Slashdot Mirror
Ask Slashdot: Preventing Snowden-Style Security Breaches?
Nerval's Lobster writes "The topic of dealing with insider threats has entered the spotlight in a big way recently thanks to Edward Snowden. A former contractor who worked as an IT administrator for the National Security Agency via Booz Allen Hamilton, Snowden rocked the public with his controversial (and unauthorized) disclosure of top secret documents describing the NSA's telecommunications and Internet surveillance programs to The Guardian. Achieving a layer of solid protection from insiders is a complex issue; when it comes to protecting a business's data, organizations more often focus on threats from the outside. But when a trusted employee or contractor uses privileged access to take company data, the aftermath can be as catastrophic to the business or organization as an outside attack. An administrator can block removal of sensitive data via removable media (Snowden apparently lifted sensitive NSA data using a USB device) by disabling USB slots or controlling them via access or profile, or relying on DLP (which has its own issues). They can install software that monitors systems and does its best to detect unusual employee behavior, but many offerings in this category don't go quite far enough. They can track data as it moves through the network. But all of these security practices come with vulnerabilities. What do you think the best way is to lock down a system against malicious insiders?"
Simple. Do good, make people working for you feel they're doing something good for the world.
We won't help you cover your asses for the future. It's time to clean house.
As soon as you involve people everything has a chance to go south. You can try to spot it, test for it, etc, etc ... but you can't stop it. People can and will fuck up anything they touch. It's just a fact of life.
How about try not to do anything you would be embarrassed by if it leaked? Not ignoring the 4th Amendment is a good start.
Don't do anything your employees would want to blow a whistle on, e.g. fly-tipping, holding personal information insecurely, wholesale wiretapping of a nation, that sort of thing.
And you won't have to worry about insiders sharing your private data with the media.
That always ensures quality.
My mom says I'm cool.
Don't piss off the sys admin.
He has said himself that he didn't have any sort of security clearance. Why in the world were files of *any* importance available, unencrypted, for him to see?
What a joke, seriously.
Figure a way to convince your boss that BigData is the solution. Tell them to invest $5 million in hardware and specialists. Spend 4 years crunching data, charging $1000 per hour of your precious time. By the time they figure out you are just calculating MD5 hashes and selling the DB to malware writers you should have netted a small fortune.
Obeying your country's constitution and not operating for the sole benefit of oligarchs and barons of commerce would go a long way towards limiting whistleblowing activity.
If you want to go the opposite direction, I guess you could lock up your employees in a bunker and hold their families hostage.
Access to secret data and documents should be on a need-to-know basis, or a practical approximation of it. It's clear that he had access far beyond what he needed to know. If he can't get at the sensitive documents in the first place he can't copy them to USB or use his cellphone to take pictures of them or upload them to his Wikileaks partners.
---------
There is inferior bacteria on the interior of your posterior.
.... do you really want to?
Nice try, NSA.
Have separation between levels of security and have fewer & fewer admins working on them as you go up the chain. Use the old established and trusted guys at the top. Don't have thousands of people (particularly contractors) crawling all over the most sensitive data. Seems obvious really. Look at the amount of data *Private* Bradley Manning got his hands on. It's like NSA & Govt just leave the barn doors open and hope the fear of prosecution will prevent the bad thing from happening.
"don't be evil"
Hire people you trust. Avoid dodgy unethical / illegal activities. If you treat your employees with respect, on top of those first two, you will seal the deal.
Last week /. was calling Snowden a hero. Now he's a "malicious insider."
Staff need to be vetted before given priviledged access. Staff should have no access to any data other than they need to do there job. Staff should not be able save anything externally in a top-secret. I think the issue with Snowden was that he wasn't properly vetted first.
One other comment is that is would be nice if read-only access meant read-only and not, read and take a copy.
Explosive collars.
To prevent Snowden-style leaks you're going to have to turn into North Korea. I am sure the DPRK has a manual on this.
We understand tracking dollars way more than information. And the world's biggest breach was by an analyst who was in the business of risk management who transferred to the trading floor. (See Jerome Kerviel: http://en.wikipedia.org/wiki/J%C3%A9r%C3%B4me_Kerviel)
When in an "old field" like finance with a lot simpler commodity (euro's) the only solution seems to be ethical behaviour from individuals, there is no way we in technology can come up with a better solution.
How about not doing illegal things in the first place?
A lot of motivation for insiders to disclose the "sensitive" information would go away.
No explanation, really. The threat of having your life taken away from you is enough to keep most toeing the line.
So who needs advice doing their job?
Conceptually, it is quite simple. Implementing it, is less so. As with all security (and ACL, hint, hint, hint), the administration is the complex bit.
That always ensures quality.
With our recent innovation of no-bid contracts (well, there's one bid - from the crony that's been hand-selected by the corrupt government department), you get all the benefits of outsourced work along with the quality of a supplier with a monopoly for your project(s).
Make sure everyone's vote counts: Verified Voting
Kill chips. If you sign a contract for security clearance, you're implanted with a kill chip so that you can be remotely disabled.
It is almost impossible to foil a motivated intruder. The best option is always to maintain an operational state where you are invulnerable to intrusion and/or confiscation of property because a) you don't have anything that you can not replace and b) you don't have anything that needs to be stolen by someone else in order for them to use it.
Beyond that, you can gnash your teeth all you want about the "reality" that you percieve and the "need" for secret this-and-that, but you will be locked in a constant and losing battle to keep what is "yours" away from "them".
Flood the network with false information.
Limit job duration.
Use the buddy system.
It is ridiculous to think that you will be aware of most breaches.
In security terms, a trusted agent is one who can damage the system.
That's not an "ask Slashdot", that's internal advertising for your article.
The meat of which is advertorial for people paying you to mention them.
Fucking grow a spine.
http://rocknerd.co.uk
If you want to prevent leaks, the first step is to minimize the number (and importance) of secrets. Second it so minimize the number of people who know them (hundreds of contractors from the lowest bidders is not ideal). Third is to reduce the incentives for leaking said secrets (make leaking them be bad, not good).
If these programs were effective, they should be been public knowledge. if they were ineffective, they should have not happened (and not been funded!). The logic that programs to protect us from criminals need to be secret is bullshit. The police aren't top secret, nor are trials, jails or courts and they still can do their jobs. I don't see why special "terrorism" criminals need secret spy agencies with secret warrants and monitoring from secret courts. We have an existing non-secret publicly accepted legal system. Use it! If its broken, fix it; don't make a secret version of it.
The trouble with protecting yourself against insiders is that you are trying to protect yourself against people who need access to do whatever it is you pay them to do. Protecting yourself against external attackers is a massive matter of practical difficulty; but at least it's a coherent objective: keep people who shouldn't have access away from access. Against insiders, virtually everything you do either reduces productivity(so you disabled USB, good thing that there are never any legitimate applications for sneakernet, right?), erodes the warm-and-fuzzy primate emotions that help keep your non-sociopaths from even wanting to hurt you(As a member of the FooCorp family, keep in mind that we log absolutely everything you do because we don't trust you at all, and those logs are just sitting in the IT office should your vindictive manager ever want to hold the five minutes you spent on personal email about your sick kid against you!) or, if you are really good at screwing it up, actually end up concentrating power among certain insiders, or creating incentives among the clueless to learn more about circumvention(Do you know how to get an entire class full of high schoolers to stop shoving geeks into lockers and start begging them for help? Block facebook.)
This isn't to say that it is impossible; but it consists of making a lot of unpleasant choices about how much pain you want to inflict on the mostly innocent in order to scare and/or catch the guilty, who may or may not exist, depending on the time and circumstances.
Man can make it, man can break it, it's that simple.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
This is an age old problem. It partially requires people skills, and it requires technology. A couple ideas:
1: First thing is compartmentalize. One person shouldn't have access to all the goodies.
2: USB devices are easy to control. I can push a GPO on Windows that blocks writing to any USB flash drive, or just locks out access completely so someone can't hook up their iPod Touch, run iTunes and copy files that way. Third party programs can offer this functionality as well. Of course, there are always BIOS locks. If one doesn't care about reselling machines, snipping wires and epoxy blobs in the USB ports will finish the job.
There are other devices and ports too. Firewire, Thunderbolt, and even PCIe cards can be hazardous. Don't forget the humble old CD-ROM burner in most machines.
3: Watch data and its access. If a Windows admin suddenly is slurping down everything in the accounting directory, and it isn't a backup utility doing this, then someone should be notified.
4: I normally dislike DRM, but I have used an IRM/RMS server in house for protecting files. That way, if someone slurps off a Word document, it works fine if running on my machine, but unless they saved it to another format, it will be encrypted on their end. I've used Microsoft's RMS for about ten years now for personal items, and it does a decent job as a secondary layer, especially when coupled with some other encryption.
5: Get a solution that can make heads/tails over audit logs. Splunk is nice (though expensive.)
6: Add documents that are normally not accessed, but if they are, they immediately trigger an alert from the solution mentioned in #5. That way, if someone is doing a mass copy of files, someone knows. Most likely it is part of the job, but it is wise to have a couple tripwires.
7: Spend your time and do background checks that work. Checking for felonies, yes. Demanding usernames/passwords to Facebook for ongoing monitoring 24/7, no.
8: Finally, morale. A company that always threatens its developers with offshoring, and has low morale will have far more security issues than one that at least knows how to treat people with some modicum of respect.
Did the OP get his question rejected from the "Ask Dr. Evil anything"-morning show?
Don't conduct shady business in the first place, how friggin' hard is it? Can you look at a barbed wire-roll for more than five seconds without dreaming about extra-judiciary internment camps? Can you walk past a plank lying on an incline without imagining someone lying upside down on it while being drowned with a wet sock?
I don't care how some people think that doing sh't towards other countries is "part of the game", it's wrong and you friggin' know it! There is no excuse.
If you quote this signature there'll be 72 copies of Windows ME waiting for you in Heaven.
So is data security.
If you're worried about whistleblowers you're doing something terribly wrong - and your average tech isn't stupid enough to try and help you out with stopping that.
Thus, you'll have nothing to hide.
Otherwise, it's a moot point; to paraphrase Mr. Universe, you can't stop the signal, bitch.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
1. Access to information in a need-to-know basis only using strong enforcement via MAC. Nobody has ALL the information on a specific subject.
2. All applications are used via virtual desktops accessed from secured, fully managed devices. No access is allowed from unmanaged endpoints of any kind.
3. If some information is as sensitive as described, then physical security enforcement need to be in place (isolated terminal room for example).
4. No printing, no emailing, no networking outside the proper security perimeter.
5. Regular audits and interviews to personnel with access to specific pieces of data.
You'll have to sacrifice convenience for security in environments that require that.
What we should probably do is build data centers that take a catch all approach to data... that way, we can fear would be whistleblow... ahem... I mean, terrorists into being so careful online that they don't misbehave.
Oh wait
I now work for a company that attempts to do this. It makes me so angry every time stupid arbitrary IT road blocks stop me doing work. Made all the worse because they DON'T WORK.
I have deafeated most of the safe gaurds and now use the internet exclusively through an encrypted tunnel which completely removes all of their nice protections and creates a potential avenue for attack.
These sorts of measures stop 50% of your employees from doing work, and get the other 50% angry, causing them to ruin your security measures anyway.
Some of us don't see Snowden as a malicious insider, some of us don't see people like him as something to be guarded against.
Indeed, some of us see people who expose criminal behaviour as people to be celebrated, to fight for, and to protect.
Ok, the well-connected people don't see it that way (being guided by their pocket). And let's face it, the law is on their side (well, according to their interpretation anyway.).
I wonder what they're going to do, in their gated communities, when the tech who needs to tweak the settings on their artificial hearts decides not to turn up?
All your ghosts are just false positives.
While all the "don't be evil" responses are cathartic and fun, the real issue here is that you can't simultaneously give someone access to data and prevent them from having access to the data. You can make it more difficult to access the data but the price is that it is more difficult to access the data. You can't read minds so intent is not something you can reliably build into the system.
When information is power, privacy is freedom.
Don't have morally repugnant and illegal secrets.
Stop recording!
At some point, recording becomes a bigger liability than not recording.
Surveillance is also very exploitable and therefore inherently dangerous.
It might be used for good today, but who knows what it will be used for tomorrow and by whom?
Every time it is misused the "terrorists" wins a small victory.
Not really an answer to the question, but good security design should focus on identifying all of the relevant threats (aka a "threat model") and mitigating all of them to the degree that makes sense -- and any good threat model will inevitably identify insider threats as the highest risks most at need of mitigation, because, by definition, insiders have greater opportunities to conduct attacks, and they have roughly the same motives as external attackers.
If you find that your organization doesn't spend 95+% of its security time, money and effort on foiling insider attacks, it's almost certainly not doing a good job. If it is adequately hardened against insiders it'll be darned near impossible for outsiders.
My impression of the NSA has always been one of an extremely high degree of competence, so the Snowden leaks surprised me. You can't stop insiders from gaining access to the data they need to do their jobs, of course (though you can often segment job responsibilities to minimize it), but you can and should make it a lot harder for them to get access to other sensitive data, and Snowden was apparently able to get a lot of stuff that wasn't relevant to his responsibilities.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Don't get cut.
Stop doing things that seem illegal or immoral to your employees. Stop lying. Stop cheating. Stop cowering behind secret courts.
As people say about the data collected by the NSA: if you haven't done anything wrong then you have nothing to hide. The NSA was hiding this program because they knew it was wrong.
Article X: The powers not delegated... by the Constitution...are reserved...to the people
don't mention the name "Snowden"in the title. Instead, he should have passed himself as a south-american business agency fearing CIA moles. In the best case, he will get a very efficient document streaming service.
I'm curious, has anyone in government intel circles ever heard of compartmentalization before? I'm pretty sure based on the TS/SCI clearances they issue to those working with (what should have been) compartmentalized data would know of this rather obvious concept.
Bottom line is they know the importance of data compartmentalization. This has been a standard practice for decades now, even keeping those at the highest levels in the dark with the additional "need to know" addendum.
I can't help it if utter stupidity and ignorance stepped in, and chose to simply dismiss good protocol and practice to subscribe to sensationalist ideals such as "anti-terrorist interoperability" across all intelligence organizations via shared databases and intel streams. You want access to all of the data at a moments notice? Then you should know damn well what the ultimate cost of that is. Don't bitch about a lack of eggs when someone steals the whole damn basket.
No matter how deep a background check goes, no matter how thorough the inquiry is into a person's character, no matter how many interviews are made of friends and family, and no matter how many polygraph tests are performed, if a person is given a position that requires some trust there is always going to be a chance that this person is going to abuse the trust. Psychopaths and sociopaths the the scariest of these people because they have no problem with lying, are good at it because they are usually good at being manipulative, are often very well liked by family and friends, and can lie without end like a baby-kissing politician running for re-election and still pass a polygraph test.
Perhaps the problem is in the kind of people being sought for these jobs that require great trust. While a person needs to be squeaky clean to get security clearance, perhaps the squeaky clean requirement is causing the government to choose some from the wrong pool of candidates. My experience has been that you will have a better chance of finding an honest man (or woman) by looking at those who have messed up in his or her life, is genuinely repentent, and has demonstrated through years of clean and honest living that he or she is worthy of such great trust. The gratitude that comes from being given this second chance is an incredible motivator in steering a straight and narrow course through life.
It's really quite a simple choice: Life, Death, or Los Angeles.
AC for obvious reasons....
I work directly with the CISO for a big corporation and have inherited a DLP System that I now 'own'. We've seen some very crazy incidents and it's already shown it's value a few times. I know of 1 termination and multiple HR disciplinary incidents stemming from our system. Yet the signal to noise ratio is abhorrent and this is with almost 2 years of testing and tuning policies. Besides, you can never stop the bad guy taking screenshots (with a real camera!) or using steganography, or just making hard copies of the PCI/PII/etc we're trying to protect. No DLP (or any other solution) is going to give you both 100% coverage and 100% visibility. Hell, find a savant with great Eidetic memory and they could just read everything and walk out with it in their head.
Only a "portent of things to come" since you pull shit @ your "masters"' (Jew-Nited States of AMERIKA) request that are ABOVE YOUR CHARTERS' STATION (which is not continental U.S. citizenry), and thus YOU are breaking the laws here if anyone has. You're going to see a LOT MORE OF THOSE GUYS in my subject-line because of the reprehensible shit you have pulled, and will continue to be exposed in: Mark my words boys - You guys really F'd up! Being caught worst of all. Incompetence right there, but the point is, you got caught outright LYING to the congress/house/senate too. Is anyone is jail for it yet? Hell NO! There ought to be, and it's not Mr. Snowden in that case either. Funny part is, you all have "dirt" on one another. Rats, always do. This is why nobody's being taken down in your 'company', and you know it, we know it. I know it. I know your kind. Weaselish SCUM! I can see that now "If Nino Brown's goin' down, y'all are going down". Rats in a burning house, or rather rats trapped in a ship, no food left. Rats being eating one another. The entire house of cards goes down then, all the way to the top (way past you NSA guys), and you know that too. "Deny, deny, deny!!!" isn't helping now guys. You fail. The more you keep "reacting" as you do going after the guy who showed us you're fucking SPYING ON US, YOUR OWN PEOPLE, the more you give the game away. Go FUCK yourselves. You sold your souls to the "controllers" who run the Eisenhower Military Industrial Complex a long time ago, and we all know it.
Its as simple as halting creepy anti-social, anti-democratic, and anti-freedom police state activities, lying about them, and justifying it with how much you hate/think lowly of the general population, and how you'll easily get away with it.
Then mabey the people who work for you won't question your blatant lack of morals.
and having data in a vault with armed guards on the out side 24/7.
Assassinate Snowden.
(Probably not the answer anyone wants to face, but ask your inner Machiavellian.)
Futurist Traditionalism
One quickly learns that security breaches are NOT preventable unless you destroy what you are trying to secure. You simply cannot prevent all breaches from happening. You CAN put processes and procedures in place that will DETECT most breaches, albeit AFTER the fact.
So the point of system security is more about auditing and detection than prevention. Yes, you lock down a system the best you can and protect it from unauthorized users, but what you REALLY want is to identify the users, log their actions and keep the logs where they cannot be seen or changed by the users you are keeping track of. That way you can detect a breach, usually. You will also be able to figure out who was responsible for the breach, usually.
Apart from securing systems and auditing them, about all you can do is know as much as you can about the folks who have access, and be REALLY SURE about your administration staff who are performing the audits. Then you have regular surveillance audits of your process to make sure it's being followed and actually detects what you think it does. That's about the best you can do, but this will only tell you AFTER the fact that a breach took place.
>> What do you think the best way is to lock down a system against malicious insiders?
Answer: Avoid being a government that disobeys it's own laws. There will always be those that can't stand two faced, hypocrites and will out them.
Here's a thought. Have no secrets. God gave us one planet to take care of, and billions of brothers and sisters. Treat everyone as equals, instead of kings and slaves. They can't take their money or perceived power with them. How sad life must be, having to keep track of so much paper and secrets.
Because of acts such as this and generally stupidity by other people in the field, admins more and more have to deal with cumbersome and oppressive policies on the systems they maintain. Now all the remaining employees at this and other agencies will have to deal with additional hurdles that will make their jobs harder and less appealing.
I was an admin for about 7 years and experienced some of this first hand. It basically ruined the job.
There's no sure way to protect the data, but this comes close:
1. Unplug the server/storage array/whatever
2. Put it in a safe. Lock the safe, lose the combo.
3. Dig a large hole.
4. Insert safe into hole.
5. Fill hole with concrete.
Of course, even this plan has its flaws: What if the safe is discovered? Your only hope is that it's discovered by a Redditor; it will never be opened then.
Do everything you do as if it's already public. You know, able to stand broad daylight and public scrutiny. Especially for governments, that sort of thing is vital. It really that simple. Be answerable for everything you do. Be accountable.
It's quite ironic how the people are forced to give up privacy and liberty again and again, whereas the governments doing that forcing habitually skirt oversight and subvert justice. That is a fundamentally broken system.
Double dose irony: Most western governments partaking do so under the inspired leadership of the one country that's supposedly explicitly entirely made out of "for the people". Hmm.
And the man winning the top dog position on the "yes we can"-ticket has so far, two terms worth, entirely failed to do anything about the rampant rights abuses so accellerated under the previous top monkey. It's like, that entire country is trying to understand irony, by drowning its people in it.
Anyway. Bottom line: Be accountable. Did I mention you need to be accountable? Then here: Be accountable.
that'll learn anyone else trying to do the right thing
If you're worried about USB or any other device access you've already lost. Anyone who can SEE the screen can snap a pic of the screen. Or a few hundred screen pics. And even if you strip everyone naked as they enter the building, and you scan them for hidden devices hidden inside body orifices, the fundamental issue is that information can be carried out in someone's memory, and that person is capable of talking.
Compartmentalizing who can access what may limit the range of what any particular insider can release, and reduce the number of insiders able to release any particular thing, but fundamentally people need to see the information to do their job.
Threat of prosecution can keep people's moths shut to some extent, but if you're engaging in illegal or immoral activity then sooner or later some insider is likely to decide to "do the right thing" even if it means huge self sacrifice.
As others have indicated, maintain goodwill and loyalty. At a minimum maintain some level of respectability for organization, and some level of respect for your employees. That is the *only* thing that can protect you against the threat of a self-sacrificing insider trying to "do the right thing".
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
The NSA is now seeking advice from slashdot?
You cannot simultaneously keep people at arm's length, AND trust them with secrets.
This has not ever worked in the history of mankind, and it never will work.
You can't be all like "well you can't be a real government employee, but here's a bunch of government secrets".
I guaran-fucking-tee you that if the NSA had been like "Ok, you are now Agent Snowden, here's all the benefits and responsibilities that come with that, you're now in the club", we wouldn't be having this conversation.
Snowden saw some unethical shit and couldn't live with it, sure. But in the end, he didn't fee like he *owned* that unethical shit. He was just an outsider with ... I'm guessing ... shitty health insurance, no viable plan for retirement and a salary that just barely allowed him to live within driving distance of his place of employment ... and by "driving distance" I'm talking that twice a day two hour slog through the Northern Virginia rat's nest (because if you live there, you're doing that unless you're a Huxtable).
A more appropriate question is what should you do when you have information that the organization is engaged in illegal activity, especially when that organization is the government ..
AccountKiller
It's not possible. It is naive to think its possible. 99% of the people are cool, its the other 1% you have to watch out for. You cannot prevent somebody from yelling fire in a theater, but you can make life difficult for them. This is not a technology problem, its a people problem and there is no easy answer.
Greed is the root of all evil.
Basically, the GDR (former Eastern Germany) had similar problems with their border guards: guards would usually patrol the border in pairs (two guards at any given time). And this is obviously a necessary thing in border patrol.
But since the government couldn't trust their guards and since there indeed was a possibility that the guards would just jump across the border to Western Germany, they had a brilliant plan: (1) they made sure that each of the guards came from a completely different area of the country, and (2) that they didn't spend too much time with together in order to build trust between them. So, for the case (2), the government decided to create new pairs every week or so... it worked quite successfully.
Now, the question, obviously, is whether you *want* to be something like the former Eastern German Government.
I believe there are a lot of ways of protecting data against malicious employees - one being the way the Eastern German Government did (this might be a good solution actually for the NSA). Other ways are making sure that the employees in question can never copy any data by any means, whether it is by blocking USB-ports, not having any drives, not allowing *any* personal devices at all, including no cameras, smartphones, etc. You might even force the people to use a company-provided mobile phone even for their private calls (without snooping into their calls) without cameras, data connection, etc (just calls+sms).
Lastly, you could consider using a TrustedOS with levels such as B1-B3 or even A1 or Beyond-A1. http://en.wikipedia.org/wiki/TCSEC
I knew TISX http://en.wikipedia.org/wiki/Trusted_Information_Systems, which had (afaik) the only B2-TOS at that time. It was quite ingenious how it worked...
I think what bugs me the most about these most recent leaks is that the ONLY people surprised by it are the members of the public. The various governments know that they're being watched...mainly because they're doing watching on their own (that they're not supposed to do), that they talk about (which is monitored by other nations), rinse, repeat. Of course, it behooves all of the various countries involved to deny it...they don't want to look like douchbags, after all. But then again, how many of them look "squeaky clean" after the last round of releases that established that they were spying too. Everyone knows they do it, everyone has known that they've been doing it...so why in the fuck is anyone pretending to be surprised?
On topic, I have two answers for you depending on how your question was intended.
A1: You don't. You will never stop "leaks" of any sort, because you will inevitably be fooled into trusting the wrong person at some point. Leaks will always happen, even if there's been no wrongdoing (leaks can take the form of corporate secrets, for example).
A2: If you mean how do we stop leaks like this, as in, leaks about Governments infringing on public rights and acting like utter jagoffs the solution is far far simpler: Stop being jagoffs, stop breaking the law. Hell, that's the answer that WE get, isn't it? "You don't have anything to worry about if you're not breaking the law"...well, if they don't want people to blab about the Gubmint breaking the law, the Gubmint should stop breaking the law and they won't have anything to worry about. Right?
If you hire smart people they will always be able to get the data they want. A surveillance state does more harm than good.
by Eradicating Cognitive Diversity. Similar point by me: http://www.phibetaiota.net/2011/09/paul-fernhout-how-security-clearance-process-harms-national-security-by-eradicating-cognitive-diversity/ ...
"This essay discusses how the USA's security clearance process (mainly related to ensuring secrecy) may have a counter-productive negative effect on the USA's national security by reducing "cognitive diversity" among security professionals.
From Perro's first-person account, it is clear that there are three essential personal attributes required to get a US security clearance in most cases, all of which revolve around the the need to minimize the risk a national security professional will give up a "secret":
* Practically no social contact with foreign nationals (outside of structured work-related interactions);
* A very stable psychological and economic profile; and
* A willingness to accept an invasion of that person's personal privacy in the name of national security (along with giving up a bit of the privacy of friends and family).
In the context of what Scott Page wrote about in The Difference, what are the "cognitive diversity" implications of such a selective filtering process as they relate to various forms of integrity or understanding?
It would seem likely that that such a person might have little curiosity about other cultures than the USA's, as well as little direct hands-on knowledge about them. A "foreigner" would generally be an abstraction, not a drinking buddy or domestic partner.
This ideal candidate would likely have never had a serious existential emotional crisis, never had a serious financial crisis, probably had a happy childhood growing up in a stable economic situation, and probably had loving caring involved parents themselves successful in US society. So this person would have little deep understanding of people raised otherwise and how that might effect motivations and a sense of commitment (whether to good ends or bad ends).
Cognitive dissonance is a human tendency to make beliefs align. Because of cognitive dissonance, a person who has accepted a privacy invasion for himself or herself (along with some costs for family and friends) would also probably be less likely to be concerned about domestic privacy invasions in general -- whatever their stated policy beliefs.
Now, there are always exceptions here and there, and no one is "perfect". And, to be very clear, getting a security clearance does not mean someone is a bad person. Quite the opposite -- such a person might be the best of neighbors, have a good sense of humor, be easy to manage, be a supporting pillar of a church or non-profit, be a good friend, be a great parent, and so on. They might be very intelligent and have a lot of interesting and useful suggestions to make from one point of view. It is a good thing to have a lot of people like that in government service related to national security. The issue comes down to whether it is a good thing to have *only* people like that thinking about national security? People with national security credentials are also often naturally turned to for their opinions on the local security and global security questions, so this filtering process effects many aspects of security in our world.
But what are the deep implications of staffing the USA's national security organizations with *only* 99% good well-meaning reliable mainstream people (and perhaps 1% fakers) through this filtering process driven mainly by a supposed need for "secrecy"? ...
Ironically, the USA is the world's greatest "melting pot" or really "stew pot" of cultures, yet it may have some poor national security decision making if it is afraid of the implications of that integration. That fear is primarily because any personal link to a foreign national or any deep connection to
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
As the founder of modern information theory Claude Shannon so eloquently stated: the enemy knows the system (Kerckhoffs's principle). To the question being asked: it is problematic when the information assets are published, like the wikileaks exposure of diplomatic cables. In this instance, however, it is the system being exposed, and not particular information assets (at least to my limited knowledge). Thus, as an organization I think the worry is not about the system you use, but instead about your information assets. There is no simple answer to protecting information assets from insiders short of saying: defense in depth. :)
"According to the report, which scrutinized the approval of security clearances, more than 483,000 government contractors had "top secret" clearance as of last October. On top of that, another 582,000 have "confidential" or "secret" clearance."
That is... WELL OVER ONE MILLION PEOPLE with access to sensitive information. More or less 1 in every 300 citizens of 'murica.
If you don't see a potential data breach here, I really don't know what you're looking for.
Snowden made the information public, but who knows how many others sent information to foreign agencies? With one million people with access I bet data breaches happen quite more often than this one case.
Privacy is terrorism.
If you don't want to be publicly embarrassed and humiliated and lose any credibility you have by being exposed as someone who lies, cheats, steals, and violates your Citizens' rights, then don't lie, cheat, steal, and violate your Citizens' rights.
Two months ago Snowden was living in Hawai'i with an attractive girlfriend and a decent salary. How is that more dysfunctional than living in a Russian airport on the run from the US government?
We hope your rules and wisdom choke you / Now we are one in everlasting peace
If the NSA is doing nothing wrong then it has nothing to fear from whistleblowers, whether insiders or not. The public is merely collecting information on the NSA for the good of society.
OH YEAH, it felt good saying that! For once the shoe is on the other foot, and I just stuck it to The Man!
Of course it's a crap argument. It's also a crap argument that the NSA and their ilk can collect any data about any person, keep it forever, use it secretly for any purpose and the citizens have nothing to fear as long as "they don't do anything wrong".
Not doing something subversive and heinously evil in the first place goes a long way toward people not taking it upon themselves to be an unsung American hero.
https://www.youtube.com/c/BrendaEM
Nobody has unsupervised access. No private offices. Survalliance cameras over the desk. Multiple Adminstrators per work area. Use of biometrics to authenticate; based on qorums, 3 of 13 administrators present if better than 1.
Remote controlled explosives implanted in the necks of them and their children and spouses. problem solved. leak and we detonate.
Stop doing sleazy stuff. Be open about what you do. That should take care of people like Snowdon, disclosing information because of integrity reason. Do decent background checks, stop outsourcing anything and everything. That should take care of a lot of the rest. And the rest, well, you just have to live with it. There is no such thing as 100% security. Any system with a fair amount of complexity will have bugs and loopholes.
No explanation, really. The threat of having your life taken away from you is enough to keep most toeing the line.
There still are a few, very few for whom integrity and doing the right thing is more valuable than their own life. What do you think the English King would have done to Paul Revere if the king's minions had caught him? What about some of the other early Americans that participated in the revolution? There are still a few people on this earth who will subscribe to the notion of "Give me liberty or give me death". To me it looks like Edward Snowden is one of these people.
A sufficiently advanced simulation is indistinguishable from reality.
First, "Snowden Style", deriving from Snowden's actions, is not security breaching. It is whistle-blowing. The difference is that data is not stolen and fenced in whistle-blowing, instead, information regarding unethical, and where law is not corrupted, illegal, activities are revealed. There is a world of difference. Exposing corrupt practices, with intent to bring the corruption to an end, is an ethical responsibility. It is so even if the corupt are the highest leaders, or authoriies, in a land, and it is so even if the corrupt, their co-conspirators and their minions and sycophants scream to shake the heavens in "moral" outrage.
Second, morally offended insiders leaking information about the secret improper and illegal activities and corrupt operations they may be privy to, or become privy to, has been going on from time immemorial. It is not tech-dependent, it is not an internet-era phenomenon. Whether the method is whispering behind the stables, writing on a rock and heaving it over a wall, tapping code on pipes, or through a home-made radio-transmitter, or dotting-and-dashing with a laser-pointer, or salting into "easter-eggs" at basic code level in computer-programs, micro-filming and mailing, super-scripting over covering digital transmissions, bouncing signal-beams off 'borrowed' satellites, or hiding typescripts in pumpkins, it has always been done, and will always be done.
The only way to minimize whistle-blowing i s to run an ethical shop in an ethical manner, honoring, yourself, the universally common principles of fair-dealing. If you engage in unethical conduct and are exposed, you can accuse your exposers if you want to, as self-righteously as you wan to, but your doing so will not change what you are, what you have done, or your own position as a perpetrator. The United Sates, Britain and Israel, the powers at bottom responsible for the spying-system and spying that Snowden exposed, cannot wash themselves blameless by demanding Snowden be seen as to blame. No more than Hitler could blame 'Jews' for his Geheimnispolis and their actions and tactics.
The biggest concern for an employer is loss of trade secrets such as costs, margins, competitive pricing, etc. Usually this sort of info needs to be in the employees hands for them do do their jobs
Blocking employees from taking that sort of data is pretty much impossible and a fools errand as you are more likely to take away their ability to do their jobs.
You must make it a well known policy that you put the full force of the law behind protection of company secrets, and violation of those policies can result in not just termination, but further legal action, and even criminal charges if appropriate.
(If at first you don't succeed, do it different next time!)
Snowden and the other intelligence contractors are simply mercenaries. Their job, is first and for-most to get paid. You buy their loyalty with money. Anybody who offers a greater reward, can shift their loyalty.
Showden ultimately, found a higher bid for his loyalty than his Booz/Allen/Hamilton paycheck.
This is not rocket science. This is simply Management 101. One of the most shocking revelations has been that the NSA is so incompetent in managing the basics of loyalty. I am afraid that we will eventually find that the only thing that is unique to Snowden is that he acted publicly.
It is very likely that the 'secrets' of the NSA have been cheaply purchased by every other government and large corporation.
If you want trustworthy employees, act as a trustworthy organization.
a) You're in the wrong job.
b) We won't help you.
c) Make sure everything your company or government office is doing is legal, ethical, and morally unquestionable.
d) All of the above.
Oh, the correct answer is "d".
This sig intentionally left blank.
(Posting anonymously because I do not want random slashdotter's taking it upon themselves to start reconing the network)
We use Citrix and GPOs. The company I work for deals with complex disputes and investigations (read: major lawsuits involving the SEC, DOJ, Fortune 50 corporations, etc)
There are multiple layers of security, but in a nutshell we limit users to specific accounts that are logon restricted to specific machines. Those machines have all of their USB ports, DVD drives, etc disabled. The accounts and machines cannot access the internet, or file shares, or any other location that might be used to copy client data. Each client is segregated from every other client. It is a massive, administrative headache and requires a lot of specialized scripting to monitor the ACLs and make sure that permissions are not being modified.
The machines that the users log onto are basically dumb terminals for Citrix. They launch the Citrix session and do all of their work in the Citrix farm. Access is controlled to the Citrix farm via VLANs and firewall ACLs. Data is kept in CIFS shares (We are a Windows shop) and access to the CIFS shares is default deny with white lists to specific hosts. ACLs are audited quarterly and we have a whole process to wind down engagement and revoke user rights.
When we do need to get data in and out of the environment, we have custom daemons (specially written PowerShell "constrained endpoints" http://blogs.technet.com/b/heyscriptingguy/archive/2012/07/27/an-introduction-to-powershell-remoting-part-five-constrained-powershell-endpoints.aspx) that basically function as batch processors to move files back and forth between known locations. The endpoint accounts run in non-interactive mode.
It is a major PITA to stay on top of. Some of our clients are the largest financial institutions in the world, and they audit us on a yearly basis due to the sensitivity of the data that we have access to and the regulations that they are subjected to.
The users are constantly trying to circumvent the controls to make their lives easier. I have to play bad cop more frequently than I want to. We have fired people for repeatedly attempting to "make their lives easier". Our clients do not pay us so that our lives can be easy. Our clients pay us to keep their data safe and assist them with high risk, data driven events.
Here are a few ideas:
1. Video cameras with 100% coverage of any room with computers with sensitive data. Live monitoring of said cameras.
2. Securely locked computer cases. Since I haven't seen any computer cases that allow for truly secure padlocks this may require making your own computer cases out of say 1/4" steel and with thick case hardened hasps designed with large padlocks in mind.
Or alternatively you could design a case by permanently welding the case closed. If something goes wrong inside you simply melt the whole thing down. A custom designed case will also allow you to bury any of the absolutely necessary external connections like for a keyboard and mouse inside the locked or welded case. Any data would need to be backed up through the internet or other network connection, which again is buried inside the secure case.
3. Checkpoints with metal detectors set to their highest sensitivity for all personnel entering or leaving, but this will only work if it is sensitive enough to detect a single microSD card. Strip searches and cavity searches for all departing personnel with access to sensitive data.
4. You could lock your employees into a secure facility and never allow them to leave. If they try to quit you kill them and melt their body in a large dedicated acid bath.
Of course this would have to be combined with severing all contact with the outside world. Internet connections or any kind of telephone would be forbidden. Also make certain that no computer has wifi capability and/or make the rooms with the computers with sensitive data into Faraday cages to prevent any wireless data transfer.
5. A water lock. In order to exit your facility your employees must swim through a tube filled with water. The problem with this is that a microSD card could be protected by wrapping it in plastic or something. You could also use salt water and run a nonlethal current through it.
6. Do not allow employees anywhere to put a data storage device. Do not allow any clothes or bags of any kind inside. They would store all of their belongings including their clothes in a locker before they entered the facility proper. Combined with cavity searches this could be quite effective even without any of the other measures. To help with employee retention make sure that the searchers are very, very attractive and that sexual preferences are observed at all times.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
A friend of mine works as an archivist at the NY Public Library. She has academics asking to look at old books, scripts, and Broadway show costumes every day. None of the items ever leave the library. When items are checked out, she takes the items and the person asking for them to a monitored room. At the end of the day, the items are checked back in.
You can't wipe someone's memory, but you can force them to leave everything (flash drives, notebooks, scraps of paper) in the isolated room where they are working.
The military uses Two Person Integrity (TPI) for the transport of physical assets. Because there is a secure internet running behind the scenes that contains all this classified material, require two individuals to authenticate access to a specific document or subject matter.
Why would we want to prevent them? Let me break this down:
Leak how to build a supervirus attached to a high-radiation nuke - prevent
Leak illegal spying that violates a country's founding principles and laws - encourage
That's idealistic and foolish. You're focusing on the NSA and Snowden. What you should be focusing on is any company, country, or organization which has an enemy or competitor, and any employee who is in they pay of said competition. Industrial espionage, international intelligence, market manipulation, smear campaigns, retaliation for a fully justified firing, whatever.
The vast majority of data exfiltration is not for any noble purpose of whistleblowing. Most of the time, the person in question isn't even particularly disaffected, just greedy, in a tight spot financially, has always had other loyalties, or is acting under duress (blackmail, threats, whatever). There's no amount of "feel like they're doing something good for the world" that will make up for those!
The question was asked very poorly, though. Snowden is exciting right now because of the nature of what he did and the large amount of media attention, but the question had nothing to do with whistleblowing; it's all about information control in general.
There's no place I could be, since I've found Serenity...
This question seems to want to avoid the ethics of the situation entirely. Would I want to be a security admin that prevented, knowing or unknowing, what has been widely considered a heroic act which revealed the scale and depth of intrusion and recording of guiltless individuals' activities? Even removing the massive scale of this issue and Snowden himself... Would I want to build a security system to protect a person or corporation which hides any number of illegal activities a company can do? The concept itself shows a lack of ethical fortitude. The question should be "Do you now feel compelled to create backdoors and loopholes in your work by which the truth can be discovered and revealed to the public about how your employer breaks the law and hurts people?" Besides. the fact that the NSA, a branch of the US spying agencies, in 2013 doesnt understand about information protection what my local community college understood in 1996 (disabling USB access) is both ridiculous and hilarious.
If you suggest that he will be target of a drone strike no matter where he is, you are very wrong about who is the indecent there. Anyway, we already know how indecent is the US government regarding drones, so you missed one big motivation in your list.
When it comes to motivating their executive officers, the solution given to get these people on board is something called "money" which is given to the executives to make them less likely to fuck over the company.
Maybe they could try that idea?
Also, if you've done nothing wrong, then you haven't got anything to hide, have you?
(emphasis mine)
That is completely irrelevant!
The question is about information exfiltration, not about information publication. Industrial espionage, international intelligence, market speculation, all manner of (other) criminal operations can provide reasons to extract data from an organization. Whistleblowing is such a miniscule part of the pie that it's not even worth worrying about. It's a poorly-written question, but getting modded to +5 for not even answering it is lamer still.
There's no place I could be, since I've found Serenity...
Considering that you have between 500.000 and 5 millons "Snowden-style" external people with probably full access to all your organization data (that will do anything they want because they surely respect you), everyone have a far bigger problem than internal employees.
And retiring trust in them would not make them more loyal. Maybe the US can push the strategy of creating enemies to grab power because they will exist after that, but for me is an approach unsustainable in the long term and with very high cost. The right measures are not technical, is not that you will be fast enough to dodge bullets, but that you wouldn't have to.
Simple solution: everyone passes through a scanner on the way out. If they're carrying any form of flash drive (including smart phones or music players), hard drives, flash memory sticks, any form of CD/DVD media, tapes, floppy disks, or punch cards, then upon exit they are immediately electrocuted via metal plates in the floor. Problem solved.
Is there a way that a series of QR codes can be quickly displayed on the screen that a smart phone can read and decode into a data file of some type?
I would quote Eric Schmidt: "If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place"
I understand Edward Snowden was hired as a sysadmin. In my opinion it is worthless trying to set up technical measures against someone whose job is to maintain your systems. The good defenses are paying people enough so that they are not tempted by a financial gain (and if you are betrayed, you can still sue and recover your loss), and not do illegal or immoral things (here is where Eric Schmidt's citation is relevant).
Don't do the crime if you can't do the time.
The type of breach Snowden performed was right and proper.
Why would you want to prevent such a breach?
??
Besides he didn't turn over weapon systems designs, like our government is doing on a daily basis to China.
Now THAT is treason.
-Hack
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
I am appalled this article portrays Edward Snowden as a threat to be dealt with.
Bradly Manning and think anything less would happen to you just because your not in the military.
1. go along with their version
2. redefine some terms
3. word sentences with embedded bias
3/3, Nice work Nerval!
Prevent it? Hell, I'm wondering whether or not "malicious insiders" are the last thing standing in the way of totalitarian fascism..
Married employees with kids and a mortgage don't have as much leeway to indulge their conscience.
Sad, but true.
Snowdon had system administrator access on a primarily Microsoft Windows/Office environment.
Thats handing Ferris Bueller the keys to the Ferrari, and asking him to drink & drive responsibly.
ie, given their technology environment, "soft" controls such as hiring practices, ethical behaviour & consensus, transparency (at least within the circle of trust), leadership , teamwork, peer review, trust, whistleblower programs and complaint resolution mechanisms outside the chain of command.
All of these thing can mitigate the chance of it happening, but they can not completely mitigate a the actions of an intelligent, trusted individual who has become disillusioned with the organisation they are working for, or is blackmailed, or has their family held at gunpoint, or is made a substantial cash offer with a bonus first class plane ticket to a non-extradition country.
If you separate information assurance from systems administration functions, and you compartmentalise everything cryptographically, have someone other than the system administrator manage the keys, then you at least need a 2 person conspiracy to achieve this, but THAT is still possible, and you've just doubled you personel costs for sysadmin.
DLP products (at least the way most are implemented), blocking USB ports, and other such mechanisms are largely snake oil that lines the pockets of the vendors and contractors, but inconveniences the users tremendously, kills productivity and efficiency, but does very little to stop a determined , intelligent , individual with systems administrator access from doing whatever they are motivated to do with your data.
Theoretical threat of death is not necessarily a deterrent (as both Manning and Snowdon had the potential to be charged with treason, which carries the death penalty). You can argue that Manning may not have entirely thought it through, but Snowdon clearly thought at least a couple of steps ahead and was well aware the glow behind him was burning bridges and not a new dawn.
I've given this a lot of thought, and compiled a solid rant on the subject.
My thesis about privacy in 2013 - 2020:
Lets start with some facts:
1. The Spy agencies in NZ, UK, USA, Australia and Canada spy on everyone, even their own citizens. 2. The UK copies literally everything that traverses the Internet and keeps it for 3 days for analysis (EVERYTHING!) 3. The USA shares this information (including commercial secrets) with its private enterprises to help them win international business. 4. So many people work for these agencies that from time to time this information is made public. 5. Nobody really cares. 6. The chances of any of these organisations giving up such a valuable source of power are about the same as global nuclear disarmament 7. It’s only a matter of time until the local police have access to all this information. 8 . In 2001, as sysadmin of BSSC I could read the email of every teacher and every student at that school, without leaving a trace of evidence, nor with any fear of punishment for wrongdoing.
So, I assert: You have no privacy online. You never really did. It was only by unspoken rule of sysadmins that we let you have the illusion of privacy. Ed Snowden betrayed sysadmins.
Strangely, Google poise to release the most important advancement toward our goal of total access to information - a video camera strapped to every second person’s head (Google Glass), and people are up in arms (9) and so are the governments best poised to take advantage! (10).
I think we’ve got it all wrong. Let’s stop bitching about this rampant surveillance and embrace it.
Let’s get our spy agencies to make everything they’ve got available to everyone! Let’s mandate that every Google glass camera must be on all the time, every phone must have its microphone on all the time, every GPS recording its location and all this content uploading to the cloud!
Information WANTS to be free! EVERYONE should have access to EVERYTHING!
Then it will hardly be accessed, because if Facebook status updates have proven anything it’s that it’s no fun spying on all your friends if all they do all day is play Farmville.
Finally, these civil libertarians realise that nobody really cares about them, or their “right to privacy”, and we will be able to make the most out of google glass (11).
Sources:
1. http://www.spiegel.de/international/world/interview-with-whistleblower-edward-snowden-on-global-spying-a-910006.html
2. http://mashable.com/2013/06/21/gchq-spy-agency-taps-global-internet/
3. http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html
4. Bradley Manning, Edward Snowden
5. http://www.news.com.au/
6. http://io9.com/5969204/could-nuclear-disarmament-actually-increase-our-chance-of-an-apocalypse
7. “if the information is there, it’s already collected, why not use it to prosecute the crime? Why are you protecting the guilty? If you’re innocent you will want us to use this information to exonerate you.”
8. I read your email. Get over it.
9. http://www.policymic.com/articles/29585/3-new-ways-google-glass-invades-your-privacy
10. http://news.cnet.com/8301-1023_3-57591975-93/google-glass-privacy-concerns-persist-in-congress/
11.
You can either be able to abuse your own systems for your own ends and have to deal with the possibility of being caught out, or you can create your systems such that abuses are impossible. Those are your choices. If the NSA/US Government had chosen secure systems, that would also mean abuse-free systems, fully adjudicated over by Article III courts. They chose abusable systems, and the result is seen.
Abusable, Secure, pick one.
Snowden is not about the data breach. Snowden is about a databreach that is ethically 'debatable. Because of that, asylum is given to him so he is able to get away with that. If it were just a big file with personal data about bank accounts you would just be a criminal.
access levels on documents are already the norm. USE THEM.
Compartmenting documents is also the norm. SEGREGATE DOCUMENTS.
Deny access to individuals who do not have the requisite access level or department clearances to view the document.
ONE SHOT DEAL: You get caught accessing a single compartmented document that is not ESSENTIAL to doing your job, YOU GO TO JAIL. END OF.
HOWEVER:
That is contingent on the agency with the overall responsibility of the documents in question being totally above reproach. Yeah, right, show me one and I'll show you a LIAR. There's ALWAYS room for mitigation, IMO.
Operation Guillotine is in effect.
Our organization has a DLP solution in place and I logged into a website I manage from work and updated the plugins on the site and modified some of the code on the site to correct a problem we were having (duly noted that this was dumb). Because the site was miscategorized as a "government" site by Bluecoat, the DLP solution dinged me as hacking a government computer. My PC was confiscated for nearly three months while they poked and prodded it. The best they could come up with was that my Ghostery plugin in Firefox looked like some method to try and circumvent their auditing methods. ... Needless to say, I was unimpressed.
We need to think harder about how to encourage such leaks, not about how to prevent them. That's why WikiLeaks is doing an important job.
Ripley: I say we take off and nuke the entire site from orbit. It's the only way to be sure.
http://nukeitfromorbit.com/
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Anyone wanna bet how many professional (i.e. government) spies have infiltrated that mess called NSA?
Do it all yourself. Don't use employees. Don't use the Internet, make your own hardware and your own OS. Don't communicate with anybody. Don't rely on others. Grow your own food. Have a lot of guns to make sure nobody gets close to you. Put land mines around your HQ. You can not trust your dog. You should do it all yourself.
I doubt that - I would imagine people had some idea about the organization they were working for but joined it because it was better to work for it since it gave some measure of protection from it. The problem with the NSA seems to be that they paint this rosy picture of them defending against terrorism when, in reality, they are invading everyone's privacy and spying on allied governments. Hence their recruitment drive is likely to attract honest and open idealists like Snowden who suddenly find themselves confronting their morals.
If the NSA, and US government, had a more realistic view of themselves i.e. that they are like every other government in the world and not some disney-princess version that can do no wrong, people would at least have realistic expectations of what they are getting in to when they sign up.
There's an interesting and fairly neutral take on preventing this sort of thing over at the 360 security blog in the uk:
http://360is.blogspot.co.uk/2011/02/wikileaks-lessons-for-uk-information.html?m=1
Ag
As someone else already said: You can not give someone access to data while not giving them access to data.
What you can make a hell of a lot more difficult is the ability to get the data out in any other way than inside someone's head.
At the extreme range, allow people to enter and exit the building only naked, changing into work-clothes on the inside that never leave the building. Don't forget cavity searches.
Oh, wait - you were planning to run an office, not a prison? That's gonna make things a little more tricky as human beings tend to be picky about archaic things like dignity.
The non-bullshit answer is basically this: The freaking NSA fucked this one up. If you really think a random collection of hints on /. is going to give you a better shot, you need to be fired.
Update your security policy regularily and monitor compliance. Do a good job. Stop worrying about the Snowdens of this world, because there's like one every decade. But users looking for shortcuts, managers wanting a dial-in connection from home, admins leaving the firewall wide open after a change, developers using test-configurations in live, all these things are happening every day. Worry about them.
Assorted stuff I do sometimes: Lemuria.org
Put a chair next to every person that work at the NSA and put another person in it to check on the first. Rotate the second person weekly. If he or she needs to go to the toilet, a spare person comes to replace him/her, not leaving the NSA employee even one second alone with the data.
malicious insiders
Subtle opinion forming there. But what if those insiders are actually benevolent, like I believe Snowden to be?
http://sourceforge.net/projects/luarm/ and for more info have a look at my PhD thesis:
http://folk.uio.no/georgios/MagklarasPhDThesisv3.pdf
Just to get a few ideas. The paper that describes LUARM can be found here:
http://folk.uio.no/georgios/papers/LUARM-WDFIAfinal.pdf
Some of the things in LUARM have been modified since the paper was written but the idea is the same.
GM
I logged in after a few years of lurking because of how truly offended I was by this submission.
This is not the /. I remembered. /. would not have tolerated such astroturfing in comments, nevermind allow it to make it to the front page. slashdot would have modded all these astroturfing comments -1 Troll, and the metamoderation would have said those -1's were fair. this submission proves that the libertarian-geeks that used to reign supreme on /. no longer post or live here. this submission proves /. was a failed revolution.
If there's an admin around looking at this, could you delete my account? I want nothing to do with this site anymore.
You just didn't have it plastered all over the news.
Impossible, with a certain skill set and access level, there is no way to prevent this, bugs -> exploits -> access. That's what you get when you 'Fisher-Price' technology, what have we seen the last decade? Lot's of work on the UI, lot's of cost cutting (degrading R&D), off or nearshoring whatever. Lot's of possibilities for the bad guys ;-) and lacking technology for the good guys (eg. DPI on SSL, advanced layer 7 attacks, etc). So everything is released too soon, let the world fix my bugs. Nice example is 'The Cloud', what cloud? Can somebody give me an example (without marketing and sales blah blah) of this concept, while comparing with the old days were we had our mailboxes at an ISP and we fetched mails via POP3? Or the old days of AS400/Tn3270 verus Citrix and thinclient? Recent news wants me to move away from 'The Cloud', what good is a security at the front door when the backdoor is open. Great! Somebody that enters to the backdoor can now steal/abuse a massive amount of information. Nice work! Thanks!
Snowden will be publicly raped with a soldering iron and next time when somebody thinks of doing like this their ass would hurt.
Two person integrity ( or more if needed ) should deter anything other than an entire section from stealing data.
Plant a lot of juicy, plausible, yet worthless, secrets out there in honeypots and treasure chests of various shapes and sizes. Each is characterized by a unique detail out of place or deranged. See what bubbles up where. See Tyrion Lannister smoking out Grand Master Pycelle.
The U.S. military addressed all the problems except covert channels (now called DLP) in the Orange Book, back in 1985, the days of the dinosaurs and mainframes.
Alas, it was relatively hard to admin, requiring two people to do almost anything, and proving the completeness and sufficiency of the policies was exceedingly hard using the techniques of the day. The good thing was it was easy to use such a system. I used Multics, which was running at B2 and didn't even know security was tight. I later took the week course on how to admin Trusted Solaris and admined a couple of B1 machines. My brain tended to bleed out my ears, I kept running out of audit disk until I turned audit down to a week and I badly broke the two-person rule.
I suspect the difficulty and cost of running secure systems, and the cost of having two-person signoffs in computing as well as accounting killed the governments' desire to be reasonably secure against insiders.
The mechanisms to implement MAC and much of the rest still exist in the NSA security-enhanced Linux, but the work of creating categories and levels to keep users out of each other's pockets, and managing them and the sysadmins so they can't conspire to sneak data out is too expensive for any organization to shoulder as a cost, even the NSA.
--dave
davecb@spamcop.net
Simple. You can't.
... they could have had some people plugging up the USB ports on all computers with epoxy before deploying them to anyone's desk. No laptops. Period. Dammit, they control their computing environment. Or, at least, we probably all thought they did. There's no excuse for someone being able to walk out with a USB drive full of documents. Not one. I can remember working on secure systems where the effing printer ribbons were locked up in the safe at the end of each workday and anything that came off those printers was on special paper that wasn't allowed outside the secure area. Apparently, what passes for secure computing nowadays is a major joke.
CUR ALLOC 20195.....5804M
Get real.
Casteism
There is no "Insider threat". Snowden is not a threat, he did what the Constitution requires ALL of us to do. Uphold the Constitution. Telling on someone committing a crime is not a threat. Telling on someone violating the Constitution is not a threat. We don't need to "stop them". They are doing the right thing. YOU are committing the crime by trying to hide it. By trying to "stop them". I am so sick of people trying to twist it around. A oath to break the law/violate the Constitution is not a valid oath. It was constructed to hide a crime. It is invalid and the person telling on them IS upholding the law. You by trying to hide it ARE NOT. And since when is the government ever reasonable? Their level of scumbag activity has risen to such a point that the average joe is sick of it. Stop trying to cover up crime.
Stop screwing with our rights and privacy and no one will need to breach security.
Simple: hire real scum, with no ethics or morals, who don't care about anyone else. Certainly, you should not hire someone with even the slightest trace of idealism, or who actually *believes* in things like the US Constitution.
Consider the Mafia as a good source of recruits. Or ex-members of Romania's Ceauescu, who had 1/3rd of the population spying on the rest. Or maybe right-wing racist, fascist skinheads.
mark
The question should be "How to enable more Snowden like revelations"
It is very simple: If you don't break the law, if you don't do evil then no whistleblower can blow the whistle on you.
I know I am not the first to say this but I think this message can not be hammered in enough: Don't do evil.
You nailed the problem on the head. And that is why “don't do evil” is in fact the only feasible way to prevent whistleblowers.
The OP was only asking about “Snowden-Style Security Breaches” — So for the problem at hand it is good enough.
Of course security breaches in general can not be prevented as the you correctly pointed out.