is transferred and malicious system is set up. On the next update, the collected data goes back to the transfer medium to be sent back up to a networked machine.

    And this is fancy cloak and dagger stuff; the standard kind is to have someone walk in when they know the device is unattended, slip a hardware bug (with transmitter) into the computer in question, and leave. Such methods are detailed in the Snowden documents, and have been going on since at least 2008.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.