Prosecutors Say Contractor Stole 50 Terabytes of NSA Data

An NSA contractor siphoned off dozens of hard drives' worth of data from government computers over two decades, prosecutors will allege on Friday. From a ZDNet report: The contractor, Harold T. Martin III, is also accused of stealing thousands of highly classified documents, computers, and other storage devices during his tenure at the agency. It's not known exactly what Martin allegedly stole, but a report from The New York Times on Wednesday suggests that the recently-leaked hacking tools used by the agency to conduct surveillance were among the stolen cache of files. Prosecutors will on Friday charge Martin with violating the Espionage Act. If convicted, he could face ten years in prison on each count. The charges, news of which was first reported by The Washington Post, outline a far deeper case than first thought, compared to the felony theft and a lesser misdemeanor charge of removal and retention of classified information revealed in an unsealed indictment last month.

Are you sure?

Are you sure it's not the Russian spies who did it? They seem to be responsible for just about everything lately...

Re: Are you sure?

Russian spies, Chinese spies, Israeli spies, patriotic American whistleblowers, American thieves with unknown motivations, careless NSA operatives, five-eyes allies (and all their Russian spies, Chinese spies etc), they all have access. Don't worry though, your data is safe with us.

Re:Are you sure?

[K.+S.+Kyosuke]

Ssssh, his real name is Garold Timofeyevich Martinov...

Re: Are you sure?

Wait, he had top secret files on a personal storage device? Sounds familiar....

Re:Are you sure?

No, his real name is Angelikova Merkela, the best operative of Putin. She fucks up Europe for him, so that he can do whatever he pleases.

What the hey, no SI units?

Why do they obfuscate the essential measures of information to fool the sheeple?

It's 3.33 Libraries of Congress.

Why..

Is it so darn EASY to get this so called secret data?

It seems everybody who works for the NSA these days is stealing data illicitly.

Re:Why..

Because contracting experts is always better than raising your own staff

Cognizant / IBM / HP / CGI told me so!

Oh brother

[Noryungi]

First there was Snowden, now this.

50TB of data stolen? OK, so they caught the guy, but, if he had been a bit less greedy, perhaps he would have gotten away with it.

Seriously, how can anyone trust the NSA to do the right thing (respect human rights, rule of law, due process, yadda yadda yadda) after these two... ahem... "incidents" is beyond me. Is everyone asleep at the wheel at Fort Meade?

And here is something even more disturbing: if a contractor can do this, what makes you think other people at NSA can't do this, for, you know... "fun" and profit?

Quis custodiet ipsos custodes?

Re:Oh brother

This poor bastard is screwed. I imagine they'd charge him with espionage if he had just walked out with a paperclip. He's got no chance at all.

CAPTCHA: effigy

Re:Oh brother

[MachineShedFred]

He should have moved all that classified data through a private email server, then it would just be considered careless with no charges brought forward.

Re:Oh brother

[Kierthos]

Well, he supposedly did this over the course of 20 years. However....

That actually means the problem is worse. How, over the course of 20 years, did no one notice this? I mean, let's say he had two week's vacation every year, he's still absconding with 50 Gigs of data a week for 20 years. (On average, and assuming that the 50 Terabyte estimate is accurate.)

Okay, sure you can get a cheap USB drive that has 128 or 256 Gigs of space on it, but 20 years ago? A shitload of ZIP disks? Physically removing the hard drives?

And the sad thing is, probably half the people who should have caught this have already retired.

Re:Oh brother

[Kierthos]

I mean, most likely, as larger storage media became commercially available, he probably stepped up his game. I can't imagine how you could sneak 50 ZIP disks in and out of an NSA facility weekly and not get caught much sooner.

Re:Oh brother

[HBI]

It's not a casino, no one is wearing pocketless clothes.

Re:Oh brother

Stolen? Nope. "Caught" the guy? Nope.

Did they create a story and find a fall guy? Yes.

Re: Oh brother

Yes, everyone is asleep at the wheel when it comes to insider threats.

Re:Oh brother

[PopeRatzo]

I can't imagine how you could sneak 50 ZIP disks in and out of an NSA facility weekly and not get caught much sooner.

He smuggled Bernoulli disks hidden out of the NSA in his rectum. And before you say it, yes it nearly killed him.

Re:Oh brother

[TykeClone]

There was no intent!

Re:Oh brother

You forgot step 2; kill off anyone that might be willing to carry out their judicial responsibilities against him so that "no reasonable prosecutor" would bring charges.

Re:Oh brother

[king+neckbeard]

It's probably because the NSA has likely had a 'vacuum everything up' approach for its entire existence. If they've always got more data than they can sort through, it's going to be easy to sneak something out. The NSA probably scoops up that much data in a day.

Re:Oh brother

Is everyone asleep at the wheel at Fort Meade?

It's still impractical to physically search thousands of individuals each day as they pass through a myriad of security checkpoints multiple times per day.

Re:Oh brother

[Narcocide]

That's the whole problem here. It should have been apparent to everyone, a long time ago already now, that all of the NSA's fear-mongering self justifications are transparently obviously the excuses of the actual villains they claim to be protecting us from, and the NSA was only ever about creating excuses and situations for these types of breaches to take place. Anyone who thinks otherwise is hopelessly naive and probably unwittingly being victimized daily by identity harvesters.

Re:Oh brother

[bongey]

Guy on the internet thinks classified leaks is a new problem. News at 11. https://en.wikipedia.org/wiki/...

Re:Oh brother

[Xenographic]

> He smuggled Bernoulli disks hidden out of the NSA in his rectum. And before you say it, yes it nearly killed him.

Someone should send them a tip to check out Mr. Goatse as a potential accomplice.

Re:Oh brother

[SumDog]

And you know what, we have no idea if this guy even is the ShadowBrokeer. All the "evidence" is totally classified for national security purposes. This guy might totally be railroaded. Hell, this guy may not even exist! This might be a whole media campaign just to keep the fear going. We really have no fucking idea.

Re:Oh brother

[WhiplashII]

No, he should be fine. I hear Hillary! is representing him.

Re:Oh brother

Do the right thing? They are a FUCKING SHADOW AGENCY. Its their mandate to SPY

Re:Oh brother

[rtb61]

Did if for twenty years, without getting caught. Than that data was going from one supposedly secure location to another actually secure location. For that period of time without getting busted, very likely a corporate spy and at a guess they were paid by their own corporation to steal that information from the US government for analysis by the multi-national corporation executive team and that corporation was using additional contractors to cover up any accidental exposure, so they are very likely looking for more than one player, over that time probably at least five, with direct executive involvement in those actions (there had to be real motivation to keep on taking that risk over that extended period of time, something like a tax haven retirement package). Likely this could get a lot bigger, especially if those executives individually choose to on sell certain information for personal advantage. Stealing the hardware, well, I suppose just because he could, he thought he was protected and he is a jackass.

Re:Oh brother

[Robert+Goatse]

You rang? lol

Re:Oh brother

First there was Snowden, now this.

50TB of data stolen? OK, so they caught the guy, but, if he had been a bit less greedy, perhaps he would have gotten away with it.

Or if he had been greedier he might have gotten away with it. Who knows, we only get reports about the ones that gets caught.

It is in the interest of NSA to inform about people who tried and got caught since that works as a deterrent.
For people who got away NSA will most likely keep quiet. They don't want the shitstorm that comes from that.
Then there is the leaks that NSA doesn't even know about. Any potential datagrabs by Russian or Chinese counterparts would probably be there.

The problem is gathering the data in one place to begin with and the lack of insight into NSA means that incompetence isn't exactly discouraged.

Re:Oh brother

First of all, you don't know that. Second of all it's irrelevant, it is a strict liability law she violated.

Re:Oh brother

[sudon't]

First there was Snowden, now this.

50TB of data stolen? OK, so they caught the guy, but, if he had been a bit less greedy, perhaps he would have gotten away with it.

He's nothing like Snowden. I heard on the radio that this guy was some kind of obsessive hoarder, hence the massive amount of stuff. He never shared any data with anybody, he just "wanted it". Could be bullshit from his lawyer, but then again, we all know people who are like this, to one degree or another.

Re:Oh brother

The 20 years claim is just to make it seem more heinous. For 19.75 years, he took home 3-page documents. Then, a few months ago, he started big data dumps. Does the NSA have 50 TB of documents? No. It's probably data, or the same documents repeated 50k times. More likely data to use for his thesis work. How did he get it out? He probably didn't. Probably 49.9 TB he downloaded from the web, but the FBI probably hasn't actually looked at more than 100 GB.

The same government that wants backdoors

[ebunga]

The NSA... the agency responsible for keeping government secrets actually secret... can't keep its own systems secured. This same government wants unfettered access to all encrypted systems, and already has the ability to tap any phone anywhere in the US from the comfort of their living room sofa. Not scary at all. Nope.

Re:The same government that wants backdoors

[tlhIngan]

The NSA... the agency responsible for keeping government secrets actually secret... can't keep its own systems secured. This same government wants unfettered access to all encrypted systems, and already has the ability to tap any phone anywhere in the US from the comfort of their living room sofa. Not scary at all. Nope.

We don't know this.

We don't know how he got access to the files - perhaps he was authorized to? Remember, Snowden's files were everything he had a legal right to access in the course of his employment.

So if he was gathering the data he had access to, well, there's not much anyone could do to restrict him - there are legitimate reasons why he might be doing the things he did.

Plus, he could gather stuff off stolen computers too - despite the well learned nature of most of the NSA employees (it's a geek fest, effectively), they still do really stupid security things including leaving their computers unsecured and all that.

Hell, the NSA IT department must be hell to work for - try to implement any sort of security and you'll have people wanting your badge because they're smarter and more educated than you and know way more about security and to reverse whatever change it was. (You know the folks - they all brag about how much smarter they are than you and will never do anything stupid...).

Quis custodiet ipsos custodes?

[nospam007]

Apparently tons of people, if the last years is any indication.

Tell me again why we need this?

This is the problem with weaponizing information, its not like nukes where you actually have to remove an object from one persons possession and give it to another, you can just replicate them at will.

The NSA and all its stupid bullshit just needs to end

Re:Keep sucking big party cock

[Joe_Dragon]

More like vote trump and face death by firing squad

50 Terabytes per 20 Years

[Kunedog]

That's around 700 kbs. He probably just left a telnet session open on an older, slower machine, "collecting" (NOT searching or tapping) the internet in case of terrorism.

Hes a Hero

Right?

Re:Hes a Hero

Probably. NSA vs. anyone else? I'll automatically side with "anyone else" until there's more details available.

15 Second Explanation.

[PessimysticRaven]

NSA: Well, we can't get Snowden, but it would sure be swell if we could get SOMEONE.
Martin: *Waves* Hi! I'm still living in the States!
NSA: Yes, you'll do nicely.

So what are these CISSP "cyberwarriors" doing?

I sometimes attend IT-related conferences, a few in the infosec space. And inevitably a few people from government contractors and agencies show up (on the taxpayers' dime) and rail against encryption, Apple, Snowden, or anything that makes operating the surveillance state difficult for them.

But between Snowden, the Russians, this guy, and OPM, what's left to steal? Why are we paying these assholes -- especially the ones working for contractors who've sucked on the federal tit for decades -- six-figure salaries to sit around Northern Virginia and shit on the Bill of Rights all day long?

This entire thing's a joke. They spy on us, and then can't secure the shit they uncover. Read Congress's recent report on the OPM debacle to see how fucked we are.

Re:So what are these CISSP "cyberwarriors" doing?

The shadow national security apparatus is paid to track and suppress internal dissent, and make sure the ruling oligarchy stays in power, that's all. And in the four years since Snowden went public their activities haven't been curtailed one bit, in spite of all the leaks. So I guess it doesn't matter if they can't run their surveillance system securely, as long as they achieve their goals. Who's gonna stop them?

Re:So what are these CISSP "cyberwarriors" doing?

[swb]

What I don't get is why joining the NSA isn't something like getting a really well paid job combined with being in the military.

Pay them really well, so well they would have to think 3 times about not joining. Like 4x a similar pay rate that you'd find in a top-tier city for an equivalent job. Make working conditions really nice -- free high-end restaurant quality dining on premises with a room service option for people who wanted to work through a meal hour, super nice office spaces, the whole experience more "hotel" than "government office".

But then also kick in the military part -- you join up for a minimum 5 year commitment, you live on campus, your travel off-campus is limited and controlled and there's the understanding that you ARE being watched closely, but do it in an unobtrusive manner, not in a police state manner. But make the housing and lifestyle options more like a country club kind of atmosphere, single family houses, lots of recreational options, private schools for the kids, and lots of activities for spouses and kids, too. Make them stay but make staying so easy they want to stay.

Sure, the whole thing would be expensive, but you'd have a much better chance of containing your secrets. And chances are, buying their loyalty would go a long way to helping and keep the security more velvet glove than rubber glove.

The current thing with all the contractors is a mess and it's a miracle that actual government employees have any loyalty at all.

Re:So what are these CISSP "cyberwarriors" doing?

[SumDog]

There is an increasing amount of evidence that Snowden still works for the CIA. He's the only one including this guy and Manning, who hasn't been caught (which just feels super suspicious .. that combined with him criticizing Russia on Twitter .. while in Russia .. supposedly).

I don't think the Snowden story is real. I think it's most likely propaganda. And if that's fake, who is to say there is any legitimacy to this story either?

We live in 1984, just less totalitarian and more Brave New World (with all the good parts gone). We think we're free and have free media, but it's all propaganda. Want to prove it? Right now you think I'm a crazy conspiracy theorist nutbag. See: totally works. All dissenting opinions are made by tin foil hatters.

Re:So what are these CISSP "cyberwarriors" doing?

4x a similar pay rate for top secret clearance IT Sec? Over half a million a year easy. Double that for SME and management.

Their budget would have to be on the far side of insane.

Re:So what are these CISSP "cyberwarriors" doing?

What you've described is a fairly accurate portrayal of housing developments built for the Manhattan Project. Why we aren't doing this sort of thing today is beyond me; it turned out to be remarkably effective. -PCP

Re:So what are these CISSP "cyberwarriors" doing?

[WallyL]

Is the budget situation not already so?

Re:So what are these CISSP "cyberwarriors" doing?

i bite: why would russia cooperate ? why does cia expose nsa ? nsa too powerful ? wings must be clipped ?

sounds complicated....

Wanted to Write a Book

The name Harold T. Martin III sounds like a good author name for that next blockbuster of a book. He must have almost gotten his research for the book ready and now this happened. Slammer bummer!

Re: Wanted to Write a Book

Prison didn't stop Cervantes.

The NSA complaining about stolen data?

[epyT-R]

Talk about rich irony deposits..

Re:Keep sucking big party cock

More like vote for Hillary and prepare for WW3.

dilbert

[cadeon]

http://dilbert.com/strip/2013-...

Why does NSA

Why did NSA even have so much data? Oh, wait is it all the data they collected through their dragnet? Well in that case it's MY data not theirs! I want it back!!!

Re:Why does NSA

What do you mean so much data? I'm using about 5 terabytes at home just for mundane shit like games and movies. It's not that surprising for a corporate office to use 50 terabytes or more. I just checked on Amazon and 50 terabytes of hard drives would cost about $2000. It's in the same ballpark as buying an Apple notebook or a gaming PC, most people can afford that. For a big organization like the NSA that's insignificant peanuts. I bet they spent more money than that for the coffee machine in their lobby.

Re:Why does NSA

[Anne+Thwacks]

You need at least 5TB of data to get one A4 page of any interest to anyone - and that probably means a little league supporter.

Whose data are they?

That's probably your data being "siphoned".

Oh sure, when it's in your hands it's free for the taking. Once they have it they own it though, and taking it is stealing. Now for the first time, taking data is suddenly seen as a problem.

500 Million Pages

[neoRUR]

It wasn't 50 Terabytes of data, it was drives that were capable of storing 50 Terabytes of data or 500 million pages of documents. By extrapolation, 50 terabytes can hold 500 million pages. SO they are charging him with the max. It doesn't mean there was that much info, there could be 1 document on the drive. He had like a dozen drives. But he had stuff sitting in plain site in his car, so didn't look like he cared to protect it. Not sure why it took so long to catch him.

Re:500 Million Pages

Because the time was not right to plant evidence in plain sight in his car?

You should assume any computer newer than 2009...

Or ~2013 for AMD (Although the old AMD hardware is still 'fresh' on the market until next year.)

AM3/C32/G34 are all pre-SEE but anything LGA11xx or LGA2011+ on the Intel side has had signed management engine firmware since Sandy Bridge. Given the list of countries involved in R&D for it, you should assume Israel, the US, and potentially many of their allies have known exploits if not custom tools to gain remote access to any x86 computer hardware newer than that point. Basically all modern motherboards have integrated ethernet, and if the bios/me firmware has the support necessary to initialize it, they can infiltrate/exfiltrate data below the operating system level. While there haven't been any documented cases of it, there is no way to be sure that is because the software is and will remain secure, rather than that they haven't had a reason yet, or the people targetted have not been paranoid enough to record all traffic entering/leaving their network to discover and document this form of attack.

Keep that in mind the next time you are buying new x86 hardware (and many/most of the modern ARM boards/phones/etc as well!) Our entire hardware ecosystem has been backdoored in under 10 years after all the work done during the 90s (white and blackhat) to try to discredit and/or block it.

Re:Keep sucking big party cock

[DworkinLV]

Oh I see you work for the Russian MAAFIA. We have ways to make you work. LOL

ridiculous

TLzy;DR but What are they doing?? Do they do real/invasive bag searches, wanding, and metal detection when entering and exiting secure areas...Was he in the IT dept just vacuuming up files and drives to be destroyed/or a trusted insider, you can only have some many watchers watching each other but(only recently) were scrapped computers gutted for their drives so they could be destroyed and there are several people overseeing it but can imagine one person palming a drive surreptiously though the destruction process may catch a drive slated for destruction but was never handled(wonder if it just gets filed away in the xfiles)....if anything like my organization...thumb drives outlawed, unauth USB devices in corporate system bad, BYOC bad but no real ability to enforce it outside of policy and penalty if caught; so it continues, wifi bad, but smartphone tethering happens, inserting "unauthorized" drives gets 'flagged' but seems no one looks at those logs, its just a scary popup that says you've been logged...scary booga booga. But no one has ever come to me and asked for the drive, I can burn dozens of dvds without anyone batting an eye, an improvement in other ways though..a decade ago one could browse network neighborhood for open shares the user admin'd their own system, on paper frowned upon, but no real preventive measures...only when audits come through is there any concern but its more get the stacks of paper lined up and pretty not acutally, look too deep into things. Only once have I seen someone come through with a RF tool to seek out a node but they left before looking into desk spaces...not sure what they expected to find in a hallway.

they allowed it

[bigtreeman]

NSA should be charged for allowing it to continue for 2 decades

stolen data got stolen

so what, who cares?

Not credible due to scale.

50 TBytes is a non-credible claim. Period. I've got something like 4-6 TB storage here at Home. 50TB Is an E-Nor-Moose amount of home storage.

50 TB's where is it?

Anyone have the release URL? no?

Think this is not real

Stolen Wrong Verb

[Luthair]

Does the NSA still have those files? Then they weren't stolen, they were copied.

Re:Stolen Wrong Verb

If you copy Coca Cola's secret formula and sell it, Coca Cola still has it, but you still stole it.

Copying bits does not somehow make theft impossible.

Which NSA employees also face prosecution?

[hawguy]

Who at the NSA will also face prosecution for such poor access controls that a *contractor* (not even a full employee) could steal 50TB of "highly classified documents" unnoticed?

I have full admin rights to every system at my employer, and even with those admin rights, I could not steal data unnoticed. A few times a month I trip an alarm in my normal work and have to justify my actions to our compliance group.

And we don't even store classified documents, just run of the mill business documents for our customers.

Re:Which NSA employees also face prosecution?

[AHuxley]

re "A few times a month I trip an alarm in my normal work and have to justify my actions to our compliance group."
Internally the NSA don't have an alarm for that. Nobody could do any gov work if "alarms" or encryption got installed at that level and had to be cleared every few hours.
Everything is decrypted and reduced to plain text. Thats the mission to decrypt and read, sort and index. The select humans allowed in to read and search the material are the "security".
The idea is to allow the NSA workers to dig deep into all the raw data and find the gems that every other branch of the US gov and mil missed due to a lack of skill or clearance.
That information is then passed back in such a way to be "plausible" in any other US computer system when tasked or actioned.
East Germany faced such a walk out of all their spies in the West as raw data in the 1950's. They fixed it by splitting the data up so no one person could ever see all the data lists alone again. A complex buddy and the need for senior staff to be present if such data was requested stopped walk outs
The GCHQ faced the issue of a cleared person with access to photocopier without a counter and daily uncounted paper refills. The ability to just copy secret vault material was limited only by the size of a folder to carry paperwork home in everyday. The GCHQ fixed the issue by securing the hardware and been more staff aware.
In the digital age the NSA has to trust its staff, contractors and people the contractors offer as trusted or who other agencies pass as trusted.
The skilled staff ratio to material gathered is just getting so complex, jargon packed or in need of translation that a lot of contractors have to be ready to look. Its all plain text to help that work flow of a global collect it all policy. Then add in the sorting of the domestic collection.
The fix is to encrypt internally and only trust tested NSA staff again. That would remove the contractors funding and they have political friends to get their access and contracts back.
So the NSA stays open for business. Does the CIA leak? What are they doing with the same level of gathering thats different and still secure over the same decades?

Re:Which NSA employees also face prosecution?

[hawguy]

re "A few times a month I trip an alarm in my normal work and have to justify my actions to our compliance group."

Internally the NSA don't have an alarm for that. Nobody could do any gov work if "alarms" or encryption got installed at that level and had to be cleared every few hours.

Why not? If private companies are expected to have access controls and adequate auditing for sensitive data and face fines for data breaches, then why isn't the NSA held to the same standard when they have access to much more sensitive data? if a private company has a breach, it can face multi-million dollar fines. What's the punishment when the NSA (who has access to far more data than many people prefer) loses that data because they can't be bothered to secure it out of "convenience". When a hospital has a data breach and your medical records are available for download, would you accept "Well, we could never do any medica work if we had any access controls or auditing for access to your medical data." At least in the case of a hospital, they have a good excuse - it literally is a matter of life-and-death - if the ER doctor can't pull up your medical records, you may die while waiting for treatment. But convenience and expediency is not excuse, even for a hospital.

Everything is decrypted and reduced to plain text. Thats the mission to decrypt and read, sort and index. The select humans allowed in to read and search the material are the "security".

So the NSA *requires* invasive access to all sorts of personal data, but they can't protect it at all? Every employee with some sort of clearance needs access to everything with no access controls at all?

Somehow that seems unlikely, and is not the level of care most people expect for such databases.

A random contractor should not be allowed to walk out with 50TB worth of data.

The select humans allowed in to read and search the material are the "security".

Note that there are about 5 million people with some sort of security clearance, 1.4M have a "top secret" clearance, so how select is that group? The NSA is estimated to have 40 - 50 thousand employees (the exact number is, ironically, secret), if even just half of them have access to data, that's not a very select group of employees, and there are guaranteed to be more leaks.

The idea is to allow the NSA workers to dig deep into all the raw data and find the gems that every other branch of the US gov and mil missed due to a lack of skill or clearance.

East Germany faced such a walk out of all their spies in the West as raw data in the 1950's. They fixed it by splitting the data up so no one person could ever see all the data lists alone again. A complex buddy and the need for senior staff to be present if such data was requested stopped walk outs

The GCHQ faced the issue of a cleared person with access to photocopier without a counter and daily uncounted paper refills. The ability to just copy secret vault material was limited only by the size of a folder to carry paperwork home in everyday. The GCHQ fixed the issue by securing the hardware and been more staff aware.

In the digital age the NSA has to trust its staff, contractors and people the contractors offer as trusted or who other agencies pass as trusted.

So this problem was solved 50 years ago, yet the NSA can't manage to solve it with modern computer systems?

The skilled staff ratio to material gathered is just getting so complex, jargon packed or in need of translation that a lot of contractors have to be ready to look. Its all plain text to help that work flow of a global collect it all policy. Then add in the sorting of the domestic collection.

That's a common criticism of the NSA -- they already have a haystack of data and can't find the needles they are looking for.

Re:Which NSA employees also face prosecution?

[AHuxley]

Re "You said they already only allow a select group of people have access to the data and that's their security model, now you say that the way to fix the problem is to only allow access to trusted staff? Who is this "select group" if it's not "trusted staff"? A select group of untrusted staff?"
Thats the big question. Encrypt and tell all the workers they are not trusted at any level and all have to get permission/keys everyday?
That breaks down that esprit de corps, comradery or respect and excellence. Taking orders/tasks from a contractor alters gov/mil staffs outlook on their job. Staff start to wonder if they are been demoted, blocked or have done something wrong, been reported, face downsizing, replacement by a contractor, a hunt for a someone and they are caught up in it. Their work suffers, rumours spread fast in communities.
Trust the gov workers but never the contractors? Some contractors are more trusted who have to see the networks as part of their contract? A new layer of tasks and workers to look after and track.
All that while global and domestic collection builds up 24/7. The US has done a lot of testing on how to work with its staff.
How to trust them, educate them, track them, reward them, know if they have been in contact with anyone, or to test them with fake files or unexpected chat downs/encounters in the community or while on holiday. If not self reported, thats an issue.
Thats what kept the NSA safe for so many decades. Thats the methods the US told its other 5 eye members to try with their own staff.
That all fails when rushed in contractors get equal access and need to work with all material.
Re "A random contractor should not be allowed to walk out with 50TB worth of data."
That is just random files floating around the networks so staff can cross reference and search. Plain text, sorted, indexed so future generations of staff next week, month or decade can look back and draw results. Internal tracking of such data flows would slow the networks and allow spies to track if they are been investigated by self searching their own logs. Any changes and they know they are under suspicion.
That could endanger decades of discovery or placing of fake material and allow escape.
The FBI tried that and found internal spies would look if any action was been taken surrounding their work or teams. Bureaucracy expects a file to be created somewhere and that can be searched for given equal or greater access. A strange new team with project access but no contact could be new security.
The change was a flood of contractors and staff growth. New missions, different contractors who could alter things, give orders and had a more easy path to support and advancement. Yet the same security system of trust the staff, work the data stayed in place as it had always worked so well until it did not.
Any attempts to secure things away from the contractors invokes political support and seen as anti-capitalist or budget envy. Contractors are clearing other contractors just to bring in skills and keep up with the global/domestic work load. The final security that worked was to walk the life of all applicants. Talk to all friends, teachers, extended family and look in local paper documents, paper court records, interest in books, magazines, friends of friends and get a good profile of everything.
That is now digital. The person exists and the federal/state computer says the grew up in a fly over state, passed their exams really good and another agency totally trusts them. The polygraph tester passed them after a chat down and internet log search to see if they looked up "polygraph". None of their self submitted friends are been tracked by any state or federal task force or police database...
That final real world aspect to decades of great security is now not working in a rush to find skills, languages, foreign thinking.
The UK did rushed interviews in the 1930's-40-50's to get Russian and German skills. A lot of interesting people got invited in and moved up the ranks.
Collection at any cost is becoming the only mission.

You are so wrong. Re:Oh brother

[waynemcdougall]

No.

FIRST was this (and who knows what else). THEN there was Snowdon. This is important.

One of the arguments in favour of Snowdon being an honourable whistleblower was this:

If he was malicious, he would have quietly stilen the data and sold it to the highest bidder. Like this guy did. And Snowdon didn't.

One of the (many) arguments in favour of Snowdon is that if he could *so easily* collect that information undetected, then other, malicious people could be doing so. And so it turns out. Snowdon alerted us to the weaknesses of the NSA security practices (amongst many other nobler services).

Vindication. Again. It tastes sweet. But not as sweet as a pardon.

It's their job, isn't it?

[Xenographic]

> It seems everybody who works for the NSA these days is stealing data illicitly.

To be fair, isn't that their job?

Easier solution

Found guilty? Firing squad. The only thing traitors deserve

Two things: migrate to NH to end state & EOMA6

1. We shouldn't rely on the government for security. We should instead support projects (and a standard in this case) like EOMA68 that's enabling people to design devices we might actually be able to secure and won't ship with backdoors.

2. Those who think government is incompetent and violating of our rights, liberties, and freedoms should move to New Hampshire to join in the Free State Project. An effort to limit government. An effort to maximise freedom and liberty. We should end boarders, we should end social security, we should end the police state, we should end government indoctrination programs (government or 'public' schools), we should end taxes, we should end copy"right" (it's an artificial construct reliant on violence to enforce where the are no actual victims, as no violence, coercion, or deprivation of property occur), we should have the freedom to travel and not need permission from the state to drive (the courts ruling are wrong, and people should be free to travel utilizing whatever the means of the day are), there should be no vehicular registration laws (it's just a tax really), there should be no or severely minimal taxes until better solutions can be conceived to replace government functions with private ones (roads, issues here include freedom of travel and privacy, but then again government already destroyed both in most states, NH being an exception mostly), etc.

How can you steal data which does not exist?

[WillAffleckUW]

It would be illegal to spy on Americans in their own country, therefore such data can't exist.

Qui custode custodi?

Maybe I missed it

But what did he do with all that data?

It's OK, he's a Hillary contributor!

Just concerned that she wasn't getting enough data from the NSA, as she always complains in her emails....

blame it on the booz

or maybe it was the roses in the ribbons in her long blonde hair, all I know is he couldn't leave the data lying there

The bigger question...

[fgouget]

The bigger question is: what did he do with all this data?
Stash it in his basement? As insurance for something?
Use it for blackmail?
Sell it to foreign spies?
Leak select items to the press?

He certainly did not publish it wholesale or we would have heard about it.

Nothing was "stolen."

Do the original caretakers still have it too? Then no, it wasn't stolen. It was duplicated.

So no theft went on here.

He reportedly stole NSA Hacking Tools

[Macdude]

According to reports he stole NSA Hacking Tools, so does that mean the NSA has sent details on the exploits their tools use to the various Software Developers so that they can fix their code?

Get with the times...

The new penalty is that you get to run for President, as Obama's chosen successor.

Of course, given the huge Wall St bubble and the current economic down-turn (been watching the growth, GDP, productivity numbers?) the next president is probably going to hit an economic mess that makes 2008 look tame, so it just might be a form of punishment to get the job. Keep an eye on the number of physicians bailing out of normal practice and going into concierge care as Obamacare gets increasingly financially toxic too - few things can cause a president more grief in peacetime than a bunch of elderly voters with trouble getting healthcare.