Slashdot Mirror
Ask Slashdot: Preventing Snowden-Style Security Breaches?
Nerval's Lobster writes "The topic of dealing with insider threats has entered the spotlight in a big way recently thanks to Edward Snowden. A former contractor who worked as an IT administrator for the National Security Agency via Booz Allen Hamilton, Snowden rocked the public with his controversial (and unauthorized) disclosure of top secret documents describing the NSA's telecommunications and Internet surveillance programs to The Guardian. Achieving a layer of solid protection from insiders is a complex issue; when it comes to protecting a business's data, organizations more often focus on threats from the outside. But when a trusted employee or contractor uses privileged access to take company data, the aftermath can be as catastrophic to the business or organization as an outside attack. An administrator can block removal of sensitive data via removable media (Snowden apparently lifted sensitive NSA data using a USB device) by disabling USB slots or controlling them via access or profile, or relying on DLP (which has its own issues). They can install software that monitors systems and does its best to detect unusual employee behavior, but many offerings in this category don't go quite far enough. They can track data as it moves through the network. But all of these security practices come with vulnerabilities. What do you think the best way is to lock down a system against malicious insiders?"
Simple. Do good, make people working for you feel they're doing something good for the world.
We won't help you cover your asses for the future. It's time to clean house.
How about try not to do anything you would be embarrassed by if it leaked? Not ignoring the 4th Amendment is a good start.
Don't do anything your employees would want to blow a whistle on, e.g. fly-tipping, holding personal information insecurely, wholesale wiretapping of a nation, that sort of thing.
And you won't have to worry about insiders sharing your private data with the media.
That always ensures quality.
My mom says I'm cool.
Don't piss off the sys admin.
He has said himself that he didn't have any sort of security clearance. Why in the world were files of *any* importance available, unencrypted, for him to see?
What a joke, seriously.
Obeying your country's constitution and not operating for the sole benefit of oligarchs and barons of commerce would go a long way towards limiting whistleblowing activity.
If you want to go the opposite direction, I guess you could lock up your employees in a bunker and hold their families hostage.
Access to secret data and documents should be on a need-to-know basis, or a practical approximation of it. It's clear that he had access far beyond what he needed to know. If he can't get at the sensitive documents in the first place he can't copy them to USB or use his cellphone to take pictures of them or upload them to his Wikileaks partners.
---------
There is inferior bacteria on the interior of your posterior.
.... do you really want to?
Nice try, NSA.
Have separation between levels of security and have fewer & fewer admins working on them as you go up the chain. Use the old established and trusted guys at the top. Don't have thousands of people (particularly contractors) crawling all over the most sensitive data. Seems obvious really. Look at the amount of data *Private* Bradley Manning got his hands on. It's like NSA & Govt just leave the barn doors open and hope the fear of prosecution will prevent the bad thing from happening.
Explosive collars.
To prevent Snowden-style leaks you're going to have to turn into North Korea. I am sure the DPRK has a manual on this.
How about not doing illegal things in the first place?
A lot of motivation for insiders to disclose the "sensitive" information would go away.
That always ensures quality.
With our recent innovation of no-bid contracts (well, there's one bid - from the crony that's been hand-selected by the corrupt government department), you get all the benefits of outsourced work along with the quality of a supplier with a monopoly for your project(s).
Make sure everyone's vote counts: Verified Voting
Kill chips. If you sign a contract for security clearance, you're implanted with a kill chip so that you can be remotely disabled.
Flood the network with false information.
Limit job duration.
Use the buddy system.
It is ridiculous to think that you will be aware of most breaches.
That's not an "ask Slashdot", that's internal advertising for your article.
The meat of which is advertorial for people paying you to mention them.
Fucking grow a spine.
http://rocknerd.co.uk
If you want to prevent leaks, the first step is to minimize the number (and importance) of secrets. Second it so minimize the number of people who know them (hundreds of contractors from the lowest bidders is not ideal). Third is to reduce the incentives for leaking said secrets (make leaking them be bad, not good).
If these programs were effective, they should be been public knowledge. if they were ineffective, they should have not happened (and not been funded!). The logic that programs to protect us from criminals need to be secret is bullshit. The police aren't top secret, nor are trials, jails or courts and they still can do their jobs. I don't see why special "terrorism" criminals need secret spy agencies with secret warrants and monitoring from secret courts. We have an existing non-secret publicly accepted legal system. Use it! If its broken, fix it; don't make a secret version of it.
The trouble with protecting yourself against insiders is that you are trying to protect yourself against people who need access to do whatever it is you pay them to do. Protecting yourself against external attackers is a massive matter of practical difficulty; but at least it's a coherent objective: keep people who shouldn't have access away from access. Against insiders, virtually everything you do either reduces productivity(so you disabled USB, good thing that there are never any legitimate applications for sneakernet, right?), erodes the warm-and-fuzzy primate emotions that help keep your non-sociopaths from even wanting to hurt you(As a member of the FooCorp family, keep in mind that we log absolutely everything you do because we don't trust you at all, and those logs are just sitting in the IT office should your vindictive manager ever want to hold the five minutes you spent on personal email about your sick kid against you!) or, if you are really good at screwing it up, actually end up concentrating power among certain insiders, or creating incentives among the clueless to learn more about circumvention(Do you know how to get an entire class full of high schoolers to stop shoving geeks into lockers and start begging them for help? Block facebook.)
This isn't to say that it is impossible; but it consists of making a lot of unpleasant choices about how much pain you want to inflict on the mostly innocent in order to scare and/or catch the guilty, who may or may not exist, depending on the time and circumstances.
Man can make it, man can break it, it's that simple.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
This is an age old problem. It partially requires people skills, and it requires technology. A couple ideas:
1: First thing is compartmentalize. One person shouldn't have access to all the goodies.
2: USB devices are easy to control. I can push a GPO on Windows that blocks writing to any USB flash drive, or just locks out access completely so someone can't hook up their iPod Touch, run iTunes and copy files that way. Third party programs can offer this functionality as well. Of course, there are always BIOS locks. If one doesn't care about reselling machines, snipping wires and epoxy blobs in the USB ports will finish the job.
There are other devices and ports too. Firewire, Thunderbolt, and even PCIe cards can be hazardous. Don't forget the humble old CD-ROM burner in most machines.
3: Watch data and its access. If a Windows admin suddenly is slurping down everything in the accounting directory, and it isn't a backup utility doing this, then someone should be notified.
4: I normally dislike DRM, but I have used an IRM/RMS server in house for protecting files. That way, if someone slurps off a Word document, it works fine if running on my machine, but unless they saved it to another format, it will be encrypted on their end. I've used Microsoft's RMS for about ten years now for personal items, and it does a decent job as a secondary layer, especially when coupled with some other encryption.
5: Get a solution that can make heads/tails over audit logs. Splunk is nice (though expensive.)
6: Add documents that are normally not accessed, but if they are, they immediately trigger an alert from the solution mentioned in #5. That way, if someone is doing a mass copy of files, someone knows. Most likely it is part of the job, but it is wise to have a couple tripwires.
7: Spend your time and do background checks that work. Checking for felonies, yes. Demanding usernames/passwords to Facebook for ongoing monitoring 24/7, no.
8: Finally, morale. A company that always threatens its developers with offshoring, and has low morale will have far more security issues than one that at least knows how to treat people with some modicum of respect.
Did the OP get his question rejected from the "Ask Dr. Evil anything"-morning show?
Don't conduct shady business in the first place, how friggin' hard is it? Can you look at a barbed wire-roll for more than five seconds without dreaming about extra-judiciary internment camps? Can you walk past a plank lying on an incline without imagining someone lying upside down on it while being drowned with a wet sock?
I don't care how some people think that doing sh't towards other countries is "part of the game", it's wrong and you friggin' know it! There is no excuse.
If you quote this signature there'll be 72 copies of Windows ME waiting for you in Heaven.
Thus, you'll have nothing to hide.
Otherwise, it's a moot point; to paraphrase Mr. Universe, you can't stop the signal, bitch.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
1. Access to information in a need-to-know basis only using strong enforcement via MAC. Nobody has ALL the information on a specific subject.
2. All applications are used via virtual desktops accessed from secured, fully managed devices. No access is allowed from unmanaged endpoints of any kind.
3. If some information is as sensitive as described, then physical security enforcement need to be in place (isolated terminal room for example).
4. No printing, no emailing, no networking outside the proper security perimeter.
5. Regular audits and interviews to personnel with access to specific pieces of data.
You'll have to sacrifice convenience for security in environments that require that.
What we should probably do is build data centers that take a catch all approach to data... that way, we can fear would be whistleblow... ahem... I mean, terrorists into being so careful online that they don't misbehave.
Oh wait
I now work for a company that attempts to do this. It makes me so angry every time stupid arbitrary IT road blocks stop me doing work. Made all the worse because they DON'T WORK.
I have deafeated most of the safe gaurds and now use the internet exclusively through an encrypted tunnel which completely removes all of their nice protections and creates a potential avenue for attack.
These sorts of measures stop 50% of your employees from doing work, and get the other 50% angry, causing them to ruin your security measures anyway.
Some of us don't see Snowden as a malicious insider, some of us don't see people like him as something to be guarded against.
Indeed, some of us see people who expose criminal behaviour as people to be celebrated, to fight for, and to protect.
Ok, the well-connected people don't see it that way (being guided by their pocket). And let's face it, the law is on their side (well, according to their interpretation anyway.).
I wonder what they're going to do, in their gated communities, when the tech who needs to tweak the settings on their artificial hearts decides not to turn up?
All your ghosts are just false positives.
While all the "don't be evil" responses are cathartic and fun, the real issue here is that you can't simultaneously give someone access to data and prevent them from having access to the data. You can make it more difficult to access the data but the price is that it is more difficult to access the data. You can't read minds so intent is not something you can reliably build into the system.
When information is power, privacy is freedom.
Don't have morally repugnant and illegal secrets.
Stop recording!
At some point, recording becomes a bigger liability than not recording.
Surveillance is also very exploitable and therefore inherently dangerous.
It might be used for good today, but who knows what it will be used for tomorrow and by whom?
Every time it is misused the "terrorists" wins a small victory.
Not really an answer to the question, but good security design should focus on identifying all of the relevant threats (aka a "threat model") and mitigating all of them to the degree that makes sense -- and any good threat model will inevitably identify insider threats as the highest risks most at need of mitigation, because, by definition, insiders have greater opportunities to conduct attacks, and they have roughly the same motives as external attackers.
If you find that your organization doesn't spend 95+% of its security time, money and effort on foiling insider attacks, it's almost certainly not doing a good job. If it is adequately hardened against insiders it'll be darned near impossible for outsiders.
My impression of the NSA has always been one of an extremely high degree of competence, so the Snowden leaks surprised me. You can't stop insiders from gaining access to the data they need to do their jobs, of course (though you can often segment job responsibilities to minimize it), but you can and should make it a lot harder for them to get access to other sensitive data, and Snowden was apparently able to get a lot of stuff that wasn't relevant to his responsibilities.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
The two aren't mutually exclusive.
Stop doing things that seem illegal or immoral to your employees. Stop lying. Stop cheating. Stop cowering behind secret courts.
As people say about the data collected by the NSA: if you haven't done anything wrong then you have nothing to hide. The NSA was hiding this program because they knew it was wrong.
Article X: The powers not delegated... by the Constitution...are reserved...to the people
don't mention the name "Snowden"in the title. Instead, he should have passed himself as a south-american business agency fearing CIA moles. In the best case, he will get a very efficient document streaming service.
I'm curious, has anyone in government intel circles ever heard of compartmentalization before? I'm pretty sure based on the TS/SCI clearances they issue to those working with (what should have been) compartmentalized data would know of this rather obvious concept.
Bottom line is they know the importance of data compartmentalization. This has been a standard practice for decades now, even keeping those at the highest levels in the dark with the additional "need to know" addendum.
I can't help it if utter stupidity and ignorance stepped in, and chose to simply dismiss good protocol and practice to subscribe to sensationalist ideals such as "anti-terrorist interoperability" across all intelligence organizations via shared databases and intel streams. You want access to all of the data at a moments notice? Then you should know damn well what the ultimate cost of that is. Don't bitch about a lack of eggs when someone steals the whole damn basket.
No matter how deep a background check goes, no matter how thorough the inquiry is into a person's character, no matter how many interviews are made of friends and family, and no matter how many polygraph tests are performed, if a person is given a position that requires some trust there is always going to be a chance that this person is going to abuse the trust. Psychopaths and sociopaths the the scariest of these people because they have no problem with lying, are good at it because they are usually good at being manipulative, are often very well liked by family and friends, and can lie without end like a baby-kissing politician running for re-election and still pass a polygraph test.
Perhaps the problem is in the kind of people being sought for these jobs that require great trust. While a person needs to be squeaky clean to get security clearance, perhaps the squeaky clean requirement is causing the government to choose some from the wrong pool of candidates. My experience has been that you will have a better chance of finding an honest man (or woman) by looking at those who have messed up in his or her life, is genuinely repentent, and has demonstrated through years of clean and honest living that he or she is worthy of such great trust. The gratitude that comes from being given this second chance is an incredible motivator in steering a straight and narrow course through life.
It's really quite a simple choice: Life, Death, or Los Angeles.
AC for obvious reasons....
I work directly with the CISO for a big corporation and have inherited a DLP System that I now 'own'. We've seen some very crazy incidents and it's already shown it's value a few times. I know of 1 termination and multiple HR disciplinary incidents stemming from our system. Yet the signal to noise ratio is abhorrent and this is with almost 2 years of testing and tuning policies. Besides, you can never stop the bad guy taking screenshots (with a real camera!) or using steganography, or just making hard copies of the PCI/PII/etc we're trying to protect. No DLP (or any other solution) is going to give you both 100% coverage and 100% visibility. Hell, find a savant with great Eidetic memory and they could just read everything and walk out with it in their head.
Its as simple as halting creepy anti-social, anti-democratic, and anti-freedom police state activities, lying about them, and justifying it with how much you hate/think lowly of the general population, and how you'll easily get away with it.
Then mabey the people who work for you won't question your blatant lack of morals.
and having data in a vault with armed guards on the out side 24/7.
Assassinate Snowden.
(Probably not the answer anyone wants to face, but ask your inner Machiavellian.)
Futurist Traditionalism
There's no sure way to protect the data, but this comes close:
1. Unplug the server/storage array/whatever
2. Put it in a safe. Lock the safe, lose the combo.
3. Dig a large hole.
4. Insert safe into hole.
5. Fill hole with concrete.
Of course, even this plan has its flaws: What if the safe is discovered? Your only hope is that it's discovered by a Redditor; it will never be opened then.
I agree with this point. It's not impossible to stop leaks, but organizations can change to mitigate the impact one individual can have.
The thing that is most interesting to me about the Snowden case, as well as the Manning case, is the level of access intelligence communities give to these people. I mean, Manning was able to dump years of diplomatic cables, and Snowden has been able to detail a worldwide architecture of network ops.
Did they really need to have this much access to information? If their roles were more compartmentalized, these situations would be different.
I feel the problem with these leaks is a management issue moreso than the acts of individuals. Taking young, principled, intelligent guys and giving them the keys to a trove of information about questionable activities is just not the way to run an organization. The people he reported to should be the ones being indicted over this.
A solution (without knowing the particulars) would be to spread out access across a range of individuals with specific skill sets in their area and that's it. If you want to train people to be hackers, focus their development on one level of infrastructure and make it impossible for one guy to do this all on his own.
If you're worried about USB or any other device access you've already lost. Anyone who can SEE the screen can snap a pic of the screen. Or a few hundred screen pics. And even if you strip everyone naked as they enter the building, and you scan them for hidden devices hidden inside body orifices, the fundamental issue is that information can be carried out in someone's memory, and that person is capable of talking.
Compartmentalizing who can access what may limit the range of what any particular insider can release, and reduce the number of insiders able to release any particular thing, but fundamentally people need to see the information to do their job.
Threat of prosecution can keep people's moths shut to some extent, but if you're engaging in illegal or immoral activity then sooner or later some insider is likely to decide to "do the right thing" even if it means huge self sacrifice.
As others have indicated, maintain goodwill and loyalty. At a minimum maintain some level of respectability for organization, and some level of respect for your employees. That is the *only* thing that can protect you against the threat of a self-sacrificing insider trying to "do the right thing".
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
A more appropriate question is what should you do when you have information that the organization is engaged in illegal activity, especially when that organization is the government ..
AccountKiller
It's not possible. It is naive to think its possible. 99% of the people are cool, its the other 1% you have to watch out for. You cannot prevent somebody from yelling fire in a theater, but you can make life difficult for them. This is not a technology problem, its a people problem and there is no easy answer.
Greed is the root of all evil.
Basically, the GDR (former Eastern Germany) had similar problems with their border guards: guards would usually patrol the border in pairs (two guards at any given time). And this is obviously a necessary thing in border patrol.
But since the government couldn't trust their guards and since there indeed was a possibility that the guards would just jump across the border to Western Germany, they had a brilliant plan: (1) they made sure that each of the guards came from a completely different area of the country, and (2) that they didn't spend too much time with together in order to build trust between them. So, for the case (2), the government decided to create new pairs every week or so... it worked quite successfully.
Now, the question, obviously, is whether you *want* to be something like the former Eastern German Government.
I believe there are a lot of ways of protecting data against malicious employees - one being the way the Eastern German Government did (this might be a good solution actually for the NSA). Other ways are making sure that the employees in question can never copy any data by any means, whether it is by blocking USB-ports, not having any drives, not allowing *any* personal devices at all, including no cameras, smartphones, etc. You might even force the people to use a company-provided mobile phone even for their private calls (without snooping into their calls) without cameras, data connection, etc (just calls+sms).
Lastly, you could consider using a TrustedOS with levels such as B1-B3 or even A1 or Beyond-A1. http://en.wikipedia.org/wiki/TCSEC
I knew TISX http://en.wikipedia.org/wiki/Trusted_Information_Systems, which had (afaik) the only B2-TOS at that time. It was quite ingenious how it worked...
I think what bugs me the most about these most recent leaks is that the ONLY people surprised by it are the members of the public. The various governments know that they're being watched...mainly because they're doing watching on their own (that they're not supposed to do), that they talk about (which is monitored by other nations), rinse, repeat. Of course, it behooves all of the various countries involved to deny it...they don't want to look like douchbags, after all. But then again, how many of them look "squeaky clean" after the last round of releases that established that they were spying too. Everyone knows they do it, everyone has known that they've been doing it...so why in the fuck is anyone pretending to be surprised?
On topic, I have two answers for you depending on how your question was intended.
A1: You don't. You will never stop "leaks" of any sort, because you will inevitably be fooled into trusting the wrong person at some point. Leaks will always happen, even if there's been no wrongdoing (leaks can take the form of corporate secrets, for example).
A2: If you mean how do we stop leaks like this, as in, leaks about Governments infringing on public rights and acting like utter jagoffs the solution is far far simpler: Stop being jagoffs, stop breaking the law. Hell, that's the answer that WE get, isn't it? "You don't have anything to worry about if you're not breaking the law"...well, if they don't want people to blab about the Gubmint breaking the law, the Gubmint should stop breaking the law and they won't have anything to worry about. Right?
If you hire smart people they will always be able to get the data they want. A surveillance state does more harm than good.
by Eradicating Cognitive Diversity. Similar point by me: http://www.phibetaiota.net/2011/09/paul-fernhout-how-security-clearance-process-harms-national-security-by-eradicating-cognitive-diversity/ ...
"This essay discusses how the USA's security clearance process (mainly related to ensuring secrecy) may have a counter-productive negative effect on the USA's national security by reducing "cognitive diversity" among security professionals.
From Perro's first-person account, it is clear that there are three essential personal attributes required to get a US security clearance in most cases, all of which revolve around the the need to minimize the risk a national security professional will give up a "secret":
* Practically no social contact with foreign nationals (outside of structured work-related interactions);
* A very stable psychological and economic profile; and
* A willingness to accept an invasion of that person's personal privacy in the name of national security (along with giving up a bit of the privacy of friends and family).
In the context of what Scott Page wrote about in The Difference, what are the "cognitive diversity" implications of such a selective filtering process as they relate to various forms of integrity or understanding?
It would seem likely that that such a person might have little curiosity about other cultures than the USA's, as well as little direct hands-on knowledge about them. A "foreigner" would generally be an abstraction, not a drinking buddy or domestic partner.
This ideal candidate would likely have never had a serious existential emotional crisis, never had a serious financial crisis, probably had a happy childhood growing up in a stable economic situation, and probably had loving caring involved parents themselves successful in US society. So this person would have little deep understanding of people raised otherwise and how that might effect motivations and a sense of commitment (whether to good ends or bad ends).
Cognitive dissonance is a human tendency to make beliefs align. Because of cognitive dissonance, a person who has accepted a privacy invasion for himself or herself (along with some costs for family and friends) would also probably be less likely to be concerned about domestic privacy invasions in general -- whatever their stated policy beliefs.
Now, there are always exceptions here and there, and no one is "perfect". And, to be very clear, getting a security clearance does not mean someone is a bad person. Quite the opposite -- such a person might be the best of neighbors, have a good sense of humor, be easy to manage, be a supporting pillar of a church or non-profit, be a good friend, be a great parent, and so on. They might be very intelligent and have a lot of interesting and useful suggestions to make from one point of view. It is a good thing to have a lot of people like that in government service related to national security. The issue comes down to whether it is a good thing to have *only* people like that thinking about national security? People with national security credentials are also often naturally turned to for their opinions on the local security and global security questions, so this filtering process effects many aspects of security in our world.
But what are the deep implications of staffing the USA's national security organizations with *only* 99% good well-meaning reliable mainstream people (and perhaps 1% fakers) through this filtering process driven mainly by a supposed need for "secrecy"? ...
Ironically, the USA is the world's greatest "melting pot" or really "stew pot" of cultures, yet it may have some poor national security decision making if it is afraid of the implications of that integration. That fear is primarily because any personal link to a foreign national or any deep connection to
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
As the founder of modern information theory Claude Shannon so eloquently stated: the enemy knows the system (Kerckhoffs's principle). To the question being asked: it is problematic when the information assets are published, like the wikileaks exposure of diplomatic cables. In this instance, however, it is the system being exposed, and not particular information assets (at least to my limited knowledge). Thus, as an organization I think the worry is not about the system you use, but instead about your information assets. There is no simple answer to protecting information assets from insiders short of saying: defense in depth. :)
"According to the report, which scrutinized the approval of security clearances, more than 483,000 government contractors had "top secret" clearance as of last October. On top of that, another 582,000 have "confidential" or "secret" clearance."
That is... WELL OVER ONE MILLION PEOPLE with access to sensitive information. More or less 1 in every 300 citizens of 'murica.
If you don't see a potential data breach here, I really don't know what you're looking for.
Snowden made the information public, but who knows how many others sent information to foreign agencies? With one million people with access I bet data breaches happen quite more often than this one case.
Privacy is terrorism.
If you don't want to be publicly embarrassed and humiliated and lose any credibility you have by being exposed as someone who lies, cheats, steals, and violates your Citizens' rights, then don't lie, cheat, steal, and violate your Citizens' rights.
Two months ago Snowden was living in Hawai'i with an attractive girlfriend and a decent salary. How is that more dysfunctional than living in a Russian airport on the run from the US government?
We hope your rules and wisdom choke you / Now we are one in everlasting peace
Not doing something subversive and heinously evil in the first place goes a long way toward people not taking it upon themselves to be an unsung American hero.
https://www.youtube.com/c/BrendaEM
Nobody has unsupervised access. No private offices. Survalliance cameras over the desk. Multiple Adminstrators per work area. Use of biometrics to authenticate; based on qorums, 3 of 13 administrators present if better than 1.
No explanation, really. The threat of having your life taken away from you is enough to keep most toeing the line.
There still are a few, very few for whom integrity and doing the right thing is more valuable than their own life. What do you think the English King would have done to Paul Revere if the king's minions had caught him? What about some of the other early Americans that participated in the revolution? There are still a few people on this earth who will subscribe to the notion of "Give me liberty or give me death". To me it looks like Edward Snowden is one of these people.
A sufficiently advanced simulation is indistinguishable from reality.
The biggest concern for an employer is loss of trade secrets such as costs, margins, competitive pricing, etc. Usually this sort of info needs to be in the employees hands for them do do their jobs
Blocking employees from taking that sort of data is pretty much impossible and a fools errand as you are more likely to take away their ability to do their jobs.
You must make it a well known policy that you put the full force of the law behind protection of company secrets, and violation of those policies can result in not just termination, but further legal action, and even criminal charges if appropriate.
(If at first you don't succeed, do it different next time!)
Snowden and the other intelligence contractors are simply mercenaries. Their job, is first and for-most to get paid. You buy their loyalty with money. Anybody who offers a greater reward, can shift their loyalty.
Showden ultimately, found a higher bid for his loyalty than his Booz/Allen/Hamilton paycheck.
This is not rocket science. This is simply Management 101. One of the most shocking revelations has been that the NSA is so incompetent in managing the basics of loyalty. I am afraid that we will eventually find that the only thing that is unique to Snowden is that he acted publicly.
It is very likely that the 'secrets' of the NSA have been cheaply purchased by every other government and large corporation.
If you want trustworthy employees, act as a trustworthy organization.
a) You're in the wrong job.
b) We won't help you.
c) Make sure everything your company or government office is doing is legal, ethical, and morally unquestionable.
d) All of the above.
Oh, the correct answer is "d".
This sig intentionally left blank.
Here are a few ideas:
1. Video cameras with 100% coverage of any room with computers with sensitive data. Live monitoring of said cameras.
2. Securely locked computer cases. Since I haven't seen any computer cases that allow for truly secure padlocks this may require making your own computer cases out of say 1/4" steel and with thick case hardened hasps designed with large padlocks in mind.
Or alternatively you could design a case by permanently welding the case closed. If something goes wrong inside you simply melt the whole thing down. A custom designed case will also allow you to bury any of the absolutely necessary external connections like for a keyboard and mouse inside the locked or welded case. Any data would need to be backed up through the internet or other network connection, which again is buried inside the secure case.
3. Checkpoints with metal detectors set to their highest sensitivity for all personnel entering or leaving, but this will only work if it is sensitive enough to detect a single microSD card. Strip searches and cavity searches for all departing personnel with access to sensitive data.
4. You could lock your employees into a secure facility and never allow them to leave. If they try to quit you kill them and melt their body in a large dedicated acid bath.
Of course this would have to be combined with severing all contact with the outside world. Internet connections or any kind of telephone would be forbidden. Also make certain that no computer has wifi capability and/or make the rooms with the computers with sensitive data into Faraday cages to prevent any wireless data transfer.
5. A water lock. In order to exit your facility your employees must swim through a tube filled with water. The problem with this is that a microSD card could be protected by wrapping it in plastic or something. You could also use salt water and run a nonlethal current through it.
6. Do not allow employees anywhere to put a data storage device. Do not allow any clothes or bags of any kind inside. They would store all of their belongings including their clothes in a locker before they entered the facility proper. Combined with cavity searches this could be quite effective even without any of the other measures. To help with employee retention make sure that the searchers are very, very attractive and that sexual preferences are observed at all times.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
The military uses Two Person Integrity (TPI) for the transport of physical assets. Because there is a secure internet running behind the scenes that contains all this classified material, require two individuals to authenticate access to a specific document or subject matter.
Why would we want to prevent them? Let me break this down:
Leak how to build a supervirus attached to a high-radiation nuke - prevent
Leak illegal spying that violates a country's founding principles and laws - encourage
That's idealistic and foolish. You're focusing on the NSA and Snowden. What you should be focusing on is any company, country, or organization which has an enemy or competitor, and any employee who is in they pay of said competition. Industrial espionage, international intelligence, market manipulation, smear campaigns, retaliation for a fully justified firing, whatever.
The vast majority of data exfiltration is not for any noble purpose of whistleblowing. Most of the time, the person in question isn't even particularly disaffected, just greedy, in a tight spot financially, has always had other loyalties, or is acting under duress (blackmail, threats, whatever). There's no amount of "feel like they're doing something good for the world" that will make up for those!
The question was asked very poorly, though. Snowden is exciting right now because of the nature of what he did and the large amount of media attention, but the question had nothing to do with whistleblowing; it's all about information control in general.
There's no place I could be, since I've found Serenity...
This question seems to want to avoid the ethics of the situation entirely. Would I want to be a security admin that prevented, knowing or unknowing, what has been widely considered a heroic act which revealed the scale and depth of intrusion and recording of guiltless individuals' activities? Even removing the massive scale of this issue and Snowden himself... Would I want to build a security system to protect a person or corporation which hides any number of illegal activities a company can do? The concept itself shows a lack of ethical fortitude. The question should be "Do you now feel compelled to create backdoors and loopholes in your work by which the truth can be discovered and revealed to the public about how your employer breaks the law and hurts people?" Besides. the fact that the NSA, a branch of the US spying agencies, in 2013 doesnt understand about information protection what my local community college understood in 1996 (disabling USB access) is both ridiculous and hilarious.
If you suggest that he will be target of a drone strike no matter where he is, you are very wrong about who is the indecent there. Anyway, we already know how indecent is the US government regarding drones, so you missed one big motivation in your list.
(emphasis mine)
That is completely irrelevant!
The question is about information exfiltration, not about information publication. Industrial espionage, international intelligence, market speculation, all manner of (other) criminal operations can provide reasons to extract data from an organization. Whistleblowing is such a miniscule part of the pie that it's not even worth worrying about. It's a poorly-written question, but getting modded to +5 for not even answering it is lamer still.
There's no place I could be, since I've found Serenity...
Considering that you have between 500.000 and 5 millons "Snowden-style" external people with probably full access to all your organization data (that will do anything they want because they surely respect you), everyone have a far bigger problem than internal employees.
And retiring trust in them would not make them more loyal. Maybe the US can push the strategy of creating enemies to grab power because they will exist after that, but for me is an approach unsustainable in the long term and with very high cost. The right measures are not technical, is not that you will be fast enough to dodge bullets, but that you wouldn't have to.
Simple solution: everyone passes through a scanner on the way out. If they're carrying any form of flash drive (including smart phones or music players), hard drives, flash memory sticks, any form of CD/DVD media, tapes, floppy disks, or punch cards, then upon exit they are immediately electrocuted via metal plates in the floor. Problem solved.
Is there a way that a series of QR codes can be quickly displayed on the screen that a smart phone can read and decode into a data file of some type?
I would quote Eric Schmidt: "If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place"
I understand Edward Snowden was hired as a sysadmin. In my opinion it is worthless trying to set up technical measures against someone whose job is to maintain your systems. The good defenses are paying people enough so that they are not tempted by a financial gain (and if you are betrayed, you can still sue and recover your loss), and not do illegal or immoral things (here is where Eric Schmidt's citation is relevant).
Don't do the crime if you can't do the time.
The type of breach Snowden performed was right and proper.
Why would you want to prevent such a breach?
??
Besides he didn't turn over weapon systems designs, like our government is doing on a daily basis to China.
Now THAT is treason.
-Hack
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
Married employees with kids and a mortgage don't have as much leeway to indulge their conscience.
Sad, but true.
I've given this a lot of thought, and compiled a solid rant on the subject.
My thesis about privacy in 2013 - 2020:
Lets start with some facts:
1. The Spy agencies in NZ, UK, USA, Australia and Canada spy on everyone, even their own citizens. 2. The UK copies literally everything that traverses the Internet and keeps it for 3 days for analysis (EVERYTHING!) 3. The USA shares this information (including commercial secrets) with its private enterprises to help them win international business. 4. So many people work for these agencies that from time to time this information is made public. 5. Nobody really cares. 6. The chances of any of these organisations giving up such a valuable source of power are about the same as global nuclear disarmament 7. It’s only a matter of time until the local police have access to all this information. 8 . In 2001, as sysadmin of BSSC I could read the email of every teacher and every student at that school, without leaving a trace of evidence, nor with any fear of punishment for wrongdoing.
So, I assert: You have no privacy online. You never really did. It was only by unspoken rule of sysadmins that we let you have the illusion of privacy. Ed Snowden betrayed sysadmins.
Strangely, Google poise to release the most important advancement toward our goal of total access to information - a video camera strapped to every second person’s head (Google Glass), and people are up in arms (9) and so are the governments best poised to take advantage! (10).
I think we’ve got it all wrong. Let’s stop bitching about this rampant surveillance and embrace it.
Let’s get our spy agencies to make everything they’ve got available to everyone! Let’s mandate that every Google glass camera must be on all the time, every phone must have its microphone on all the time, every GPS recording its location and all this content uploading to the cloud!
Information WANTS to be free! EVERYONE should have access to EVERYTHING!
Then it will hardly be accessed, because if Facebook status updates have proven anything it’s that it’s no fun spying on all your friends if all they do all day is play Farmville.
Finally, these civil libertarians realise that nobody really cares about them, or their “right to privacy”, and we will be able to make the most out of google glass (11).
Sources:
1. http://www.spiegel.de/international/world/interview-with-whistleblower-edward-snowden-on-global-spying-a-910006.html
2. http://mashable.com/2013/06/21/gchq-spy-agency-taps-global-internet/
3. http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html
4. Bradley Manning, Edward Snowden
5. http://www.news.com.au/
6. http://io9.com/5969204/could-nuclear-disarmament-actually-increase-our-chance-of-an-apocalypse
7. “if the information is there, it’s already collected, why not use it to prosecute the crime? Why are you protecting the guilty? If you’re innocent you will want us to use this information to exonerate you.”
8. I read your email. Get over it.
9. http://www.policymic.com/articles/29585/3-new-ways-google-glass-invades-your-privacy
10. http://news.cnet.com/8301-1023_3-57591975-93/google-glass-privacy-concerns-persist-in-congress/
11.
access levels on documents are already the norm. USE THEM.
Compartmenting documents is also the norm. SEGREGATE DOCUMENTS.
Deny access to individuals who do not have the requisite access level or department clearances to view the document.
ONE SHOT DEAL: You get caught accessing a single compartmented document that is not ESSENTIAL to doing your job, YOU GO TO JAIL. END OF.
HOWEVER:
That is contingent on the agency with the overall responsibility of the documents in question being totally above reproach. Yeah, right, show me one and I'll show you a LIAR. There's ALWAYS room for mitigation, IMO.
Operation Guillotine is in effect.
Ripley: I say we take off and nuke the entire site from orbit. It's the only way to be sure.
http://nukeitfromorbit.com/
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
I doubt that - I would imagine people had some idea about the organization they were working for but joined it because it was better to work for it since it gave some measure of protection from it. The problem with the NSA seems to be that they paint this rosy picture of them defending against terrorism when, in reality, they are invading everyone's privacy and spying on allied governments. Hence their recruitment drive is likely to attract honest and open idealists like Snowden who suddenly find themselves confronting their morals.
If the NSA, and US government, had a more realistic view of themselves i.e. that they are like every other government in the world and not some disney-princess version that can do no wrong, people would at least have realistic expectations of what they are getting in to when they sign up.
As someone else already said: You can not give someone access to data while not giving them access to data.
What you can make a hell of a lot more difficult is the ability to get the data out in any other way than inside someone's head.
At the extreme range, allow people to enter and exit the building only naked, changing into work-clothes on the inside that never leave the building. Don't forget cavity searches.
Oh, wait - you were planning to run an office, not a prison? That's gonna make things a little more tricky as human beings tend to be picky about archaic things like dignity.
The non-bullshit answer is basically this: The freaking NSA fucked this one up. If you really think a random collection of hints on /. is going to give you a better shot, you need to be fired.
Update your security policy regularily and monitor compliance. Do a good job. Stop worrying about the Snowdens of this world, because there's like one every decade. But users looking for shortcuts, managers wanting a dial-in connection from home, admins leaving the firewall wide open after a change, developers using test-configurations in live, all these things are happening every day. Worry about them.
Assorted stuff I do sometimes: Lemuria.org
http://sourceforge.net/projects/luarm/ and for more info have a look at my PhD thesis:
http://folk.uio.no/georgios/MagklarasPhDThesisv3.pdf
Just to get a few ideas. The paper that describes LUARM can be found here:
http://folk.uio.no/georgios/papers/LUARM-WDFIAfinal.pdf
Some of the things in LUARM have been modified since the paper was written but the idea is the same.
GM
I logged in after a few years of lurking because of how truly offended I was by this submission.
This is not the /. I remembered. /. would not have tolerated such astroturfing in comments, nevermind allow it to make it to the front page. slashdot would have modded all these astroturfing comments -1 Troll, and the metamoderation would have said those -1's were fair. this submission proves that the libertarian-geeks that used to reign supreme on /. no longer post or live here. this submission proves /. was a failed revolution.
If there's an admin around looking at this, could you delete my account? I want nothing to do with this site anymore.
Plant a lot of juicy, plausible, yet worthless, secrets out there in honeypots and treasure chests of various shapes and sizes. Each is characterized by a unique detail out of place or deranged. See what bubbles up where. See Tyrion Lannister smoking out Grand Master Pycelle.
The U.S. military addressed all the problems except covert channels (now called DLP) in the Orange Book, back in 1985, the days of the dinosaurs and mainframes.
Alas, it was relatively hard to admin, requiring two people to do almost anything, and proving the completeness and sufficiency of the policies was exceedingly hard using the techniques of the day. The good thing was it was easy to use such a system. I used Multics, which was running at B2 and didn't even know security was tight. I later took the week course on how to admin Trusted Solaris and admined a couple of B1 machines. My brain tended to bleed out my ears, I kept running out of audit disk until I turned audit down to a week and I badly broke the two-person rule.
I suspect the difficulty and cost of running secure systems, and the cost of having two-person signoffs in computing as well as accounting killed the governments' desire to be reasonably secure against insiders.
The mechanisms to implement MAC and much of the rest still exist in the NSA security-enhanced Linux, but the work of creating categories and levels to keep users out of each other's pockets, and managing them and the sysadmins so they can't conspire to sneak data out is too expensive for any organization to shoulder as a cost, even the NSA.
--dave
davecb@spamcop.net
Simple. You can't.
... they could have had some people plugging up the USB ports on all computers with epoxy before deploying them to anyone's desk. No laptops. Period. Dammit, they control their computing environment. Or, at least, we probably all thought they did. There's no excuse for someone being able to walk out with a USB drive full of documents. Not one. I can remember working on secure systems where the effing printer ribbons were locked up in the safe at the end of each workday and anything that came off those printers was on special paper that wasn't allowed outside the secure area. Apparently, what passes for secure computing nowadays is a major joke.
CUR ALLOC 20195.....5804M
Get real.
Casteism
Simple: hire real scum, with no ethics or morals, who don't care about anyone else. Certainly, you should not hire someone with even the slightest trace of idealism, or who actually *believes* in things like the US Constitution.
Consider the Mafia as a good source of recruits. Or ex-members of Romania's Ceauescu, who had 1/3rd of the population spying on the rest. Or maybe right-wing racist, fascist skinheads.
mark
It is very simple: If you don't break the law, if you don't do evil then no whistleblower can blow the whistle on you.
I know I am not the first to say this but I think this message can not be hammered in enough: Don't do evil.
You nailed the problem on the head. And that is why “don't do evil” is in fact the only feasible way to prevent whistleblowers.
The OP was only asking about “Snowden-Style Security Breaches” — So for the problem at hand it is good enough.
Of course security breaches in general can not be prevented as the you correctly pointed out.