Report: Russia and China Crack Encrypted Snowden Files

New submitter garyisabusyguy writes with word that, according to London's Sunday Times, "Russia and China have cracked the top-secret cache of files stolen by the fugitive US whistleblower Edward Snowden, forcing MI6 to pull agents out of live operations in hostile countries, according to senior officials in Downing Street, the Home Office and the security services," and suggests this non-paywalled Reuters version, too. "MI6 has decided that it is too dangerous to operate in Russia or China," writes the submitter. "This removes intelligence capabilities that have existed throughout the Cold War, and which may have helped to prevent a 'hot' nuclear war. Have the actions of Snowden, and, apparently, the use of weak encryption, made the world less safe?"

Proof

[bl968]

I will withhold my judgement on this until they release verifiable proof. It seems like their even disclosing the fact they know if the Russians and Chinese had access would be considered a state secret.

Re:Proof

[Ly4]

It seems like their even disclosing the fact they know if the Russians and Chinese had access would be considered a state secret.
This. A thousand times this.

Did MI6 really blow sources in both China and Russia just so they could make Snowden look bad? Why would they do that?

It all sounds like the 'drained laptop' stories from early on in the Snowden saga, which turned out to be just speculation: http://publiceditor.blogs.nyti...

Re:Proof

[whoever57]

I will withhold my judgement on this until they release verifiable proof

Indeed. Does the NSA even have details of CIA operatives? Surely not, unless the NSA is spying on the CIA? In which case, WTF?

Re:Proof

[KGIII]

Yet, even if this story is true and this is a negative outcome, I still feel that Snowden was a patriot of the highest order. One does not need to be supportive of the current regime to be a patriot, in fact the reverse is the seeming greatest creator of patriots. This trend began with our founding fathers, dissent is a good thing at times.

Re:Proof

So the NSA keeps a list of identities of MI6 members stored where some Hawaii-based contracted sysadmin has complete access to them.

And they trust him, his integrity and technical expertise enough that it takes years before they resort to action. And even then the purported reason is not that Snowden has been discovered to actually be a traitor, but rather that the technical tools even the U.S.A. had available for encryption were insufficient for guarding secrets.

If this is not a full-scale endorsement of Snowden and a thundering report of failure for U.S. intelligence politics, I don't know what is.

But more likely than not it is just a propaganda piece that the lying NSA scumbags could not be bothered to think through. But probably good enough for the American public.

Re:Proof

[FirstOne]

More than likely the Russians or Chinese figured out how to use one of the backdoors the NSA was using to hack US databases. It sure looks like the backdoor the NSA found into JUNOS(Juniper routers) using SCHOOLMONTANA, SIERRAMONTANA, STUCCOMONTANA,, would be easy pickens once they retrieved a code sample from an infected routers.

After that it's just a matter of time before they turn the tables and use that same vulnerability to hack our networks.

Re:Proof

[Sneftel]

I agree. It would, however, also have been a colossal fuckup of the highest order, on his part. Encrypting a file in a way that is effectively uncrackable even by highly funded state agencies is not difficult these days.

Given that Snowden does not seem the sort for colossal fuckups, I'm a little incredulous of the report.

Re:Proof

[Livius]

They wouldn't blindly do something just because the Americans wanted them to. Remember, the British courageously stood up to the Americans and told them were wrong about invading Iraq.

Wait a minute, that was France...

Re:Proof

Why would current-day hackers be unable to compromise the databases Snowden had regular sysadmin access to from Hawaii? Those are online. Snowden's stashes are offline and outdated. And individual agent lists were not the kind of stuff he was interested in anyway. He did not take an omnibus dump like Manning.

This really looks like scapegoating for a current-day whale-scale fuckup nobody wants to claim responsibility for.

Re:Proof

[IamTheRealMike]

There won't be any evidence offered, because this event is almost certainly a work of fiction. A careful reading of the articles and simply thinking things through will reveal colossal, gaping holes in the story the British government is peddling.

Firstly: we know beyond doubt that this story is at least partly fictional. We know this because the anonymous government sources (i.e. civil service officials) keep contradicting each other. We see for example this quote in the Independent, "However, despite a senior government official was quoted by the paper as saying that Snowden had "blood on his hands", Downing Street confirmed that there was “no evidence of anyone being harmed” as a result of his leaks". Different versions of the same story contradicting each other is a good sign that what we're being fed is a story: things always grow in the telling, especially when we're hearing a third or fourth hand account of what happened. The way US officials contradicted each other in the wake of the bin Laden assassination is a good example of that.

Secondly: this story asks us believe several extraordinary and completely implausible things.

In the UK foreign spying with people is the mandate of MI6, a separate agency to GCHQ, which handles signals intelligence only. It's like the split between the CIA and the NSA. Yet in several years of Snowden reporting there has never been any mention of documents from MI6. There has in fact only been a single mention of MI6 in the GCHQ/NSA documents, and that was a joint presentation about spying on climate change conferences! So the UK government is asking us to believe that journalists like Greenwald (who hates the UK because of the holding of his partner at Heathrow) would have a large cache of documents from an entirely separate agency and yet find nothing newsworthy in them at all ..... indeed, apparently MI6 is so boring that the existence of such documents isn't even worth mentioning? Apparently the UK has never done anything even embarrassing in many years of engaging in foreign HUMINT? That stretches the bounds of credulity beyond breaking point.

But it goes on. We are asked to swallow a second utterly ridiculous idea. Apparently the Russians and Chinese suddenly got access to a wealth of information on British spies, information so detailed it allowed them to be targeted:

The newspaper quoted a senior Home Office source as saying: “Putin didn't give him asylum for nothing. His documents were encrypted but they weren't completely secure and we have now seen our agents and assets being targeted.”

What normally happens when spies are caught? Well, they are normally arrested and tried, or at minimum thrown out of the country. Yet Downing Street is telling us that there was "no evidence of anyone being harmed". In short, we're being asked to believe that Russian and Chinese counter-intelligence suddenly found themselves with information so detailed that it amounts to a brain-dump of MI6, including lists of foreign agents ...... yet they walked away from the biggest gift in counter-intel history with nothing at all. Not a single arrest, not a single trial.

That the KGB and Chinese counter-intelligence are so incompetent defies belief - indeed, it is literally unbelievable.

There's a third totally implausible thing about this story. It asks us to believe that there is a cache of encrypted Snowden documents out there .... somewhere ..... and the Russians/Chinese were both able to obtain this cache, yet they could not obtain the accompanying password. So where did this cache come from? Again, the civil service is asking us to believe something utterly stupid: "Putin didn't give him a

Re:Proof

[Runaway1956]

It isn't YET a police state. We are close, but we haven't reached the point of no return. When the US actually becomes a police state, it will become illegal to even question authority. I can still question authority without going to prison. And, that is what all the "terrorism" bullshit really is. We are some indeterminate distance from two or three laws finally being passed that permits the local prosecutors to set up a kangaroo court, declare us to be terrorists, and have us shipped off to the FEMA camps that the militia groups are so concerned with. It's one thing for the feds to do it in rare instances, and cover it up. It is quite another thing for local prosecutors to do it brazenly.

Re:Proof

[Lord+Apathy]

So the NSA keeps a list of identities of MI6 members stored where some Hawaii-based contracted sysadmin has complete access to them.

Wouldn't surprise me a bit if the did. As a system admin for over 20 years you would be surprised what you come across, what people trust you with and to do.

One bank I worked for all the terminals where secure with individual passwords, everything was secure. All but the backups. Everything was backup to tape that everyone in the IT department had access too. The backup tapes where not secure or tracked. Anyone with a IT badge could have walked in there, walked out with every customer record and it would have been weeks before it was noticed.

I was system admit at a real estate company. For years my job was to load weekly backups to a offsite location in the trunk of my car. This data contained every piece of data the company had from pay role to customer information.

One time when I was cleaning out an account for a former employee, on his unsecured home directory I came across a CSV file containing a dump of every customers account number, name, DOB, address, credit card numbers, SSN, and a lot more. If I wanted to commit a case of identity theft I could have made off like a bandit and nobody would have ever known.

Email admin. Almost every thing that goes on in a company now goes through the email system. A email admin could know more about the company than any one if he wanted too. What big deals are going down to who is sleeping with who in the office.

What it comes down to is people simply think that computers are all secure because they have no real clue how they work. The secretary at the front desk, she has no clue that her gossip is stored in plan text on a server that anyone in the IT department can read. Most CEO, CFO, BLTs, are the same way. They will email back and forth about the upcoming "big deal" they are working on.

Most people are simply ignorant on how computers really work.

Two questions need to be asked

[knightmad]

First (as stated in the summary): "Have the actions of Snowden, and, apparently, the use of weak encryption, made the world less safe?"

Second (not asked, but as important as the first): Was it worth it? Did the revelations made the world a better after the revelations?

IMO yes, it was worth it. Having secret programs authorised by secret laws and secret alliances to reduce or remove the privacy of the population as a whole for some geopolitical goal is not something that should happen in democratic countries.

Re:Two questions need to be asked

[ShanghaiBill]

"Have the actions of Snowden, and, apparently, the use of weak encryption, made the world less safe?"

Why is all the blame heaped on Snowden? What about "the actions of the NSA"? Running a massive illegal spying operation on the American people, lying about it in sworn congressional testimony, and having no effective confidential channel for whistleblowers, they deserve far more blame for this than Snowden does.

Re:Two questions need to be asked

[Pentium100]

Yea, with all the spying and wars, I am starting to have trouble seeing the difference between the USA and Russia, especially if looking at their foreign policy. Do something that either one of them dislikes and get a bomb on your head.

Re:Two questions need to be asked

[whoever57]

Of course it wasn't worth it, because your privacy is far less important than your security.

Maybe mine is, but what about members of Congress? How many members of Congress have secrets that can be used to influence votes? How many votes does it take to influence the policy of the US Government?

Let's face it, the "security threats" are vastly overblown. When teenage kids get get over airport fences we can be farly sure that terrorists are not trying.

We adults make fun of this sort of thing.

Not the real adults. Only the scared, little-minded people.

Re:Two questions need to be asked

[Fire_Wraith]

"Was it worth it?"

That's the question - not for Snowden, but for the policymakers, including both elected and career/appointed officials, that decided that it was worth discarding privacy concerns or worries that things were going too far, to the point that they finally pushed someone in their organization to blow the whistle? He wasn't even the first, either, just the biggest. Think of all the abuses we wouldn't have known about if it weren't for people like John Kiriakou or Thomas Drake, for instance. Classification of information is not meant as a shield to prevent wrongdoing from coming to light; yet that's exactly what some people try to use it as. They wring their hands and bemoan the fact that legitimate secrets were exposed in the course of bringing misconduct to light.

And yet, that is on their hands, at least in part, because if there wasn't wrongdoing covered up in the first place, I don't think any of those people would have risked ruining their lives and careers to expose things. Even if you're one of the people that thinks what was done wasn't wrong in the first place, is it really right in a democracy for that to be decided in secret? If half the country is going to be pissed off if they knew what you were up to, that should be a sign that you shouldn't just get a secret order approving it, it needs to go before a public debate.

Re:Two questions need to be asked

[Hevel-Varik]

This should not have been modded troll. It's different opinion. The support for the contention is provided. It's not the favored opinion on this website but since when does an out of favor view get down-modded her (I kid, I kid).

Seriously, you guys who mod down things you don't agree with make this site poorer than it should be.

Re:Two questions need to be asked

[Runaway1956]

More American citizens have been killed by police officers than by terrorists this year. How do you explain that? You go ahead and run around in circles, worrying about terrorists making the sky fall. I'm far more worried about what my own government is doing. Mohammed Camelbreath has to swim a couple thousand miles to poase any threat to me. The bastards in Washington merely have to pick up a telephone to fuck me over.

Re:Two questions need to be asked

[JaredOfEuropa]

See, I do not see the two as mutually exclusive. It is possible to have privacy AND security.

This is key. In fact, it's not just that they are not mutually exclusive; I think that there isn't even a strong relationship between the two. There's little or no trade-off, and having our privacy violated in the many ways it has been in the past years is not buying us a lot more security. Security is an excuse to violate our privacy. In rare, individual cases a valid one... and I fully agree that surveillance in such cases ought to be possible but require transparent laws and regulations, proper oversight, and real consequences for violations. We ought to be able to trust our government (I am Dutch by the way but the situation is largely the same), but they have shown us precious little trustworthiness in this matter. No proper rules (or any rules at all), no oversight, no punishment, and not even the basic IT smarts to keep sensitive data save. I wouldn't trust these guys with my phone number...

Snowden leaking details of operations on foreign soil along with details of domestic violations of privacy is another matter of course. But lets not forget that privacy was Snowden's motivation, and he has been rather careful in releasing snippets of information and securing the rest. Maybe he messed up with the encryption, or the capabilities of the Russian and Chinese governments proved too strong. Still worth it. And I am not at all convinced yet that Snowden's cache has indeed been cracked; the who thing is suspiciously convenient for embarrassed spy agencies.

Re:Two questions need to be asked

[cosmicaug]

cold fjord writes:

Why is all the blame heaped on Snowden?

Because he is the one that arrogantly ignored the democratic process, stole a massive store of intelligence documents, incompetently encrypted them, and made them available for friend and foe alike, and then fled to be among Americas adversaries.

I was unaware that the activities of the NSA were carried out under the auspices of the "democratic process". We live in a representative democracy. When someone like Bruce Schneier (who has access to the Snowden documents) can meet with legislators (that is, the people who are supposed to be our representatives in this democracy) and tell them what our government is doing rather than the other way around, I think it can be argued that the activities of the NSA no longer constitute part of a democratic process but rather, an arrogant ignoring of the democratic process (as you put it).

Mmm hmm.

The better question is why we're letting these agencies get away with scapegoating Snowden, just because they try to blame everything on him? It's not like they're free of any cu;pability for their actions just because some guy blew the whistle on them.

Could be a false flag...

Without confirmation, this is just as likely to be a false flag attempt to charge Snowden with something serious as it is to be an actual news story.

Nothing to hide, nothing to fear?

[inzy]

As politicos (and Google execs) repeat far too frequently, I'm sure there's nothing that sensitive there, is there? Were MI6 and CIA, etc., heaven forbid doing something bad? Golly, I hope not. We don't need encryption if we all obey the law, right?

http://www.salon.com/2013/11/0...

Propaganda

Blaming the whistleblower for revealing shady operations as an excuse for why those shady operations are no longer effective seems like an arsonist running a second by second commentary on the flaming building they set alight, all while asking for more matches and gasoline. I want to believe people are better than this, but this sort of "news" has been seen too often of late, I think.

Re:Aftermath

[inzy]

Here's the outcome of Mr Snowden's "whistleblowing":

- American IT companies are losing billions because foreign customers are scared
- Intelligence networks are fucked
- Nothing whatsoever has changed in the way government agencies spy on US citizens

  The guy should send his resume to Al Qaeda.

You missed a few:
- a semblance of transparency for US citizens in what their government is doing
- cessation of some of the programmes
- the overthrow of several dictatorships in the middle east
but hey, you keep worrying about the profits of some rich folk who hate you, that's really important
Oh yeah, and your last point was wrong

Weak encryption

[hawguy]

Too bad strong encryption wasn't available to him -- was whatever "weak encryption" he used known to the NSA as being vulnerable?

Re:Weak encryption

[cold+fjord]

Too bad strong encryption wasn't available to him -- was whatever "weak encryption" he used known to the NSA as being vulnerable?

Your post is bullshit. Snowden had AES available to him, the same encryption method authorized to encrypt TOP SECRET information for the US government. NSA wouldn't let it be used if there was a meaningful weakness for protecting TOP SECRET information.

You're looking in the wrong direction. You're looking at technology when you should be looking at Snowden's choices, among them: What was really on those laptops claimed to be "empty"? Snowden was booted from the CIA for crossing the line with his computer access and for changes in his personality. He lied and cheated to get his job at NSA. He lied while he was at NSA. When did the lying stop .... if it did?

Bankers

[hackus]

The only people I am afraid of are the western bankers who faced with a declining empire because of their lawlessness, refuse to except their loss of power and wealth and decide if they can't continue to have all of this wealth and power and all od the lawlessnes and mischief you read about in the free news on the internet.

They will destroy it.

Those are the people you should be afraid of.

Propaganda - Unless They Are Fucking Idiots

[theshowmecanuck]

Look, they've had a couple years to figure out that if Russia and China have a shit pile of encrypted files, that they are going be busy trying to crack them. So if they haven't substituted out their people (operatives in spooky talk) in the last 2 years, the people running the circus are a bunch of fucking clowns. If they didn't have alternate plans with different networks, they are incompetent. Those files only show what those agencies were doing historically at this point. Because if they are still current, the U.S. is really in trouble. The next thing you know they'll be run by creationists who don't believe in science and evolution. Or they know how to capitalize on a really arcane book of myths to keep the people occupied.

Re:Decrypted?

[Outtascope]

Or maybe the clinical stupidity of the US Government mandating backdoors in cryptography (either officially or covertly) has just been clearly illustrated. But then it would be absolutely impossible for anyone but friendly forces of the US Government to exploit such a thing, right?

I call bullshit

[msobkow]

GCHQ and the UK have been crying wolf about encryption for years. Now after all their bleating about how they can't crack encryption, they're claiming the Russians and Chinese have done it, but they couldn't?

Bullshit.

Bullshit.

Bullshit.

Re:Aftermath

[Pentium100]

- American IT companies are losing billions because foreign customers are scared

Those poor companies! They will make a few billions less after getting truckloads of money from the government to introduce backdoors in their supposed secure products. Maybe next time those companies choose to protect the privacy of their customers...

- Intelligence networks are fucked

They will be rebuilt, however, spying on citizens may be reduces somewhat.

- Nothing whatsoever has changed in the way government agencies spy on US citizens

Except that the people now now about this and can take more precautions against being spied on.

Keep the real story off the news ..

[nickweller]

Assuming this Sunday Times story is accurate, what idiot spymaster kept the real identities of active agents on a 'computer' that apparently any random IT techie had access to. I wonder if the media is trying to distract attention from that massive OPM hack.

Second OPM Hack Revealed: Even Worse Than The First

Re: Why is all the blame heaped on Snowden?

Because the media is fully controlled by our governments since its necessary to control us. Blogs and online news screwed that up temporarily, but that's mostly been fixed by having them taken over by bigger companies. As for the Guardian et al, the relevant people have been punished, and what's getting published now is being vetted first.

Back up a minute here

[sjames]

So, Russia and China just happened to crack these files at the very same time?

Further, the files Snowden took from the NSA (U.S.) exposed MI6 (UK) agents in Russia?!?

I wonder what terribly embarrassing thing was about to be published in the UK that MI6 doesn't want people paying attention to?

Re:Why did archive go beyond domestic surveillance

[Runaway1956]

I see a lot of that foreign spying as just as wrong as the domestic spying. Nations such as Germany are hosting our troops within their own borders, and we repay them with what? Spying on their internal as well as foreign affairs? We are really shitty guests when you get down to it.

How do you know?

If the thing is a lie, it could come from any of the agencies that issue lies.

How did they crack files he never took to Russia, because he feared they could beat him to get him to reveal the password? Flaw #1.

Snowden files only cover Britain now? Even the claim doesn't make sense. If they had cracked Snowden files why wouldn't the US, and other 5 eyes agencies be removing their people? Flaw #2.

Even a cursory glance says this is a lie.

Re:How do you know?

[Gr8Apes]

Anything anyone related to a spy agency says should be considered a lie until proven true. It's in their job description.

Jane, you ignorant slut ...

[CaptainDork]

... you're assuming Snowden had access to more than "need to know," and that he was far down the chain of command and somewhat removed from the atmosphere of responsibility and duty.

That doesn't sound plausible.

Oh, wait.

Manning, Pfc.

Walks in with a Lady Gaga disk and walks out with the goods.

nm