Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Military Will Soon Begin Testing NSA's New, Post-Snowden Security Measures (dailydot.com)

Posted by samzenpus on from the knocking-on-the-wall dept.

Patrick O'Neill writes: The U.S. military will closely review the NSA's security measures as concerns mount that foreign adversaries and independent hackers are targeting the American government in cyberspace. "We will determine whether National Security Agency processes and technical controls are effective to limit privileged access to National Security Agency systems and data and to monitor privileged user actions for unauthorized or inappropriate activity," Carol Gorman, the Pentagon's assistant inspector general, wrote in the letter.

30 of 72 comments (clear)

  1. Post-Snowden NSA by DrYak · · Score: 5, Insightful

    Indeed, if a lone consultant like E. Snowden could pull such a leak, one can imagine what entities with far more resources and know-how (like the Russian FSB / former KGB) have been doing for years.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
    1. Re:Post-Snowden NSA by Anonymous Coward · · Score: 1

      NSA motto: "In God We Trust, Everyone Else We Polygraph"

    2. Re:Post-Snowden NSA by Anonymous Coward · · Score: 3, Interesting

      No, to stop someone like Snowden you don't need an absolute dictatorship. You need to restrict access to systems so that employees only have access to the things they need. You have to create an environment of professionalism where people don't share passwords. You monitor access logs. You know, the things that competent corporate IT usually does already.

      To stop someone like Snowden you just have to have adopted best practices (like the Real World) uses instead of a cowboy attitude towards security (like the NSA).

    3. Re:Post-Snowden NSA by Anonymous Coward · · Score: 1

      Besides being a patriot who cares about civil liberties and the NSA following its charter to monitor *foreign* intelligence, not *domestic* intelligence, of course. Yes, people who actually follow the legal and ethical guidelines of the work you hire them for are always a risk to entrenched bureaucracies.

      Hey, wait, I know! Maybe if the NSA focused on intelligence data, instead of all private communications in the whole world, they'd have a bit more focus and could do a better job! But oh, wait, that would reduce the scope of the budgets of their project planners. Never mind....

    4. Re:Post-Snowden NSA by shawn2772 · · Score: 5, Insightful

      No, to stop someone like Snowden you don't need an absolute dictatorship. You need to restrict access to systems so that employees only have access to the things they need.

      That won't work if you're doing things that are morally outrageous, because employees that need access do need access, and if one of them develops a conscience there's no way you can stop them from sharing the information. With draconian measures you can make it hard for them to extract solid proof, but that's all you can do, and that's very hard.

      You know, the things that competent corporate IT usually does already.

      LOL. In 20 years in the business, what I've seen is that almost no corporate IT departments are competent to secure their own data.

    5. Re:Post-Snowden NSA by penguinoid · · Score: 4, Insightful

      Personally, I'm totally Snowden-proof, and I don't have a fraction of the resources of the NSA. To stop someone like Snowden, all you need to do is stop committing tons and tons of crimes.

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    6. Re:Post-Snowden NSA by Impy+the+Impiuos+Imp · · Score: 1

      Worse than those with a conscience are whose with righteous fury for their own political side. It is trivial to insert an operative amone the thousands of agents with this access, who can report back to their politician boss on their opponents' strategy and network and planning.

      With little more than a check box of getting a warrant, and not even that for much of it that is still valuable, there are no technological barriers or even logging for later review by electrd officials.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    7. Re:Post-Snowden NSA by vux984 · · Score: 3, Informative

      Whoosh.

      You missed his point entirely.

      a) His point is Snowden wouldn't compromise his trust in the first place, because he's not committing and concealing tons of crimes.

      b) His point is that even if Snowden did compromise him, and leaked his activities... well ... it would be an uninteresting list that practically nobody would care about it.

      As he said, he is *SNOWDEN* proof. He is not *hacker proof*.

    8. Re:Post-Snowden NSA by nine-times · · Score: 2

      It's easier for someone without those "resources" to do such a thing because they can't be picked out from the crowd. Snowden didn't have any red flags in his life to be singled out...

      Right, Snowden didn't have any huge red flags indicating that he was a security concern. Whereas Russia always makes sure their spies are very clearly spies and have tons of red flags indicating that.

      ... making any to match him would mean not trusting anyone. To stop someone like him you'd have to live in an absolute dictatorship with censored media and summary executions.

      Here's the interesting thing, though: you're talking about a security agency that taps our phone calls and reads our emails because they don't trust anyone. So what are they doing trusting people? How did some random independent contractor have so much access and so little oversight that he could pull all of this information without raising red flags? And if they aren't able to secure all this information, they maybe they shouldn't be creating and consolidating it all into a single easy-to-search system.

      The most ironic part of your post is the suggestion that there needs to be an oppressive regime in order to stop Snowden, but Snowden did what he did in response to what he considered to be dangerous, corrupt, and potentially oppressive behavior by the government. You don't need a dictatorship to stop Snowden, but you need an open and free society to prevent Snowden from becoming a thing. To stop him, you just need to stop giving random people full admin access to your super-secret nefarious surveillance systems.

    9. Re:Post-Snowden NSA by k6mfw · · Score: 1

      You know, the things that competent corporate IT usually does already.

      But do they? All these hack jobs could have prevented if they didn't shortcut proper IT procedures and budget.

      --
      mfwright@batnet.com
    10. Re:Post-Snowden NSA by david_thornley · · Score: 1

      Exactly what were Snowden's motives? Would he have done all that if he didn't believe the NSA was committing what he thought were crimes? Did he actually believe they were crimes? (The NSA actions are not unequivocally crimes.) Why did he release documents that embarrassed the US that just showed the NSA was doing its job?

      There's stuff on my system that I really don't want anyone else getting hold of, including some banking and tax information. Someone who broke in would find no evidence of crime, but stuff that would seriously inconvenience me if leaked.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    11. Re:Post-Snowden NSA by david_thornley · · Score: 1

      First, I don't see that they have definitely committed crimes. Some of that stuff is a matter of interpretation, and while I don't buy the NSA's interpretation I'm not the final authority here.

      Second, nobody is literally trying to shoot Snowden. He's wanted to stand trial and almost certainly be convicted and spend a lot of time in prison.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    12. Re: Post-Snowden NSA by k6mfw · · Score: 1

      I was referring to general IT support in a company that gets short-cut to save money and then people from outside can hack in easier because proper measures/procedures were not implemented. i.e. someone gets all the names, SSN, credit card numbers from company's files.

      --
      mfwright@batnet.com
    13. Re:Post-Snowden NSA by cold+fjord · · Score: 1

      Exactly what were Snowden's motives?

      That would probably have been clearer if you would have had a seat at the pizza party he had at the Russian embassy in Hong Kong for his birthday.

      Why did he release documents that embarrassed the US that just showed the NSA was doing its job?

      Because it rendered some of those methods useless while causing diplomatic problems for the US and the NATO alliance. It is the sort of thing that someone schooled in the Soviet school of political warfare might do. Funny that Snowden is being guarded by the FSB, formerly known as the KGB, and his Russian lawyer is on the public committee for the FSB and a friend of former KGB officer and current Russian president Putin. I suppose it could all be a coincidence.

      Snowden's history shows that he was disaffected long before taking the job as an NSA contractor. I hear that the disaffected are sometimes recruited by foreign intelligence services.

      --
      much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
    14. Re:Post-Snowden NSA by Uberbah · · Score: 1

      The NSA actions are not unequivocally crimes.

      Then you are willfully ignorant of the 4th Amendment. Unequivocally.

    15. Re:Post-Snowden NSA by cold+fjord · · Score: 1

      Have you ever looked into the case of Kim Philby?

      --
      much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
    16. Re:Post-Snowden NSA by cold+fjord · · Score: 1

      Much as most people here are willfully ignorant of Article II of the Constitution, its jurisprudence, and the scope of the 4th Amendment.

      --
      much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
    17. Re:Post-Snowden NSA by david_thornley · · Score: 1

      I am well aware of the Fourth, and have thought about this quite a bit, so I'm neither ignorant nor willfully so. I could be wrong.

      I'm not saying they're not crimes. I'm saying that they are not unequivocally crimes. A lot of this depends on interpreting the law.

      The Fourth mentions searches. What is a search? Back then, it was simple: somebody searching your papers would go through them, reading them, and looking for something presumably specified by a warrant. Nowadays, what is it? Is automatic collection of emails a search, if no human sees them and no program checks them for anything, unless a warrant is issued? It wouldn't affect you. If a human looked at it, or if a program flagged one of your emails for something (logical fallacy, bad grammar, bad spelling), it could. It isn't clear that storing it is a search.

      The NSA has lawyers, and its own legal interpretations. I disagree with them, but I can't just brush them aside. There is a branch of government devoted to, among other things, interpreting written law, and that is the judiciary. They can make bad decisions, but they are the ones who make those decisions. As long as there is a legal interpretation that says X is not a crime, it isn't necessarily one until the courts rule.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  2. Errr...thanks? by geekmux · · Score: 1

    "...We will determine whether National Security Agency processes and technical controls are effective to limit privileged access to National Security Agency systems and data and to monitor privileged user actions for unauthorized or inappropriate activity," Carol Gorman, the Pentagon's assistant inspector general...

    Well, nothing like starting this investigation in a timely manner. After all, by government definition the information that was leaked over two years ago only caused "exceptionally grave damage" to national security.

    I suppose it's about time they got around to checking out the security controls...

    1. Re:Errr...thanks? by gtall · · Score: 2

      Yep, coming up with new security controls, testing them internally for coverage, re-engineering them for holes should take...what...about an afternoon for you?

    2. Re:Errr...thanks? by internerdj · · Score: 3, Insightful

      Welcome to the US. When something needs to be done politically then today is too late. Doing it correctly is never as important as doing something now. If we go through the proper process, the voters won't remember why it was a political success.

  3. As Mr. Franklin said... by olsmeister · · Score: 5, Insightful

    Three people can keep a secret... if two of them are dead.

  4. Who is Going to Check up on the Military by Anonymous Coward · · Score: 1

    The military needs to worry about getting its own house in order. Private Manning was given access to a wide range of documents for no apparent purpose and the military only discovered he had abused that access when the the documents showed up on Wikileaks. Likewise they "caught" Snowden only because he made the documents public. We have no way of knowing who else leaked information or who they leaked it to. There is no reason to believe the US government is capable of keeping data secure, that includes the private data they are collecting on everyone.

    1. Re:Who is Going to Check up on the Military by PPH · · Score: 1

      The Seattle Public Utilities - Recycling Division of course.

      You watch our grease, we'll watch your network.

      --
      Have gnu, will travel.
  5. No it was a Black Hoodie by laurencetux · · Score: 2, Funny

    he normally wore a Black hoodie with a parody NSA logo done by the EFF

    and kept a copy of the constitution ON HIS DESK

    and nobody thought to check if this guy was going "Off The Rez"??

    1. Re:No it was a Black Hoodie by Anonymous Coward · · Score: 1

      Yeah. What an asshole. How dare he mock a US government agency that is breaking a number of laws and, in doing so, undermining core American values. And a constitution? No real American would want anything to do with that! I can't think of any reason that someone working for the US government would poses a copy of the constitution. Clearly he's a terrorist.

  6. Here we go again by monkaru · · Score: 1

    "and to monitor privileged user actions for unauthorized or inappropriate activity" Wouldn't that require "backdooring" privileged user accounts? I doubt normal administrative monitoring would warrant mention as something new, unless, the statement is just political puff 'n' stuff..

  7. I found an image of it! by Lumpy · · Score: 1

    https://bossip.files.wordpress...

    It's their new system that is hacker proof. Every person using a military computer will have one of these with them

    --
    Do not look at laser with remaining good eye.
  8. So what has Special Ed has done that's wrong? by iq145 · · Score: 1

    1) Theft 2) False credentials 3) Tampering with national security 4) Placing all Americans at risk 5) International flight 6) Traveling on a voided passport 7) Bartering with items/information he doesn't legally own nor has personally created 8) Terroristic threats 9) Unethical treatment toward his employer 10) Misrepresentation 11) Perjury/breach of oath 12) Dereliction of duty 13) Failure to follow orders. 14) Impersonation of known government officials/identity theft. He's also flirting with, in fact, trying to set up the two main offenses: A) Assisting foreign powers B) Aiding the enemy. Sure, the Constitution guarantees the freedom to share more information in the public, and the right to free speech is great... but NOT when it will cause a danger to National Security. The info Snowjob likely possesses is probably EXACTLY the kind of stuff al Qaeda wants leaked out so they can learn better of how to successfully find ways to kill Americans at will. Not to mention, maybe names and locations of counter-terrorism spies that the U.S. has out in the field infiltrating the ranks of those would-be murderers. People want to complain about the NSA and allegedly "spying" on them, but then they'll also complain about not feeling the government is doing enough to protect them from al Qaeda! The NSA is not "hiding" anything, but they'll be truly ineffective if EVERYONE knows what they're working on. They're not interested in photos of your baby or mom's recipes. Has NOBODY stopped for a moment and asked "why" the NSA has been doing what they're doing? Did people think the authorities use magic to uncover terrorist plots? Which would you prefer, "spying" on you or terrorism on you? Snowflake did what he did for the fame (for the escape from obscurity that everyone wants... although most average people simply use Facebook). http://www.newser.com/story/17...

    1. Re:So what has Special Ed has done that's wrong? by RespekMyAthorati · · Score: 1

      The "founding fathers" of the U.S. were also traitors ... to their sovereign lord, King George.