Slashdot Mirror
Snowden Spoofed Top Officials' Identity To Mine NSA Secrets
schnell writes "As government investigators continue to try to figure out just how much data whistleblower Edward Snowden had access to, MSNBC is reporting that Snowden used his sysadmin privileges to assume the user profiles of top NSA officials in order to gain access to the most sensitive files. His sysadmin privileges also enabled him to do something other NSA users can't — download classified files from NSAnet onto a thumb drive. 'Every day, they are learning how brilliant [Snowden] was,' said a former U.S. official with knowledge of the case. 'This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.'"
"Brilliant people get you in trouble.'"
More like "Brilliant people expose the trouble you're currently in".
The security-state here keeps saying "if you don't have anything to hide, then you don't need privacy"
Well, if the NSA weren't doing shit that warranted whistleblowers, they wouldn't have the problems they currently do.
Make sure everyone's vote counts: Verified Voting
Sorry, I am a fan of him and grateful he leaked only certain documents as opposed to Manning just dumping everything out into public, but stealing classified documents to leak is a bit different than the story we've been given as a true whistle-blower.
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
So, having a way to change your identity to another users is brilliant? All System Admins must be brilliant!
You either get brilliant or you get mildly capable. Smart people know they don't want to work in that environment. Brilliant people will take the job knowing they can use it to some kind of end. Mildly capable people handle requests and not much more, but are just happy to have a stable job in their field.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
Surely someone at the NSA knows about multi-level security, SELinux, and the like. No one should have had root access. Having architected the system so poorly, it hardly took a genius to walk off with their secrets.
Every day we are also learning new definitions of brilliant.
'This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.'
Are brilliant people with integrity not available or do they simply cost to much.
E.g. Non-US news.
Umm, ok, now you have to be brilliant to "sudo su ".
This guy was a sysadmin. He had physical level access to the hardware. Anybody who is in that job and is competent can do what Snowden did. (or am I missing some as yet undisclosed salient detail?)
I wish I had a good sig, but all the good ones are copyrighted
That explains why they really, really, really wanted to get their claws into him.
Forget the extreme negligence of morality of what they were doing, forget the fact that he leaked those secrets to international press.
It's just 100% pride. And I bet those top officials are the ones gunning for him.
Until they realize that what they were doing was unacceptable, this will continue.
And I expect it will continue for a very long time..
Yeah, hire that incompetent idiot who will design the security precautions wrong in the first place. That'll work a lot better.
While I did create the occasional problem, I solved so many more the occasional mistake can be overlooked.
"This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble." -- a former U.S. official with knowledge of the case.
Um... no. What is described in TFA is not "brilliant" at all, but a necessary part of being a sysadmin: you have control over user profiles.
The fact that the "former official" does not seem to realize this does not lead us to conclude that Snowden was brilliant... but rather that the mentioned official was anything but.
The only thing that came to mind with the suggestion that they not hire brilliant people:
"An intelligence organization that fears intelligence? Historically, not awesome."
- Tony Stark
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
Sometimes I feel that these "former U.S. officials" and "anonymous staff members" should STFU. It just seems like they use their anonymity to say random shit that will create headlines and stroke their ego. The "don't hire brilliant people" quotation is just stupid. No one that would have to be responsible for their words would say that.
A sysadmin manipulating access privs hardly seems brilliant. Now if he'd leveraged some software exploits shortly before implementing patches that address said exploits, that would indicate a much greater knowledge of the systems he was looting - a certain grace or panache, if you will. I guess this "brilliant" quote is what you get when people who see these systems as a black box are doing the talking. I'm thinking reality resembles less Snowden brilliance and more NSA caught with their pants down.
Just don't ask them to help you with illegal, immoral, and boring shit.
So, yeah, the NSA shouldn't hire them (on first two accounts).
This is crap. Who believes this stuff?
How is it brilliant to be aware of the abilities and privileges that come with your job? Strikes me more as "not incompetent." It must be goddamn terrifying to be as stupid as this former US official, living in a world where pretty much anything anyone does appears as if it happened by pure magic.
Hiring brilliance doesn't equate to trouble. Hiring brilliance with morals and throwing them into the middle of something unconstitutional is what gets you into trouble. It's not Snowden's fault the NSA got caught red handed and red faced. The Government should abide by the rules, laws and limitations of power set forth by the people, after all - it's we who gave them the power.
It is well past time to take that power back. We shouldn't fear them, they should fear us. It's time for a Revolution.
"When the people fear their government, there is tyranny; when the government fears the people, there is liberty." - Thomas Jefferson
http://jpetrie.myweb.uga.edu/TJ.html
This isn't brilliance, this is just poor security. This is systems that had a vulnerable audit trail, or didn't bother auditing enough, or created records no one ever looked at. Surely user snowden su-ing to some top official throws a red flag somewhere, right? If not, why not?
Inside the NSA is probably an amusing place to bea fly on the wall at the moment. All sorts of new procedures to try to stop someone else doing the same thing. However: it won't work, any defences that a man can put in place can be circumvented by another man, especially one working on the inside. They can make it hard, but not impossible - at least if they want their systems to remain useful. They have, at some level, to trust people to be able to operate.
The only way that the NSA can stop future embarassing revelations is for it to behave in a reasonable and moral way. That means a complete change of culture.
I did not say ''behave in a legal way'' since corrupt laws can easily be written.
The ages-old mistery why so many government officials are, ahem, nincompoops solved.
This official is dumb as a fucking rock if he didn't realize that a system administrator can bypass the very security measures he administers. And then on top of the ignorance, they attribute this breach to brilliance. OMG these people are looking incompetent. OTOH the general public may believe them and think snowden has super powers and this isn't someone elses fault.
It sounds like despite the initial protestations of how he'd exaggerated his abilities, and those of the surveillance program ... it's all proving to be true.
That his sysadmin privileges let him access stuff which was much more classified doesn't change that the system is capable of doing this, and likely is on a large scale.
So we've got a wide-reaching, in cases probably illegal system which can and does tap into everything -- and apparently the amount of oversight and controls they have on this is very limited.
Lost at C:>. Found at C.
The main problem is using wide-scale non-targeted vacuum programs that just suck up everyone's information everywhere.
Stop doing that and it is less likely that anyone who has half a brain won't be able to get masses of data you shouldn't be collecting in the first place.
-- Tigger warning: This post may contain tiggers! --
I keep seeing the Us government keep putting out new revelations of how he did things to try and make him look worse and worse. In all honesty, I get the feeling at least some of what they are saying is pure BS in a smear campaign. Its just the feeling I get and am interested if others are right.
And as others have stated, for him to get all this data so easily (nothing shown shows any real hardships in gathering data) to me says these NSA systems may be very open to attack. As there security measures seam rather lax. I get the feeling there idea of security is a armed guard standing over the server watching for hackers.
my 2 cents plus 2 more
See, the problem is, the people running the show never assume that anyone will read the manual and use all the features.
It's like being shocked when someone drives a supercar at 220 mph.
-- Tigger warning: This post may contain tiggers! --
NSA opposed to hiring the best and the brightest.
it has nothing to do with why he exposed the NSA... that's a question of having a conscience.
All these people "with knowledge of the case" better watch-out they don't go off-message or they could find themselves hunted as whistle-blowers too, but they'll be OK as long as they keep talking about Snowden and not crimes he exposed.
tomorrow who's gonna fuss
There's nothing 'brilliant' about admins who can switch to other users. Just about every system allows that with one command. This 'official's' statement is a smear, plain and simple.
Perhaps my standard of brilliance is different, but having a sysadmin who knows how to take the identities of other users and does so does not seem particularly brilliant. Then, also using his privileges to download to a thumb drive does not seem particularly brilliant. I would expect any sysadmin to be able to figure this out.
If this is the standard for brilliance at the NSA, then it has a real problem.
I know if the government abused the people's trust, I'd try to blow the whistle. Sounds like he's the real BOFH deal to me. I mean I know JPL-NASA is riddled with fraud, I'm just waiting for the real internal nasty docs to get released. Time to re-invent and fix our own shit. The USA is a laughing stock. We have Nuclear test sites which are on the brink of failure, sites devastated by natural disasters we ignore. Our Nation continues to get raped via its resources and the people are being raped of their Constitutional rights. Obama, where are all these "Green Jobs" at? So far nothing absolutely NOTHING has been done to help the American people in my life-time, where the corporate greed continues to spawn it's seed everywhere. Alternative Energy? Fixing the farm-land, inventing medical marvels, etc. What about that shit? Oh wait, we're going to lobby with Silicon Valley and give Amazon kudos for warehouse plants? Give me a fucking break. US Govt = Big Fucking Fail
A soldier in the Red Army is sent to a Gulag for 31 years after running across the drill-square of his barracks shouting "The political commissar is an idiot!": 1 year for insulting the commissar & 30 for revealing a state secret.
... or you could not do things you're not supposed to be doing. That'd probably get you in less trouble. Probably.
Just wait until they find out what their DBA's can do...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
So much wrong with all of this...
We can see why in this quotation from TFA which you mentioned:
This is irrational and IMHO just plain ignorant.
How could you reach such a non-sensical conclusion? It requires a misunderstanding of both the technical difficulty of the tasks Snowden accomplished *and* an Asperger-level understanding of what motivates humans to perform.
The error: Interpreting Snowden's behavior as something 'difficult'...
What Snowden did was, on a technical level, something most people at or above his paygrade in IT could do. It is something **some** of us here on /. could do with little effort.
Snowden isn't some code-cracking wizard. Most people on /. could spoof users (or just steal login info) with some work.
Hopping a fence to get to a private pool is not 'innovative' or 'brilliant' thinking...that's all Snowden did.
It's not like he's DVD John....
Second, Snowden's info was *not new information*
We all knew since the PATRIOT ACT that the govt could do this...Bush renewed a domestic spying order to the NSA every 45 days after 9/11.
"NSA has massive database of American's phone calls"is the headline
So, Snowden is either *a full on spy for Russia/global Oligarchs* or *being duped into releasing info by the same*
He's not a hero, he's not a whistleblower, he's a misguided dupe that got taken advantage of, at best...
I've written this before, with links just like now...if you want to disagree, if you want to claim Snowden *did* release valuable information and not just technical details for things we already knew existed...you have to show evidence.
Snowden's info was of no use...and we didn't need any of this to have a "national conversation about privacy"
hundreds of thousands of Americans vehemently do activism to guard our privacy...these are every day people...we've been active since 9/11 and the Patriot Act and before...
Thank you Dave Raggett
Oblig. car reference.
You need to hire some of these "brilliant" people so that you don't get snowed by a Snowden. By all accounts he accomplished what he did by having incompetent management above him. This was a management problem, and one that you knew better about, or should have known better about - if you had some of those brilliant people who knew what they were doing in management!
This reminds me the issue in Serenity of showing off a mind reader to a room full of people with the highest level of clearance. In the movie, the powers that be sent an assassin with no limitations to kill her out of fear about what might have been gleaned. In this case, it seems like they have realized that Snowden had complete access, so they are as much scared of what he may have grabbed as they are angry that he did it.
Detaining Miranda in the hope he had a copy of the files makes sense, despite the backlash, if they are desperate to find out what all was taken.
You can always hire brilliant people.
You just have to hire ones that will be loyal enough not to abuse the positions they hold.
If you find yourself doing things where people you hire start to become more inclined to betray you than not, perhaps it's time to re-think direction.
In this particular case, it sure looks like Snowden hired with the intent of doing exactly what he did, as he hit the ground running so to speak. So what does that say about the quality of the intelligence they are gathering they could not properly screen a guy who would have access to everything?
I'm sure Snowden's Russian handlers are having quite a good laugh.
P.S. I'm with others that knowing how to "su" as admin is not brilliant, but basic...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Here's the link missing from my comment above
"NSA has massive database of American's phone calls"
even though most of us on /. could do what Snowden did, apparently I can't close a tag....my bad
Thank you Dave Raggett
The more that comes out, the more convinced I am that his actions were planned and deliberate, and even more than the-person-formerly-known-as-Bradley Manning, this constitutes something approaching treason.
" 'This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.'"
No, what happens is when you do shit that shocks the conscience, someone, somewhere, is going to expose you for the douchebag that you are.
Stop being a douchebag.
--
BMO
Apparently the NSA is taking a page from police departments here. (Warning: autoplaying video.)
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
If you don't know what a supercar is, why are you on the Internet?
-- Tigger warning: This post may contain tiggers! --
http://yahoo.usatoday.com/news/washington/2006-05-10-nsa_x.htm
that's it
sorry again...gah I need to go back to typing school
Thank you Dave Raggett
What "continue to try to figure out" means, and why people on this board shouldn't get too snarky. What it means is, all that stuff was logged; but nobody reviewed the logs. The logs are too much data to review, and I bet nobody bothered to even write a simple Perl script to grep the logs for things they thought were suspicious. Moreover, there were no watchers watching the watchers who watch the watchers who are watching us. They need lots of people who can parse that last sentence; but those people have to be smart amoral. I for one said "no" to such opportunities.
Now The Story is:
"my god, he was a criminal mastermind. Who knew?" Brilliant. Simply brilliant!".
Desired subtext:
"This is not a real flaw in our security folks. We were undone by a brilliant criminal mastermind. You can understand how that would happen. We've patched that little loophole and now everything is safe. It's NOT the case that the system is easily exploitable by high school drop outs. It's not the case that any of our sysadmins could do what he did and may have for all we know. "
World to NSA- you have no cred. You just don't. "Leaks' by "unnamed officials" are just more damage control, not facts. The way forward is not going to be found by consulting with damage control experts. The way forward is going to be forged by a public, honest, searching , thorough and skeptical examination about the why where when what and who surrounding surveillance. Everything you do, like this, to try to just ride out the upsettness people are feeling only makes you less credible.
I am saying this as one of the apparently few around here who consider that you perform a desperately needed function and have a clearly legitimate need to engage in the activities you have engaged in.
Now, if that's what I think and this is how you're coming across to me, imagine what everyone else is thinking.
So the whole "anybody could get access to this data at any time, even without a court order" is really more like "anyone with the appropriate privileges, which is limited to a select number of analysis, can access these records, which are protected by a court order. Except, of course, the sysadmin who breaks all of the rules, steals the credentials of authorized analysis, and then downloads whatever he wants.
Short of giving one key to a judge in a two key system and tying up an entire justice department staff to baby site every single access, there isn't a way around this particular scenario. It's baked into the whole clearance and trust model.
Is it just my observation, or are there way too many stupid people in the world?
All in all, I would call that a pretty brilliant plan.
Jesus was a compassionate social conservative who called individuals to sin no more.
Mmm... secret sandwiches...
When you afraid to be seen as incompetent you slide the scale to make yourself look better.
why ./ feel the need to write articles in this way?
about 90% of the replies will be people along the lines "you don't need to be private to do that".
this is akin of these facebook posts with a photo of the piramids and a question "Do you know what country is this thing?". ./ is worse than stupid
Given their track record, anything the NSA says should be considered to be a lie. Therefore, if they say Snowden used his 1337 h4x0r skillz to break the rules, it is a safe bet that he did not do anything of the sort and the NSA is just fabricating a story to pacify lawmakers asking how this could happen. Since they commit perjury in front of Congress with impunity, lying to reporters wouldn't even be a blip on a NSA spin-doctor's moral radar.
I've met a lot of smart people in my life. I've also met a few rich people. There wasn't any overlap between those two groups.
>"This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble"
Sounds like the good old and worn out spaghetti western frase. "He new too much".
Well Snowden definitely new too much. Perhaps if he was really brilliant, he would be seated in Congress.
But anyways. Now it is not only dangerous to know too much. Being very smart is suddenly also dangerous.
Duh..ok boss.
What they _really_ want are sociopaths; people (Men) that have no empathy for others and kinda get off on having great power and lending a hand in bringing suffering and grief to 'things' they have no more sympathy for than ants under their magnifying glass.
The greatest enemy of the NSA, et al is conscience.
So it appears Snowden gained access to areas past his security clearance, downloaded classified materials to a thumb drive and high tailed it to China, than Russia. Sounds more like a spay than a whistle blower to me.
Hey i'm mildly capable to downright incompetent, maybe I can get Snowden's bosses job!
who prays for Satan? Who in 18 centuries has had the humanity to pray for the 1 sinner that needed it most? ~Mark Twain
'Snowden had a “top secret” security clearance, meaning that under his own user profile he could access many classified documents. But some higher level NSA officials have higher levels of clearance that give them access to the most sensitive documents.'
Apparently Top Secret is no longer the top secrecy level? Is there a Topper Secret and Ultra Toppist Secret now?
"Every day, they are learning how brilliant [Snowden] was..."
Uh... What he did does not take "brilliance," any run of the mill sysadmin should be able to do that.
We should all right now remember how the media had tried to slander this guy as having only had a GED and how he had such a high wage. How ridiculous that he would pull such bacon? Why on earth did they trust him to work for the NSA!? Now he is brilliant. This all smells to high heaven right now.
"but money is the God of Algiers & Mahomet their prophet." - Rich. O'Bryen June 8th 1786
If you have moral policy then you don't need to fear whistleblowers. Snowden and people like him should be hired in an instant and this nsa official who think they can do what ever they want should be excised like an infection.
There are thousands of "brilliant" people in many disciplines who work at NSA. Snowden was no more special than any of them, and any other decent sysadmin could do what he did, from a technical perspective.
Of course, NSA could be doing anything that someone, somewhere would still think "deserved" to be leaked; if a single individual decides to leak classified information, does that always make him/her a "whistleblower"?
Before you say, "When it reveals [insert behavior I don't agree with here], absolutely!" consider that what one person believes to be "wrong" (even if, by definition, lawful) is another person's completely justified behavior.
In a free and democratic society based on the rule of law, one who BOTH unilaterally decides to subvert the law, and along with it the processes we have built, AND flees from all consequences of their actions must be counted as an enemy of democracy.
I can hear the cries now that it's "NSA" that is the enemy of democracy; while we can disagree on exactly what the NSA should be doing and precisely how it does it, there is NO WAY that NSA can do foreign SIGINT in a digital world without having access to the exact same systems and networks that Americans and everyone else uses. The needles are all in the same haystack, and you can't have access to only the legitimate foreign intelligence targets without necessarily having theoretical "access" to everything.
Anyone approaching this issue from a remotely rational standpoint understands that to be true, and if you believe the United States should be able to conduct foreign SIGINT, the only question is the "how" â" from technical, legal, and policy perspectives. Nearly everything Snowden leaked beyond the phone call metadata collection (which is explicitly lawful and Constitutional, by definition, because of a Supreme Court ruling 34 years ago) has to do exclusively with foreign intelligence activities.
You really think that's what we need to "blow the whistle" on? That one person can decide, on their own, that they "disagree" with something, and publicly leak it? And if you're an "information wants to be free" type, or one of those who believes the US is what's wrong with the world, or that we shouldn't even be doing the level of foreign intelligence collection that we're doing, I wonder if you have ever considered that there are actual threats in the world, which are neither imaginary nor monsters of our own creation, that don't subscribe to the principles you would claim to hold dear, and which need to be countered.
By all means, keep focusing on technical errors and isolated examples of abuse, that are in fact so isolated that it represents an agency operating at near-perfection in terms of error and abuse rates.
It's a shame that you can't see the forest for the trees.
To get rich you only need to impress chumps; to be smart you have to impress other smart people.
.: Semper Absurda
A properly compartmented system doesn't have root.
A security manager (that doesn't have access to installation tools, network, operations or storage, but has lots of system activity logs)
A systems engineer (that doesn't have access to user files or security manager functions)
An operational staff (that doesn't have access to user files, security manager functions, OR installation tools)
A network engineer (that doesn't have access to any of the previous three).
And frequently, a storage engineer that doesn't have access to any of the previous 4).
Thus, separation of duty. Improper access always raises an alarm. A violation requires collusion between 3 or more people - MUCH easier to detect.
It is usually the security manager that authorizes new users. The operations staff may initiate the installation of those users - but it is still the security manager that enables them.
And yes, a storage engineer doesn't need access to user files - he may have his own files for testing/evaluation. But he can initiate load balancing that may cause user files to be relocated - but that does not give him access to the data.
I think the fact that you just said that disqualifies you. You can't even be mildly competent to hold their job. Plus, you can't be honest enough to admit such a thing.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
su - Barack Obama
Brilliant employees should be treasured. The policies that put Snowden in a position with such authority so quickly (if ever, considering his formal educational background) are idiotic--an accident waiting to happen.
They have been created. Several times in the last 20 years.
They are NOT trivial to administer (or to set up) - especially by one person, as they are not designed to have a single user with all the power.
the most brilliant people tend to play down their skills a little bit, so they can expose you when you don't even expect it.
This is a fundamental problem in almost every employer I have been connected with in the last 15 years. I have been employed 30+ years.
There is a great fear of intelligent emplyees so marginal managers hire even more-marginal employees for fear of being eclipsed. If should an intelligent employee manages to get in by understating their abilities but are detected later tend to be targeted and pushed out. There is a great fear by managers as being discovered as being incompetent. Add in sociopaths being promoted to managers just re-enforces this behaviour.
The result is I have witnessed companies squander abilities to quadruple their business in 1-2 years by poor management decisions, burying technical disasters that were easily detected & correctable at an early stage but then baloon into major disasters that cost them business. It is always the guy who predicted the disaster that gets targeted instead of the idiots that covered up the disaster in the making.
In engineering and software industries, I have seen a move to hire less educated, less experienced staff who will keep a low profile and not rock the boat. The result is in underperforming technology firms who rely more on marketing & sales than developing break-through technology and making it reliable.
The statement quoted is just a symptom of a deeper problem in today's high technology industries and even government bureaucracies.
This explains a lot, like the supposedly letting 90% of their sysadmins go. He is not "Brilliant", heck he may not even be all that smart. What he did have were the required privileges. I mean you can try to encapsulate a lot, but bottom line *someone* will need access to do certain things. Once they have access, they have access. There is a certain amount of trust you have to have with these people. Considering their knee jerk response was, oh well we will just get rid of 90% of the people who have access shows what kind of understanding they have of how things operate. Certain people have access for a purpose. Now it could be that 90% of their staff had access they didn't require, in which place that is a HUGE snafu by the NSA. I mean EVERY corporate entity be it corporate or government tries to limit access and privileges on all systems. Most do audits every few year to "clean up" who has access to what to ensure only those that absolutely need access actually have it. I have to fight tooth and nail, filling out forms, and giving explanations, and examples of work to justify my admin access.
Bottom line, is if you have access to this stuff at a sysadmin level it would be fairly trivial I would think to do whatever it is you want with the data. This is why there are all those stories of employees of this nature on slashdot where they get let go or fired, no one tells them, they get their two weeks paid or whatever, but there is a security officer at your desk when you come in in the morning as a surprise, to escort you from the building. Its like that sysadmin for what I believe was the city or state in California where upon being let go, changed all the passwords to the system as a bon voyage farewell and they took him to court to try to gain access. Anyway once you have the privileges, it doesn't take a genius to copy data to a USB drive. Sure you could do some serious logging, monitoring, automated alerts, but first all this is going to restrict what you can do in day to day operations, overhead and complexity, but if you have full DB access, you have access to that as well anyway. Not to mention unless a actually person is really on the ball, all this will tell you is who did it when after the fact, which they found out about anyway from the leaks (or perhaps they did just interrogate the logs). Bottom line is you will always need people like this and you have to be able to trust them, though I guess that goes without saying that perhaps in the paranoia of the NSA that might be hard to come by.
sudo -u obama == "Brilliant!"
It has later come out that root had no password, or some similar piece of downright negligence. I suspect that much the same will be shown to be true here.
"To those who are overly cautious, everything is impossible. "
Like most security breaches, it is not the brilliance of the hacker, its the stupidity of the admin who created the system. If its done right you cannot assume the roll of any identity other then your own.
but keep blaming the 'brilliance of snowden' and not the stupidity of your system, dumb asses....i fail to see why anyone is scared of a agency this incompetent.
Honestly, the fact that they are claiming how "Brilliant" he is for doing something that any system administrator knows how and can do when infront of a PC, just shows how idiotic NSA Management (and to be honest, probably the management at many government agencies and corporations) are when it comes to what their IT staff can do. Just goes to show that most people still seem to think that what IT people do every day is some form of magic are extremely difficult feat.
Knowing that he needed to impersonate someone with greater security to copy to a thumbdrive just says that he was smart "enough" to understand how the security system worked. And I'd call that less smarts and more listening intently to his training when he was onboarded.
The fact that it's the National SECURITY Agency that was so dumbfounded by their own internal security, makes it all the more humorous.
Thomas Drake, William Binney and J. Kirk Wiebe
The NSA has created an irresistable treat for the least moral people in government. Oversight and controls will periodically fail for reasons slashdotters and sysadmins understand well.
Recently
*Spied on reporters
*Prosecutors pretend evidence was gathered with a warrant.
*NSA lied to congress about what was collected.
Previously
*Threatened U,S reporters with death,
*Influence the U.S. elections Watergate.
*Electronic surveillance Martin Luther King, John Lennon, Elvis, It is alleged MLK was blackmailed and the letter demanded he commit suicide before christmas.
Funny
(Unless your former spouse/boyfriend is violent)
*Appalachee "Love-Intelligence"
This answers (for me) why Snowden left the country.
http://www.thedailybeast.com/articles/2010/09/15/nixon-white-house-plot-to-kill-journalist-jack-anderson.html
http://crooksandliars.com/susie-madrak/nsa-analyst-under-bush-we-spied-repor
http://www.usatoday.com/story/news/politics/2013/06/16/snowden-whistleblower-nsa-officials-roundtable/2428809/
http://www.usatoday.com/story/news/politics/2013/06/16/snowden-whistleblower-nsa-officials-roundtable/2428809/
15TW = 15,000 Nuclear Reactors. (Approx. one accident a month.)
They're saying he may have logged in as another official?
that's not impersonating them. Then again, it's a distraction from http://www.techdirt.com/articles/20130829/10405424350/latest-snowden-leaks-detail-black-budget-how-much-govt-wastes-useless-surveillance.shtml , so go figure.
Even the quotes are going for low hanging fruit:
"The damage, on a scale of 1 to 10, is a 12,” said a former intelligence official"
So on a scale of 1 to 10, the answer is "we can't even do math without sensationalizing it"? /facepalm
It didn't need to be blank. He was a sysadmin, he had the root password as part of his job.
The big failure here was that the NSA isn't using a compartmentalized OS where even root's access to files etc. can be restricted (ie. TCSEC B1 or higher). Of course, B1 or higher means Windows is ruled out. Which shouldn't be a problem, the NSA itself helped develop SELinux which has the needed features so they should have a suitable OS at their fingertips. It's a lot more work maintaining it, of course.
If you want to do it right.
You are being MICROattacked, from various angles, in a SOFT manner.
This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.
"You don't reason with intellectuals, you shoot them." - Napoleon Bonaparte.
Seven puppies were harmed during the making of this post.
Obligatory SMBC Theater:
http://www.youtube.com/watch?v=Hlip7jZX9m0
I wouldn't say obviously. In my experience, decision makers work in a web of trust, and are completely blind sided by little technical details.
Like all pain, suffering is a signal that something isn't right
"Finally, Snowden’s physical location worked to his advantage. In a contractor’s office 5,000 miles and six time zones from headquarters, he was free from prying eyes. Much of his workday occurred after the masses at Ft. Meade had already gone home for dinner. Had he been in Maryland, someone who couldn’t audit his activities electronically still might have noticed his use of thumb drives."
Reminds me of the days when Aldrich Ames was splurging all the money the Soviets gave him - and nobody noticed (the first couple of years).
Windows 2000 - from the guys who brought us edlin
I guess that explains the whole "getting rid of 90% of sysadmins" thing.
One does wonder what a gaggle of brilliant people formerly working at the NSA would do with their off time, though ...
maybe I can get Snowden's bosses job!
You need to huff more glue and possibly hit yourself in the head with a ball-peen hammer in order to achieve the desired level of "competence."
So far, everything revealed has come from windows. Until something comes out that shows otherwise, it may be that all of the info came from windows machines.
You are being MICROattacked, from various angles, in a SOFT manner.
[snowden@nsa]$ su - /media/thumdrive
Password: *******
[root@nsa] # su - some_highranking_official_who_usually_uses_this_terminal
[some_highranking_official_who_usually_uses_this_terminal] $ cp -a secret_stuff
Or, from Windows, using Admin to connect to another user's remote desktop session, thus becoming them...
Really brilliant. Or not, just the NSA trying to explain their own security failure as being due to some incredible thing no one's ever though of, yeah.
Right or wrong it hurts every sysadmin out there. CIOs and CEOs and reading about this and thinking “Hey my IT people may do this to us, how can I make their jobs impossible by throwing onerous permission blocks on what they do?” Or maybe “Hmm this guy is too smart to hire, I will just have my extra administrative assistant go to a Access class and do the job instead.”
Thanks to every moron who thinks this is cool and no impact on the community as a whole, if your actually employed, and not living in your mothers basement then, yes your boss is actually peeking around the corner at you squirrely eyed.
I think some are misrepresenting this as easy.
If Snowden did in fact impersonate identities to access the information, and the systems in question are correctly configured, then about the only way to do what he did is on the servers in question themselves.
A properly configured system uses authenticated channels into the server, and that authentication is by means of the accessing system doing a couple things which are difficult to forge, without modifying the attacking system and installing foreign software.
Specifically, the server is a member of an SA - Security Association - and the client machine joins the SA through an attestation process which uses a distributed security certificate. So far, so good. Now a connection is established to the server through a secure point to point link; AFP and SMB use such links, NFS does not (NFS uses remote attestation, which is a point of vulnerability).
A credential is associated on the client side of the link, and it's also associated with the server side of the link through an attestation process to being a particular member of the SA. This attestation goes over the secure link to the server, and the server verifies it with the SA. Because the verification process between the server and the SA is incapable of being intermediated by the client, you have to have all authentication factors in hand. This is why you can't "su uid", as you can in an NFS, environment in order to effectively assume an identity.
Since they are using at least two factor authentication - and these guys do at least that; they use CAC (Common Access Card) attestation using cryptographic smart cards - identity is very difficult to forge.
So you end up with a connection to the server, and a UUID and.or GUID in your credential associated with the connection on the server side, and then ACLs are enforced on server objects you attempt to access over the connection using the UUID/GUID to compare ACL ownership, rights grants, group membership for which ownership or rights grants exist on the object, and so on.
Thus the only way this could have been done is with administrator access *on a server*, not merely administrator access on the network or on a client node on the network ( assuming a lack of sophisticated software).
That said... administrator rights would have been enough. There's no impersonation requirement needed in order to establish access, so he would not have needed to impersonate anyone in order to get the information, and given the authentication and attestation barriers in place, it would have actually been more difficult to obtain the information via impersonation, rather than just being local to the server itself and grabbing it.
This kind of looks like a "pile on the charges" gambit to try and get him for other crimes that could be associated with the attack, had he been silly and done it the way they are claiming he did in the article.
so he su -'d into user accounts or did something like sudo su - someUser with higher selinux privs?
Snowden used his sysadmin privileges to assume the user profiles of top NSA officials...
'Every day, they are learning how brilliant [Snowden] was...
This qualifies as "Brilliant"? Seriously?
While working at a small company, I got tired of waiting days for our one IT guy (responsible for three sites around the country, and had locked down every damn thing) to get around to fixing my computer issues. So I pulled a similar 'brilliant' move to give myself admin access to everything,and I'm not even an IT professional. And I didn't even have sysadmin privileges to start with.
Man, if people in the government think the shit Snowden pulled was that incredible, I'm going to go put in my resume right now and get one of those cushy, high-paying contractor jobs.
If I get some auditor in here demanding I use my super user powers to take powers away from myself I'm gonna hunt that bastard down myself.
Snowden used his sysadmin privileges to assume the user profiles of top NSA officials...
'Every day, they are learning how brilliant [Snowden] was...
This qualifies as "Brilliant"? Seriously?
While working at a small company, I got tired of waiting days for our one IT guy (responsible for three sites around the country, and had locked down every damn thing) to get around to fixing my computer issues. So I pulled a similar 'brilliant' move to give myself admin access to everything,and I'm not even an IT professional. And I didn't even have sysadmin privileges to start with.
Man, if people in the government think the shit Snowden pulled was that incredible, I'm going to go put in my resume right now and get one of those cushy, high-paying contractor jobs.
Not that I mean to downplay Snowden's actions, because I consider him a goddamn hero, but a system administrator executing commands as a specific user isn't exactly brilliant beyond what any competent admin with a reasonable amount of foresight would do.
Snowden isn't some mastermind, he's just rational. Running commands as a different user when you know you need to cover your tracks is rational. Getting the fuck outta dodge before the shit hits the fan is rational. To a society of mostly irrational morons, rational looks like genius.
What this *does* demonstrate the continual technological ineptitude and lack of critical thought in government and mainstream media to the point of comedy.
Your enemies are going to have brilliant people working for them.
If you restrict your workforce to people who are merely smart you are going to lose. You might even lose if the enemy has merely smart people.
Then there is the Jobs thing. A people hire A people. B people hire C people. So if you have merely smart people they are going to be hiring average people.
Then you are really fucked. We all know how dumb an average person is.
Who has to be brilliant to use their windows domain admin credentials to override group policy. If you don't trust root, don't trust the computer. So what, they're gonna try to hire bad sysadmins? Ones that aren't "brilliant" enough to understand how ACLs work?
These articles are a mess. A No-Tech PR guy delivering information to a No-Tech reporter. Cringe worthy.
No one should make the mistake of thinking NSA employees are lacking in integrity honor or morality. Snowden wasn't and most others are not. Already thre are signs other leaks are occuring ie leaks Snowden wasn't responsible for. People leak information for many reasons all the way from deep moral concerns to tuff battles to payback for real or imagined mistreatment. There is plenty more to come.
"'This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.'"
No. This is why you don't spy on ordinary Americans.
First Snowden is a looser 29 year old high school graduate who was not qualified for his position.
Now he is brilliant cuz he knows how to use what amounts to 'su'
Suppose if I were incompetent and I needed to explain why a 29 year old "looser" did something he would not have been able to do had I not been incompetent I would call him brilliant too.
Why do they even bother anymore? They are in such a deep trust hole light barely reaches the bottom and yet they feel compelled to keep digging.
Delegated administration is a hard problem. It can be difficult to design a system that can't be bypassed in some way by leveraging second order consequences of ones abilities to effect the system then again this is NSA...you'd think they would use a solver or something to scan for all such possible opportunities or at least characterize and restrict them.
Does "used his sysadmin privileges to mount USB media and assume the profiles" mean something like this?
snowden@nsa $ mount /dev/sdc1 /media/usb /dev/sdc1 /media/usb
Error: Not permitted on classified machines!
snowden@nsa $ sudo mount
Password: 5ky|\|37
snowden@nsa $ sudo su
root@nsa # su barackobama
If he's so evil then how did he pass the background check to get the security clearance that his boss damn sure should have required before assigning him as a sysadmin in the first place?
If you think brillant people puts you in trouble, you have to see in what kind of situation puts you dumb people or policies. Breeding idiocracy inside the main collecting point of US and world's data is shooting yourself in the foot, the groin, and the head, in that order.
Maybe understanding that brillaint people that put you in troubles could give you the hint on who is wrong there, even if you are not smart enough to realize why.
CIA stuff. Stuff that matters.
You are missing the third category, the "Brillant" people. http://thedailywtf.com/Articles/The_Brillant_Paula_Bean.aspx ...they are in a category of their own.
'Every day, they are learning how brilliant [Snowden] was,' said a former U.S. official with knowledge of the case.
Windows XP users already know: logout and login as Administrator to get access to everything and change other users stuff. Especially if you are on a locked down IT computer w/business privs to install software (you log out of your account and in onto another, of course, admin's).
Conclusion for this is not Snowden is Brilliant as the author wants him to be, but:
Gov't officials are incompetent. OBVIOUSLY that official has no idea what technology does, and of course, though clueless, they make the rules (sure sounds a lot like Congress as well!).
Snowden did what all sysadmins know as rule #1 not to do: use root privs to access and login as someone else. But of course all the sysadmins out there calling him a hero sort of make this whole situation hypocritical.
I'm not against the existence of the NSA. That said, I think we can all agree that the bureaucracy and oversight have failed us in several ways. Gen. Alexander spoke at Blackhat about the internal oversight which we must "trust"; media has exposed the repeated failings of said oversight, which apparently filled with individuals who are too embedded to care about rocking the boat for the common good. Then we are told the NSA is going to downsize. Then we are told Snowden went rouge and bypassed all billions of dollars worth of defense. I think it's time we reevaluate how this whole thing works. The official solution thus seems to be to get rid of everyone except for a select few of trusted individuals who will most likely receive more frequent and thorough polygraphs etc... just to keep their job. Since this is the solution, why not just let us the people more access to things. What I mean by this is, if I live in a city, and there are publicly bought surveillance cameras, why should I not have full access to the feed? If I see something on the street I call the police anyway. There is a lot to this but I just thought I would share. We're going to spend more money for an continuously law-dodging centralized bureaucratic unregulated group of people who know better than we do about everything that is around us. Why not lighten the load NSA? You take care of the important stuff and let me have reasonable access to things which my tax dollars have paid for.
By these standards, any marginally competent sysadmin is brilliant. The real moral of the story here is that if you have an organization that, by nature, is full of shifty, conniving, two-faced assholes, you're better off hiring a sysadmin who is a totally complacent dupe.
I've heard of a few interesting access control technologies in my time, and even implemented a few.
Trusted Solaris? Oracle DBMS_FGA? Heck, even somebody who knows Active Directory and the CACLS command?
What is going on there? Who designed this network?
This problem sounds like one that has been "solved" before.
Judge Rules That Police Can Bar High I.Q. Scores
This is a crude line that makes me wonder if your just not a shill for the NSA.
I agree with what Snowden did. I'm just under no illusions about how quickly he got the information he did (he was only there for a few months, hardly enough time to "discover" the things he did a an admin). Also a little too easy how he drifted into Russia when no other country on earth would have him. Even in Hong Kong he was in the Russian embassy...
I would suggest you are INCREDIBLY naive not to at least consider the possibility given the history of Russian intelligence agencies. I'm not 100% sure myself but it seems likely, though kind of irrelevant given again that I agree with him releasing this information.
Sure, typing SU maybe easy, but then please spell out how easy it was to spoof another user and not get caught..
Pretty easy if other admins are not looking (or you are one of few admins for a large number of systems) and you are only there for a short while.
Are there not security measures in place that if you change a password it cannot get reset back?
What are you saying here? Why would he ever change a password... the point of "su" and similar mechanisms is that you only ever log in as ad admin, and then are allowed to change your identity to any user without ever knowing the password they use.
That said it is incredibly simple to copy out a password hash and place it back into a password database, though a bit more advanced than just using "su".
"There is more worth loving than we have strength to love." - Brian Jay Stanley
It seems that NSA has a very big security hole. If there are 1000 sysadmins at NSA who can access files without audit trail like Snowden can, how can you be sure that there isn't a Chinese spy among them? What Snowden did, was patriotic. Another person would have simply sold the secrets to Russians or Chinese and retired at Bahamas and NSA would be no wiser. I am almost certain that it has already happened. Why neither Chinese, nor Russians expressed interest in info that Snowden had? Because they already have it and much more than Snowden had decided to release to public.
Possibly that NSA is operating with presumptions that the info has already leaked. They don't really care. What Snowden did was unforgivable however, because he disclosed their illegal operations to the American public.
Does brilliance mean a lack of integrity? I guess it does now.
it seems that to be in the spotlight is safer than the closet, given that it's easy to explode closets without drawing too much attention.
The U.S. government is extremely corrupt, in many ways. It amazes me how often U.S. citizens joke about that, or change the subject, showing that they don't care.
U.S. government corruption, a short list:
1) The U.S. government has the biggest debt of any country in the history of the world.
2) Governments in the U.S., federal, state, and city, have the largest percentage of citizens in prison of any country in the history of the world. The percentage is SIX TIMES that in the European countries. Putting citizens in prison is a huge industry in the United States.
3) The U.S. government has invaded or bombed 28 countries since the end of the 2nd World War, FAR more than any other government.
4) The U.S. government is involved in many, many kinds of activities that are kept mostly secret from citizens. For just one example, read the story about the US government's purchases of over one billion rounds of anti-personnel ammunition. Quote: "The ammunition is to be used domestically, not by the military."
5) The U.S. government often arranges to lie to citizens.
6) The U.S. government has more military installations in more countries than any country in the history of the world. Some of those are secret, so this list is not complete: List of U.S. government military bases.
7) There is far, far more corruption than that. For example, look at the photos of George W. Bush kissing a Saudi price. The book House of Bush, House of Saud, tells part of the story about how Bush and his friends and family took money to support the Saudis against the best interests of United States citizens.
Be a responsible citizen of the planet and do some research. For example, as many others have said, read A People's History of the United States. The U.S. government has a long history of violence, much of it motivated by desire for profit.
The U.S. government is not the same as U.S. citizens. The U.S. government often engages in many secret activities, such as secret violence, apparently sometimes partly to encourage other violence which is profitable for some people. Secrecy cannot be democratic, because the people have no power if they don't know what the government is doing.
Individual admins may have correctly seen great risk and tried mightily to correct it. Such people are commonly overruled because ease of access trumps data security until the breach is dire.
We are all undergoing a change in focus (especially in IT), as the hostile attack community becomes more prevalent and determined. It will have profound impacts on how we interface with our machines.
In 10 years, the population will look at Android/iOS and think we were insane for carrying such risky devices.
I am already nostalgic for the days when systems were lax and free. We can't live like that anymore.
It doesn't take a "brilliant", or even a very smart person to make the connection between "I can create accounts at will and assign them any rights" and "Those accounts can access stuff I can't".
This is why you have security procedures and audits. Dummies.
Dude, the picture is a photoshop, like the rest of your post.
The best way to stop whistleblowers is to stop giving people a reason to want to blow the whistle.
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
Blob, blob, blob, blob
And what makes you think even if there are blobs they are not just plaintext? This is the NSA we are talking about that lets even new employees have widespread admin access...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
"if you have ever considered that there are actual threats in the world, which are neither imaginary nor monsters of our own creation"
So when you become one of the monster that you are fighting, should that matter?
Lying to the people that you claim to be protecting without any honest check and balances
is good, for whom? You have said a lot, but all i see is someone dancing around the
issues. Is it OK to do and act like the bad guys that you claim to be fighting against,
is it justifiable? The answer is NO, we need to be smarter then that.
Another thing you have to consider here is where Snowden was accessing NSANet (and other compartmented systems, for that matter). The further out you get from where the majority of the systems security regimes live (like NSA/CSS in MD), the less emphasis there is on actually following the rules. Sure, the Hawaii site probably did have a dedicated asset to ensure things were in line with the home office, but I guarantee you that it's a bigger pain in the ass to ensure that the rules are being followed at such a remote site, especially since said security auditors/investigators HAVE to be GGs (Excepted Service civilians), and with the allure of a place like Hawaii to begin with, lots of upper management isn't too keen on signing off on a travel order, regardless of whether an inspection needs to be performed.
If the breach happened here, Snowden would have been surrounded by NSA security the second he changed his identity. Being out in Hawaii was probably the best place for him to be, given the atmosphere the site probably operates under. Some of that has been my impression, anyways, since most times the Hawaii guys show up for meetings here in Hawaiian shirts.
Which is why the government prefers to hire idiots.
A trip down to the DMV seems to support this theory.
How brilliant do you need to do a "sudo su"? The idiot is the person that designed the security such that anyone with admin access can get to anything. Perhaps it would be better to state that "Idiots get you in trouble." Or better yet, stop doing illegal shit. "Jackasses doing illegal shit get you in trouble." But I suppose that would require someone to take some responsibility at the NSA.
I'm a good cook. I'm a fantastic eater. - Steven Brust
And exactly when do you think this was different? When Walter Cronkite was alive? When Ogg told Grog what happened to Paris the other night?
Is this way, was this way, will always be this way.
I’m sorry, no. Things most definitely were NOT always like this. When Walter Cronkite told you “that’s the way it is,” you could believe that he was reporting as accurately as he could, using material gathered by some of the best investigative journalists in the business, and most importantly, with little or no thought to whether the news he was reporting would negatively affect or offend the corporate bosses at CBS. There was a reason he was called “the most trusted man in America,” because he literally was just that, continually ranked in polls for trustworthiness above presidents, clergymen, fellow pundits, you name it. You don’t get that kind of reputation unearned.
Hard to imagine today, but back then the networks genuinely competed against each other for viewers, and news departments quickly became the most prestigious part of that struggle. There was very little editorializing, and almost none that wasn’t clearly labeled as such. The networks simply didn’t try to spin things a certain way as we see now. I suspect enforcement of the Fairness Doctrine had a lot to do with that, certainly it seems like the long decline of the American media began soon after the FCC decided to do away with the FD, along with many other existing useful regulations, such as the ones preventing industry consolidation into exactly the kind of huge media conglomerates we have today. Those long forgotten regulations were perhaps a big part of why the media in those days was so much more trustworthy than what we have now, although I can‘t prove this.
The end result is that today when I access any of the big American news organizations, I no longer believe I am getting the best information possible. Everything has to be taken with a grain of salt and a dollop of serious consideration regarding the parent company’s corporate stance on a given issue. More and more I find myself having to look at overseas sources (BBC, etc) to get any real feel for how things truly stand. It’s a sad state of affairs, and one that is very hard to convey to those born and raised in post-Reagan America. The news media in those days was far from perfect, but for trustworthiness, believability, accuracy, and absence of pervasive editorial slant, it was in general far superior to anything existing today.
'Every day, they are learning how brilliant [Snowden] was,'
Wow if they consider the ability to use sudo, mount and cp is an indicator of brilliance, then most of us here could easily become top NSA guys.
Brilliant!
Yes, you don't hire brilliant people for jobs that violate the constitution. You don't hire anyone for jobs that violate the constitution.
Your position on this issue comes down to your definition of integrity. He either was or was not a man of integrity.
The real failure here is in the NSA management practices that allowed someone like Snowden to be hired and placed in such a sensitive position without oversight. It strongly sounds like an ordinary out of the box Linux distro with sudo used to gain privileges, root can do anything whatsoever, and there was a mistake made in setting up the sudoers file. One of the root commands that he could run was something like
less /var/log/*
and so Snowden typed in "sudo less /var/log/messages" and at the less prompt he typed !
Now he was root, and all the Linux logging of root's actions was bypassed. If he had said sudo su - root and typed in his password, every command would have been logged, but by using the flaw in less or vi, he bypassed all that. Therefore they really do not know what he took.
They are probably scrambling over some kind of NFS logs (or other SAN protocol) looking at access timestamps and comparing that with the authorized users login/logout times to get a sense of what Snowden might have.
But, and its a big but, Snowden might not be the only one taking documents. There could be Russian and Chinese moles in there doing the same. And they may have been there long before the Russian staged a piece of guerilla theatre by arranging for the Americans to "discover" a team of Russian deep agents like Anna Chapman. That whole affair smelled like a red herring. Basically the problem is that chess is a popular game in Russia but not in America. Therefore Russians know how to play a long game. When you play a long game there are events that look like setbacks for you and wins for the opposition, but in reality the opposition has been boondoggled and is about to suffer their final loss, checkmate.
First of all snowden is not a whistleblower. He is a traitor. Secondly, the kind of brilliance this traitor has shown has put American lives at greater risk and for his brilliant act of espionage and giving the enemies of America all they could ever hope for, he has pissed off the greatest superpower this world, earth, has ever known. He should feel very smart for that.
Ethical people simply would not do something like Snowden did. It might occur to them, but they just wouldn't do it. That's why nobody else did it, but Snowden did. This was a failure of the vetting process for security clearance, which was done by an outside contractor.
And since when is using your root access to change your userid something to be called "brilliant"? Gosh, slashdot is full of full-on genuises then!
I mean the NYT telling Dr. Goddard how he didn't know shit about physics. http://en.wikipedia.org/wiki/Robert_Goddard_(scientist)#The_New_York_Times_editorial
Did you know 80 to 90% of the moderators on slashdot wouldn't recognize a troll even if one dragged them under a bridge.
OK. But you have to pass a lie detector test.
The NSA's entire security system is predicated upon hiring smart but not brilliant people.
Brilliant people are terrorists who must be hunted down and re-educated with waterboarding, rendition and enhanced interrogation techniques. They present a danger to our way of life!
Hey i'm mildly capable to downright incompetent, maybe I can get Snowden's bosses job!
Can I vote you in? This is Democracy, right?
One would assume, but one would be wrong apparently. According to several of the linked articles, the NSA state of security is fantastically sophisticated in many ways, but stone aged in others. In short, there is an entire class of sysadmins that the NSA has no good way of keeping track of, and worse, they don't even necessarily know who they all are...
Which means the committee for NSA reform has to go to the accounting department to find out who is receiving a check. To ensure their records from the accounting department aren't deleted, they have to do that hideously antiquated task of putting down those names... on paper.
so for you it is all about newspaper editors???
those are the people who decide what articles get assigned and what don't, which journalist does what story, how long the story will be, the budget (if it has one), and *they write the headline* except at a few papers
you said this:
So because there were headlines, that means what he did is justified?
If that's true, then news editors (which have been laid off in numbers) and the bosses of the editors (publishers, owners, advertisers) are the defining operational factor in what is 'right' and 'wrong' for you...which isn't a tenable position.
Just because news people are more tech-savvy, or their editors want news to report that makes Obama look bad, or because there are more privacy advoates in the newsroom....**whatever**
That does not justify what Snowden did at all.
In America, if the Patriot Act gets passed...it is up to The People to protest until it is gone...
The people were informed about the Patriot Act....ever since then people have been screaming their fool heads off about privacy!
Ever since the Patriot Act the American people have been under this...to make Snowden's actions somehow necessary to have a 'national conversation' about privacy is incorrect
you have no evidence that Snowden had to steal documents, leak them publicly, run all over the world in order for news editors to put stories about privacy at the top of hte headlines
you are justifying after the fact
Thank you Dave Raggett
then release the documents anonymously!
an anonymous leak, like the Pentagon Papers, would have allowed him to keep his awesome job and hot Russian girlfriend
no no, he had to have his face on it...maybe Glenn Greenwald pressured him to release his name, who knows...
what is certain is the US has a very well defined way to release info through the press under the 1st Amendment that would keep him legal
the journalist can be jailed for a time, but not charged criminally
it doesn't add up...what he released and how he did it...this is more than it appears and he is not a hero
he's a self-deluded victim at best
Thank you Dave Raggett
This 'brilliant' official should not be affiliated with any community that includes the word 'Intelligence'.
the only permanence in existence, is the impermanence of existence.
thanks for your friendly tone, but you are factually wrong...it's understandable you missed this in my orignal post, b/c I didn't tag it properly
this is from 2006
"NSA has massive database on American's phone calls"
http://yahoo.usatoday.com/news/washington/2006-05-10-nsa_x.htm
It states specifically that **ALL CALLS ARE PROCESSED** not just calls to certain groups or overseas as you stated.
It was reproted nationally in 2006 and before...we knew before...
Ron Wyden, Senator from Oregon was making noise about it in the Senate before Snowden's revealations.
The contention that 'we knew but we didn't **know** until Snowden' is factually wrong.
WE KNEW ALL WE NEEDED SINCE THE PATRIOT ACT...and several disclosures since then...getting headlines is nothing more than a decision by a news editor
I'm not saying the NSA or CIA is good or doing right...far from it! I'm saying none of this story is as it seems, yet so many see it in black and white.
Snowden is either being manipulated or a full-on spy.
America is an advanced system of government. It demands an educated, informed public. We need to be able to see past a flurry of headlines to the facts.
Snowden is a chess piece. Whoever is working him is doing well...no one is talking about it and why...we instead argue over and over about things that we have all known and been pissed about **since the Patriot Act**
If Snowden just wanted Americans to know the operational details, this would have gone down much differently.
Thank you Dave Raggett
you must not be an American
see, over here, since Obama got elected the minority party (Republicans) have acted in unison to block *everthing Obama does*...
American has three branches of government and they all check and balance each other's power.
Obama needs Congressional approval to do as you say, and they have consistently voted *even against their own laws* in order to oppose Obama
In America, this level of partisanship is not common.
Obama could not, IN ANY WAY...just make a law for this to go away.
Thank you Dave Raggett
show me
show me at least an article that has quotations from the leaked documents and the NSA testimony
I am not defending the NSA...but i see 'the NSA lied' all over but very little discussion of the actual evidence
The NSA probably just was evasive...don't link me to an NSA official dodging a question and call it a 'lie'...the NSA could have good reason not to ansewr an intel question in open congress....they have the right to some stuff questioned by the congressmen only
but I'm willing to look...so show me this proof of the NSA lying to congress that will justify Snowden's behavior.
lets see it
Thank you Dave Raggett
If it takes a "brilliant" individual to get into the accounts of other people on the same machines you personally administer, then I have a feeling that all of their other sysadmins are still trying to figure out why their shells aren't saying "C:\>".
Sigh
All's true that is mistrusted
Mohandas Karamchand Gandhi.
Brillant.
It implies Snowden didn't have the access to access records without using someone else's account.
Which answers (very nicely) how he was allowed to access these records in the first place,
It answers things I'm not even aware of, but I do question the fact they can't find log file(s) showing who downloaded what.
It's part of the paper trail involving secret and classified material, I take it out of a safe I have to sign that I did so they know who has it. They download it and no record,..
Wow! Ignorant. Didn't read the books.
Why would they need to photoshop that ?
The Bush family and the important Bin Laden family are friends, they do business together, for example they both are in oil, didn't you know that ?
Osama bin Laden is the black sheep of the family.
New things are always on the horizon
The US government is still being very angry with the Russian Federation about Snowden. Still RF can not extradite him as there is no extradition agreement. Besides it would be against public opinion. The US government is asking impossible.
But if the USA gives E.Snowden a iron-clad immunity guarantees, restore his US passport he can come to the USA on his own will.
He would be home, with his family. He will not be able harm the USA and the US government could be sure of it.
We see as the world political situation deteriorates because of this anger of the US political elite. Still such a compromise is realistic.
Is whether he used wget.
I stole this Sig
Q. Why do NSA security assessors travel in threes?
A. One who can read, one who can count, and one to keep an eye on the two intellectuals.
http://rocknerd.co.uk
If you treat everyone as a disposable contractor, you may have trouble getting unquestioning loyalty from them.
http://rocknerd.co.uk
"This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble."
And this managerial attitude, my friends, explains much of the mediocrity and don't give a f*ck attitude we see in government jobs.
The "former official" is doing a bit of smoke screening for his friends still in the agency.
If you describe Snowden as just a "good" sysadmin, they start asking why you weren't able to prevent this. Maybe you and your people aren't so "good".
But, if you portray him as a brilliant maverick, why shoot, we can all understand how he went through the permissions like swiss cheese. We've all seen Sneakers with Redford and and the blind guy. Understandable. Sort of like getting outsmarted by Phelps and his Mission Impossible team.
So we don't have to investigate you any more. No problem..
One guesses the comment is made:
a) intentionally - to highlight how Snowden took 'brilliant' action to work around a secure system ie. he is a bad guy who did illegal stuff, not merely a 'whistleblower' taking information within easy reach; or
b) unintentionally - because the comment reveals a staggering lack of understanding of what exactly was required to do what Snowden did. Maybe the guy is just trying to get quoted to satisfy his need for attention or he is genuinely stupid and resentful of smarter people. Well, 'brilliant' people, 'cause he likely thinks that he's smart ... which is kind of sad.
Either way, it is the comment of someone who would not have the moral fibre or courage to do anything close to what Snowden did.
"Consensus" in science is _always_ a political construct.
NSA needs a large army of sysadmins because they have a huge number of employees and a huge number of servers. That's just a given, because there's a lot of work to be done. But they could have minimized their exposure had they had a different, smaller team, responsible for protection of classified materials.
That smaller team, maybe with just a few people on it with the highest levels of clearance, would be responsible for keeping classified materials encrypted so that they'd resist a casual root attack (obviously if a rogue admin installed a keylogger engaged in some other sabotage, that admin could probably subvert the document management scheme, but that would be much more detectable than a brainless su + "drag and drop" style document theft).
Having 1000 superusers running around your network is just begging for trouble. I can't believe it took this long for a breach to occur.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
Back on Snowdrn pleae.
There is really isn't much of a difference.
The correct dichotomy he was looking for is: patriotic, ethical and moral vs. nationalistic, obedient and sycophantic
NSA wants the latter, not the former!
And brilliant people that believe in the constitutional principles, man, they are the very worst.
Brilliant???? I don't think so. Anyone at all who understands basic computer system operations (and I am not talking about having a computer science major from Stanford here), would know how to do this, if given full sysadmin privileges. What i can say about this is that whoever gave a mere contractor, not a fully-vetted security-cleared federal employee, these privileges needs to have to answer also for the damages done by Snowden.
The Bradley Manning/Wikileaks affair is of a similar nature. Who on earth is giving out the level of clearances formerly necessary to access the classified documents he released to whomever has the patience to read through all this material.
Both Snowden and Manning believe themselves to be whistle-blowing heroes. They are not. I do not know if Snowden ever had to take the oath of office that all federal employees, elected officials, and members of our military have to take in which they promise to uphold and defend our constitution and serve and defend our country. Mannning most certainly had to. in both cases, their crimes are no different than if, for example, they had simply sold such documents to, say, North Korea. Both were being paid by us, the taxpayers, and they used their access to material that neither of them had any business being cleared for to release the documents to anyone in the entire world who chose to read them, including the various secret police agencies of not-so-benevolent governments, dictators, and hate groups world wide.
Whoever thinks this to be some benevolent act, whistleblowing or whatever they choose to call it, does not understand the nature of basic international politics and relations. Incalculable damage can be done if such information falls into the wrong hands. Ultimately, that is why the classification system exists at all. At least formerly, individuals granted access to such material had to be thoroughly investigated to even be hired for a position for which security clearances are necessary, and then have their subsequent behavior evaluated to allow them to keep those clearances, and their jobs.
Something, somewhere, has broken down, in a system that has allowed a contractor determined to "out" the agency which was paying his six-figure salary to have access to the innermost workings of that agency and its most sensitive documentation. In the case of Pvt. Manning, I know of no reason why a soldier of such low rank, and known to be emotionally unstable, would also be granted access to our most sensitive diplomatic, military, and intelligence documentation. The individuals responsible for permitting such ill-conceived government personnel policies should also be subject to Congressional questioning as to why a Manning and a Snowden could ever get access to such material. This is still an important step that needs to be taken. How many more such loose cannons are out there, with access to our nation's most sensitive documents, and just waiting to release the materials they have access to at a place and time perhaps thought to be most embarassing or damaging to us? We will not even begin to know thhe answer to this question without knowing just why and by whom decisions have been made that has allowed truly unsuitable individuals to be granted security clearances, or otherwise the ability to gain access to highly classified materials.
Let us not forget the lesson that we should remember from the 1950s, that of the Rosenberg cases. Julius and Ethel Rosenberg, who were executed for giving our designs for nuclear weapons to the Soviet Union. There is evidence that Mrs. Rosenberg may not have been guilty, but the group that organized this betrayal of what should have forever remained our own most secret technology, said they thought the Soviet Union should have the technology in order to provide a better global balance politically and militarily. They believed that they knew what was best for this country and the world when playing with and giving away secrets and technologies that have the capacity to kill and injure millions of innocent people. Those are the risks that both Manning and Snowden have exposed us to.
Next thing you know, they'll be blaming him for snow in winter and sunshine in summer. :-P
Or they'll pin MLK's assassination on him.
He allegedly did that. The media uses allegedly for pedophiles, but Snowden doesn't have this privilege?
Grey's Law: Any sufficiently advanced incompetence is indistinguishable from malice.
Only in America is $52 Billion spent on a Black Budget that goes down a Black Hole. No one knows for what, or if it accomplished anything intended, or if it did anything other than make a mockery of the 4th Amendment. "We're hunting terrorists.We don't need no 4th Amendment." We're going to see a growing flight to privacy tools as the repercussions of the Snowden revelations sink in. In addition to the anonymizing and encryption tools, there's now a growing number of private cloud providers emerging, like Cloudlocker (www.cloudlocker.it), that eliminate the fatal flaws of Dropbox,etc. I think the personal cloud providers are eventually going to take over this space.
'This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.' The truth is, he wasn't "brilliant", he was "crafty". He's a criminal. What has Special Ed done that's "wrong"?: 1) Theft 2) False credentials 3) Tampering with national security 4) Placing all Americans at risk 5) International flight 6) Traveling on a voided passport 7) Bartering with items/information he doesn't legally own nor has personally created 8) Terroristic threats 9) Unethical treatment toward his employer 10) Misrepresentation 11) Perjury/breach of oath 12) Dereliction of duty 13) Failure to follow orders. 14) Impersonating known government officials. He's also flirting with, in fact, trying to set up the two main offenses: A) Assisting foreign powers B) Aiding the enemy. Sure, the Constitution guarantees our freedom to share more information with the public, and the right to free speech is great... but NOT when it will cause a danger to National Security. The info Snowden likely possesses is probably EXACTLY the kind of stuff al Qaeda wants leaked out so they can learn better of how to successfully find ways to kill Americans at will. Not to mention, maybe names and locations of counter-terrorism spies that the U.S. has out in the field infiltrating the ranks of those would-be murderers. People want to complain about the NSA and alleged "spying", but then they'll also complain about not feeling the government is doing enough to protect them from al Qaeda! So the NSA is not "hiding" anything, but they'll be truly ineffective if EVERYONE knows what they're working on. Has NOBODY stopped for a moment and asked "why" the NSA has been doing what they're doing? Did people think the authorities use magic to uncover terrorist plots? http://www.newser.com/story/173411/eavesdropping-satellites-helped-us-catch-bin-laden.html
Every regime hates transparency and fears people who can think out of the box.
Casteism
https://en.wikipedia.org/wiki/Social_engineering_(security)
Casteism
What you are proposing is called a positive feedback system ( http://en.wikipedia.org/wiki/Positive_feedback ) and as the article notes "Positive feedback tends to cause system instability. When the loop gain is positive and above 1, there will typically be exponential growth, increasing oscillations or divergences from equilibrium".
The Weimar Republic, the Brazilian Real and Zimbabwean currency should dispel this nonsense you are talking about.
That is why economists need to know a bit about maths, so they don't end sprouting bullshit.
IANAL but write like a drunk one.
The BBC is obliged by its internal rules not to be biased.
People do complain and the BBC occasionally has to apologize when the standards that apply to it aren't met.
The empirical way to gauge this is to read how many people of all political stripes complain about the BBC being biased: when lefties and right wingers, establishment and anti-establishment all complain bitterly about BBC bias one knows bias doesn't exist.
IANAL but write like a drunk one.
3 fails:
- You needing passwords from other people.
- They giving you those passwords.
-The password been shared and unique.
2 Questions:
- Did you leave?
- Did you technology that didn't require sharing passwords (or was it that you lacked knowledge, perhaps you may not know even now!).
IANAL but write like a drunk one.
Snowden does have credibility (the fact that people describe him as either a whistle-blower or a traitor proves this beyond question).
As for being used by somebody else, well, scrambling so publicly to be let in anywhere and ranting against the US government for closing his asylum options would tend to indicate that he was not being handled by anybody.
This chap did us all a great service, thanks to him we will need to make the internet secure, not keep pretending that it is.
I just don't get how anybody with decent intentions can fail to see this.
IANAL but write like a drunk one.
You can in theory set up a system and throw the key (root password) away: the sys admins could manage the machine, but could not grant access rights to new users and would not have free reign in all the data (logs for example), that would be done by a different set of people (with no root capabilities whatsoever).
The technology exists, but it is used in very few instances.
IANAL but write like a drunk one.