Slashdot Mirror
Snowden Spoofed Top Officials' Identity To Mine NSA Secrets
schnell writes "As government investigators continue to try to figure out just how much data whistleblower Edward Snowden had access to, MSNBC is reporting that Snowden used his sysadmin privileges to assume the user profiles of top NSA officials in order to gain access to the most sensitive files. His sysadmin privileges also enabled him to do something other NSA users can't — download classified files from NSAnet onto a thumb drive. 'Every day, they are learning how brilliant [Snowden] was,' said a former U.S. official with knowledge of the case. 'This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.'"
"Brilliant people get you in trouble.'"
More like "Brilliant people expose the trouble you're currently in".
The security-state here keeps saying "if you don't have anything to hide, then you don't need privacy"
Well, if the NSA weren't doing shit that warranted whistleblowers, they wouldn't have the problems they currently do.
Make sure everyone's vote counts: Verified Voting
So, having a way to change your identity to another users is brilliant? All System Admins must be brilliant!
You either get brilliant or you get mildly capable. Smart people know they don't want to work in that environment. Brilliant people will take the job knowing they can use it to some kind of end. Mildly capable people handle requests and not much more, but are just happy to have a stable job in their field.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
Surely someone at the NSA knows about multi-level security, SELinux, and the like. No one should have had root access. Having architected the system so poorly, it hardly took a genius to walk off with their secrets.
Umm, ok, now you have to be brilliant to "sudo su ".
This guy was a sysadmin. He had physical level access to the hardware. Anybody who is in that job and is competent can do what Snowden did. (or am I missing some as yet undisclosed salient detail?)
I wish I had a good sig, but all the good ones are copyrighted
"This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble." -- a former U.S. official with knowledge of the case.
Um... no. What is described in TFA is not "brilliant" at all, but a necessary part of being a sysadmin: you have control over user profiles.
The fact that the "former official" does not seem to realize this does not lead us to conclude that Snowden was brilliant... but rather that the mentioned official was anything but.
The only thing that came to mind with the suggestion that they not hire brilliant people:
"An intelligence organization that fears intelligence? Historically, not awesome."
- Tony Stark
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
Sometimes I feel that these "former U.S. officials" and "anonymous staff members" should STFU. It just seems like they use their anonymity to say random shit that will create headlines and stroke their ego. The "don't hire brilliant people" quotation is just stupid. No one that would have to be responsible for their words would say that.
People with integrity are not going to be working for the NSA. Kinda runs counter to what they do.
This isn't brilliance, this is just poor security. This is systems that had a vulnerable audit trail, or didn't bother auditing enough, or created records no one ever looked at. Surely user snowden su-ing to some top official throws a red flag somewhere, right? If not, why not?
Inside the NSA is probably an amusing place to bea fly on the wall at the moment. All sorts of new procedures to try to stop someone else doing the same thing. However: it won't work, any defences that a man can put in place can be circumvented by another man, especially one working on the inside. They can make it hard, but not impossible - at least if they want their systems to remain useful. They have, at some level, to trust people to be able to operate.
The only way that the NSA can stop future embarassing revelations is for it to behave in a reasonable and moral way. That means a complete change of culture.
I did not say ''behave in a legal way'' since corrupt laws can easily be written.
Sorry, I am a fan of him and grateful he leaked only certain documents as opposed to Manning just dumping everything out into public, but stealing classified documents to leak is a bit different than the story we've been given as a true whistle-blower.
I think the type of information Snowden took was of a different sort. He stole information detailing the existence of spying programs, how they worked and their extent putting the programs themselves at risk whereas Manning stole and leaked operational information that potentially put lives at risk by exposing agents in the field and/or operational plans in the field.
What Snowden leaked so far embarrasses the government but is not "outing" anyone as an agent. This is more inline with what a whistleblower would usually talk about. He leaked the powerpoint slides as evidence of his claims.
Jesus was a compassionate social conservative who called individuals to sin no more.
It sounds like despite the initial protestations of how he'd exaggerated his abilities, and those of the surveillance program ... it's all proving to be true.
That his sysadmin privileges let him access stuff which was much more classified doesn't change that the system is capable of doing this, and likely is on a large scale.
So we've got a wide-reaching, in cases probably illegal system which can and does tap into everything -- and apparently the amount of oversight and controls they have on this is very limited.
Lost at C:>. Found at C.
All these people "with knowledge of the case" better watch-out they don't go off-message or they could find themselves hunted as whistle-blowers too, but they'll be OK as long as they keep talking about Snowden and not crimes he exposed.
tomorrow who's gonna fuss
Manning stole and leaked operational information that potentially put lives at risk by exposing agents in the field and/or operational plans in the field.
Except that in the Manning leak, the military or intelligence agencies have yet to point to a single agent or operation in the field that was stopped due to the leak. They've just repeatedly asserted this point without proof, and that means significant numbers of Americans believe them.
I am officially gone from
Technically they are not supposed to go immediately to the public. Military, Government, and DOD people are supposed to use the chain of command first. Unfortunately, this does not work in most cases since the chain of command in a corrupt organization is also corrupt. Numerous court cases and stories are to be found regarding how internal whistle blowers are treated (sometimes killed with their whole family, etc...)
What Snowden did in this case is correct. Not going public mind you, but going to journalists who are supposed to be working for the public's interests.
What I, and many others, find so interesting is that our media has become so corrupt that we have to have alternative news sources which hold the original 'credo of journalism' in mind when working. I'm sure if he turned the data over to the NY Post, he would have been in jail and the public would still have no knowledge.
Lengthy chain to get to the point, but the point is that he did not go "public". He went to journalists, and did so correctly in my never so humble opinion. Part of the journalism credo is to determine what to release to the public in order to present the story while protecting the Government.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
It sounds like he abused his privileges to confirm his suspicions, and then took a course of action. Which is the right approach, depending on the suspicions.
If you ignore ACs because they are anonymous - you're an idiot.
This isn't about competence or incompetence. It's about putting as negative a spin as possible on Snowden.
Float a lot of trial balloons, make sure negative things get out there via anonymous sources, even if rebutted the next day, then the "traitor" contingent can forever quote the negative and leave the detailed rebuttals to others, which no one will read.
To wit: in this thread, Manning is excoriated as a traitor for releasing all the documents unredacted, but Manning did not - that was accomplished when professional journalists from the Guardian published the passphrase for an encrypted file.
You need to hire some of these "brilliant" people so that you don't get snowed by a Snowden. By all accounts he accomplished what he did by having incompetent management above him. This was a management problem, and one that you knew better about, or should have known better about - if you had some of those brilliant people who knew what they were doing in management!
" 'This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.'"
No, what happens is when you do shit that shocks the conscience, someone, somewhere, is going to expose you for the douchebag that you are.
Stop being a douchebag.
--
BMO
Snowden's abusing his powers is an act of civil disobedience. The same tatics were used by Ghandi and the civil rights movement. It's a wrong that warrants a "tsk tsk, don't do that" and a stern look. He did it to expose evils so great and widespread that it would be hard to figure out which of the hundreds involved who merit it should be executed for treason first. That's not shoot the messenger here.
I've written this before, with links just like now...if you want to disagree, if you want to claim Snowden *did* release valuable information and not just technical details for things we already knew existed...you have to show evidence.
The evidence that Snowden's leak was valuable is on the front pages every day. Before Snowden, the NSA was in the news once or twice a year, buried in newspapers. After Snowden, the NSA is in the news almost every day. The disclosures may or may not be new, but the public attention is.
Give me Classic Slashdot or give me death!
Given their track record, anything the NSA says should be considered to be a lie. Therefore, if they say Snowden used his 1337 h4x0r skillz to break the rules, it is a safe bet that he did not do anything of the sort and the NSA is just fabricating a story to pacify lawmakers asking how this could happen. Since they commit perjury in front of Congress with impunity, lying to reporters wouldn't even be a blip on a NSA spin-doctor's moral radar.
Yeah, hire that incompetent idiot who will design the security precautions wrong in the first place. That'll work a lot better.
Can't do that, he left three years ago and is now working for something like northrop grumman or bechtel .... selling platforms to the NSA...
Don't forget, she leaked "collateral murder." That is whistleblowing if ever a whistle has been blown.
.: Semper Absurda
A properly compartmented system doesn't have root.
A security manager (that doesn't have access to installation tools, network, operations or storage, but has lots of system activity logs)
A systems engineer (that doesn't have access to user files or security manager functions)
An operational staff (that doesn't have access to user files, security manager functions, OR installation tools)
A network engineer (that doesn't have access to any of the previous three).
And frequently, a storage engineer that doesn't have access to any of the previous 4).
Thus, separation of duty. Improper access always raises an alarm. A violation requires collusion between 3 or more people - MUCH easier to detect.
It is usually the security manager that authorizes new users. The operations staff may initiate the installation of those users - but it is still the security manager that enables them.
And yes, a storage engineer doesn't need access to user files - he may have his own files for testing/evaluation. But he can initiate load balancing that may cause user files to be relocated - but that does not give him access to the data.
I wouldn't say obviously. In my experience, decision makers work in a web of trust, and are completely blind sided by little technical details.
Like all pain, suffering is a signal that something isn't right
I really liked the pace of the disclosures. First he discloses a few things, the officials come out and start spinning and making up lies for the public about what is really happening, then the next disclosure comes out, exposing exactly what they just lied and said wasn't happening.
That was just....masterful.
I can understand wanting to keep secrets, but there is no excuse for telling lies to the people. Its ridiculous that I or anyone can be charged for telling lies to the FBI, but, the politicians can't be charged with telling lies to us.
"I opened my eyes, and everything went dark again"
The best way to stop whistleblowers is to stop giving people a reason to want to blow the whistle.
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
And exactly when do you think this was different? When Walter Cronkite was alive? When Ogg told Grog what happened to Paris the other night?
Is this way, was this way, will always be this way.
I’m sorry, no. Things most definitely were NOT always like this. When Walter Cronkite told you “that’s the way it is,” you could believe that he was reporting as accurately as he could, using material gathered by some of the best investigative journalists in the business, and most importantly, with little or no thought to whether the news he was reporting would negatively affect or offend the corporate bosses at CBS. There was a reason he was called “the most trusted man in America,” because he literally was just that, continually ranked in polls for trustworthiness above presidents, clergymen, fellow pundits, you name it. You don’t get that kind of reputation unearned.
Hard to imagine today, but back then the networks genuinely competed against each other for viewers, and news departments quickly became the most prestigious part of that struggle. There was very little editorializing, and almost none that wasn’t clearly labeled as such. The networks simply didn’t try to spin things a certain way as we see now. I suspect enforcement of the Fairness Doctrine had a lot to do with that, certainly it seems like the long decline of the American media began soon after the FCC decided to do away with the FD, along with many other existing useful regulations, such as the ones preventing industry consolidation into exactly the kind of huge media conglomerates we have today. Those long forgotten regulations were perhaps a big part of why the media in those days was so much more trustworthy than what we have now, although I can‘t prove this.
The end result is that today when I access any of the big American news organizations, I no longer believe I am getting the best information possible. Everything has to be taken with a grain of salt and a dollop of serious consideration regarding the parent company’s corporate stance on a given issue. More and more I find myself having to look at overseas sources (BBC, etc) to get any real feel for how things truly stand. It’s a sad state of affairs, and one that is very hard to convey to those born and raised in post-Reagan America. The news media in those days was far from perfect, but for trustworthiness, believability, accuracy, and absence of pervasive editorial slant, it was in general far superior to anything existing today.
The U.S. government is extremely corrupt, in many ways. It amazes me how often U.S. citizens joke about that, or change the subject, showing that they don't care.
They care. They change the subject because they feel powerless to change the corruption. Everyone they ever voted for turned out to have a hand in the cookie jar. And now the politicians no longer have a guilty look when caught. Instead, they demand to know why we didn't refill the cookie jar.