Slashdot Mirror
Snowden Spoofed Top Officials' Identity To Mine NSA Secrets
schnell writes "As government investigators continue to try to figure out just how much data whistleblower Edward Snowden had access to, MSNBC is reporting that Snowden used his sysadmin privileges to assume the user profiles of top NSA officials in order to gain access to the most sensitive files. His sysadmin privileges also enabled him to do something other NSA users can't — download classified files from NSAnet onto a thumb drive. 'Every day, they are learning how brilliant [Snowden] was,' said a former U.S. official with knowledge of the case. 'This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.'"
"Brilliant people get you in trouble.'"
More like "Brilliant people expose the trouble you're currently in".
The security-state here keeps saying "if you don't have anything to hide, then you don't need privacy"
Well, if the NSA weren't doing shit that warranted whistleblowers, they wouldn't have the problems they currently do.
Make sure everyone's vote counts: Verified Voting
So, having a way to change your identity to another users is brilliant? All System Admins must be brilliant!
You either get brilliant or you get mildly capable. Smart people know they don't want to work in that environment. Brilliant people will take the job knowing they can use it to some kind of end. Mildly capable people handle requests and not much more, but are just happy to have a stable job in their field.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
Surely someone at the NSA knows about multi-level security, SELinux, and the like. No one should have had root access. Having architected the system so poorly, it hardly took a genius to walk off with their secrets.
Every day we are also learning new definitions of brilliant.
E.g. Non-US news.
Umm, ok, now you have to be brilliant to "sudo su ".
This guy was a sysadmin. He had physical level access to the hardware. Anybody who is in that job and is competent can do what Snowden did. (or am I missing some as yet undisclosed salient detail?)
I wish I had a good sig, but all the good ones are copyrighted
That explains why they really, really, really wanted to get their claws into him.
Forget the extreme negligence of morality of what they were doing, forget the fact that he leaked those secrets to international press.
It's just 100% pride. And I bet those top officials are the ones gunning for him.
Until they realize that what they were doing was unacceptable, this will continue.
And I expect it will continue for a very long time..
Yeah, hire that incompetent idiot who will design the security precautions wrong in the first place. That'll work a lot better.
While I did create the occasional problem, I solved so many more the occasional mistake can be overlooked.
What makes him -not- a whistleblower? He spotted illegal actions from his client (NSA) and used his privileges to prove him right.
Slashdot, fix the reply notifications... You won't get away with it...
"This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble." -- a former U.S. official with knowledge of the case.
Um... no. What is described in TFA is not "brilliant" at all, but a necessary part of being a sysadmin: you have control over user profiles.
The fact that the "former official" does not seem to realize this does not lead us to conclude that Snowden was brilliant... but rather that the mentioned official was anything but.
Who cares? ... Greater good... Lesser evil.... bla bla bla... All systems nominal... SNAFU
“He’s not deformed, he’s just drunk!”
Brillant people are more prone to be independent thinkers, because they have experienced being smarter than others and thus having to think for themselves..
Hey don't blame me, IANAB
The only thing that came to mind with the suggestion that they not hire brilliant people:
"An intelligence organization that fears intelligence? Historically, not awesome."
- Tony Stark
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
Sometimes I feel that these "former U.S. officials" and "anonymous staff members" should STFU. It just seems like they use their anonymity to say random shit that will create headlines and stroke their ego. The "don't hire brilliant people" quotation is just stupid. No one that would have to be responsible for their words would say that.
A sysadmin manipulating access privs hardly seems brilliant. Now if he'd leveraged some software exploits shortly before implementing patches that address said exploits, that would indicate a much greater knowledge of the systems he was looting - a certain grace or panache, if you will. I guess this "brilliant" quote is what you get when people who see these systems as a black box are doing the talking. I'm thinking reality resembles less Snowden brilliance and more NSA caught with their pants down.
Just don't ask them to help you with illegal, immoral, and boring shit.
So, yeah, the NSA shouldn't hire them (on first two accounts).
How is it brilliant to be aware of the abilities and privileges that come with your job? Strikes me more as "not incompetent." It must be goddamn terrifying to be as stupid as this former US official, living in a world where pretty much anything anyone does appears as if it happened by pure magic.
People with integrity are not going to be working for the NSA. Kinda runs counter to what they do.
Hiring brilliance doesn't equate to trouble. Hiring brilliance with morals and throwing them into the middle of something unconstitutional is what gets you into trouble. It's not Snowden's fault the NSA got caught red handed and red faced. The Government should abide by the rules, laws and limitations of power set forth by the people, after all - it's we who gave them the power.
It is well past time to take that power back. We shouldn't fear them, they should fear us. It's time for a Revolution.
"When the people fear their government, there is tyranny; when the government fears the people, there is liberty." - Thomas Jefferson
http://jpetrie.myweb.uga.edu/TJ.html
This isn't brilliance, this is just poor security. This is systems that had a vulnerable audit trail, or didn't bother auditing enough, or created records no one ever looked at. Surely user snowden su-ing to some top official throws a red flag somewhere, right? If not, why not?
Inside the NSA is probably an amusing place to bea fly on the wall at the moment. All sorts of new procedures to try to stop someone else doing the same thing. However: it won't work, any defences that a man can put in place can be circumvented by another man, especially one working on the inside. They can make it hard, but not impossible - at least if they want their systems to remain useful. They have, at some level, to trust people to be able to operate.
The only way that the NSA can stop future embarassing revelations is for it to behave in a reasonable and moral way. That means a complete change of culture.
I did not say ''behave in a legal way'' since corrupt laws can easily be written.
This official is dumb as a fucking rock if he didn't realize that a system administrator can bypass the very security measures he administers. And then on top of the ignorance, they attribute this breach to brilliance. OMG these people are looking incompetent. OTOH the general public may believe them and think snowden has super powers and this isn't someone elses fault.
Sorry, I am a fan of him and grateful he leaked only certain documents as opposed to Manning just dumping everything out into public, but stealing classified documents to leak is a bit different than the story we've been given as a true whistle-blower.
I think the type of information Snowden took was of a different sort. He stole information detailing the existence of spying programs, how they worked and their extent putting the programs themselves at risk whereas Manning stole and leaked operational information that potentially put lives at risk by exposing agents in the field and/or operational plans in the field.
What Snowden leaked so far embarrasses the government but is not "outing" anyone as an agent. This is more inline with what a whistleblower would usually talk about. He leaked the powerpoint slides as evidence of his claims.
Jesus was a compassionate social conservative who called individuals to sin no more.
It sounds like despite the initial protestations of how he'd exaggerated his abilities, and those of the surveillance program ... it's all proving to be true.
That his sysadmin privileges let him access stuff which was much more classified doesn't change that the system is capable of doing this, and likely is on a large scale.
So we've got a wide-reaching, in cases probably illegal system which can and does tap into everything -- and apparently the amount of oversight and controls they have on this is very limited.
Lost at C:>. Found at C.
The problem is that integrity usually comes with morality.
A moral person does not cover up injustice.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
The main problem is using wide-scale non-targeted vacuum programs that just suck up everyone's information everywhere.
Stop doing that and it is less likely that anyone who has half a brain won't be able to get masses of data you shouldn't be collecting in the first place.
-- Tigger warning: This post may contain tiggers! --
I keep seeing the Us government keep putting out new revelations of how he did things to try and make him look worse and worse. In all honesty, I get the feeling at least some of what they are saying is pure BS in a smear campaign. Its just the feeling I get and am interested if others are right.
And as others have stated, for him to get all this data so easily (nothing shown shows any real hardships in gathering data) to me says these NSA systems may be very open to attack. As there security measures seam rather lax. I get the feeling there idea of security is a armed guard standing over the server watching for hackers.
my 2 cents plus 2 more
Explain how any whistleblower is supposed to expose something if they are not allowed to make information public that the public does not already have access to?
You mean he abused his privileges. He is a low level tech, not privy to high level discussions. Compare him to Mark Felt, who was in a position of power and knew for certain through his daily dealings that the administration was abusing his power. He didn't have to raid Nixon's private files to show it. Here's a better analysis for you.
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
See, the problem is, the people running the show never assume that anyone will read the manual and use all the features.
It's like being shocked when someone drives a supercar at 220 mph.
-- Tigger warning: This post may contain tiggers! --
All these people "with knowledge of the case" better watch-out they don't go off-message or they could find themselves hunted as whistle-blowers too, but they'll be OK as long as they keep talking about Snowden and not crimes he exposed.
tomorrow who's gonna fuss
My point is I was under the impression he had the information readily available to him through his job, like Mark Felt. "Hacking" into areas he has no business in is a different story than what has been presented. It makes his defense, if he were to come back to the U.S., deserving of protection under the whistleblower status less credible.
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
Not when these actions expose illegal behavior by the government... Remember, it was this government that created such law in the first place. The more of their own law they violate, the less legitimacy they have.
Law and ethics are not necessarily congruent.. in fact, a lot of times, they aren't, but are passed off to be by politicians and ideological zealots.
There's nothing 'brilliant' about admins who can switch to other users. Just about every system allows that with one command. This 'official's' statement is a smear, plain and simple.
Perhaps my standard of brilliance is different, but having a sysadmin who knows how to take the identities of other users and does so does not seem particularly brilliant. Then, also using his privileges to download to a thumb drive does not seem particularly brilliant. I would expect any sysadmin to be able to figure this out.
If this is the standard for brilliance at the NSA, then it has a real problem.
Manning stole and leaked operational information that potentially put lives at risk by exposing agents in the field and/or operational plans in the field.
Except that in the Manning leak, the military or intelligence agencies have yet to point to a single agent or operation in the field that was stopped due to the leak. They've just repeatedly asserted this point without proof, and that means significant numbers of Americans believe them.
I am officially gone from
A soldier in the Red Army is sent to a Gulag for 31 years after running across the drill-square of his barracks shouting "The political commissar is an idiot!": 1 year for insulting the commissar & 30 for revealing a state secret.
Just wait until they find out what their DBA's can do...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Technically they are not supposed to go immediately to the public. Military, Government, and DOD people are supposed to use the chain of command first. Unfortunately, this does not work in most cases since the chain of command in a corrupt organization is also corrupt. Numerous court cases and stories are to be found regarding how internal whistle blowers are treated (sometimes killed with their whole family, etc...)
What Snowden did in this case is correct. Not going public mind you, but going to journalists who are supposed to be working for the public's interests.
What I, and many others, find so interesting is that our media has become so corrupt that we have to have alternative news sources which hold the original 'credo of journalism' in mind when working. I'm sure if he turned the data over to the NY Post, he would have been in jail and the public would still have no knowledge.
Lengthy chain to get to the point, but the point is that he did not go "public". He went to journalists, and did so correctly in my never so humble opinion. Part of the journalism credo is to determine what to release to the public in order to present the story while protecting the Government.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
So much wrong with all of this...
We can see why in this quotation from TFA which you mentioned:
This is irrational and IMHO just plain ignorant.
How could you reach such a non-sensical conclusion? It requires a misunderstanding of both the technical difficulty of the tasks Snowden accomplished *and* an Asperger-level understanding of what motivates humans to perform.
The error: Interpreting Snowden's behavior as something 'difficult'...
What Snowden did was, on a technical level, something most people at or above his paygrade in IT could do. It is something **some** of us here on /. could do with little effort.
Snowden isn't some code-cracking wizard. Most people on /. could spoof users (or just steal login info) with some work.
Hopping a fence to get to a private pool is not 'innovative' or 'brilliant' thinking...that's all Snowden did.
It's not like he's DVD John....
Second, Snowden's info was *not new information*
We all knew since the PATRIOT ACT that the govt could do this...Bush renewed a domestic spying order to the NSA every 45 days after 9/11.
"NSA has massive database of American's phone calls"is the headline
So, Snowden is either *a full on spy for Russia/global Oligarchs* or *being duped into releasing info by the same*
He's not a hero, he's not a whistleblower, he's a misguided dupe that got taken advantage of, at best...
I've written this before, with links just like now...if you want to disagree, if you want to claim Snowden *did* release valuable information and not just technical details for things we already knew existed...you have to show evidence.
Snowden's info was of no use...and we didn't need any of this to have a "national conversation about privacy"
hundreds of thousands of Americans vehemently do activism to guard our privacy...these are every day people...we've been active since 9/11 and the Patriot Act and before...
Thank you Dave Raggett
It sounds like he abused his privileges to confirm his suspicions, and then took a course of action. Which is the right approach, depending on the suspicions.
If you ignore ACs because they are anonymous - you're an idiot.
You need to hire some of these "brilliant" people so that you don't get snowed by a Snowden. By all accounts he accomplished what he did by having incompetent management above him. This was a management problem, and one that you knew better about, or should have known better about - if you had some of those brilliant people who knew what they were doing in management!
This reminds me the issue in Serenity of showing off a mind reader to a room full of people with the highest level of clearance. In the movie, the powers that be sent an assassin with no limitations to kill her out of fear about what might have been gleaned. In this case, it seems like they have realized that Snowden had complete access, so they are as much scared of what he may have grabbed as they are angry that he did it.
Detaining Miranda in the hope he had a copy of the files makes sense, despite the backlash, if they are desperate to find out what all was taken.
Here's the link missing from my comment above
"NSA has massive database of American's phone calls"
even though most of us on /. could do what Snowden did, apparently I can't close a tag....my bad
Thank you Dave Raggett
The more that comes out, the more convinced I am that his actions were planned and deliberate, and even more than the-person-formerly-known-as-Bradley Manning, this constitutes something approaching treason.
In the end it comes down to the fact that no person can be totally controlled. It's always a wish. You are looking at the problem from the wrong end. The installation of nationalist and other power structures into the minds (even since being a newborn) can never reach an absolute authority - this is the facade, or the farce even.
What follows is that the control mechanisms would grow ad infinitum to control something that in reality is not controllable. Snowden exploited the obvious weakness in the system. The authorities do not want the simple fact to be inherently known, that the power is just an illusion. The illusion is backed up by real force however, which makes it very dangerous. Relatively few people have a huge deadly force at their disposal.
Whistle-blowing is not about getting handouts either... That would just enforce the farce further.
" 'This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.'"
No, what happens is when you do shit that shocks the conscience, someone, somewhere, is going to expose you for the douchebag that you are.
Stop being a douchebag.
--
BMO
Snowden's abusing his powers is an act of civil disobedience. The same tatics were used by Ghandi and the civil rights movement. It's a wrong that warrants a "tsk tsk, don't do that" and a stern look. He did it to expose evils so great and widespread that it would be hard to figure out which of the hundreds involved who merit it should be executed for treason first. That's not shoot the messenger here.
To the person that modded me down, I know my opinion is not a popular one. I'm open to debate. However, you should be using your mod points to bump up good comments and modding down off-topic or blatantly offensive messages, not opinions you disagree with.
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
Apparently the NSA is taking a page from police departments here. (Warning: autoplaying video.)
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
http://yahoo.usatoday.com/news/washington/2006-05-10-nsa_x.htm
that's it
sorry again...gah I need to go back to typing school
Thank you Dave Raggett
Now The Story is:
"my god, he was a criminal mastermind. Who knew?" Brilliant. Simply brilliant!".
Desired subtext:
"This is not a real flaw in our security folks. We were undone by a brilliant criminal mastermind. You can understand how that would happen. We've patched that little loophole and now everything is safe. It's NOT the case that the system is easily exploitable by high school drop outs. It's not the case that any of our sysadmins could do what he did and may have for all we know. "
World to NSA- you have no cred. You just don't. "Leaks' by "unnamed officials" are just more damage control, not facts. The way forward is not going to be found by consulting with damage control experts. The way forward is going to be forged by a public, honest, searching , thorough and skeptical examination about the why where when what and who surrounding surveillance. Everything you do, like this, to try to just ride out the upsettness people are feeling only makes you less credible.
I am saying this as one of the apparently few around here who consider that you perform a desperately needed function and have a clearly legitimate need to engage in the activities you have engaged in.
Now, if that's what I think and this is how you're coming across to me, imagine what everyone else is thinking.
So the whole "anybody could get access to this data at any time, even without a court order" is really more like "anyone with the appropriate privileges, which is limited to a select number of analysis, can access these records, which are protected by a court order. Except, of course, the sysadmin who breaks all of the rules, steals the credentials of authorized analysis, and then downloads whatever he wants.
Short of giving one key to a judge in a two key system and tying up an entire justice department staff to baby site every single access, there isn't a way around this particular scenario. It's baked into the whole clearance and trust model.
Is it just my observation, or are there way too many stupid people in the world?
Doesn't change the facts, though, does it? Despicable scum or patriotic hero, he leaked proof of illegal surveillance programs. If you want to criticize someone, why are you picking snowden? He's just the messenger. Regardless what the law says, it's obvious whistleblowing sometimes requires one to get into things he isn't supposed to know about. That comes with the territory.
All in all, I would call that a pretty brilliant plan.
Jesus was a compassionate social conservative who called individuals to sin no more.
Mmm... secret sandwiches...
When you afraid to be seen as incompetent you slide the scale to make yourself look better.
Given their track record, anything the NSA says should be considered to be a lie. Therefore, if they say Snowden used his 1337 h4x0r skillz to break the rules, it is a safe bet that he did not do anything of the sort and the NSA is just fabricating a story to pacify lawmakers asking how this could happen. Since they commit perjury in front of Congress with impunity, lying to reporters wouldn't even be a blip on a NSA spin-doctor's moral radar.
This is the NSA argument, isn't it?
>"This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble"
Sounds like the good old and worn out spaghetti western frase. "He new too much".
Well Snowden definitely new too much. Perhaps if he was really brilliant, he would be seated in Congress.
But anyways. Now it is not only dangerous to know too much. Being very smart is suddenly also dangerous.
Duh..ok boss.
Actually, it's the reverse, people just think that it caused harm because everyone in government overreacted in the beginning.
"The Defense Department says the July posting of tens of thousands of secret Afghan war logs by the WikiLeaks website compromised no sensitive intelligence sources or practices." http://www.cbsnews.com/2100-201_162-6962209.html
Or maybe they didn't know about this sort of stuff at the time they joined it? Seems to me that most whistleblowers end up blowing the whistle because things were not what they expected as they got higher up in an organization or were exposed to more of its inner workings. If everyone with integrity had enough information to steer clear of the jobs that had them doing illegal/immoral/otherwise wrong stuff, we'd never have any whistleblowers, since those people would all be working for upstanding organizations.
What they _really_ want are sociopaths; people (Men) that have no empathy for others and kinda get off on having great power and lending a hand in bringing suffering and grief to 'things' they have no more sympathy for than ants under their magnifying glass.
The greatest enemy of the NSA, et al is conscience.
'This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.'
Are brilliant people with integrity not available or do they simply cost to much.
That is not the problem, brilliant people with integrity might believe that doing things that benefit certain companies at the detriment of the general public is something that a public organization should not do, and they might try to fix this... very bad...
They've done even more. The Pentagon has concluded that no harm has occurred as a result of the leaks.
https://en.wikipedia.org/wiki/Afghan_War_documents_leak#Informants_named
"On 11 August 2010, a spokesman for the Pentagon told the Washington Post that "We have yet to see any harm come to anyone in Afghanistan that we can directly tie to exposure in the WikiLeaks documents",[55] although the spokesman asserted "there is in all likelihood a lag between exposure of these documents and jeopardy in the field." On 17 August, the Associated Press reported that "so far there is no evidence that any Afghans named in the leaked documents as defectors or informants from the Taliban insurgency have been harmed in retaliation."[56]
In October, the Pentagon concluded that the leak "did not disclose any sensitive intelligence sources or methods", and that furthermore "there has not been a single case of Afghans needing protection or to be moved because of the leak."[57] Both Wikileaks and Greenwald pointed to this report as clear evidence that the danger caused by the leak had been vastly overstated.[58][59]"
So it appears Snowden gained access to areas past his security clearance, downloaded classified materials to a thumb drive and high tailed it to China, than Russia. Sounds more like a spay than a whistle blower to me.
Hey i'm mildly capable to downright incompetent, maybe I can get Snowden's bosses job!
who prays for Satan? Who in 18 centuries has had the humanity to pray for the 1 sinner that needed it most? ~Mark Twain
Stop slandering Manning. He did exactly the same as Snowden, but one of the Guardian's employees foolishly left an encryption key on a publicly accessible site. Only after that key was already out in the open did Wikileaks (again, not Manning) release all those documents.
.: Semper Absurda
'Snowden had a “top secret” security clearance, meaning that under his own user profile he could access many classified documents. But some higher level NSA officials have higher levels of clearance that give them access to the most sensitive documents.'
Apparently Top Secret is no longer the top secrecy level? Is there a Topper Secret and Ultra Toppist Secret now?
Yeah, now that everyone has seen our guys gleefully murdering reporters and civilians our operational security is compromised.
.: Semper Absurda
I'll point you to a huge corruption case currently ongoing in Quebec, It's a textbook case of having internal affair that is not working properly and become so useless that it's not even a stopping block to the corruption system. Stories like the construction contract in the city of laval where internal affair was in the system of Montreal where internal affair was flushed.... Yeah, it's not always that easy.
So, because YOU were under a mistaken impression, HE is wrong?
This is my signature. There are many like it, but this one is mine.
Don't forget, she leaked "collateral murder." That is whistleblowing if ever a whistle has been blown.
.: Semper Absurda
People with integrity are not going to be working for the NSA. Kinda runs counter to what they do.
The NSA didn't somehow magically find and hire many thousands of evil people, any more than the military managed to find and hire a quarter million murderers. People tend to take jobs like that because they believe in what they're doing, and because they believe they're helping. Now, their beliefs may be wrong by your opinion, or by a large swath of society, but it doesn't invalidate their beliefs or suggest they have no integrity. In fact, I'd argue its the exact opposite. They have so much integrity, they're willing to do things that most people would frown on for what they believe is the common good.
Don't conflate the rank and file at the NSA (or any government agency) with the crooks in Washington who create these projects.
We should all right now remember how the media had tried to slander this guy as having only had a GED and how he had such a high wage. How ridiculous that he would pull such bacon? Why on earth did they trust him to work for the NSA!? Now he is brilliant. This all smells to high heaven right now.
"but money is the God of Algiers & Mahomet their prophet." - Rich. O'Bryen June 8th 1786
because they have experienced being smarter than others and thus having to think for themselves
That's actually a good insight. You literally have to be thinking for independently of someone in order to experience being smarter than that someone.
.: Semper Absurda
Sorry, I am a fan of him and grateful he leaked only certain documents as opposed to Manning just dumping everything out into public, but stealing classified documents to leak is a bit different than the story we've been given as a true whistle-blower.
That is a misconception. CIA claims that the documents were classified, but since the documents describe CIA committing crimes it is clear that whoever classified the documents didn't do his job since he should have reported the crimes rather than classifying the documents.
In the end there is no way for the documents to be legally classified.
Think of it this way: Many readers here are developers and as such it is common to have to sign an NDA. This could for example prevent you from telling anyone what your company is doing.
If you after you have signed the NDA finds out that the product your company is manufacturing requires human spines and that they are harvested from homeless people it doesn't matter what the NDA says, the NDA is no longer worth shit and you have an obligation to report the crime. Anyone from the company who tries to stop you is a criminal since they are aiding the crime.
In essence. If you want to keep your actions secret, make sure that they are legal.
If you have moral policy then you don't need to fear whistleblowers. Snowden and people like him should be hired in an instant and this nsa official who think they can do what ever they want should be excised like an infection.
There are thousands of "brilliant" people in many disciplines who work at NSA. Snowden was no more special than any of them, and any other decent sysadmin could do what he did, from a technical perspective.
Of course, NSA could be doing anything that someone, somewhere would still think "deserved" to be leaked; if a single individual decides to leak classified information, does that always make him/her a "whistleblower"?
Before you say, "When it reveals [insert behavior I don't agree with here], absolutely!" consider that what one person believes to be "wrong" (even if, by definition, lawful) is another person's completely justified behavior.
In a free and democratic society based on the rule of law, one who BOTH unilaterally decides to subvert the law, and along with it the processes we have built, AND flees from all consequences of their actions must be counted as an enemy of democracy.
I can hear the cries now that it's "NSA" that is the enemy of democracy; while we can disagree on exactly what the NSA should be doing and precisely how it does it, there is NO WAY that NSA can do foreign SIGINT in a digital world without having access to the exact same systems and networks that Americans and everyone else uses. The needles are all in the same haystack, and you can't have access to only the legitimate foreign intelligence targets without necessarily having theoretical "access" to everything.
Anyone approaching this issue from a remotely rational standpoint understands that to be true, and if you believe the United States should be able to conduct foreign SIGINT, the only question is the "how" â" from technical, legal, and policy perspectives. Nearly everything Snowden leaked beyond the phone call metadata collection (which is explicitly lawful and Constitutional, by definition, because of a Supreme Court ruling 34 years ago) has to do exclusively with foreign intelligence activities.
You really think that's what we need to "blow the whistle" on? That one person can decide, on their own, that they "disagree" with something, and publicly leak it? And if you're an "information wants to be free" type, or one of those who believes the US is what's wrong with the world, or that we shouldn't even be doing the level of foreign intelligence collection that we're doing, I wonder if you have ever considered that there are actual threats in the world, which are neither imaginary nor monsters of our own creation, that don't subscribe to the principles you would claim to hold dear, and which need to be countered.
By all means, keep focusing on technical errors and isolated examples of abuse, that are in fact so isolated that it represents an agency operating at near-perfection in terms of error and abuse rates.
It's a shame that you can't see the forest for the trees.
To get rich you only need to impress chumps; to be smart you have to impress other smart people.
.: Semper Absurda
A properly compartmented system doesn't have root.
A security manager (that doesn't have access to installation tools, network, operations or storage, but has lots of system activity logs)
A systems engineer (that doesn't have access to user files or security manager functions)
An operational staff (that doesn't have access to user files, security manager functions, OR installation tools)
A network engineer (that doesn't have access to any of the previous three).
And frequently, a storage engineer that doesn't have access to any of the previous 4).
Thus, separation of duty. Improper access always raises an alarm. A violation requires collusion between 3 or more people - MUCH easier to detect.
It is usually the security manager that authorizes new users. The operations staff may initiate the installation of those users - but it is still the security manager that enables them.
And yes, a storage engineer doesn't need access to user files - he may have his own files for testing/evaluation. But he can initiate load balancing that may cause user files to be relocated - but that does not give him access to the data.
I think the fact that you just said that disqualifies you. You can't even be mildly competent to hold their job. Plus, you can't be honest enough to admit such a thing.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
And yet UPAC has been involved in this investigation for at least 2 years since the Charbonneau Commission was formed. Clearly the "Internal Affairs" bureau is effective here, even IN a corrupt organization. Perhaps it wasn't as quick at detecting the problem as it could have been, but if you were a civil servant concerned about corruption inside the organization you belonged to (say, the municipality of Laval), your first stop when taking the issue outside your organization should be to the agency charged with oversight of cases like these.
And that's what I was contesting: The presence of corruption in an organization does not mean you simply write off the entire organization as a lost cause and abolish the agency with corruption in it. You use your Internal Affairs-style agencies to excise the corruption and put policies and controls in place to prevent corruption from creeping back in in the future.
They have proof.
They just can't say what the proof is, because it's classified. You have to take their word for it.
"Befehl ist befehl" was never a good reason.
If you do these things you are as guilty or more so than those in washington.
This is a fundamental problem in almost every employer I have been connected with in the last 15 years. I have been employed 30+ years.
There is a great fear of intelligent emplyees so marginal managers hire even more-marginal employees for fear of being eclipsed. If should an intelligent employee manages to get in by understating their abilities but are detected later tend to be targeted and pushed out. There is a great fear by managers as being discovered as being incompetent. Add in sociopaths being promoted to managers just re-enforces this behaviour.
The result is I have witnessed companies squander abilities to quadruple their business in 1-2 years by poor management decisions, burying technical disasters that were easily detected & correctable at an early stage but then baloon into major disasters that cost them business. It is always the guy who predicted the disaster that gets targeted instead of the idiots that covered up the disaster in the making.
In engineering and software industries, I have seen a move to hire less educated, less experienced staff who will keep a low profile and not rock the boat. The result is in underperforming technology firms who rely more on marketing & sales than developing break-through technology and making it reliable.
The statement quoted is just a symptom of a deeper problem in today's high technology industries and even government bureaucracies.
This explains a lot, like the supposedly letting 90% of their sysadmins go. He is not "Brilliant", heck he may not even be all that smart. What he did have were the required privileges. I mean you can try to encapsulate a lot, but bottom line *someone* will need access to do certain things. Once they have access, they have access. There is a certain amount of trust you have to have with these people. Considering their knee jerk response was, oh well we will just get rid of 90% of the people who have access shows what kind of understanding they have of how things operate. Certain people have access for a purpose. Now it could be that 90% of their staff had access they didn't require, in which place that is a HUGE snafu by the NSA. I mean EVERY corporate entity be it corporate or government tries to limit access and privileges on all systems. Most do audits every few year to "clean up" who has access to what to ensure only those that absolutely need access actually have it. I have to fight tooth and nail, filling out forms, and giving explanations, and examples of work to justify my admin access.
Bottom line, is if you have access to this stuff at a sysadmin level it would be fairly trivial I would think to do whatever it is you want with the data. This is why there are all those stories of employees of this nature on slashdot where they get let go or fired, no one tells them, they get their two weeks paid or whatever, but there is a security officer at your desk when you come in in the morning as a surprise, to escort you from the building. Its like that sysadmin for what I believe was the city or state in California where upon being let go, changed all the passwords to the system as a bon voyage farewell and they took him to court to try to gain access. Anyway once you have the privileges, it doesn't take a genius to copy data to a USB drive. Sure you could do some serious logging, monitoring, automated alerts, but first all this is going to restrict what you can do in day to day operations, overhead and complexity, but if you have full DB access, you have access to that as well anyway. Not to mention unless a actually person is really on the ball, all this will tell you is who did it when after the fact, which they found out about anyway from the leaks (or perhaps they did just interrogate the logs). Bottom line is you will always need people like this and you have to be able to trust them, though I guess that goes without saying that perhaps in the paranoia of the NSA that might be hard to come by.
It has later come out that root had no password, or some similar piece of downright negligence. I suspect that much the same will be shown to be true here.
"To those who are overly cautious, everything is impossible. "
Like most security breaches, it is not the brilliance of the hacker, its the stupidity of the admin who created the system. If its done right you cannot assume the roll of any identity other then your own.
but keep blaming the 'brilliance of snowden' and not the stupidity of your system, dumb asses....i fail to see why anyone is scared of a agency this incompetent.
I have no doubt it's something which you can do, and that there are places where this is legitimately needed.
And I can only imagine how much of a PITA they are to keep running or do any admin work on .
But, without actual mechanisms in place that prevent the access (and I mean real barriers here), it's just lip service and security theater. Sure. there's all these policies, but if I can stick a paper clip in the lock and bypass it ... it's as good as useless.
If you are working in an environment which has to be that secure, you almost have to assume that you'll trust your users within reason -- at the end of the day still act as if you don't trust them and put up real barriers.
Lost at C:>. Found at C.
Thomas Drake, William Binney and J. Kirk Wiebe
The NSA has created an irresistable treat for the least moral people in government. Oversight and controls will periodically fail for reasons slashdotters and sysadmins understand well.
Recently
*Spied on reporters
*Prosecutors pretend evidence was gathered with a warrant.
*NSA lied to congress about what was collected.
Previously
*Threatened U,S reporters with death,
*Influence the U.S. elections Watergate.
*Electronic surveillance Martin Luther King, John Lennon, Elvis, It is alleged MLK was blackmailed and the letter demanded he commit suicide before christmas.
Funny
(Unless your former spouse/boyfriend is violent)
*Appalachee "Love-Intelligence"
This answers (for me) why Snowden left the country.
http://www.thedailybeast.com/articles/2010/09/15/nixon-white-house-plot-to-kill-journalist-jack-anderson.html
http://crooksandliars.com/susie-madrak/nsa-analyst-under-bush-we-spied-repor
http://www.usatoday.com/story/news/politics/2013/06/16/snowden-whistleblower-nsa-officials-roundtable/2428809/
http://www.usatoday.com/story/news/politics/2013/06/16/snowden-whistleblower-nsa-officials-roundtable/2428809/
15TW = 15,000 Nuclear Reactors. (Approx. one accident a month.)
Isn't that almost exactly what the NSA is doing?
Sorry, this comment was hidden when I replied saying almost the same thing. Didn't mean to dupe!
They're saying he may have logged in as another official?
that's not impersonating them. Then again, it's a distraction from http://www.techdirt.com/articles/20130829/10405424350/latest-snowden-leaks-detail-black-budget-how-much-govt-wastes-useless-surveillance.shtml , so go figure.
Even the quotes are going for low hanging fruit:
"The damage, on a scale of 1 to 10, is a 12,” said a former intelligence official"
So on a scale of 1 to 10, the answer is "we can't even do math without sensationalizing it"? /facepalm
It didn't need to be blank. He was a sysadmin, he had the root password as part of his job.
The big failure here was that the NSA isn't using a compartmentalized OS where even root's access to files etc. can be restricted (ie. TCSEC B1 or higher). Of course, B1 or higher means Windows is ruled out. Which shouldn't be a problem, the NSA itself helped develop SELinux which has the needed features so they should have a suitable OS at their fingertips. It's a lot more work maintaining it, of course.
Note that this information supposedly comes from "a former U.S. official with knowledge of the case". This is an ongoing, classified investigation. It would be illegal for anyone connected to it to divulge such details to the press much less anyone no longer working for the government (at least officially). This "former official" is either talking out his ass or is a shill being used to strategically smear Snowden by trying to appeal to the general populaces inferiority complex.
I am becoming gerund, destroyer of verbs.
If you want to do it right.
You are being MICROattacked, from various angles, in a SOFT manner.
This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.
"You don't reason with intellectuals, you shoot them." - Napoleon Bonaparte.
Seven puppies were harmed during the making of this post.
I wouldn't say obviously. In my experience, decision makers work in a web of trust, and are completely blind sided by little technical details.
Like all pain, suffering is a signal that something isn't right
"You just have to hire ones that will be loyal enough not to abuse the positions they hold.
If you find yourself doing things where people you hire start to become more inclined to betray you than not, perhaps it's time to re-think direction."
Thus to define an organization build on fear and istrust more the loyalty. Most crime organizations fall (fro what I read), but someone in the organization turning states evidence on their own (moment of consciousness), turning states evidence by getting caught and trading it for a better deal, or selling out to a competitor for a better offer. The NSA is starting to come across, both in action and word, like a organization the rules by fear and you'll never hire loyalty that way.
"I'm sure Snowden's Russian handlers are having quite a good laugh."
This is a crude line that makes me wonder if your just not a shill for the NSA. There is no concrete evidence he acted as a spy. HE felt he saw illegal actions being performed by a government agency, he eflt he had no other path then to go to the press and he knew that he would be hunted down so he want to the one place the hunter could not easily go. That does not make him a spy being "handled", it makes him smart enough to stay alive and tell his side of the story.
"P.S. I'm with others that knowing how to "su" as admin is not brilliant, but basic..."
Sure, typing SU maybe easy, but then please spell out how easy it was to spoof another user and not get caught.. I'm not a SysAdmin so please explain how he was able to use another users profile? Are not the password encrypted such that he cannot see what it is? Are there not security measures in place that if you change a password it cannot get reset back? Until one of you brilliant people out there explain exactly how he did such a act I figure it took more then just being smart enough to type SU.
Life is a great ride, the vehicle doesn't matter
"Finally, Snowden’s physical location worked to his advantage. In a contractor’s office 5,000 miles and six time zones from headquarters, he was free from prying eyes. Much of his workday occurred after the masses at Ft. Meade had already gone home for dinner. Had he been in Maryland, someone who couldn’t audit his activities electronically still might have noticed his use of thumb drives."
Reminds me of the days when Aldrich Ames was splurging all the money the Soviets gave him - and nobody noticed (the first couple of years).
Windows 2000 - from the guys who brought us edlin
Let me fix my own line (/., can you please give an edit function)
Thus to define an organization build on fear and istrust more the loyalty should be
Thus you define an organization built on fear and distrust more then loyalty.
Life is a great ride, the vehicle doesn't matter
So far, everything revealed has come from windows. Until something comes out that shows otherwise, it may be that all of the info came from windows machines.
You are being MICROattacked, from various angles, in a SOFT manner.
And that makes it all kosher right?
I think some are misrepresenting this as easy.
If Snowden did in fact impersonate identities to access the information, and the systems in question are correctly configured, then about the only way to do what he did is on the servers in question themselves.
A properly configured system uses authenticated channels into the server, and that authentication is by means of the accessing system doing a couple things which are difficult to forge, without modifying the attacking system and installing foreign software.
Specifically, the server is a member of an SA - Security Association - and the client machine joins the SA through an attestation process which uses a distributed security certificate. So far, so good. Now a connection is established to the server through a secure point to point link; AFP and SMB use such links, NFS does not (NFS uses remote attestation, which is a point of vulnerability).
A credential is associated on the client side of the link, and it's also associated with the server side of the link through an attestation process to being a particular member of the SA. This attestation goes over the secure link to the server, and the server verifies it with the SA. Because the verification process between the server and the SA is incapable of being intermediated by the client, you have to have all authentication factors in hand. This is why you can't "su uid", as you can in an NFS, environment in order to effectively assume an identity.
Since they are using at least two factor authentication - and these guys do at least that; they use CAC (Common Access Card) attestation using cryptographic smart cards - identity is very difficult to forge.
So you end up with a connection to the server, and a UUID and.or GUID in your credential associated with the connection on the server side, and then ACLs are enforced on server objects you attempt to access over the connection using the UUID/GUID to compare ACL ownership, rights grants, group membership for which ownership or rights grants exist on the object, and so on.
Thus the only way this could have been done is with administrator access *on a server*, not merely administrator access on the network or on a client node on the network ( assuming a lack of sophisticated software).
That said... administrator rights would have been enough. There's no impersonation requirement needed in order to establish access, so he would not have needed to impersonate anyone in order to get the information, and given the authentication and attestation barriers in place, it would have actually been more difficult to obtain the information via impersonation, rather than just being local to the server itself and grabbing it.
This kind of looks like a "pile on the charges" gambit to try and get him for other crimes that could be associated with the attack, had he been silly and done it the way they are claiming he did in the article.
He is a low level tech, not privy to high level discussions.
So if you by chance overhear at your workplace your senior executives conspiring to commit a major crime, it's impolite to call the police because you were not supposed to be privy to their discussion in the first place. Yeah, sounds about right.
Ezekiel 23:20
How badly do you think it set back any diplomatic efforts?
The most notable diplomatic result of the leaks was that it was one of the major factors that convinced the Tunisians and Egyptians to revolt against their dictators. Now, one could argue that turned into a serious diplomatic problem for the US, but that was probably because the US was supporting the dictators.
If I leak details about your private life to a potential employer ...
They'd discover, let's see:
1. That I have some ex's.
2. I occasionally enjoy a drink or two.
3. That I've pissed off a couple of people because I refused to make exceptions to institutional rules that they had agreed to follow just because they yelled at me.
It's really hard to blackmail someone if they don't actually have anything to hide.
I am officially gone from
Providing the necessary proof would, of course, also be classified.
Snowden used his sysadmin privileges to assume the user profiles of top NSA officials...
'Every day, they are learning how brilliant [Snowden] was...
This qualifies as "Brilliant"? Seriously?
While working at a small company, I got tired of waiting days for our one IT guy (responsible for three sites around the country, and had locked down every damn thing) to get around to fixing my computer issues. So I pulled a similar 'brilliant' move to give myself admin access to everything,and I'm not even an IT professional. And I didn't even have sysadmin privileges to start with.
Man, if people in the government think the shit Snowden pulled was that incredible, I'm going to go put in my resume right now and get one of those cushy, high-paying contractor jobs.
Not that I mean to downplay Snowden's actions, because I consider him a goddamn hero, but a system administrator executing commands as a specific user isn't exactly brilliant beyond what any competent admin with a reasonable amount of foresight would do.
Snowden isn't some mastermind, he's just rational. Running commands as a different user when you know you need to cover your tracks is rational. Getting the fuck outta dodge before the shit hits the fan is rational. To a society of mostly irrational morons, rational looks like genius.
What this *does* demonstrate the continual technological ineptitude and lack of critical thought in government and mainstream media to the point of comedy.
Your enemies are going to have brilliant people working for them.
If you restrict your workforce to people who are merely smart you are going to lose. You might even lose if the enemy has merely smart people.
Then there is the Jobs thing. A people hire A people. B people hire C people. So if you have merely smart people they are going to be hiring average people.
Then you are really fucked. We all know how dumb an average person is.
These articles are a mess. A No-Tech PR guy delivering information to a No-Tech reporter. Cringe worthy.
Bad analogy, it's more like planting a bug in your boss's office, or screw analogies -logging into your boss's computer and downloading all of his emails & files.
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
Actually I'm not aware of any information that states he made any attempt to discuss the things he found with his superiors or the superiors of his superiors. It's not like he tried and failed -- he simply went straight to the press. Do you know why? Because he wasn't supposed to be looking at this information in the first place. He's a sysadmin, not an intelligence analyst or auditor. In short, he blatantly abused his privileges, broke the law, circumvented the chain of command, and now he's a hero?
Don't get me wrong, had someone at the NSA attempted to talk to superiors about inappropriate behavior at the agency and couldn't get anywhere, then I would have no problems with him going to the press. That's not what happened here.
Are agnostics skeptical of unicorns too?
Which is why "Internal Affairs" and other organizations generally tend to be OUTSIDE other chains of command.
That's an excellent point in the alternate universe where the NSA has an IA department (or anything similar) outside its chain of command.
First Snowden is a looser 29 year old high school graduate who was not qualified for his position.
Now he is brilliant cuz he knows how to use what amounts to 'su'
Suppose if I were incompetent and I needed to explain why a 29 year old "looser" did something he would not have been able to do had I not been incompetent I would call him brilliant too.
Why do they even bother anymore? They are in such a deep trust hole light barely reaches the bottom and yet they feel compelled to keep digging.
Delegated administration is a hard problem. It can be difficult to design a system that can't be bypassed in some way by leveraging second order consequences of ones abilities to effect the system then again this is NSA...you'd think they would use a solver or something to scan for all such possible opportunities or at least characterize and restrict them.
"Befehl ist befehl" was never a good reason.
If you do these things you are as guilty or more so than those in washington.
I disagree, particularly given that the vast majority of employees there do their work without breaking the law. We know some people at the NSA break the law (Snowden, for one), but we don't know that everyone does. In fact, I'm pretty damn comfortable saying the number of people who do so at the NSA isn't any higher than any other company. If anything, its probably lower.
Does "used his sysadmin privileges to mount USB media and assume the profiles" mean something like this?
snowden@nsa $ mount /dev/sdc1 /media/usb /dev/sdc1 /media/usb
Error: Not permitted on classified machines!
snowden@nsa $ sudo mount
Password: 5ky|\|37
snowden@nsa $ sudo su
root@nsa # su barackobama
This was my thought as well. He did steal classified information. However, it was for a good cause. Give him a slap on the writs, maybe some community service...have him work at a local soup kitchen or something, and send him on his way. In the meantime, we, as the people, need to boot the politicians who support this program.
So the number of people breaking the law at an organization with programs dedicated to breaking the law is lower than that at companies dedicated to not breaking the law?
I think you need to pass me whatever you are smoking.
If he's so evil then how did he pass the background check to get the security clearance that his boss damn sure should have required before assigning him as a sysadmin in the first place?
# man su
SU(1) User Commands SU(1)
NAME
su - run a shell with substitute user and group IDs
SYNOPSIS ... [-] [USER [ARG] ]...
su [OPTION[
DESCRIPTION
Change the effective user id and group id to that of USER.
If you run su as root, you can change your effective user id to anything you want it to be. This ability is fundamental to the existence of users other than root, and it is what is used by the login process (owned by root) to start a shell owned by your user id whenever you log in.
Are not the password encrypted such that he cannot see what it is? Are there not security measures in place that if you change a password it cannot get reset back?
No. Once again, if you use the front-end tools available to users then there are limits. If you're an administrator then a password is just a bunch of characters stored in a text file. Security measures may make it more difficult to gain access to that file, but once you have the ability to read and write to anywhere on the disk or in memory, there's no stopping anything.
If my boss is being paid with public money to do things ostensibly for the entire country, and I have reason to believe he's plotting murder, then fuck yeah, hack into his goddamn computer and download all his email and files. It's evidence.
If you think brillant people puts you in trouble, you have to see in what kind of situation puts you dumb people or policies. Breeding idiocracy inside the main collecting point of US and world's data is shooting yourself in the foot, the groin, and the head, in that order.
Maybe understanding that brillaint people that put you in troubles could give you the hint on who is wrong there, even if you are not smart enough to realize why.
You are missing the third category, the "Brillant" people. http://thedailywtf.com/Articles/The_Brillant_Paula_Bean.aspx ...they are in a category of their own.
I'm not against the existence of the NSA. That said, I think we can all agree that the bureaucracy and oversight have failed us in several ways. Gen. Alexander spoke at Blackhat about the internal oversight which we must "trust"; media has exposed the repeated failings of said oversight, which apparently filled with individuals who are too embedded to care about rocking the boat for the common good. Then we are told the NSA is going to downsize. Then we are told Snowden went rouge and bypassed all billions of dollars worth of defense. I think it's time we reevaluate how this whole thing works. The official solution thus seems to be to get rid of everyone except for a select few of trusted individuals who will most likely receive more frequent and thorough polygraphs etc... just to keep their job. Since this is the solution, why not just let us the people more access to things. What I mean by this is, if I live in a city, and there are publicly bought surveillance cameras, why should I not have full access to the feed? If I see something on the street I call the police anyway. There is a lot to this but I just thought I would share. We're going to spend more money for an continuously law-dodging centralized bureaucratic unregulated group of people who know better than we do about everything that is around us. Why not lighten the load NSA? You take care of the important stuff and let me have reasonable access to things which my tax dollars have paid for.
Thank you. Now I at least understand the view of some posts. It also confirms my own thought that this is another spin article (getting at least once a day) that seems to come out to refute Snowden with little substance...That which is scary, the media is just running out this offal without any true means test of basic validation. What happened to verifying sources, what happened to investigating claims before print. Your few minutes of response did more to show the stupidity of the "officials" comments then almost anything else I've read.
Amazing!
Life is a great ride, the vehicle doesn't matter
By these standards, any marginally competent sysadmin is brilliant. The real moral of the story here is that if you have an organization that, by nature, is full of shifty, conniving, two-faced assholes, you're better off hiring a sysadmin who is a totally complacent dupe.
I've heard of a few interesting access control technologies in my time, and even implemented a few.
Trusted Solaris? Oracle DBMS_FGA? Heck, even somebody who knows Active Directory and the CACLS command?
What is going on there? Who designed this network?
This problem sounds like one that has been "solved" before.
Judge Rules That Police Can Bar High I.Q. Scores
This is a crude line that makes me wonder if your just not a shill for the NSA.
I agree with what Snowden did. I'm just under no illusions about how quickly he got the information he did (he was only there for a few months, hardly enough time to "discover" the things he did a an admin). Also a little too easy how he drifted into Russia when no other country on earth would have him. Even in Hong Kong he was in the Russian embassy...
I would suggest you are INCREDIBLY naive not to at least consider the possibility given the history of Russian intelligence agencies. I'm not 100% sure myself but it seems likely, though kind of irrelevant given again that I agree with him releasing this information.
Sure, typing SU maybe easy, but then please spell out how easy it was to spoof another user and not get caught..
Pretty easy if other admins are not looking (or you are one of few admins for a large number of systems) and you are only there for a short while.
Are there not security measures in place that if you change a password it cannot get reset back?
What are you saying here? Why would he ever change a password... the point of "su" and similar mechanisms is that you only ever log in as ad admin, and then are allowed to change your identity to any user without ever knowing the password they use.
That said it is incredibly simple to copy out a password hash and place it back into a password database, though a bit more advanced than just using "su".
"There is more worth loving than we have strength to love." - Brian Jay Stanley
It seems that NSA has a very big security hole. If there are 1000 sysadmins at NSA who can access files without audit trail like Snowden can, how can you be sure that there isn't a Chinese spy among them? What Snowden did, was patriotic. Another person would have simply sold the secrets to Russians or Chinese and retired at Bahamas and NSA would be no wiser. I am almost certain that it has already happened. Why neither Chinese, nor Russians expressed interest in info that Snowden had? Because they already have it and much more than Snowden had decided to release to public.
Possibly that NSA is operating with presumptions that the info has already leaked. They don't really care. What Snowden did was unforgivable however, because he disclosed their illegal operations to the American public.
Individual admins may have correctly seen great risk and tried mightily to correct it. Such people are commonly overruled because ease of access trumps data security until the breach is dire.
We are all undergoing a change in focus (especially in IT), as the hostile attack community becomes more prevalent and determined. It will have profound impacts on how we interface with our machines.
In 10 years, the population will look at Android/iOS and think we were insane for carrying such risky devices.
I am already nostalgic for the days when systems were lax and free. We can't live like that anymore.
It doesn't take a "brilliant", or even a very smart person to make the connection between "I can create accounts at will and assign them any rights" and "Those accounts can access stuff I can't".
This is why you have security procedures and audits. Dummies.
The best way to stop whistleblowers is to stop giving people a reason to want to blow the whistle.
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
Which is why "Internal Affairs" and other organizations generally tend to be OUTSIDE other chains of command. This is no excuse.
I guess you really don't know much about Government work. Army internal affairs is a department in the Army, CIA internal affairs is an office in the CIA, etc... Most of those have regulations requiring you to report first to your commanding officer, then to their commanding officer, etc... up the chain. If a person in the chain is in question, with permission you can visit the internal affairs offices.
Surely you can name just 3, with a legit reference for each, since there are NUMEROUS court cases and stories?
See released and declassified documents for COINTELPRO, MOCKINGBIRD, Plumbbob, Crossroads, MKUltra, and no there is no reason to continue. It is simply too easy to find this information.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Do you know why? Because he wasn't supposed to be looking at this information in the first place. He's a sysadmin, not an intelligence analyst or auditor. In short, he blatantly abused his privileges, broke the law, circumvented the chain of command, and now he's a hero?
You are ignoring the fact that he could also see who was participating in illegal activities. You assume, possibly incorrectly, that he felt he could trust making a report to his superiors. I never claimed he was a hero, I claimed that his method was correct in my opinion.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Blob, blob, blob, blob
And what makes you think even if there are blobs they are not just plaintext? This is the NSA we are talking about that lets even new employees have widespread admin access...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Of course he couldn't make a report to his superiors since he was illegally going through information. This is why he's not a true whistle-blower. He was breaking the law to do what he did. In effect, he's no better than the people he's ratting out. It's hard to claim the high ground that you're exposing people in the NSA illegally collecting information when you're illegally collecting information. In short, he's just as big as a dirtbag as the people he is exposing.
Are agnostics skeptical of unicorns too?
Another thing you have to consider here is where Snowden was accessing NSANet (and other compartmented systems, for that matter). The further out you get from where the majority of the systems security regimes live (like NSA/CSS in MD), the less emphasis there is on actually following the rules. Sure, the Hawaii site probably did have a dedicated asset to ensure things were in line with the home office, but I guarantee you that it's a bigger pain in the ass to ensure that the rules are being followed at such a remote site, especially since said security auditors/investigators HAVE to be GGs (Excepted Service civilians), and with the allure of a place like Hawaii to begin with, lots of upper management isn't too keen on signing off on a travel order, regardless of whether an inspection needs to be performed.
If the breach happened here, Snowden would have been surrounded by NSA security the second he changed his identity. Being out in Hawaii was probably the best place for him to be, given the atmosphere the site probably operates under. Some of that has been my impression, anyways, since most times the Hawaii guys show up for meetings here in Hawaiian shirts.
I don't think you have to do anything abnormal or illegal to find out someone's breaking the law. Gathering evidence after making that determination is not illegal, though this is the case many are trying to make. IANAL, but I have not seen any arguments that have merit. Mostly this goes to breach of contract, however an illegal contract is not enforceable.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Snowden did talk to the only superior who didn't know about these programs: The people of the USA, which are by their constitution designated as the highest superior available. All others below them knew about the programs and participated in them in some fashion. Telling these superiors about things they already knew wouldn't have helped at all.
Which is why the government prefers to hire idiots.
A trip down to the DMV seems to support this theory.
How brilliant do you need to do a "sudo su"? The idiot is the person that designed the security such that anyone with admin access can get to anything. Perhaps it would be better to state that "Idiots get you in trouble." Or better yet, stop doing illegal shit. "Jackasses doing illegal shit get you in trouble." But I suppose that would require someone to take some responsibility at the NSA.
I'm a good cook. I'm a fantastic eater. - Steven Brust
And exactly when do you think this was different? When Walter Cronkite was alive? When Ogg told Grog what happened to Paris the other night?
Is this way, was this way, will always be this way.
I’m sorry, no. Things most definitely were NOT always like this. When Walter Cronkite told you “that’s the way it is,” you could believe that he was reporting as accurately as he could, using material gathered by some of the best investigative journalists in the business, and most importantly, with little or no thought to whether the news he was reporting would negatively affect or offend the corporate bosses at CBS. There was a reason he was called “the most trusted man in America,” because he literally was just that, continually ranked in polls for trustworthiness above presidents, clergymen, fellow pundits, you name it. You don’t get that kind of reputation unearned.
Hard to imagine today, but back then the networks genuinely competed against each other for viewers, and news departments quickly became the most prestigious part of that struggle. There was very little editorializing, and almost none that wasn’t clearly labeled as such. The networks simply didn’t try to spin things a certain way as we see now. I suspect enforcement of the Fairness Doctrine had a lot to do with that, certainly it seems like the long decline of the American media began soon after the FCC decided to do away with the FD, along with many other existing useful regulations, such as the ones preventing industry consolidation into exactly the kind of huge media conglomerates we have today. Those long forgotten regulations were perhaps a big part of why the media in those days was so much more trustworthy than what we have now, although I can‘t prove this.
The end result is that today when I access any of the big American news organizations, I no longer believe I am getting the best information possible. Everything has to be taken with a grain of salt and a dollop of serious consideration regarding the parent company’s corporate stance on a given issue. More and more I find myself having to look at overseas sources (BBC, etc) to get any real feel for how things truly stand. It’s a sad state of affairs, and one that is very hard to convey to those born and raised in post-Reagan America. The news media in those days was far from perfect, but for trustworthiness, believability, accuracy, and absence of pervasive editorial slant, it was in general far superior to anything existing today.
He has very little defense: he has explicitly stated to the press that he took the job with the NSA specifically because it would give him access to classified files, and such premeditation will go down very badly with even his defence lawyers, let alone the prosecutors. There is also (as a consequence) absolutely no doubt that he has contravened whatever the American version of the Official Secrets Act is, which leaves him immediately liable to criminal prosecution. What he isn't facing under law - which doesn't necessarily reflect on what would happen - is military law, nor the death penalty, etc, since he is a civilian and legally has to be charged under the civilian laws he has openly admitted to breaking. None of this is to say whether he was right or wrong to do what he's done - just he'd be very silly to go back to America because he's already crippled his own defence, in a way that was entirely unnecessary.
'Every day, they are learning how brilliant [Snowden] was,'
Wow if they consider the ability to use sudo, mount and cp is an indicator of brilliance, then most of us here could easily become top NSA guys.
Of course he broke the law. He was looking at confidential information without permission. He's only able to do this because he's a sysadmin so he has access to everything. Please explain to me why it would be appropriate for a sysadmin to be looking at this kind of information.
Are agnostics skeptical of unicorns too?
Brilliant!
Yes, you don't hire brilliant people for jobs that violate the constitution. You don't hire anyone for jobs that violate the constitution.
The U.S. government is extremely corrupt, in many ways. It amazes me how often U.S. citizens joke about that, or change the subject, showing that they don't care.
They care. They change the subject because they feel powerless to change the corruption. Everyone they ever voted for turned out to have a hand in the cookie jar. And now the politicians no longer have a guilty look when caught. Instead, they demand to know why we didn't refill the cookie jar.
Your belief is based on a false dichotomy, actually.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Ethical people simply would not do something like Snowden did. It might occur to them, but they just wouldn't do it. That's why nobody else did it, but Snowden did. This was a failure of the vetting process for security clearance, which was done by an outside contractor.
And since when is using your root access to change your userid something to be called "brilliant"? Gosh, slashdot is full of full-on genuises then!
So what does that say about the quality of the intelligence they are gathering they could not properly screen a guy who would have access to everything?
Rushed like many other gov groups in history.
The USA always seemed to have the cash, testing and time in the past to learn from most of the epic historical issues with staff.
Quality is gone with so many needed in long wars with new private groups deep in the funding mix.
Domestic spying is now "Benign Information Gathering"
I mean the NYT telling Dr. Goddard how he didn't know shit about physics. http://en.wikipedia.org/wiki/Robert_Goddard_(scientist)#The_New_York_Times_editorial
Did you know 80 to 90% of the moderators on slashdot wouldn't recognize a troll even if one dragged them under a bridge.
OK. But you have to pass a lie detector test.
Not really. They claim that they have suspicions, but they refuse to release any information that would prove them. So far we have to basically trust their claims that their violations of our privacy are helpful in catching terrorists and preventing attacks.
Some other people have tried to blow the whistle through proper channels in NSA. Didn't work out so well for them, and it was publicized back in the day. I assume that Snowden is no idiot and read up on that experience.
Simply put, if your "internal affairs agency" is compromised to the point where it's useless, and you know about it, the only meaningful course of action is to go public.
so for you it is all about newspaper editors???
those are the people who decide what articles get assigned and what don't, which journalist does what story, how long the story will be, the budget (if it has one), and *they write the headline* except at a few papers
you said this:
So because there were headlines, that means what he did is justified?
If that's true, then news editors (which have been laid off in numbers) and the bosses of the editors (publishers, owners, advertisers) are the defining operational factor in what is 'right' and 'wrong' for you...which isn't a tenable position.
Just because news people are more tech-savvy, or their editors want news to report that makes Obama look bad, or because there are more privacy advoates in the newsroom....**whatever**
That does not justify what Snowden did at all.
In America, if the Patriot Act gets passed...it is up to The People to protest until it is gone...
The people were informed about the Patriot Act....ever since then people have been screaming their fool heads off about privacy!
Ever since the Patriot Act the American people have been under this...to make Snowden's actions somehow necessary to have a 'national conversation' about privacy is incorrect
you have no evidence that Snowden had to steal documents, leak them publicly, run all over the world in order for news editors to put stories about privacy at the top of hte headlines
you are justifying after the fact
Thank you Dave Raggett
then release the documents anonymously!
an anonymous leak, like the Pentagon Papers, would have allowed him to keep his awesome job and hot Russian girlfriend
no no, he had to have his face on it...maybe Glenn Greenwald pressured him to release his name, who knows...
what is certain is the US has a very well defined way to release info through the press under the 1st Amendment that would keep him legal
the journalist can be jailed for a time, but not charged criminally
it doesn't add up...what he released and how he did it...this is more than it appears and he is not a hero
he's a self-deluded victim at best
Thank you Dave Raggett
This 'brilliant' official should not be affiliated with any community that includes the word 'Intelligence'.
the only permanence in existence, is the impermanence of existence.
I'm sorry you don't respect others, too.
.: Semper Absurda
thanks for your friendly tone, but you are factually wrong...it's understandable you missed this in my orignal post, b/c I didn't tag it properly
this is from 2006
"NSA has massive database on American's phone calls"
http://yahoo.usatoday.com/news/washington/2006-05-10-nsa_x.htm
It states specifically that **ALL CALLS ARE PROCESSED** not just calls to certain groups or overseas as you stated.
It was reproted nationally in 2006 and before...we knew before...
Ron Wyden, Senator from Oregon was making noise about it in the Senate before Snowden's revealations.
The contention that 'we knew but we didn't **know** until Snowden' is factually wrong.
WE KNEW ALL WE NEEDED SINCE THE PATRIOT ACT...and several disclosures since then...getting headlines is nothing more than a decision by a news editor
I'm not saying the NSA or CIA is good or doing right...far from it! I'm saying none of this story is as it seems, yet so many see it in black and white.
Snowden is either being manipulated or a full-on spy.
America is an advanced system of government. It demands an educated, informed public. We need to be able to see past a flurry of headlines to the facts.
Snowden is a chess piece. Whoever is working him is doing well...no one is talking about it and why...we instead argue over and over about things that we have all known and been pissed about **since the Patriot Act**
If Snowden just wanted Americans to know the operational details, this would have gone down much differently.
Thank you Dave Raggett
The authoritarians who don't respect the personal choices of others are the same as the ones who drive the endless march of war.
As for you, you are just another wannabe authoritarian whose futile wishes for control over other folks' genitalia will be relegated to the dustbin of forgotten history.
.: Semper Absurda
Chain of command? He worked for a government contractor, not the government itself, so there's no "chain of command" to go through. He was an employee of a contractor for the NSA, which means he's not actually protected under any whistleblowing laws, government or corporate, since he released information about the government while working at BAH.
His situation was pretty unique, and one I'd expect to see addressed through legislation if our Congress were reasonable right now.
you must not be an American
see, over here, since Obama got elected the minority party (Republicans) have acted in unison to block *everthing Obama does*...
American has three branches of government and they all check and balance each other's power.
Obama needs Congressional approval to do as you say, and they have consistently voted *even against their own laws* in order to oppose Obama
In America, this level of partisanship is not common.
Obama could not, IN ANY WAY...just make a law for this to go away.
Thank you Dave Raggett
show me
show me at least an article that has quotations from the leaked documents and the NSA testimony
I am not defending the NSA...but i see 'the NSA lied' all over but very little discussion of the actual evidence
The NSA probably just was evasive...don't link me to an NSA official dodging a question and call it a 'lie'...the NSA could have good reason not to ansewr an intel question in open congress....they have the right to some stuff questioned by the congressmen only
but I'm willing to look...so show me this proof of the NSA lying to congress that will justify Snowden's behavior.
lets see it
Thank you Dave Raggett
If it takes a "brilliant" individual to get into the accounts of other people on the same machines you personally administer, then I have a feeling that all of their other sysadmins are still trying to figure out why their shells aren't saying "C:\>".
Yes, he was a contractor but he still had to report to someone who worked for the government. There's still a chain of command.
Are agnostics skeptical of unicorns too?
How the hell do you know that he knew every superior was corrupt? You don't.
Are agnostics skeptical of unicorns too?
Sigh
All's true that is mistrusted
It implies Snowden didn't have the access to access records without using someone else's account.
Which answers (very nicely) how he was allowed to access these records in the first place,
It answers things I'm not even aware of, but I do question the fact they can't find log file(s) showing who downloaded what.
It's part of the paper trail involving secret and classified material, I take it out of a safe I have to sign that I did so they know who has it. They download it and no record,..
Why would they need to photoshop that ?
The Bush family and the important Bin Laden family are friends, they do business together, for example they both are in oil, didn't you know that ?
Osama bin Laden is the black sheep of the family.
New things are always on the horizon
The US government is still being very angry with the Russian Federation about Snowden. Still RF can not extradite him as there is no extradition agreement. Besides it would be against public opinion. The US government is asking impossible.
But if the USA gives E.Snowden a iron-clad immunity guarantees, restore his US passport he can come to the USA on his own will.
He would be home, with his family. He will not be able harm the USA and the US government could be sure of it.
We see as the world political situation deteriorates because of this anger of the US political elite. Still such a compromise is realistic.
Is whether he used wget.
I stole this Sig
Any idea how big the "capital investment" budget of the NSA is ?
The IT part alone is probably enought to run half a dozen third world governments.
So "smart" people build their contact list while negociating very large contract to the benefit of external contractants.
While "brillant" people loose their time trying to find a way to do the same for much less, or even worse questionning the
value of doing whatever they are supposed to.
Q. Why do NSA security assessors travel in threes?
A. One who can read, one who can count, and one to keep an eye on the two intellectuals.
http://rocknerd.co.uk
If you treat everyone as a disposable contractor, you may have trouble getting unquestioning loyalty from them.
http://rocknerd.co.uk
To be fair, I was first allowed to vote in 2000 and have voted in every election, major and minor.
I can tell you that not a single person I've ever voted for president has won (and several times, I voted for one of the two big guys) and very rarely do I get the Senator I would like. But, I've had much more success getting my local house rep. elected. (I actively campaigned against Tom Delay for several elections and he's been out for several sessions now).
Slashdot Valentines Beta Massacre: iT WORKED! The boycotts killed Beta!!
"This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble."
And this managerial attitude, my friends, explains much of the mediocrity and don't give a f*ck attitude we see in government jobs.
The "former official" is doing a bit of smoke screening for his friends still in the agency.
If you describe Snowden as just a "good" sysadmin, they start asking why you weren't able to prevent this. Maybe you and your people aren't so "good".
But, if you portray him as a brilliant maverick, why shoot, we can all understand how he went through the permissions like swiss cheese. We've all seen Sneakers with Redford and and the blind guy. Understandable. Sort of like getting outsmarted by Phelps and his Mission Impossible team.
So we don't have to investigate you any more. No problem..
A few million people marching on the capital and occupying it until something is done will fix many of the problems. That isn't going to happen though and the reality is that most people in America don't care very much. They certainly don't care enough to take time off work to join such a protest, and there isn't the critical mass required to get the police/military on side.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
One guesses the comment is made:
a) intentionally - to highlight how Snowden took 'brilliant' action to work around a secure system ie. he is a bad guy who did illegal stuff, not merely a 'whistleblower' taking information within easy reach; or
b) unintentionally - because the comment reveals a staggering lack of understanding of what exactly was required to do what Snowden did. Maybe the guy is just trying to get quoted to satisfy his need for attention or he is genuinely stupid and resentful of smarter people. Well, 'brilliant' people, 'cause he likely thinks that he's smart ... which is kind of sad.
Either way, it is the comment of someone who would not have the moral fibre or courage to do anything close to what Snowden did.
"Consensus" in science is _always_ a political construct.
NSA needs a large army of sysadmins because they have a huge number of employees and a huge number of servers. That's just a given, because there's a lot of work to be done. But they could have minimized their exposure had they had a different, smaller team, responsible for protection of classified materials.
That smaller team, maybe with just a few people on it with the highest levels of clearance, would be responsible for keeping classified materials encrypted so that they'd resist a casual root attack (obviously if a rogue admin installed a keylogger engaged in some other sabotage, that admin could probably subvert the document management scheme, but that would be much more detectable than a brainless su + "drag and drop" style document theft).
Having 1000 superusers running around your network is just begging for trouble. I can't believe it took this long for a breach to occur.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
*Gandhi
*Let's not shoot the messenger here.
He's -not- a whistleblower because he signed a LIFETIME binding legal document called a non-disclosure agreement. End of story. No matter what you feel about the content, he specifically broke a law that he swore to uphold. There are programs in place to whistleblow and there is a specific process....that works.... when somebody feels like there is a problem. Those of you saying he stole classified information....buts its ok because its for a good cause....are absolutely out of your minds. What if I came to your house and stole your car...or wallet...or purse...or identity for what I considered a "good cause". Laws are in place for a reason. ANYONE who knowingly discloses classified information should be pubically hung on the capital steps as a traitor to the United States!
He allegedly did that. The media uses allegedly for pedophiles, but Snowden doesn't have this privilege?
Grey's Law: Any sufficiently advanced incompetence is indistinguishable from malice.
Only in America is $52 Billion spent on a Black Budget that goes down a Black Hole. No one knows for what, or if it accomplished anything intended, or if it did anything other than make a mockery of the 4th Amendment. "We're hunting terrorists.We don't need no 4th Amendment." We're going to see a growing flight to privacy tools as the repercussions of the Snowden revelations sink in. In addition to the anonymizing and encryption tools, there's now a growing number of private cloud providers emerging, like Cloudlocker (www.cloudlocker.it), that eliminate the fatal flaws of Dropbox,etc. I think the personal cloud providers are eventually going to take over this space.
'This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.' The truth is, he wasn't "brilliant", he was "crafty". He's a criminal. What has Special Ed done that's "wrong"?: 1) Theft 2) False credentials 3) Tampering with national security 4) Placing all Americans at risk 5) International flight 6) Traveling on a voided passport 7) Bartering with items/information he doesn't legally own nor has personally created 8) Terroristic threats 9) Unethical treatment toward his employer 10) Misrepresentation 11) Perjury/breach of oath 12) Dereliction of duty 13) Failure to follow orders. 14) Impersonating known government officials. He's also flirting with, in fact, trying to set up the two main offenses: A) Assisting foreign powers B) Aiding the enemy. Sure, the Constitution guarantees our freedom to share more information with the public, and the right to free speech is great... but NOT when it will cause a danger to National Security. The info Snowden likely possesses is probably EXACTLY the kind of stuff al Qaeda wants leaked out so they can learn better of how to successfully find ways to kill Americans at will. Not to mention, maybe names and locations of counter-terrorism spies that the U.S. has out in the field infiltrating the ranks of those would-be murderers. People want to complain about the NSA and alleged "spying", but then they'll also complain about not feeling the government is doing enough to protect them from al Qaeda! So the NSA is not "hiding" anything, but they'll be truly ineffective if EVERYONE knows what they're working on. Has NOBODY stopped for a moment and asked "why" the NSA has been doing what they're doing? Did people think the authorities use magic to uncover terrorist plots? http://www.newser.com/story/173411/eavesdropping-satellites-helped-us-catch-bin-laden.html
You missed what I stated. If a crime has bed determined, gathering evide ce is legal.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Why not start with a basic income, say $25k? Let people choose it if they want, or they can enter the free market. The savings in administration of social security and medicare etc. would be substantial. Then encourage people to innovate with challenges and free education such as MOOCs are providing. Why wouldn't the pace of innovation increase? Hold competitions to gather the best ideas, then turn them over to biz so it can do what it does best, incrementally innovate disruptive ideas.
Inflation is psychological. Index everything to inflation, as Israel did, and nothing changes. Make the indexing seamless and automatic, and there wouldn't be the stress from manual adjustments that finally led Israel to stop the indexing method. Our technology is better now; we can automate the indexing so it fades into the background and we need not even be aware of it.
I think our problems are caused mostly by scarcity thinking and by artificial constraints on the money supply so that more debt exists than currency to pay it off.
Every regime hates transparency and fears people who can think out of the box.
Casteism
https://en.wikipedia.org/wiki/Social_engineering_(security)
Casteism
What you are proposing is called a positive feedback system ( http://en.wikipedia.org/wiki/Positive_feedback ) and as the article notes "Positive feedback tends to cause system instability. When the loop gain is positive and above 1, there will typically be exponential growth, increasing oscillations or divergences from equilibrium".
The Weimar Republic, the Brazilian Real and Zimbabwean currency should dispel this nonsense you are talking about.
That is why economists need to know a bit about maths, so they don't end sprouting bullshit.
IANAL but write like a drunk one.
The BBC is obliged by its internal rules not to be biased.
People do complain and the BBC occasionally has to apologize when the standards that apply to it aren't met.
The empirical way to gauge this is to read how many people of all political stripes complain about the BBC being biased: when lefties and right wingers, establishment and anti-establishment all complain bitterly about BBC bias one knows bias doesn't exist.
IANAL but write like a drunk one.
3 fails:
- You needing passwords from other people.
- They giving you those passwords.
-The password been shared and unique.
2 Questions:
- Did you leave?
- Did you technology that didn't require sharing passwords (or was it that you lacked knowledge, perhaps you may not know even now!).
IANAL but write like a drunk one.
Snowden does have credibility (the fact that people describe him as either a whistle-blower or a traitor proves this beyond question).
As for being used by somebody else, well, scrambling so publicly to be let in anywhere and ranting against the US government for closing his asylum options would tend to indicate that he was not being handled by anybody.
This chap did us all a great service, thanks to him we will need to make the internet secure, not keep pretending that it is.
I just don't get how anybody with decent intentions can fail to see this.
IANAL but write like a drunk one.
You can in theory set up a system and throw the key (root password) away: the sys admins could manage the machine, but could not grant access rights to new users and would not have free reign in all the data (logs for example), that would be done by a different set of people (with no root capabilities whatsoever).
The technology exists, but it is used in very few instances.
IANAL but write like a drunk one.