Schneier: China and Russia Almost Definitely Have the Snowden Docs

cold fjord writes: Writing at Wired, Bruce Schneier states that he believes that China and Russia actually do have the Snowden documents, but that the path by which they got them may be different than what has been reported: "... The vulnerability is not Snowden; it's everyone who has access to the files. I've handled some of the Snowden documents myself, and even though I'm a paranoid cryptographer, I know how difficult it is to maintain perfect security. It's been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it's almost certainly not enough to keep out the world's intelligence services. .... Which brings me to the second potential source of these documents to foreign intelligence agencies: the US and UK governments themselves. I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside."

Timmy!

Wow, more speculation under the guise of actual reporting. Almost definitely? Sounds like a bad romantic comedy.

If Snowden could do it, so could many, many others

[flug]

I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside.I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside.

Uh, yeah. This was obvious from the beginning. If it was that easy for Snowden to grab all of those files without anyone noticing anything until it was too late, how many other bazillions of employees, contractors, sysadmins, etc etc etc etc also had similar access.

The Chinese & Russians (and others--Brits, Israelis, what have you) are actively trying to subvert all these thousands of folks.

It's really not rocket science, or even computer science. More, do you have the right contact. With so many potential contacts it becomes almost inevitable.

And that's without even getting into technical break-ins--which also seem very, very possible given the lax security that the Snowden affair demonstrates. If Snowden can get unauthorized access to all those files, then it's possible for others to do so as well.

Slashdot headline is a disgrace

[mtrachtenberg]

Here is the key point Schneier's post makes:

"Do countries like China and Russia have copies of the Snowden documents? I believe the answer is certainly yes, but that it’s almost certainly not Snowden’s fault...I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they’ve penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades."

To headline this story without including some reference to China and Russia having penetrated NSA networks is to imply Schneier is saying Snowden provided China and Russia with information they did not have already. It is either sloppy or intentionally misleading. The headline could have been "Schneier: Chinese and Russian Spies Probably Had Snowden Docs Before Snowden."

Re:Slashdot headline is a disgrace

You expected anything better from coldfjord?

Snowden files?

[Narcogen]

"I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside."

If Russia and China had the files before Snowden took them then they are in no meaningful way "Snowden files". They are merely a set of documents that may, or may not, overlap a portion of Snowden's files. By repeating your opinion that Russia and China have them (apparently without having to decrypt them, if they received them separately from Snowden) you are bolstering the narrative that Snowden has done damage to the government and the people of the US rather than exposing the damage done by the government of the US to the people of the US and the world.

Well done, sir.

Re:Bruce Schneier the paranoid cryptographer

[dbIII]

Since they got a Hollywood set designer to do their operations room there are probably a long list of stupid failures from these toy soldiers possibly up to and including public internet connectivity and laptop misuse.
The mere fact that Snowden got so much and that there appears to be no records of how much he got shows some serious breakage.

Re:Bruce Schneier the paranoid cryptographer

[Sique]

No. That's not what he said. The only reason we know that you can take NSA documents to the outside is because Edward Snowden actually told us that he pulled this stunt, and he could prove it to us by publishing the documents he took. As I wrote back then already: Something Edward Snowden did probably has been done before but the others didn't become public with it. We don't know how many times this has happened before, and we don't know how many documents have been leaked before, and who got them. We just know that this has been possible at the time, Edward Snowden was still working at the NSA.

From a security point of view, from the moment that Edward Snowden went public you have to operate under the premise that those leaks have happened before, and that other interested parties had and still have unencrypted access to all the documents Edward Snowden took, and to other documents Edward Snowden didn't took because he either didn't knew about them or hadn't had access to them.