Report: Russia and China Crack Encrypted Snowden Files

New submitter garyisabusyguy writes with word that, according to London's Sunday Times, "Russia and China have cracked the top-secret cache of files stolen by the fugitive US whistleblower Edward Snowden, forcing MI6 to pull agents out of live operations in hostile countries, according to senior officials in Downing Street, the Home Office and the security services," and suggests this non-paywalled Reuters version, too. "MI6 has decided that it is too dangerous to operate in Russia or China," writes the submitter. "This removes intelligence capabilities that have existed throughout the Cold War, and which may have helped to prevent a 'hot' nuclear war. Have the actions of Snowden, and, apparently, the use of weak encryption, made the world less safe?"

Proof

[bl968]

I will withhold my judgement on this until they release verifiable proof. It seems like their even disclosing the fact they know if the Russians and Chinese had access would be considered a state secret.

Re:Proof

I will withhold my judgement on this until they release verifiable proof. It seems like their even disclosing the fact they know if the Russians and Chinese had access would be considered a state secret.

The timing is convenient.

I mean, last week, OPM gets pwned by $FOREIGN hax0rs. Everyone who's ever had a clearance, your SF-86 data has been compromised.

And today, out of the blue, agents (who, you know, tend to have clearances and whose real-life identities and/or cover identities may well have been compromised last week) are being pulled back, on account of ... Snowden?

The timing is *too* convenient.

Re:Proof

[knightmad]

Also it's a very interesting time. Right after they find out that the recent breach by the Chinese Government got the personnel files with information for all executive employees up to cabinet level (including the security clearance data) they reveal that the Chinese (and Russia) got secret personnel information after all via the Snowden leaks. Something seems weird about this timing.

Re:Proof

[Ly4]

It seems like their even disclosing the fact they know if the Russians and Chinese had access would be considered a state secret.
This. A thousand times this.

Did MI6 really blow sources in both China and Russia just so they could make Snowden look bad? Why would they do that?

It all sounds like the 'drained laptop' stories from early on in the Snowden saga, which turned out to be just speculation: http://publiceditor.blogs.nyti...

Re:Proof

[whoever57]

I will withhold my judgement on this until they release verifiable proof

Indeed. Does the NSA even have details of CIA operatives? Surely not, unless the NSA is spying on the CIA? In which case, WTF?

Re: Proof

[AvitarX]

Seems like of they embraced him as a citizen doing what was right, instead of sending him to Russia, things would be safer for mi6

Re:Proof

[swilly]

Your theory would work if the agents that were pulled out were American, but British agents are unlikely to have an SF-86.

Re:Proof

[KGIII]

Yet, even if this story is true and this is a negative outcome, I still feel that Snowden was a patriot of the highest order. One does not need to be supportive of the current regime to be a patriot, in fact the reverse is the seeming greatest creator of patriots. This trend began with our founding fathers, dissent is a good thing at times.

Re:Proof

[Runaway1956]

Agreed, 100%. And, I'll add that if the NSA and top government officials weren't such dickheads, Snowden probably never would have acted in the way he did. Government apologists tend to forget that a very large percentage of the NSA's spying is simply UNCONSTITUTIONAL. The NSA possesses all the tools to turn the US into a police state in short order. They are abusing those tools pretty badly. Who knows what the hell is going to happen in the next year, or ten years, if no one stands up to them now?

Partisans are quick to point out that Obama (or Bush, or Clinton, or whoever) would never do anything like that. The partisans are idiots, because THERE ARE people who would do all of that, and worse. I'm quite certain that General Alexander rationalizes how important his work is, and if he were allowed to act without fetters, he WOULD INDEED turn the US into a police state.

Re:Proof

[aralin]

USA does not need a proof! If we say something you have to trust us! We are the good guys! You hate to trust us! Why would we lie? We are always right! How do you even dare to ask for proof? Traitor. Terrorist! We are coming for you!

Re:Proof

So the NSA keeps a list of identities of MI6 members stored where some Hawaii-based contracted sysadmin has complete access to them.

And they trust him, his integrity and technical expertise enough that it takes years before they resort to action. And even then the purported reason is not that Snowden has been discovered to actually be a traitor, but rather that the technical tools even the U.S.A. had available for encryption were insufficient for guarding secrets.

If this is not a full-scale endorsement of Snowden and a thundering report of failure for U.S. intelligence politics, I don't know what is.

But more likely than not it is just a propaganda piece that the lying NSA scumbags could not be bothered to think through. But probably good enough for the American public.

Re:Proof

[FirstOne]

More than likely the Russians or Chinese figured out how to use one of the backdoors the NSA was using to hack US databases. It sure looks like the backdoor the NSA found into JUNOS(Juniper routers) using SCHOOLMONTANA, SIERRAMONTANA, STUCCOMONTANA,, would be easy pickens once they retrieved a code sample from an infected routers.

After that it's just a matter of time before they turn the tables and use that same vulnerability to hack our networks.

Re:Proof

[Sneftel]

I agree. It would, however, also have been a colossal fuckup of the highest order, on his part. Encrypting a file in a way that is effectively uncrackable even by highly funded state agencies is not difficult these days.

Given that Snowden does not seem the sort for colossal fuckups, I'm a little incredulous of the report.

Re:Proof

[Livius]

You can't affect change until you effect it.

Re:Proof

Why would current-day hackers be unable to compromise the databases Snowden had regular sysadmin access to from Hawaii? Those are online. Snowden's stashes are offline and outdated. And individual agent lists were not the kind of stuff he was interested in anyway. He did not take an omnibus dump like Manning.

This really looks like scapegoating for a current-day whale-scale fuckup nobody wants to claim responsibility for.

Re:Proof

[IamTheRealMike]

There won't be any evidence offered, because this event is almost certainly a work of fiction. A careful reading of the articles and simply thinking things through will reveal colossal, gaping holes in the story the British government is peddling.

Firstly: we know beyond doubt that this story is at least partly fictional. We know this because the anonymous government sources (i.e. civil service officials) keep contradicting each other. We see for example this quote in the Independent, "However, despite a senior government official was quoted by the paper as saying that Snowden had "blood on his hands", Downing Street confirmed that there was “no evidence of anyone being harmed” as a result of his leaks". Different versions of the same story contradicting each other is a good sign that what we're being fed is a story: things always grow in the telling, especially when we're hearing a third or fourth hand account of what happened. The way US officials contradicted each other in the wake of the bin Laden assassination is a good example of that.

Secondly: this story asks us believe several extraordinary and completely implausible things.

In the UK foreign spying with people is the mandate of MI6, a separate agency to GCHQ, which handles signals intelligence only. It's like the split between the CIA and the NSA. Yet in several years of Snowden reporting there has never been any mention of documents from MI6. There has in fact only been a single mention of MI6 in the GCHQ/NSA documents, and that was a joint presentation about spying on climate change conferences! So the UK government is asking us to believe that journalists like Greenwald (who hates the UK because of the holding of his partner at Heathrow) would have a large cache of documents from an entirely separate agency and yet find nothing newsworthy in them at all ..... indeed, apparently MI6 is so boring that the existence of such documents isn't even worth mentioning? Apparently the UK has never done anything even embarrassing in many years of engaging in foreign HUMINT? That stretches the bounds of credulity beyond breaking point.

But it goes on. We are asked to swallow a second utterly ridiculous idea. Apparently the Russians and Chinese suddenly got access to a wealth of information on British spies, information so detailed it allowed them to be targeted:

The newspaper quoted a senior Home Office source as saying: “Putin didn't give him asylum for nothing. His documents were encrypted but they weren't completely secure and we have now seen our agents and assets being targeted.”

What normally happens when spies are caught? Well, they are normally arrested and tried, or at minimum thrown out of the country. Yet Downing Street is telling us that there was "no evidence of anyone being harmed". In short, we're being asked to believe that Russian and Chinese counter-intelligence suddenly found themselves with information so detailed that it amounts to a brain-dump of MI6, including lists of foreign agents ...... yet they walked away from the biggest gift in counter-intel history with nothing at all. Not a single arrest, not a single trial.

That the KGB and Chinese counter-intelligence are so incompetent defies belief - indeed, it is literally unbelievable.

There's a third totally implausible thing about this story. It asks us to believe that there is a cache of encrypted Snowden documents out there .... somewhere ..... and the Russians/Chinese were both able to obtain this cache, yet they could not obtain the accompanying password. So where did this cache come from? Again, the civil service is asking us to believe something utterly stupid: "Putin didn't give him a

Re:Proof

[Runaway1956]

It isn't YET a police state. We are close, but we haven't reached the point of no return. When the US actually becomes a police state, it will become illegal to even question authority. I can still question authority without going to prison. And, that is what all the "terrorism" bullshit really is. We are some indeterminate distance from two or three laws finally being passed that permits the local prosecutors to set up a kangaroo court, declare us to be terrorists, and have us shipped off to the FEMA camps that the militia groups are so concerned with. It's one thing for the feds to do it in rare instances, and cover it up. It is quite another thing for local prosecutors to do it brazenly.

Re:Proof

[Lord+Apathy]

So the NSA keeps a list of identities of MI6 members stored where some Hawaii-based contracted sysadmin has complete access to them.

Wouldn't surprise me a bit if the did. As a system admin for over 20 years you would be surprised what you come across, what people trust you with and to do.

One bank I worked for all the terminals where secure with individual passwords, everything was secure. All but the backups. Everything was backup to tape that everyone in the IT department had access too. The backup tapes where not secure or tracked. Anyone with a IT badge could have walked in there, walked out with every customer record and it would have been weeks before it was noticed.

I was system admit at a real estate company. For years my job was to load weekly backups to a offsite location in the trunk of my car. This data contained every piece of data the company had from pay role to customer information.

One time when I was cleaning out an account for a former employee, on his unsecured home directory I came across a CSV file containing a dump of every customers account number, name, DOB, address, credit card numbers, SSN, and a lot more. If I wanted to commit a case of identity theft I could have made off like a bandit and nobody would have ever known.

Email admin. Almost every thing that goes on in a company now goes through the email system. A email admin could know more about the company than any one if he wanted too. What big deals are going down to who is sleeping with who in the office.

What it comes down to is people simply think that computers are all secure because they have no real clue how they work. The secretary at the front desk, she has no clue that her gossip is stored in plan text on a server that anyone in the IT department can read. Most CEO, CFO, BLTs, are the same way. They will email back and forth about the upcoming "big deal" they are working on.

Most people are simply ignorant on how computers really work.

Two questions need to be asked

[knightmad]

First (as stated in the summary): "Have the actions of Snowden, and, apparently, the use of weak encryption, made the world less safe?"

Second (not asked, but as important as the first): Was it worth it? Did the revelations made the world a better after the revelations?

IMO yes, it was worth it. Having secret programs authorised by secret laws and secret alliances to reduce or remove the privacy of the population as a whole for some geopolitical goal is not something that should happen in democratic countries.

Re:Two questions need to be asked

[ShanghaiBill]

"Have the actions of Snowden, and, apparently, the use of weak encryption, made the world less safe?"

Why is all the blame heaped on Snowden? What about "the actions of the NSA"? Running a massive illegal spying operation on the American people, lying about it in sworn congressional testimony, and having no effective confidential channel for whistleblowers, they deserve far more blame for this than Snowden does.

Re:Two questions need to be asked

[whoever57]

Of course it wasn't worth it, because your privacy is far less important than your security.

Maybe mine is, but what about members of Congress? How many members of Congress have secrets that can be used to influence votes? How many votes does it take to influence the policy of the US Government?

Let's face it, the "security threats" are vastly overblown. When teenage kids get get over airport fences we can be farly sure that terrorists are not trying.

We adults make fun of this sort of thing.

Not the real adults. Only the scared, little-minded people.

Re:Two questions need to be asked

[Fire_Wraith]

"Was it worth it?"

That's the question - not for Snowden, but for the policymakers, including both elected and career/appointed officials, that decided that it was worth discarding privacy concerns or worries that things were going too far, to the point that they finally pushed someone in their organization to blow the whistle? He wasn't even the first, either, just the biggest. Think of all the abuses we wouldn't have known about if it weren't for people like John Kiriakou or Thomas Drake, for instance. Classification of information is not meant as a shield to prevent wrongdoing from coming to light; yet that's exactly what some people try to use it as. They wring their hands and bemoan the fact that legitimate secrets were exposed in the course of bringing misconduct to light.

And yet, that is on their hands, at least in part, because if there wasn't wrongdoing covered up in the first place, I don't think any of those people would have risked ruining their lives and careers to expose things. Even if you're one of the people that thinks what was done wasn't wrong in the first place, is it really right in a democracy for that to be decided in secret? If half the country is going to be pissed off if they knew what you were up to, that should be a sign that you shouldn't just get a secret order approving it, it needs to go before a public debate.

Re:Two questions need to be asked

[Hevel-Varik]

This should not have been modded troll. It's different opinion. The support for the contention is provided. It's not the favored opinion on this website but since when does an out of favor view get down-modded her (I kid, I kid).

Seriously, you guys who mod down things you don't agree with make this site poorer than it should be.

Re:Two questions need to be asked

[KGIII]

I disagree, entirely, with everything you said but I am not sure why you are modded troll. I believe you legitimately believe what you state to be true, and I see the logic behind your view - but I disagree with your conclusions and your initial starting point. I want privacy, I will accept the lost security. I accept that people, maybe even my friends and family, may die. It is a rough world and shit happens. We, my friends and family, do not sit and worry about the potential outcomes from insecurity. We do, however, all pretty much agree that we do not want our details/data being harvested and warehoused by people who have no business with that data.

I will not sit silent while my rights are eroded to make you sleep better. I will protest and, eventually, I will leave. I am not a person you want to leave. I imagine you think that Capital Gains taxes are low. Rest assured that I paid more in taxes last year than you have paid in the last five - coupled with property taxes it may be greater than your ten year contribution. Additionally, I am vocal *and* running for the State Senate. I am actually on your side. You do not want me to leave.

See, I do not see the two as mutually exclusive. It is possible to have privacy AND security. We already have really good laws that allow this. What we are missing is a warrant, preferably in an open court though I think it is acceptable to use John Doe as the plaintiff's name. When we see something intrinsically wrong with an open and honest government then we are going to get a dishonest and closed government. When we make knee-jerk reactionary legislation we are going to get unforeseen outcomes.

We have committed some atrocities in the name of freedom as of late. When I say "we" I do mean you and I. This is not a 'royal we' or the likes. We are the government, the government is our people. We have done some horrific things but it is not too late for reparations and it is not too late for rehabilitation. I do not mean the cliché when I say this country needs an intervention. The last time we had an intervention it was some crazy bastards who smashed airplanes into people. Let us hope we can have an intervention before it reaches that point again.

We can do both of these things. We can monitor the bad guys without listening to Grandma's conversation with Aunt Betty about how it is a shame that her great-grandson will not be producing heirs because he caught the gay when he went off to that liberal college. We can have privacy while still giving up some information when we want to get on a plane - like an ID and a reasonable check for weapons. What we do not need is invasive searches for security theater or having to censor ourselves so the TLA listening in to our calls/conversations with friends do not witness our displeasure with the government. We do not need a gestapo nor do we need to insist the government can know nothing about us. Moderation is not the enemy and commonsense is not extinct.

Re:Two questions need to be asked

[JaredOfEuropa]

See, I do not see the two as mutually exclusive. It is possible to have privacy AND security.

This is key. In fact, it's not just that they are not mutually exclusive; I think that there isn't even a strong relationship between the two. There's little or no trade-off, and having our privacy violated in the many ways it has been in the past years is not buying us a lot more security. Security is an excuse to violate our privacy. In rare, individual cases a valid one... and I fully agree that surveillance in such cases ought to be possible but require transparent laws and regulations, proper oversight, and real consequences for violations. We ought to be able to trust our government (I am Dutch by the way but the situation is largely the same), but they have shown us precious little trustworthiness in this matter. No proper rules (or any rules at all), no oversight, no punishment, and not even the basic IT smarts to keep sensitive data save. I wouldn't trust these guys with my phone number...

Snowden leaking details of operations on foreign soil along with details of domestic violations of privacy is another matter of course. But lets not forget that privacy was Snowden's motivation, and he has been rather careful in releasing snippets of information and securing the rest. Maybe he messed up with the encryption, or the capabilities of the Russian and Chinese governments proved too strong. Still worth it. And I am not at all convinced yet that Snowden's cache has indeed been cracked; the who thing is suspiciously convenient for embarrassed spy agencies.

Re:Two questions need to be asked

[cosmicaug]

cold fjord writes:

Why is all the blame heaped on Snowden?

Because he is the one that arrogantly ignored the democratic process, stole a massive store of intelligence documents, incompetently encrypted them, and made them available for friend and foe alike, and then fled to be among Americas adversaries.

I was unaware that the activities of the NSA were carried out under the auspices of the "democratic process". We live in a representative democracy. When someone like Bruce Schneier (who has access to the Snowden documents) can meet with legislators (that is, the people who are supposed to be our representatives in this democracy) and tell them what our government is doing rather than the other way around, I think it can be argued that the activities of the NSA no longer constitute part of a democratic process but rather, an arrogant ignoring of the democratic process (as you put it).

Mmm hmm.

The better question is why we're letting these agencies get away with scapegoating Snowden, just because they try to blame everything on him? It's not like they're free of any cu;pability for their actions just because some guy blew the whistle on them.

Could be a false flag...

Without confirmation, this is just as likely to be a false flag attempt to charge Snowden with something serious as it is to be an actual news story.

The first question that comes to my mind

The first question that comes to my mind is, "Has anything actually been cracked?" Maybe this is all just some kind of release to make Snowden looked bad. All I know is that spying is all about lying. All I know is that I'm an American who feels compelled to be an Anonymous Coward when talking about things like this... in America, and wondering if that makes any real difference. All I know is that they, ultimately, will die just as I will die. All I know is all they know, when you reduce it down. The spy is in me, and try as I might... I cannot decipher my own secret.

Weak encryption

[hawguy]

Too bad strong encryption wasn't available to him -- was whatever "weak encryption" he used known to the NSA as being vulnerable?

Re:Weak encryption

[cold+fjord]

Too bad strong encryption wasn't available to him -- was whatever "weak encryption" he used known to the NSA as being vulnerable?

Your post is bullshit. Snowden had AES available to him, the same encryption method authorized to encrypt TOP SECRET information for the US government. NSA wouldn't let it be used if there was a meaningful weakness for protecting TOP SECRET information.

You're looking in the wrong direction. You're looking at technology when you should be looking at Snowden's choices, among them: What was really on those laptops claimed to be "empty"? Snowden was booted from the CIA for crossing the line with his computer access and for changes in his personality. He lied and cheated to get his job at NSA. He lied while he was at NSA. When did the lying stop .... if it did?

Propaganda - Unless They Are Fucking Idiots

[theshowmecanuck]

Look, they've had a couple years to figure out that if Russia and China have a shit pile of encrypted files, that they are going be busy trying to crack them. So if they haven't substituted out their people (operatives in spooky talk) in the last 2 years, the people running the circus are a bunch of fucking clowns. If they didn't have alternate plans with different networks, they are incompetent. Those files only show what those agencies were doing historically at this point. Because if they are still current, the U.S. is really in trouble. The next thing you know they'll be run by creationists who don't believe in science and evolution. Or they know how to capitalize on a really arcane book of myths to keep the people occupied.

Re:Decrypted?

[Outtascope]

Or maybe the clinical stupidity of the US Government mandating backdoors in cryptography (either officially or covertly) has just been clearly illustrated. But then it would be absolutely impossible for anyone but friendly forces of the US Government to exploit such a thing, right?

I call bullshit

[msobkow]

GCHQ and the UK have been crying wolf about encryption for years. Now after all their bleating about how they can't crack encryption, they're claiming the Russians and Chinese have done it, but they couldn't?

Bullshit.

Bullshit.

Bullshit.

Keep the real story off the news ..

[nickweller]

Assuming this Sunday Times story is accurate, what idiot spymaster kept the real identities of active agents on a 'computer' that apparently any random IT techie had access to. I wonder if the media is trying to distract attention from that massive OPM hack.

Second OPM Hack Revealed: Even Worse Than The First

Re:Propaganda

[FirstOne]

It's more likely that "Chinese hack of federal personnel files included security-clearance database" was responsible for the recall.

Snowden didn't post any files on the net.. He met his contacts in person in Hong Kong and hand delivered them (USB?) to Greenwald(reporter) and Poitras(film maker) in person. He claimed that he did not take any of NSA files on his laptops with him to Russia./P

Websites full of words

[WaffleMonster]

What I find difficult to believe:

1. Russia or China would make it known they cracked anything.

2. Western intelligence would make it known they know what Russia and China were able to do.

3. Articles which read like propaganda, provide no details and cite no specific sources.

Re:Why did archive go beyond domestic surveillance

[Runaway1956]

I see a lot of that foreign spying as just as wrong as the domestic spying. Nations such as Germany are hosting our troops within their own borders, and we repay them with what? Spying on their internal as well as foreign affairs? We are really shitty guests when you get down to it.

How do you know?

If the thing is a lie, it could come from any of the agencies that issue lies.

How did they crack files he never took to Russia, because he feared they could beat him to get him to reveal the password? Flaw #1.

Snowden files only cover Britain now? Even the claim doesn't make sense. If they had cracked Snowden files why wouldn't the US, and other 5 eyes agencies be removing their people? Flaw #2.

Even a cursory glance says this is a lie.

Re:How do you know?

[Gr8Apes]

Anything anyone related to a spy agency says should be considered a lie until proven true. It's in their job description.

Anyway

Secret agents in Russia didn't prevent a nuclear war. That's ridiculous! The decision to attack or not attack was a political decision, made by politicians in the public performance of their roles. What, we think a spy dropped something in a politician's drink to make them feel more friendly to their enemies on the day they were set to deliver the "blow them up" command? Sheesh.

Stanislav Petrov prevented a nuclear war once. And he was not a secret agent.

Greenwald's reply

[ameline]

https://firstlook.org/theinter...

Re:Greenwald's reply

[Areyoukiddingme]

What's sad about Glen Greenwald's response is what the Sunday Times will do later. Mr. Greenwald's article repeatedly uses the phrase "retraction-worthy fabrications," but the actions of the Times already indicates that we're past that now. Newspapers as propaganda arms of the UK government, in the worst traditions of Soviet Russia and East Germany during the Cold War, are now firmly entrenched.

One of the extremely few verifiable lies (as opposed to the numerous unverifiable lies) has been silently deleted from the online version of the Sunday Times. It was not retracted. It was not corrected. It was not apologized for. It just vanished. The Times claimed David Miranda was "seized at Heathrow in 2013" in possession of 58,000 NSA documents after meeting Mr. Snowden in Moscow. (Because it quoted a number, it must be true, right?) At the time, David Miranda had never been to Moscow and had never met Mr. Snowden. That blatant, verifiable lie got stuffed into the memory hole. Which improved the quality of the writing a microscopic amount. David Miranda was detained, not seized, but "seized" has a higher negative connotation rating in the thesaurus all Murdoch properties use to compose their texts and they were going for maximum negativity in this article, which is why they squeezed in the reference to David Miranda at all. Times readers were to be reminded that Glenn Greenwald is gay, so they would instantly ignore any rebuttal or response. Overreaching for the anti-gay, got caught in a lie.

Given what they did with the verifiable lie, we can readily guess that the unverifiable lies will simply stand. They will never be retracted. They will never be corrected. They will never be apologized for. The Times will maintain the blatant lies for all time, and the readers of the Times will never know they have been lied to, because the readers of the Times don't read anything else. It's Soviet propaganda at its finest. Mikhail Suslov would be proud of Rupert Murdoch.

No, it's all Snowden

[DrYak]

It was all snowden's work along!
He stole the data for the sole purpose of giving to Russia and China!
He's an evil communist traitor that needs to be put on an electric chair!

The recent breach by China are just purely coincidental!

Also there's no way that Russia would the resource and know how to obtain such data, and they had to rely on a lone consultant instead of their mighty KGB/FSB !

Re:Aftermath

[Steve+B]

You want a citation? Here's a citation:

In 2013, Reuters reported that documents released by Edward Snowden indicated that the NSA had paid RSA Security $10 million to make Dual_EC_DRBG the default in their encryption software, and raised further concerns that the algorithm might contain a backdoor for the NSA.

Re:Jane, you ignorant slut ...

[AmiMoJo]

Snowden has stated that he got access to documents and accounts at higher levels than his own access allowed by simply telling people with access that he needed their password to log in and fix something. Apparently security training at the NSA is pretty poor.