Schneier: China and Russia Almost Definitely Have the Snowden Docs
cold fjord writes: Writing at Wired, Bruce Schneier states that he believes that China and Russia actually do have the Snowden documents, but that the path by which they got them may be different than what has been reported: "... The vulnerability is not Snowden; it's everyone who has access to the files. I've handled some of the Snowden documents myself, and even though I'm a paranoid cryptographer, I know how difficult it is to maintain perfect security. It's been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it's almost certainly not enough to keep out the world's intelligence services. .... Which brings me to the second potential source of these documents to foreign intelligence agencies: the US and UK governments themselves. I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside."
Give up on the conspiracy bullshit. He is just trying to excuse what Snowden did. Snowden had physical access to the network and still had to social engineer passwords.
It's a bit naive to think that professional foreign intelligence spies don't have the same access a low level NSA contractor does. There are clearly no safeguards against copying anything you want and walking away with it. That's not conjecture; we have direct evidence how easy it is. The only difference is actual spies know enough to keep their mouths shut about how ineffectual and incompetent US security is.
They are probaly on machines that accessed by other machines that may either permenatly or tempoarily connected to the internet. You can build malware that could be used to infect a laptop that waits until it is connected to an internal network and then grabs files for later transmission when its reconnected to the internet.
Remember that the incompetance of any goverment agency is dependant on its weakest link and tends to infinity..
In fact snowden may have inadvertantly given them cover, now they can act on the intelligence in the files they stole from the NSA directly without revealing that they powned the NSA networks because the world thinks that snowden did it.
Snowden had physical access to the network and still had to social engineer passwords.
Anyone who thinks Snowden is the first and only person who had the access, ability, and inclination to take the data he took is as high as a fucking kite.
Or just stupid.
Snowden is just the only one who went public.
If you had been reading Bruce's posts over the last few months you'd know that there is definitely at least one other NSA leaker. As to other leakage (other than to the media) - that is the main thing that the NSA is scrambling to divert everyone's attention from. The fact that so many companies have been tasked with gathering and processing the material (not just meta-data) that FiveEyes gather - given that it's impossible to stop them using that information to advance their own corporate interests. That and the fact that a NSA core mission is to protect the economic dominance of the USA - not just "from terrorism".
Much like The US/UK let friendly ships be sunk to prevent it from being known that they had broken Enigma. With the knowledge it was broken elsewhere, they can claim they broke into the Snowden files, not the NSA files, when the reality is the opposite.
Learn to love Alaska
One of the things that came out of the Manning leak was that an oil company operating in Nigeria already had that opinion and was very reluctant to share confidential information with US agencies.