Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schneier: China and Russia Almost Definitely Have the Snowden Docs

Posted by timothy on from the branching-paths dept.

cold fjord writes: Writing at Wired, Bruce Schneier states that he believes that China and Russia actually do have the Snowden documents, but that the path by which they got them may be different than what has been reported: "... The vulnerability is not Snowden; it's everyone who has access to the files. I've handled some of the Snowden documents myself, and even though I'm a paranoid cryptographer, I know how difficult it is to maintain perfect security. It's been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it's almost certainly not enough to keep out the world's intelligence services. .... Which brings me to the second potential source of these documents to foreign intelligence agencies: the US and UK governments themselves. I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside."

11 of 157 comments (clear)

  1. Oh Bullshit! by rfengr · · Score: 1, Interesting

    Give up on the conspiracy bullshit. He is just trying to excuse what Snowden did. Snowden had physical access to the network and still had to social engineer passwords.

    1. Re:Oh Bullshit! by dcollins117 · · Score: 5, Interesting

      Give up on the conspiracy bullshit. He is just trying to excuse what Snowden did. Snowden had physical access to the network and still had to social engineer passwords.

      It's a bit naive to think that professional foreign intelligence spies don't have the same access a low level NSA contractor does. There are clearly no safeguards against copying anything you want and walking away with it. That's not conjecture; we have direct evidence how easy it is. The only difference is actual spies know enough to keep their mouths shut about how ineffectual and incompetent US security is.

    2. Re: Oh Bullshit! by Demonoid-Penguin · · Score: 5, Interesting

      Snowden had physical access to the network and still had to social engineer passwords.

      Anyone who thinks Snowden is the first and only person who had the access, ability, and inclination to take the data he took is as high as a fucking kite.

      Or just stupid.

      Snowden is just the only one who went public.

      If you had been reading Bruce's posts over the last few months you'd know that there is definitely at least one other NSA leaker. As to other leakage (other than to the media) - that is the main thing that the NSA is scrambling to divert everyone's attention from. The fact that so many companies have been tasked with gathering and processing the material (not just meta-data) that FiveEyes gather - given that it's impossible to stop them using that information to advance their own corporate interests. That and the fact that a NSA core mission is to protect the economic dominance of the USA - not just "from terrorism".

  2. typewriters by Anonymous Coward · · Score: 2, Interesting

    Years ago there was story about Russian intelligence services using typewriters and putting sensitive data on paper documents to avoid digital security breeches.

    Very clever, these Russians.

  3. Re:Bruce Schneier the paranoid cryptographer by Anonymous Coward · · Score: 2, Interesting

    "I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside."

    As a computer security professional I would be most interested in your thoughts on what were these files even doing on these networked computers

    These files were not on Internet connected machines. The computers in question were networked on an isolated network called JWICS which is air-gapped from the Internet. Schneier isn't saying Russia and China hacked into them in the traditional sense, he is saying they were hacked via a mole (same way Snowden did) or via a technical means like a computer with a hidden transceiver that gets installed on the network, thereby giving access to the foreign power.

  4. Re:Bruce Schneier the paranoid cryptographer by tshawkins · · Score: 4, Interesting

    They are probaly on machines that accessed by other machines that may either permenatly or tempoarily connected to the internet. You can build malware that could be used to infect a laptop that waits until it is connected to an internal network and then grabs files for later transmission when its reconnected to the internet.

    Remember that the incompetance of any goverment agency is dependant on its weakest link and tends to infinity..

  5. Re:If Snowden could do it, so could many, many oth by tshawkins · · Score: 4, Interesting

    In fact snowden may have inadvertantly given them cover, now they can act on the intelligence in the files they stole from the NSA directly without revealing that they powned the NSA networks because the world thinks that snowden did it.

  6. Re:If Snowden could do it, so could many, many oth by AK+Marc · · Score: 4, Interesting

    Much like The US/UK let friendly ships be sunk to prevent it from being known that they had broken Enigma. With the knowledge it was broken elsewhere, they can claim they broke into the Snowden files, not the NSA files, when the reality is the opposite.

    --
    Learn to love Alaska
  7. Re: If Snowden could do it, so could many, many ot by tshawkins · · Score: 2, Interesting

    There was no suggestion he was a problem, in fact i belive he is a hero too, i was just pointing out that other goverment actors may not be using him or the people with access to his trove as a source of inteligence, but as cover for activities they have already undertaken, as bruce has implied.

  8. Re:Bruce Schneier the paranoid cryptographer by dbIII · · Score: 4, Interesting

    that means the agency that spies on everybody and keeps a file on everybody cannot keep the data is gathers secure

    One of the things that came out of the Manning leak was that an oil company operating in Nigeria already had that opinion and was very reluctant to share confidential information with US agencies.

  9. Two layers of propaganda by tinkerton · · Score: 2, Interesting

    It's useful to keep in mind there's two layers to the Snowden-betrayal array of claims.
    - There's the claims that he did damage.
    - there's the underlaying claim that this proves that he did wrong.

    In fact whenever a whistleblower comes out, there will be some damage in some areas. The same applies to journalism. Whenever you expose wrongdoings or questionable practices from those in charge it can be argued this helps the enemy, even if only by tarring the image of the government. But I think the main point is, it should be considered an acceptable cost of transparency of governance. Transparency has been embedded in the US constitution 200 years ago for a reason. Mostly, those accusing Snowden don't understand that reason, or see no reason to bother with it. Transparency means that to some extent the governing still represent the governed(although you need to close the feedbackloop to really achieve that).

    So yes, I think the claims that Snowden damaged the US foreign policy are wildly out of proportion, but I also think that as long as some precautions were taken to limit damage done, then it's acceptable. That should be the general attitude towards whistleblowers: that some damage due to disclosures is acceptable, worth it.