from the one-way-to-do-things dept
The latest news from The Intercept involves yet another Snowden leaked document, in which an NSA official uses what certainly looks like LiveJournal (complete with “current mood” lines at the end of posts) to informally and gleefully discuss targeting sys admins in order to get access to the networks they maintain. It’s not a secret that the NSA does this. That became clear last fall, when earlier Snowden docs revealed how GCHQ and NSA had targeted a Belgacom sysadmin to get access to important Belgacom clients, including the EU Parliament. What’s interesting here is the breezy dismissive discussion by this NSA guy — and the fact that it looks like LiveJournal really gives you this parallel universe view. The tone and arrogance on display isn’t particularly different from various private sector hackers. It’s just that this guy has access to more powerful tools and the government behind him. Take, for example, this early post in which he brags about how totally cool it is that the NSA collects way more data than it needs:
As The Intercept report notes, the guy admits that he targets sysadmins merely as a means to an end — to reach the people who use various systems. But, there’s no indication that he avoids targeting American sysadmins (he does limit his focus to those outside the US, but the NSA isn’t supposed to track even Americans outside the US). The NSA guy talks about how he basically goes fishing around to find sysadmins’ non-work emails (preferably Facebook accounts) to then make use of the NSA’s QUANTUM injection techniques. He notes that you can go after official addresses, but it’s much harder to trick sysadmins that way.
Either way, the rather cavalier attitude towards hacking into sysadmins’ accounts should raise some eyebrows.
Separately, I’m sure some folks will note that the slides appear to have a stamp on them that say “Copyright! Do not reuse this image!” Apparently that was in the original image (not added by The Intercept). The Intercept does note that this guy had been a contractor before joining the NSA. If he was a contractor when he wrote this, even thought it was written for the government, then he could claim a copyright over it. However, if he was an employee of the NSA, then as a work of the federal government, he could not. Of course, either way it doesn’t matter. If he actually did have the copyright on it, he’d have to reveal himself as the copyright holder (the Intercept keeps him anonymous) and do something about it (issue a takedown, sue, etc.). It seems unlikely he’d expose himself in that manner. Also, media publications discussing the documents also would have a fairly strong fair use defense to any such claim (and, further, it’s almost 100% certain that he did not register the copyright, meaning he’d be limited to just actual damages, of which there are unlikely to be… well… any). All that is kind of a meaningless ramble over something that won’t happen, but figured we might as well cover it since we often talk about copyright issues here too.