Slashdot Mirror

← Back to Stories (view on slashdot.org)

Snowden Spoofed Top Officials' Identity To Mine NSA Secrets

Posted by timothy on from the would-you-rather-he-hadn't? dept.

schnell writes "As government investigators continue to try to figure out just how much data whistleblower Edward Snowden had access to, MSNBC is reporting that Snowden used his sysadmin privileges to assume the user profiles of top NSA officials in order to gain access to the most sensitive files. His sysadmin privileges also enabled him to do something other NSA users can't — download classified files from NSAnet onto a thumb drive. 'Every day, they are learning how brilliant [Snowden] was,' said a former U.S. official with knowledge of the case. 'This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.'"

30 of 743 comments (clear)

  1. Amended quote by rsborg · · Score: 5, Insightful

    "Brilliant people get you in trouble.'"

    More like "Brilliant people expose the trouble you're currently in".
    The security-state here keeps saying "if you don't have anything to hide, then you don't need privacy"

    Well, if the NSA weren't doing shit that warranted whistleblowers, they wouldn't have the problems they currently do.

    --
    Make sure everyone's vote counts: Verified Voting
    1. Re:Amended quote by Rob+Riggs · · Score: 5, Funny

      That's why I play dumb. Yeah -- that's it. I'm really brilliant in disguise so I will get hired. And keep up the facade so I won't get fired.

      --
      the growth in cynicism and rebellion has not been without cause
    2. Re:Amended quote by lorenlal · · Score: 5, Insightful

      I'm more worried that they're saying he was "brilliant." Those actions are trivial. I'm disappointed that's all he had to do to get that info.

      Agree with his actions or not, anyone who declared him anything more than "some sysadmin who took some liberties with his access" shouldn't be in charge of gathering, investigating or protecting anyone's sensitive data.

    3. Re:Amended quote by aaaaaaargh! · · Score: 5, Insightful

      I'm more worried that they're saying he was "brilliant."

      Yeah, well, that's because they want to portrait him as a brilliant evil genuis who should be incarcerated for the rest of his life (as he's obviously so dangerous) rather than just a guy who downloaded stuff on his thumbdrive because their internal security was shit.

    4. Re:Amended quote by jedidiah · · Score: 5, Informative

      Just goes to show what utter trash journalism has become. Invariably, if you have any knowledge of a subject you can't get over just how badly "journalists" get things wrong or intentionally leave out crucial details.

      A sysadmin had root? Imagine that?

      --
      A Pirate and a Puritan look the same on a balance sheet.
    5. Re:Amended quote by interkin3tic · · Score: 5, Insightful

      Snowden raises two issues for the NSA. He exposed their crimes, and he also made them look really bad.
      br. By saying he was "brilliant," they deal with the second one. "What? No, this isn't a security lapse. This is a supervillain spy hacker genius! We've dealt with him, there's no one else out there who can penetrate our defenses. You're safe. Ask no more questions, there are no monsters under your bed, save for the ones you pay us to protect you from."

    6. Re:Amended quote by Anonymous Coward · · Score: 5, Insightful

      How do you propose keeping a sysadmin that needs root access to do their job from being able to copy something to a thumb drive? You can ban thumb drives, but then they could just write the files to a different server that they can access from home. If someone needs root access for their job, there's no amount of security that can keep them from either copying secrets or breaking the system if they're so inclined. The only solution is hiring trustworthy admins.

    7. Re:Amended quote by retchdog · · Score: 5, Insightful

      Didn't the NSA contribute significantly to SELinux, the entire point of which was to enforce access controls so that root wouldn't be omniscient?

      Either they weren't using it internally (which would be a bit odd, but not surprising), or they were using it improperly (which is extremely likely), or it was implemented correctly and Snowden was actually very clever (which is somewhat unlikely).

      --
      "They were pure niggers." – Noam Chomsky
    8. Re:Amended quote by TheNastyInThePasty · · Score: 5, Insightful

      The problem is that almost all news consists of reporting what politicians and other figures are saying, rather than doing any ACTUAL research. Any sentence implying that Snowden is "brilliant" for using his privelages in the way that he did should be immediately followed by a line in the news story saying "However, our research shows that anyone with a passing interest in computers and especially systems administration could have done the same thing with ease". Journalists need to start calling people out on their bullshit with actual facts rather than reporting "Well according to obviously biased source A..."

      --
      The best thing about UDP jokes is I don't care if you get them or not
    9. Re:Amended quote by lightknight · · Score: 5, Insightful

      Well, they'd have to, wouldn't they? I mean, come on...anyone who has worked IT has been laughing at the NSA's published accounts of Snowden's 'infiltration' and 'hacking' since day one; a jury of his peers would have trouble seeing him as using any special means to access the information contained therein.

      The only people who would find this surprising are people who are JUST NOW being introduced to how computer security works, or why network admins used to be paid extremely well. It's like pointing out to the President of a large corporation that their chief shark (head legal counsel) knows exactly what evil they've been doing for the last several years, and that they've been cutting his wages relentlessly for years...if this is news to them, they need to be fired; they're obviously not qualified to run a hamburger stand, let alone a large entity.

      What more, their extreme stupidity, in the form of 'doubling down' when confronted with a threat is somehow a perfect epitaph to their lifestyle. Years of treating the servants poorly, now facing paranoia, they turn to violence to instil a sense of loyalty in their 'troops.'

      --
      I am John Hurt.
    10. Re:Amended quote by Richy_T · · Score: 5, Insightful

      The only problem is, if you're doing things which are unconscionable, your only choice is to hire someone without a conscience. And there goes your trustability.

    11. Re:Amended quote by Chelloveck · · Score: 5, Interesting

      Yeah, well, that's because they want to portrait him as a brilliant evil genuis who should be incarcerated for the rest of his life (as he's obviously so dangerous) rather than just a guy who downloaded stuff on his thumbdrive because their internal security was shit.

      This. A thousand times this.

      Read the two articles linked in the summary. They're both on NBC news and published within three days of each other, and both are essentially the same story. The difference in the articles?

      The older one (byline "Richard Esposito and Matthew Cole") says, "Duh. He's a sysadmin. He's capable of creating accounts with arbitrary permissions, and of violating the air gap between the secure and insecure sides. Of course he can do that, it's in his job description!"

      The newer one (byline "Richard Esposito, Matthew Cole and Robert Windrem") says, "Whoa! This guy knows how to impersonate people on a computer! No one but a brilliant uber-hacker could do that! This guy is a menace! An evil genius of a degree seen only in Bond villains!"

      I don't read or watch NBC news, and I've never even heard of any of these reporters before. But my guess is that Esposito and Cole are the tech beat guys, and Windrem is managerial. If we assume stupidity, Windrem simply said "This story is dull. I'd better punch it up a bit." If we assume malice, Windrem said "This makes the NSA sound dumb. Let's play it for the brilliant hacker angle instead." If we assume conspiracy, some nice men in dark sunglasses approached Windrem and said "This story doesn't fit with our narrative of Snowden being a dirty rotten traitor. Fix it."

      --
      Chelloveck
      I give up on debugging. From now on, SIGSEGV is a feature.
    12. Re:Amended quote by VortexCortex · · Score: 5, Funny

      Investigators are baffled at the sophistication of the attack, being that PRISM grew out of ECHELON & Carnivore which was ported from old Unix systems to run on the more secure Microsoft OS platform. Compromise was thought highly unlikely especially since many employees are on record citing the feats "nearly impossible to remotely administer."

      Experts say Snowden used the an obscure "Shell Command", frequently associated with copyright pirates, to display every last file he stole: "De Aye Yar!"
      Worse still, reports confirm that C.P. was his favorite, and was integral to his hacking scheme! Won't someone think of the children?!

  2. Brilliant? by Traze · · Score: 5, Funny

    So, having a way to change your identity to another users is brilliant? All System Admins must be brilliant!

    1. Re:Brilliant? by hjf · · Score: 5, Funny

      Yes... surely SOMEONE at the NSA knows about SELinux!

    2. Re:Brilliant? by Rob+Riggs · · Score: 5, Funny

      Umm, ok, now you have to be brilliant to "sudo su ".

      Sucker. Now you'll never get hired by the NSA.

      --
      the growth in cynicism and rebellion has not been without cause
    3. Re:Brilliant? by Phics · · Score: 5, Informative

      Perhaps if the right people make Snowden seem like a mad brilliant genius, the public will brush aside questions of how secure processes at the NSA are?

      --
      There are two types of people in the world; those who believe there are two types of people, and those who don't.
    4. Re:Brilliant? by Coeurderoy · · Score: 5, Insightful

      So, having a way to change your identity to another users is brilliant?

      All System Admins must be brilliant!

      That is certainly the opinion of most sysadmins :-)

  3. You don't get to hire smart people for this job. by intermodal · · Score: 5, Interesting

    You either get brilliant or you get mildly capable. Smart people know they don't want to work in that environment. Brilliant people will take the job knowing they can use it to some kind of end. Mildly capable people handle requests and not much more, but are just happy to have a stable job in their field.

    --
    In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
  4. Brilliant? by geoskd · · Score: 5, Insightful

    Umm, ok, now you have to be brilliant to "sudo su ".

    This guy was a sysadmin. He had physical level access to the hardware. Anybody who is in that job and is competent can do what Snowden did. (or am I missing some as yet undisclosed salient detail?)

    --
    I wish I had a good sig, but all the good ones are copyrighted
  5. "Brilliant"? Hardly by Jane+Q.+Public · · Score: 5, Insightful

    "This is why you don't hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble." -- a former U.S. official with knowledge of the case.

    Um... no. What is described in TFA is not "brilliant" at all, but a necessary part of being a sysadmin: you have control over user profiles.

    The fact that the "former official" does not seem to realize this does not lead us to conclude that Snowden was brilliant... but rather that the mentioned official was anything but.

  6. oblig Avengers... by Tridus · · Score: 5, Funny

    The only thing that came to mind with the suggestion that they not hire brilliant people:

    "An intelligence organization that fears intelligence? Historically, not awesome."
    - Tony Stark

    --
    -- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
  7. Re:Integrity by h4rr4r · · Score: 5, Insightful

    People with integrity are not going to be working for the NSA. Kinda runs counter to what they do.

  8. Re:so he did in fact break the law by dkleinsc · · Score: 5, Insightful

    Manning stole and leaked operational information that potentially put lives at risk by exposing agents in the field and/or operational plans in the field.

    Except that in the Manning leak, the military or intelligence agencies have yet to point to a single agent or operation in the field that was stopped due to the leak. They've just repeatedly asserted this point without proof, and that means significant numbers of Americans believe them.

    --
    I am officially gone from /. Long live http://www.soylentnews.com/
  9. Re:so he did in fact break the law by s.petry · · Score: 5, Insightful

    Technically they are not supposed to go immediately to the public. Military, Government, and DOD people are supposed to use the chain of command first. Unfortunately, this does not work in most cases since the chain of command in a corrupt organization is also corrupt. Numerous court cases and stories are to be found regarding how internal whistle blowers are treated (sometimes killed with their whole family, etc...)

    What Snowden did in this case is correct. Not going public mind you, but going to journalists who are supposed to be working for the public's interests.

    What I, and many others, find so interesting is that our media has become so corrupt that we have to have alternative news sources which hold the original 'credo of journalism' in mind when working. I'm sure if he turned the data over to the NY Post, he would have been in jail and the public would still have no knowledge.

    Lengthy chain to get to the point, but the point is that he did not go "public". He went to journalists, and did so correctly in my never so humble opinion. Part of the journalism credo is to determine what to release to the public in order to present the story while protecting the Government.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  10. Re:We're fucked by bware · · Score: 5, Insightful

    OMG these people are looking incompetent. OTOH the general public may believe them and think snowden has super powers and this isn't someone elses fault.

    This isn't about competence or incompetence. It's about putting as negative a spin as possible on Snowden.

    Float a lot of trial balloons, make sure negative things get out there via anonymous sources, even if rebutted the next day, then the "traitor" contingent can forever quote the negative and leave the detailed rebuttals to others, which no one will read.

    To wit: in this thread, Manning is excoriated as a traitor for releasing all the documents unredacted, but Manning did not - that was accomplished when professional journalists from the Guardian published the passphrase for an encrypted file.

  11. Dear NSA by onyxruby · · Score: 5, Insightful

    You need to hire some of these "brilliant" people so that you don't get snowed by a Snowden. By all accounts he accomplished what he did by having incompetent management above him. This was a management problem, and one that you knew better about, or should have known better about - if you had some of those brilliant people who knew what they were doing in management!

  12. No, you don't have to have root access. by Anonymous Coward · · Score: 5, Insightful

    A properly compartmented system doesn't have root.

    A security manager (that doesn't have access to installation tools, network, operations or storage, but has lots of system activity logs)

    A systems engineer (that doesn't have access to user files or security manager functions)

    An operational staff (that doesn't have access to user files, security manager functions, OR installation tools)

    A network engineer (that doesn't have access to any of the previous three).
    And frequently, a storage engineer that doesn't have access to any of the previous 4).

    Thus, separation of duty. Improper access always raises an alarm. A violation requires collusion between 3 or more people - MUCH easier to detect.

    It is usually the security manager that authorizes new users. The operations staff may initiate the installation of those users - but it is still the security manager that enables them.

    And yes, a storage engineer doesn't need access to user files - he may have his own files for testing/evaluation. But he can initiate load balancing that may cause user files to be relocated - but that does not give him access to the data.

  13. Re:Snowden was never a "Whistleblower" by TheCarp · · Score: 5, Insightful

    You're missing the forest for the trees friend. The significance of Snowden is not what he leaked by itself. As you said, we /.'ers "knew" that something like this has been going on for at least the last 10 years. The significance is the breadth of surveillance and how the NSA reacted to him leaking it.

    I really liked the pace of the disclosures. First he discloses a few things, the officials come out and start spinning and making up lies for the public about what is really happening, then the next disclosure comes out, exposing exactly what they just lied and said wasn't happening.

    That was just....masterful.

    I can understand wanting to keep secrets, but there is no excuse for telling lies to the people. Its ridiculous that I or anyone can be charged for telling lies to the FBI, but, the politicians can't be charged with telling lies to us.

    --
    "I opened my eyes, and everything went dark again"
  14. You're wrong about Cronkite by almechist · · Score: 5, Insightful

    And exactly when do you think this was different? When Walter Cronkite was alive? When Ogg told Grog what happened to Paris the other night?

    Is this way, was this way, will always be this way.

    I’m sorry, no. Things most definitely were NOT always like this. When Walter Cronkite told you “that’s the way it is,” you could believe that he was reporting as accurately as he could, using material gathered by some of the best investigative journalists in the business, and most importantly, with little or no thought to whether the news he was reporting would negatively affect or offend the corporate bosses at CBS. There was a reason he was called “the most trusted man in America,” because he literally was just that, continually ranked in polls for trustworthiness above presidents, clergymen, fellow pundits, you name it. You don’t get that kind of reputation unearned.

    Hard to imagine today, but back then the networks genuinely competed against each other for viewers, and news departments quickly became the most prestigious part of that struggle. There was very little editorializing, and almost none that wasn’t clearly labeled as such. The networks simply didn’t try to spin things a certain way as we see now. I suspect enforcement of the Fairness Doctrine had a lot to do with that, certainly it seems like the long decline of the American media began soon after the FCC decided to do away with the FD, along with many other existing useful regulations, such as the ones preventing industry consolidation into exactly the kind of huge media conglomerates we have today. Those long forgotten regulations were perhaps a big part of why the media in those days was so much more trustworthy than what we have now, although I can‘t prove this.

    The end result is that today when I access any of the big American news organizations, I no longer believe I am getting the best information possible. Everything has to be taken with a grain of salt and a dollop of serious consideration regarding the parent company’s corporate stance on a given issue. More and more I find myself having to look at overseas sources (BBC, etc) to get any real feel for how things truly stand. It’s a sad state of affairs, and one that is very hard to convey to those born and raised in post-Reagan America. The news media in those days was far from perfect, but for trustworthiness, believability, accuracy, and absence of pervasive editorial slant, it was in general far superior to anything existing today.