Ask Slashdot: Preventing Snowden-Style Security Breaches?

Nerval's Lobster writes "The topic of dealing with insider threats has entered the spotlight in a big way recently thanks to Edward Snowden. A former contractor who worked as an IT administrator for the National Security Agency via Booz Allen Hamilton, Snowden rocked the public with his controversial (and unauthorized) disclosure of top secret documents describing the NSA's telecommunications and Internet surveillance programs to The Guardian. Achieving a layer of solid protection from insiders is a complex issue; when it comes to protecting a business's data, organizations more often focus on threats from the outside. But when a trusted employee or contractor uses privileged access to take company data, the aftermath can be as catastrophic to the business or organization as an outside attack. An administrator can block removal of sensitive data via removable media (Snowden apparently lifted sensitive NSA data using a USB device) by disabling USB slots or controlling them via access or profile, or relying on DLP (which has its own issues). They can install software that monitors systems and does its best to detect unusual employee behavior, but many offerings in this category don't go quite far enough. They can track data as it moves through the network. But all of these security practices come with vulnerabilities. What do you think the best way is to lock down a system against malicious insiders?"

simple

[greenfruitsalad]

Simple. Do good, make people working for you feel they're doing something good for the world.

Re:simple

[MightyMartian]

Yes, well, perhaps in La-la Land. Here, in reality, no matter how good your organization may be (for whatever definition of "good" you choose to use), you may still end up with bad employees. The question of securing your data shouldn't be about good or evil, or any particular moral judgment, but simply about how to make sure you're critical and confidential data doesn't end up being ripped off.

Re:simple

[Jeremiah+Cornelius]

Hark! Do I hear the approach of the Freedom Drone?

Stop launching Hellfires on babies, and stop treating the Citizens of your Republic like suspects in your dragnet.

Re:simple

[fuzzyfuzzyfungus]

Exactly. If an employer is doing nothing wrong, then at least long-term, it has nothing to hide. :-D

There are still merely-self-interested insiders: It's practically a tradition for Mr. Sleazy McSales to abscond with all the customer data when he accepts a position with the competition, and his engineering counterparts to lift design docs and the like for the same purpose.

Doing good does have the advantage of reducing disillusionment among your otherwise-least-corruptable people, and helps prevent economically-irrational leaking; but you still have to worry about the merely mercenary.

Re:simple

[rtfa-troll]

The question of securing your data shouldn't be about good or evil, or any particular moral judgment, but simply about how to make sure you're critical and confidential data doesn't end up being ripped off.

There's a certain level that you can go that way. However, in the end, to be useful data has to be loaded into people's heads. People can then unload part of it elsewhere. A very important part of securing the data is making sure that those people who could do that choose not to because they see the value of your mission. Those people who surround them also see the value and put social pressure not to reveal secrets. When the US loses it's moral authority by doing things identical to acts it has previously criticised this is obviously going to increase the risk of a leak.

Re:simple

[gweihir]

Indeed. Loyalty is the only thing that works. DLP is basically a scam to make tons of money, but cannot prevent leakage. As long as people work with data, they can steal that data. Get used to it.

You can to a bit of personality screening. For example if you are the NSA, you want to screen out anybody with a shred of personal ethics or honor. Then make sure you bribe these people in staying loyal too you and keep the bribes up. Sure, you only get psychos that way, but nothing else is going to work.

If, on the other hand, your organization is actually contributing something positive, then make sure your employees have ethics and honor, believe in the cause and address grievances before they become a problem.

Loyalty is the key, and how to get it depends on what your organization does. Nothing besides loyalty will help against anybody determined.

Re:simple

[Dahamma]

No, the general question TFA asks about security breaches really has nothing to do with right and wrong or morality, it was simply about protection of data from insiders in any organization. What if Snowden's motivation had instead been monetary (which is much more common in security breaches than whistleblowing)? Or industrial espionage instead of government?

Protecting data from internal leaks is a complex issue, and pretending "if you are good it won't happen" is idiotic.

Re:simple

[CanHasDIY]

Let's say that the PRISM program managed to stop X number of terrorist attacks. As an NSA employee you might very well consider your work to be of good. Otherwise you would probably not work there. And this is probably true for many types of jobs. Good is a relative term, it depends on the viewer.

You seem to be under the impression that most people have the job they have because they want to "do good."

That is incorrect; the actual reason most people have a job at all is because it's damn-near-if-not impossible to survive today without some form of monetary income.

I'm guessing the dicks at the NSA (yea, that's right, I called you all dicks. Prove me wrong.) do what they do because the paycheck is quite fat; on the other hand, I guess some people would sell their own mother to the slavers for a pack of smokes and a lighter...

Re:simple

[peragrin]

The trick with that is what was the ratio of attacks stopped versus the number of people "looked" at?

In the UK their is a current debate on random stop and search used by police. The noticeable point is that it is 9% effective in finding someone doing something wrong.

So if the police stop and search 100 cars they find 9 people who are breaking the law.

Prism is spying on tens of millions, to find a couple dozen.

that is why it should be stopped. They should turn that kind of data mining loose not on the outside world but their own internal agencies. If the NSA data mines, searches emails, databases, etc they could get far better results.

It would single handily merge the agencies that don't want to cooperate and produce far better results.

Re:simple

[Beardo+the+Bearded]

I'm guessing the dicks at the NSA (yea, that's right, I called you all dicks. Prove me wrong.)

Come on man, I've gone through your email, we have a lot of the same hobbies, we could be friends.

You could invite me, or I can just show up and we can go shooting. I already know the time and place. I'll pick up some subs at Blimpie's on the way over, that cool?

Re:simple

[Grishnakh]

The people working for the Stasi thought they were doing the "right thing" too.

Re:simple

[davydagger]

and heaven knows what else they are looking for besides terrorists.

https://en.wikipedia.org/wiki/FBI_Index

Read this, Subversives: the FBI's war on student radicals
http://www.amazon.com/Subversives-Student-Radicals-Reagans-Power/dp/0374257000

Based on de-classified FBI memos, it describes how th FBI kept security and reserve lists of political enemies, that could be detained at a moments notice.

Its a clear example on how we got damn close to having our own "night of long knives".

https://en.wikipedia.org/wiki/Night_of_long_knives

Re:simple

[sg_oneill]

The magna carta is a wonderful document. More important perhaps in the history of laws than even the US constitution as a statement of rights, simply because the magna carta was the *first*.

But the rights it outlays are fairly simple, and rather indicitive of its times.

[quote]

                1. FIRST, We have granted to God, and by this our present Charter have confirmed, for Us and our Heirs for ever, that the Church of England shall be free, and shall have all her whole Rights and Liberties inviolable. We have granted also, and given to all the Freemen of our Realm, for Us and our Heirs for ever, these Liberties under-written, to have and to hold to them and their Heirs, of Us and our Heirs for ever.
                9. THE City of London shall have all the old Liberties and Customs which it hath been used to have. Moreover We will and grant, that all other Cities, Boroughs, Towns, and the Barons of the Five Ports, as with all other Ports, shall have all their Liberties and free Customs.
                29. NO Freeman shall be taken or imprisoned, or be disseised of his Freehold, or Liberties, or free Customs, or be outlawed, or exiled, or any other wise destroyed; nor will We not pass upon him, nor condemn him, but by lawful judgment of his Peers, or by the Law of the land. We will sell to no man, we will not deny or defer to any man either Justice or Right.[45]
[/quote]

Then theres a bunch of other ones like the king has to stop taking hostages ( a surprisingly common event in medieval europe ) , mercenaries have to gtfo of england, "all evil customs connected with forests were to be abolished" and other assorted medieval jurist things.

But in terms of stop and search, AFAIK your rights are preserved only as far as a right to a fair trial, I'm afraid.

Its an old document, more or less a first attempt at codifying limits on executive power.

Re:simple

[Grishnakh]

The intent of the Stasi was to look for any kind of "traitors" or subversives, not just people trying to escape; the NSA's mission was the same: spy on the populace.

If the USA was right next door to a country that was a much better place to live, and accepted any escapees with open arms, and enough people started emigrating there that it seriously affected the economy, then the US would certainly ban emigration. It doesn't have to because it has no reason to at this point; there aren't a lot of places that are significantly better, none of them are nearby, and those that are aren't highly friendly to immigrants unless they have valuable skills or a lot of money in the bank, plus for the moment the employment situation for those people with valuable skills is still pretty decent here. When the economy crashes even harder in the next few years, and if any countries start courting our tech workers (causing a "brain drain"), you can bet your ass that emigration out of the US will be forbidden.

Nice try NSA

We won't help you cover your asses for the future. It's time to clean house.

Re:Nice try NSA

[intermodal]

That was certainly an issue. If we're talking Snowden-style, the best deterrent is to actually conduct your operations within the law and within the boundaries of ethical behaviour. Snowden wouldn't have had anything to leak if the government were operating within the legitimate bounds of the constitution.

Re:Nice try NSA

[MozeeToby]

The NSA doesn't need help, all they would have had to do is follow their own procedures and the leak would have been greatly reduced. There's no excuse for having active USB ports on a machine that is handling top secret documents. Nor is there any excuse for giving someone access to more classified documents than they need to do their jobs, a system admin needs approximately zero access to the actual contents of the actual documents.

Re:Nice try NSA

[Gr8Apes]

Congress can make laws that are illegal - that's why we have the Supreme Court. If Congress creates laws, but they're 'secret" and no one gets to see them, and they're acted upon by other "secret" people, who supposedly report back to a congressional oversight group - but they lie.... and the courts never see any of this... I think we have what's called a dictatorship in the making.

Re:Nice try NSA

[Moof123]

I'm going to fail Godwin's law off the bat here, but remember that Hitler was lawfully elected and his SS all worked within the law. The letter of the law can twisted and re-written to make torture "legal", but that does not mean that it is OK since it is legal. The fact that "enhanced interrogation", and now "enhanced observation" is legal and was known to congress should be MUCH scarier than if it came out that the NSA was breaking the law without congressional oversight.

Re:Nice try NSA

[Grog6]

I lost mod points to post this, but this is the only use I've ever seen in 20+ years of internet, where Godwin did not apply.

We are ruled by an organization akin to the Gestapo.

There are Secret rules, secret Courts, and the Judges aren't allowed to comment, and have never ruled against the State.

I still remember when America Didn't Torture People; everyone responsible should be hanged.

Nice try NSA

[stewsters]

How about try not to do anything you would be embarrassed by if it leaked? Not ignoring the 4th Amendment is a good start.

Be sure to choose the lowest bidder

[attemptedgoalie]

That always ensures quality.

Lesson Number One.....

[segedunum]

Don't piss off the sys admin.

Don't be dicks, you'll get less whistleblowers

Obeying your country's constitution and not operating for the sole benefit of oligarchs and barons of commerce would go a long way towards limiting whistleblowing activity.

If you want to go the opposite direction, I guess you could lock up your employees in a bunker and hold their families hostage.

Nice Try

Nice try, NSA.

Limit access

[Xargle]

Have separation between levels of security and have fewer & fewer admins working on them as you go up the chain. Use the old established and trusted guys at the top. Don't have thousands of people (particularly contractors) crawling all over the most sensitive data. Seems obvious really. Look at the amount of data *Private* Bradley Manning got his hands on. It's like NSA & Govt just leave the barn doors open and hope the fear of prosecution will prevent the bad thing from happening.

Stay legal?

[mike449]

How about not doing illegal things in the first place?
A lot of motivation for insiders to disclose the "sensitive" information would go away.

No one solution to this...

[mlts]

This is an age old problem. It partially requires people skills, and it requires technology. A couple ideas:

1: First thing is compartmentalize. One person shouldn't have access to all the goodies.

2: USB devices are easy to control. I can push a GPO on Windows that blocks writing to any USB flash drive, or just locks out access completely so someone can't hook up their iPod Touch, run iTunes and copy files that way. Third party programs can offer this functionality as well. Of course, there are always BIOS locks. If one doesn't care about reselling machines, snipping wires and epoxy blobs in the USB ports will finish the job.

There are other devices and ports too. Firewire, Thunderbolt, and even PCIe cards can be hazardous. Don't forget the humble old CD-ROM burner in most machines.

3: Watch data and its access. If a Windows admin suddenly is slurping down everything in the accounting directory, and it isn't a backup utility doing this, then someone should be notified.

4: I normally dislike DRM, but I have used an IRM/RMS server in house for protecting files. That way, if someone slurps off a Word document, it works fine if running on my machine, but unless they saved it to another format, it will be encrypted on their end. I've used Microsoft's RMS for about ten years now for personal items, and it does a decent job as a secondary layer, especially when coupled with some other encryption.

5: Get a solution that can make heads/tails over audit logs. Splunk is nice (though expensive.)

6: Add documents that are normally not accessed, but if they are, they immediately trigger an alert from the solution mentioned in #5. That way, if someone is doing a mass copy of files, someone knows. Most likely it is part of the job, but it is wise to have a couple tripwires.

7: Spend your time and do background checks that work. Checking for felonies, yes. Demanding usernames/passwords to Facebook for ongoing monitoring 24/7, no.

8: Finally, morale. A company that always threatens its developers with offshoring, and has low morale will have far more security issues than one that at least knows how to treat people with some modicum of respect.

Same Problem as DRM

[Jah-Wren+Ryel]

While all the "don't be evil" responses are cathartic and fun, the real issue here is that you can't simultaneously give someone access to data and prevent them from having access to the data. You can make it more difficult to access the data but the price is that it is more difficult to access the data. You can't read minds so intent is not something you can reliably build into the system.

Re:We don't want to prevent them, duh.

[techsoldaten]

The question is what you can do to prevent it, not whether or not Snowden is a hero.

It's an interesting problem on it's own. Imagine the situation in reverse - someone working in IT for an aid organization, beset by government hackers looking for information about political opponents who would kill them. How do you prevent someone from leaking information of a completely non-criminal nature to forces who mean to do them harm?

One of the problems with disclosures, and why they are so divisive, is that they expose people's relative values. For everyone who thinks Snowden is a hero, there is someone who things he broke an oath and the government is being completely reasonable.

It's not worthwhile to judge situations the same way you judge individuals. I work with a lot of NGO where people would get killed if information about their operations is exposed, and one of the big threats is someone handing over documents under duress.

Do it like the GDR?

[ImdatS]

Basically, the GDR (former Eastern Germany) had similar problems with their border guards: guards would usually patrol the border in pairs (two guards at any given time). And this is obviously a necessary thing in border patrol.

But since the government couldn't trust their guards and since there indeed was a possibility that the guards would just jump across the border to Western Germany, they had a brilliant plan: (1) they made sure that each of the guards came from a completely different area of the country, and (2) that they didn't spend too much time with together in order to build trust between them. So, for the case (2), the government decided to create new pairs every week or so... it worked quite successfully.

Now, the question, obviously, is whether you *want* to be something like the former Eastern German Government.

I believe there are a lot of ways of protecting data against malicious employees - one being the way the Eastern German Government did (this might be a good solution actually for the NSA). Other ways are making sure that the employees in question can never copy any data by any means, whether it is by blocking USB-ports, not having any drives, not allowing *any* personal devices at all, including no cameras, smartphones, etc. You might even force the people to use a company-provided mobile phone even for their private calls (without snooping into their calls) without cameras, data connection, etc (just calls+sms).

Lastly, you could consider using a TrustedOS with levels such as B1-B3 or even A1 or Beyond-A1. http://en.wikipedia.org/wiki/TCSEC

I knew TISX http://en.wikipedia.org/wiki/Trusted_Information_Systems, which had (afaik) the only B2-TOS at that time. It was quite ingenious how it worked...

Re:Do it like the GDR?

[Fuzzums]

In addition to what you wrote: http://en.wikipedia.org/wiki/Border_guards_of_the_inner_German_border

As a further measure to prevent escapes, the patrol patterns of the Grenztruppen were carefully arranged to reduce any chance of a border guard defecting. Patrols, watchtowers and observation posts were always manned by two or three soldiers at a time. They were not allowed to go out of each other's sight in any circumstances. When changing the guard in watchtowers, they were under orders to enter and exit the buildings in such a way that there were never fewer than two people on the ground. Duty rosters were organised to prevent friends and roommates being assigned to the same patrols. The pairings were switched (though not randomly) to ensure that the same people did not repeatedly carry out duty together. Individual border guards did not know until the start of their shift with whom they would be working that day. If a guard attempted to escape, his colleagues were under instructions to shoot him without hesitation or prior warning.

Re:Doesn't address the problem.

[amRadioHed]

Two months ago Snowden was living in Hawai'i with an attractive girlfriend and a decent salary. How is that more dysfunctional than living in a Russian airport on the run from the US government?

I support the NSA's collection and leaking!

[xQx]

I've given this a lot of thought, and compiled a solid rant on the subject.

My thesis about privacy in 2013 - 2020:

Lets start with some facts:
1. The Spy agencies in NZ, UK, USA, Australia and Canada spy on everyone, even their own citizens. 2. The UK copies literally everything that traverses the Internet and keeps it for 3 days for analysis (EVERYTHING!) 3. The USA shares this information (including commercial secrets) with its private enterprises to help them win international business. 4. So many people work for these agencies that from time to time this information is made public. 5. Nobody really cares. 6. The chances of any of these organisations giving up such a valuable source of power are about the same as global nuclear disarmament 7. It’s only a matter of time until the local police have access to all this information. 8 . In 2001, as sysadmin of BSSC I could read the email of every teacher and every student at that school, without leaving a trace of evidence, nor with any fear of punishment for wrongdoing.

So, I assert: You have no privacy online. You never really did. It was only by unspoken rule of sysadmins that we let you have the illusion of privacy. Ed Snowden betrayed sysadmins.

Strangely, Google poise to release the most important advancement toward our goal of total access to information - a video camera strapped to every second person’s head (Google Glass), and people are up in arms (9) and so are the governments best poised to take advantage! (10).
I think we’ve got it all wrong. Let’s stop bitching about this rampant surveillance and embrace it.

Let’s get our spy agencies to make everything they’ve got available to everyone! Let’s mandate that every Google glass camera must be on all the time, every phone must have its microphone on all the time, every GPS recording its location and all this content uploading to the cloud!

Information WANTS to be free! EVERYONE should have access to EVERYTHING!

Then it will hardly be accessed, because if Facebook status updates have proven anything it’s that it’s no fun spying on all your friends if all they do all day is play Farmville.

Finally, these civil libertarians realise that nobody really cares about them, or their “right to privacy”, and we will be able to make the most out of google glass (11).

Sources:
1. http://www.spiegel.de/international/world/interview-with-whistleblower-edward-snowden-on-global-spying-a-910006.html
2. http://mashable.com/2013/06/21/gchq-spy-agency-taps-global-internet/
3. http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html
4. Bradley Manning, Edward Snowden
5. http://www.news.com.au/
6. http://io9.com/5969204/could-nuclear-disarmament-actually-increase-our-chance-of-an-apocalypse
7. “if the information is there, it’s already collected, why not use it to prosecute the crime? Why are you protecting the guilty? If you’re innocent you will want us to use this information to exonerate you.”
8. I read your email. Get over it.
9. http://www.policymic.com/articles/29585/3-new-ways-google-glass-invades-your-privacy
10. http://news.cnet.com/8301-1023_3-57591975-93/google-glass-privacy-concerns-persist-in-congress/
11.