Slashdot Mirror
Snowden Spoofed Top Officials' Identity To Mine NSA Secrets
schnell writes "As government investigators continue to try to figure out just how much data whistleblower Edward Snowden had access to, MSNBC is reporting that Snowden used his sysadmin privileges to assume the user profiles of top NSA officials in order to gain access to the most sensitive files. His sysadmin privileges also enabled him to do something other NSA users can't — download classified files from NSAnet onto a thumb drive. 'Every day, they are learning how brilliant [Snowden] was,' said a former U.S. official with knowledge of the case. 'This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.'"
Surely someone at the NSA knows about multi-level security, SELinux, and the like. No one should have had root access. Having architected the system so poorly, it hardly took a genius to walk off with their secrets.
Best comment I have read in a long time.
For those who don't get it (although this is SD, so there shouldn't be), the NSA wrote SELinux.
Quite a shrill shill. Crackpots and paranoids and conspiracy theorists knew the government was listening to everything all of us do all the time.
Now we all do. That's an achievement. Maybe not worthy of the mission impossible theme song, but an achievement nonetheless.
This message will self destruct in 5 seconds...
Not in any system I've ever seen.
The admin needs to be able to pretty much do everything on the system .. create stuff, delete stuff, raw access to whatever the data is stored in. That's kind of how you do the admin stuff in the first place.
I've been the admin on various systems over the years, and I've never seen a system where you don't have access to everything. That I only look at stuff when I'm supposed to, and even then strictly just enough to do what I need to means I take it seriously. And because I don't want the hassle of knowing more than I need to in order to do my job (and keep it).
I've also been in places where the admin did step outside of their role and poke into things out of curiosity or spite. Those can be fun to identify or fix.
You essentially have to trust your admins and choose carefully. But if you need someone to be able to fix or repair stuff, that requires full access in most cases.
I can almost guarantee you, your DBA, your Exchange Admin, and your sys admin can access pretty much everything on those systems. I'm not even sure what you'd need to have in order to have a system which allowed you to not trust the admin -- but it would have to be a significant departure from most everything we have now. And it would probably leave you a lot of situations in which the admin looks at you and says "bummer dude, but you guys locked me out, so I can't help you".
Lost at C:>. Found at C.
Perhaps if the right people make Snowden seem like a mad brilliant genius, the public will brush aside questions of how secure processes at the NSA are?
There are two types of people in the world; those who believe there are two types of people, and those who don't.
Just goes to show what utter trash journalism has become. Invariably, if you have any knowledge of a subject you can't get over just how badly "journalists" get things wrong or intentionally leave out crucial details.
A sysadmin had root? Imagine that?
A Pirate and a Puritan look the same on a balance sheet.
Maybe they read this.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Mod this up. I know one large pharmaceutical company that requires dual logins (i.e. two sysadmins) to do anything out of the ordinary - and everything is logged. Why the f-ing NSA can't do this is beyond me.