Slashdot Mirror

← Back to Stories (view on slashdot.org)

Report: Russia and China Crack Encrypted Snowden Files

Posted by timothy on from the parallel-efforts dept.

New submitter garyisabusyguy writes with word that, according to London's Sunday Times, "Russia and China have cracked the top-secret cache of files stolen by the fugitive US whistleblower Edward Snowden, forcing MI6 to pull agents out of live operations in hostile countries, according to senior officials in Downing Street, the Home Office and the security services," and suggests this non-paywalled Reuters version, too. "MI6 has decided that it is too dangerous to operate in Russia or China," writes the submitter. "This removes intelligence capabilities that have existed throughout the Cold War, and which may have helped to prevent a 'hot' nuclear war. Have the actions of Snowden, and, apparently, the use of weak encryption, made the world less safe?"

29 of 546 comments (clear)

  1. Proof by bl968 · · Score: 4, Insightful

    I will withhold my judgement on this until they release verifiable proof. It seems like their even disclosing the fact they know if the Russians and Chinese had access would be considered a state secret.

    --
    "GET / HTTP/1.0" 200 51230 "-" "Mozilla/4.0 (compatible; Setec Astronomy)"
    1. Re:Proof by Ly4 · · Score: 5, Insightful

      It seems like their even disclosing the fact they know if the Russians and Chinese had access would be considered a state secret.
      This. A thousand times this.

      Did MI6 really blow sources in both China and Russia just so they could make Snowden look bad? Why would they do that?

      It all sounds like the 'drained laptop' stories from early on in the Snowden saga, which turned out to be just speculation: http://publiceditor.blogs.nyti...

    2. Re:Proof by whoever57 · · Score: 4, Insightful

      I will withhold my judgement on this until they release verifiable proof

      Indeed. Does the NSA even have details of CIA operatives? Surely not, unless the NSA is spying on the CIA? In which case, WTF?

      --
      The real "Libtards" are the Libertarians!
    3. Re:Proof by KGIII · · Score: 5, Insightful

      Yet, even if this story is true and this is a negative outcome, I still feel that Snowden was a patriot of the highest order. One does not need to be supportive of the current regime to be a patriot, in fact the reverse is the seeming greatest creator of patriots. This trend began with our founding fathers, dissent is a good thing at times.

      --
      "So long and thanks for all the fish."
    4. Re:Proof by Anonymous Coward · · Score: 5, Insightful

      So the NSA keeps a list of identities of MI6 members stored where some Hawaii-based contracted sysadmin has complete access to them.

      And they trust him, his integrity and technical expertise enough that it takes years before they resort to action. And even then the purported reason is not that Snowden has been discovered to actually be a traitor, but rather that the technical tools even the U.S.A. had available for encryption were insufficient for guarding secrets.

      If this is not a full-scale endorsement of Snowden and a thundering report of failure for U.S. intelligence politics, I don't know what is.

      But more likely than not it is just a propaganda piece that the lying NSA scumbags could not be bothered to think through. But probably good enough for the American public.

    5. Re:Proof by FirstOne · · Score: 4, Insightful

      More than likely the Russians or Chinese figured out how to use one of the backdoors the NSA was using to hack US databases. It sure looks like the backdoor the NSA found into JUNOS(Juniper routers) using SCHOOLMONTANA, SIERRAMONTANA, STUCCOMONTANA,, would be easy pickens once they retrieved a code sample from an infected routers.

      After that it's just a matter of time before they turn the tables and use that same vulnerability to hack our networks.

    6. Re:Proof by Sneftel · · Score: 4, Insightful

      I agree. It would, however, also have been a colossal fuckup of the highest order, on his part. Encrypting a file in a way that is effectively uncrackable even by highly funded state agencies is not difficult these days.

      Given that Snowden does not seem the sort for colossal fuckups, I'm a little incredulous of the report.

      --
      The opinions stated herein do not necessarily represent those of anybody at all. Deal with it.
    7. Re:Proof by Anonymous Coward · · Score: 5, Insightful

      Why would current-day hackers be unable to compromise the databases Snowden had regular sysadmin access to from Hawaii? Those are online. Snowden's stashes are offline and outdated. And individual agent lists were not the kind of stuff he was interested in anyway. He did not take an omnibus dump like Manning.

      This really looks like scapegoating for a current-day whale-scale fuckup nobody wants to claim responsibility for.

    8. Re:Proof by IamTheRealMike · · Score: 5, Insightful

      There won't be any evidence offered, because this event is almost certainly a work of fiction. A careful reading of the articles and simply thinking things through will reveal colossal, gaping holes in the story the British government is peddling.

      Firstly: we know beyond doubt that this story is at least partly fictional. We know this because the anonymous government sources (i.e. civil service officials) keep contradicting each other. We see for example this quote in the Independent, "However, despite a senior government official was quoted by the paper as saying that Snowden had "blood on his hands", Downing Street confirmed that there was “no evidence of anyone being harmed” as a result of his leaks". Different versions of the same story contradicting each other is a good sign that what we're being fed is a story: things always grow in the telling, especially when we're hearing a third or fourth hand account of what happened. The way US officials contradicted each other in the wake of the bin Laden assassination is a good example of that.

      Secondly: this story asks us believe several extraordinary and completely implausible things.

      In the UK foreign spying with people is the mandate of MI6, a separate agency to GCHQ, which handles signals intelligence only. It's like the split between the CIA and the NSA. Yet in several years of Snowden reporting there has never been any mention of documents from MI6. There has in fact only been a single mention of MI6 in the GCHQ/NSA documents, and that was a joint presentation about spying on climate change conferences! So the UK government is asking us to believe that journalists like Greenwald (who hates the UK because of the holding of his partner at Heathrow) would have a large cache of documents from an entirely separate agency and yet find nothing newsworthy in them at all ..... indeed, apparently MI6 is so boring that the existence of such documents isn't even worth mentioning? Apparently the UK has never done anything even embarrassing in many years of engaging in foreign HUMINT? That stretches the bounds of credulity beyond breaking point.

      But it goes on. We are asked to swallow a second utterly ridiculous idea. Apparently the Russians and Chinese suddenly got access to a wealth of information on British spies, information so detailed it allowed them to be targeted:

      The newspaper quoted a senior Home Office source as saying: “Putin didn't give him asylum for nothing. His documents were encrypted but they weren't completely secure and we have now seen our agents and assets being targeted.”

      What normally happens when spies are caught? Well, they are normally arrested and tried, or at minimum thrown out of the country. Yet Downing Street is telling us that there was "no evidence of anyone being harmed". In short, we're being asked to believe that Russian and Chinese counter-intelligence suddenly found themselves with information so detailed that it amounts to a brain-dump of MI6, including lists of foreign agents ...... yet they walked away from the biggest gift in counter-intel history with nothing at all. Not a single arrest, not a single trial.

      That the KGB and Chinese counter-intelligence are so incompetent defies belief - indeed, it is literally unbelievable.

      There's a third totally implausible thing about this story. It asks us to believe that there is a cache of encrypted Snowden documents out there .... somewhere ..... and the Russians/Chinese were both able to obtain this cache, yet they could not obtain the accompanying password. So where did this cache come from? Again, the civil service is asking us to believe something utterly stupid: "Putin didn't give him a

    9. Re:Proof by Runaway1956 · · Score: 4, Insightful

      It isn't YET a police state. We are close, but we haven't reached the point of no return. When the US actually becomes a police state, it will become illegal to even question authority. I can still question authority without going to prison. And, that is what all the "terrorism" bullshit really is. We are some indeterminate distance from two or three laws finally being passed that permits the local prosecutors to set up a kangaroo court, declare us to be terrorists, and have us shipped off to the FEMA camps that the militia groups are so concerned with. It's one thing for the feds to do it in rare instances, and cover it up. It is quite another thing for local prosecutors to do it brazenly.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    10. Re:Proof by Lord+Apathy · · Score: 4, Insightful

      So the NSA keeps a list of identities of MI6 members stored where some Hawaii-based contracted sysadmin has complete access to them.

      Wouldn't surprise me a bit if the did. As a system admin for over 20 years you would be surprised what you come across, what people trust you with and to do.

      One bank I worked for all the terminals where secure with individual passwords, everything was secure. All but the backups. Everything was backup to tape that everyone in the IT department had access too. The backup tapes where not secure or tracked. Anyone with a IT badge could have walked in there, walked out with every customer record and it would have been weeks before it was noticed.

      I was system admit at a real estate company. For years my job was to load weekly backups to a offsite location in the trunk of my car. This data contained every piece of data the company had from pay role to customer information.

      One time when I was cleaning out an account for a former employee, on his unsecured home directory I came across a CSV file containing a dump of every customers account number, name, DOB, address, credit card numbers, SSN, and a lot more. If I wanted to commit a case of identity theft I could have made off like a bandit and nobody would have ever known.

      Email admin. Almost every thing that goes on in a company now goes through the email system. A email admin could know more about the company than any one if he wanted too. What big deals are going down to who is sleeping with who in the office.

      What it comes down to is people simply think that computers are all secure because they have no real clue how they work. The secretary at the front desk, she has no clue that her gossip is stored in plan text on a server that anyone in the IT department can read. Most CEO, CFO, BLTs, are the same way. They will email back and forth about the upcoming "big deal" they are working on.

      Most people are simply ignorant on how computers really work.

      --

      Supporting World Peace Through Nuclear Pacification

  2. Two questions need to be asked by knightmad · · Score: 5, Insightful

    First (as stated in the summary): "Have the actions of Snowden, and, apparently, the use of weak encryption, made the world less safe?"

    Second (not asked, but as important as the first): Was it worth it? Did the revelations made the world a better after the revelations?

    IMO yes, it was worth it. Having secret programs authorised by secret laws and secret alliances to reduce or remove the privacy of the population as a whole for some geopolitical goal is not something that should happen in democratic countries.

    1. Re:Two questions need to be asked by ShanghaiBill · · Score: 5, Insightful

      "Have the actions of Snowden, and, apparently, the use of weak encryption, made the world less safe?"

      Why is all the blame heaped on Snowden? What about "the actions of the NSA"? Running a massive illegal spying operation on the American people, lying about it in sworn congressional testimony, and having no effective confidential channel for whistleblowers, they deserve far more blame for this than Snowden does.

    2. Re:Two questions need to be asked by whoever57 · · Score: 5, Insightful

      Of course it wasn't worth it, because your privacy is far less important than your security.

      Maybe mine is, but what about members of Congress? How many members of Congress have secrets that can be used to influence votes? How many votes does it take to influence the policy of the US Government?

      Let's face it, the "security threats" are vastly overblown. When teenage kids get get over airport fences we can be farly sure that terrorists are not trying.

      We adults make fun of this sort of thing.

      Not the real adults. Only the scared, little-minded people.

      --
      The real "Libtards" are the Libertarians!
    3. Re:Two questions need to be asked by Fire_Wraith · · Score: 5, Insightful

      "Was it worth it?"

      That's the question - not for Snowden, but for the policymakers, including both elected and career/appointed officials, that decided that it was worth discarding privacy concerns or worries that things were going too far, to the point that they finally pushed someone in their organization to blow the whistle? He wasn't even the first, either, just the biggest. Think of all the abuses we wouldn't have known about if it weren't for people like John Kiriakou or Thomas Drake, for instance. Classification of information is not meant as a shield to prevent wrongdoing from coming to light; yet that's exactly what some people try to use it as. They wring their hands and bemoan the fact that legitimate secrets were exposed in the course of bringing misconduct to light.

      And yet, that is on their hands, at least in part, because if there wasn't wrongdoing covered up in the first place, I don't think any of those people would have risked ruining their lives and careers to expose things. Even if you're one of the people that thinks what was done wasn't wrong in the first place, is it really right in a democracy for that to be decided in secret? If half the country is going to be pissed off if they knew what you were up to, that should be a sign that you shouldn't just get a secret order approving it, it needs to go before a public debate.

    4. Re:Two questions need to be asked by Hevel-Varik · · Score: 5, Insightful

      This should not have been modded troll. It's different opinion. The support for the contention is provided. It's not the favored opinion on this website but since when does an out of favor view get down-modded her (I kid, I kid).

      Seriously, you guys who mod down things you don't agree with make this site poorer than it should be.

    5. Re:Two questions need to be asked by JaredOfEuropa · · Score: 4, Insightful

      See, I do not see the two as mutually exclusive. It is possible to have privacy AND security.

      This is key. In fact, it's not just that they are not mutually exclusive; I think that there isn't even a strong relationship between the two. There's little or no trade-off, and having our privacy violated in the many ways it has been in the past years is not buying us a lot more security. Security is an excuse to violate our privacy. In rare, individual cases a valid one... and I fully agree that surveillance in such cases ought to be possible but require transparent laws and regulations, proper oversight, and real consequences for violations. We ought to be able to trust our government (I am Dutch by the way but the situation is largely the same), but they have shown us precious little trustworthiness in this matter. No proper rules (or any rules at all), no oversight, no punishment, and not even the basic IT smarts to keep sensitive data save. I wouldn't trust these guys with my phone number...

      Snowden leaking details of operations on foreign soil along with details of domestic violations of privacy is another matter of course. But lets not forget that privacy was Snowden's motivation, and he has been rather careful in releasing snippets of information and securing the rest. Maybe he messed up with the encryption, or the capabilities of the Russian and Chinese governments proved too strong. Still worth it. And I am not at all convinced yet that Snowden's cache has indeed been cracked; the who thing is suspiciously convenient for embarrassed spy agencies.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    6. Re:Two questions need to be asked by cosmicaug · · Score: 4, Insightful

      cold fjord writes:

      Why is all the blame heaped on Snowden?

      Because he is the one that arrogantly ignored the democratic process, stole a massive store of intelligence documents, incompetently encrypted them, and made them available for friend and foe alike, and then fled to be among Americas adversaries.

      I was unaware that the activities of the NSA were carried out under the auspices of the "democratic process". We live in a representative democracy. When someone like Bruce Schneier (who has access to the Snowden documents) can meet with legislators (that is, the people who are supposed to be our representatives in this democracy) and tell them what our government is doing rather than the other way around, I think it can be argued that the activities of the NSA no longer constitute part of a democratic process but rather, an arrogant ignoring of the democratic process (as you put it).

  3. Mmm hmm. by Anonymous Coward · · Score: 5, Insightful

    The better question is why we're letting these agencies get away with scapegoating Snowden, just because they try to blame everything on him? It's not like they're free of any cu;pability for their actions just because some guy blew the whistle on them.

  4. Could be a false flag... by Anonymous Coward · · Score: 4, Insightful

    Without confirmation, this is just as likely to be a false flag attempt to charge Snowden with something serious as it is to be an actual news story.

  5. Weak encryption by hawguy · · Score: 4, Insightful

    Too bad strong encryption wasn't available to him -- was whatever "weak encryption" he used known to the NSA as being vulnerable?

    1. Re:Weak encryption by cold+fjord · · Score: 4, Insightful

      Too bad strong encryption wasn't available to him -- was whatever "weak encryption" he used known to the NSA as being vulnerable?

      Your post is bullshit. Snowden had AES available to him, the same encryption method authorized to encrypt TOP SECRET information for the US government. NSA wouldn't let it be used if there was a meaningful weakness for protecting TOP SECRET information.

      You're looking in the wrong direction. You're looking at technology when you should be looking at Snowden's choices, among them: What was really on those laptops claimed to be "empty"? Snowden was booted from the CIA for crossing the line with his computer access and for changes in his personality. He lied and cheated to get his job at NSA. He lied while he was at NSA. When did the lying stop .... if it did?

      --
      much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
  6. Propaganda - Unless They Are Fucking Idiots by theshowmecanuck · · Score: 5, Insightful

    Look, they've had a couple years to figure out that if Russia and China have a shit pile of encrypted files, that they are going be busy trying to crack them. So if they haven't substituted out their people (operatives in spooky talk) in the last 2 years, the people running the circus are a bunch of fucking clowns. If they didn't have alternate plans with different networks, they are incompetent. Those files only show what those agencies were doing historically at this point. Because if they are still current, the U.S. is really in trouble. The next thing you know they'll be run by creationists who don't believe in science and evolution. Or they know how to capitalize on a really arcane book of myths to keep the people occupied.

    --
    -- I ignore anonymous replies to my comments and postings.
  7. Re:Decrypted? by Outtascope · · Score: 4, Insightful

    Or maybe the clinical stupidity of the US Government mandating backdoors in cryptography (either officially or covertly) has just been clearly illustrated. But then it would be absolutely impossible for anyone but friendly forces of the US Government to exploit such a thing, right?

  8. I call bullshit by msobkow · · Score: 5, Insightful

    GCHQ and the UK have been crying wolf about encryption for years. Now after all their bleating about how they can't crack encryption, they're claiming the Russians and Chinese have done it, but they couldn't?

    Bullshit.

    Bullshit.

    Bullshit.

    --
    I do not fail; I succeed at finding out what does not work.
  9. Keep the real story off the news .. by nickweller · · Score: 5, Insightful

    Assuming this Sunday Times story is accurate, what idiot spymaster kept the real identities of active agents on a 'computer' that apparently any random IT techie had access to. I wonder if the media is trying to distract attention from that massive OPM hack.

    Second OPM Hack Revealed: Even Worse Than The First

  10. Re:Why did archive go beyond domestic surveillance by Runaway1956 · · Score: 4, Insightful

    I see a lot of that foreign spying as just as wrong as the domestic spying. Nations such as Germany are hosting our troops within their own borders, and we repay them with what? Spying on their internal as well as foreign affairs? We are really shitty guests when you get down to it.

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  11. How do you know? by Anonymous Coward · · Score: 4, Insightful

    If the thing is a lie, it could come from any of the agencies that issue lies.

    How did they crack files he never took to Russia, because he feared they could beat him to get him to reveal the password? Flaw #1.

    Snowden files only cover Britain now? Even the claim doesn't make sense. If they had cracked Snowden files why wouldn't the US, and other 5 eyes agencies be removing their people? Flaw #2.

    Even a cursory glance says this is a lie.

    1. Re:How do you know? by Gr8Apes · · Score: 5, Insightful

      Anything anyone related to a spy agency says should be considered a lie until proven true. It's in their job description.

      --
      The cesspool just got a check and balance.