|
Some Thoughts On The Snowden Fallout
The Guardian just published new revelations on past and ongoing data sniffing by the National Security Agency on foreigners as well as U.S. citizens. For now I do not have time to go into those and will leave it to emptywheel and others to comment on them.
But lets think a bit of what all these revelations mean for the NSA and for Snowden's future.
Snowden had system administrator access to a whole bunch, if not all, of network and server equipment at the NSA. Sysadmin access means being in total control of the machine. While a typical Unix computer like those the NSA uses, typically logs all access events a sysadmin can hide that he accessed a machine, loaded stuff up and down or started or stopped this or that process.
Unless the NSA is using some unknown super-tool to supervise and log what its sysadmins do (and who would system administrate that tool?) it will have no clear idea what systems Snowden actually accessed or what he did to those machines.
It is the worst case any Chief Information Officer can think about. What did Snowden take? Did he leave some virus? Did he leave some logic time bomb that could wipe out anything it reaches? Where?
The NSA's damage assessment team will also have lots of questions. What papers or files does Snowden have? What does he know additionally to what is in those files? Who might he have given those files to? Only the Guardian and the Washington Post? What about the Chinese and the Russians? They sure would love to have copies. What about the encrypted "insurance files" Snowden gave to "some people" who will be able to open and publish them should someone capture or kill him?
There are so many questions to ponder. Even if Snowden did not talk with the Chinese and Russian secret services the NSA will have to assume that he did and that they now have access to all the material Snowden acquired including, possibly, secret U.S. communication codes.
In short: For the next years at least the NSA is fucked. It will have to revise all its systems and network components. This as it can no longer trust its system administrators. It will have to go to a "four eyes rule" for sysadmins so any access and change can only be made by two persons working together. This will kill productivity. Sysadmins do not work that way. A four eye rule will also require many new system administrators – by definition a rare commodity – all of whom will have to be highly trained and need high level clearances.
The NSA will have to assume that potential enemies now know exactly what it is doing, how it is doing it and will act on that knowledge. All the now interesting traffic the NSA watches will soon be fully encrypted. As it is now known that the U.S. services copy all internet traffic and have access to all service providers in the U.S. and UK, all interesting foreign stuff that might have been found through such access will now vanish from the NSA's eyes. Other countries will revise and harden their systems making the NSA's future work much more difficult.
The NSA's spying on U.S. citizen may not yet have such consequences. Unless there is a huge case where NSA spying is directly connected to a Watergate like scandal Congress will do nothing to reign the NSA in. But the scandal will come. As a former East German STASI officer says:
“It is the height of naivete to think that once collected this information won’t be used,” he said. “This is the nature of secret government organizations. …"
As for Snowden. He is also fucked. There is no way out for him. The U.S. intelligence community will try to get him now and forever. If only to set an example. Even if he manages to get to Ecuador the country is too small and too weak to be able to protect him. The only good chance he has is to ask the Russians for asylum and for a new personality. They will ask him to spill the beans and to tell them everything he knows. He should agree to such a deal. The NSA already has to assume that the Russians know and have whatever Snowden knows and has. The additional security damage Snowden could create for the U.S. is thereby rather minimal. Snowden can wait and work in the Moscow airport transit area until most of what needs publishing from his cache is published. He can then "vanish" and write the book that needs to be written. How one lone libertarian sysadmin found a conscience, screwed the U.S. intelligence community and regained some internet freedom for the world.
I don’t buy the Snowden story, at least not the way it’s sold, for two major reasons: a) the agencies obsession with compartmentalization and b) the agencies know-how. (With “agencies” meaning nsa, cia, dod & co).
a) is nicely seen in the holy principle of “need to know”. Most people think the important issue is access levels like secret, to secret etc. Actually that’s wrong. Those levels are just one side of the game and, more importantly, they are more like raw filters. Way more important in practical terms is “need to know”, i.e. the first question asked is always “Does he need that (kind of) information for his work?”. Only then the security level comes into play setting an upper limit within the information determined by need to know of what is accessible.
One somewhat rude example for that is the sometimes lamented fact that even the theater commander usually doesn’t know at all or just what SF determine neccessary about what SF are doing in *his* theater.
Whoever worked in or with american agencies knows what I’m talking about and how anal they are about compartmentalization/need to know.
Ad b) we should not forget that the internet – and it’s major intestines and brains – have been developed for/by darpa, a mil. agency.
Furthermore, the more any issue touches on security the more one will find agencies involved. Basically all widely used and standardized security-related algorithms like for instance in the area of encryption have seen major involvement from the agencies. *The* driving factor, for instance, for an encryption system like “AES” actually is it’s acceptance by agencies.
Another important case is the agencies (namely nsa’s) involvement, engagement and/or leading hand in quite many major security contributions, some of them implemented in Linux. Any “hardened” (that’s the tech term) operating system will sure enough have quite many nsa and other agencies stuff implemented.
Also, with all respect, I don’t think that b’s argument holds that one must choose between power and security. While he is actually quite right per se it doesn’t work like that for a simple reason: There is not 1 (“the”) computer or network but a complex and layered system that can be broken down into basically 3 parts.
There is the aquisition or interface part that is, the lines and equipment at/from e.g. telephony providers, IX’s (internet exchanges) and landings (where international and particularly cross-ocean cables “land” (are connected to the network)).
There is the storage and processing part where all those massive amounts of data are stored, analysed, compressed, interrelated, (de)encrypted, etc.
And finally there is a “front” layer for users of that data/information.
A realistic scenario for a system administrator of some station with the vast agencies network is quite different from what Snowden talks about. For one, on professional systems (and certainly on security related ones) there is way more layering finer granularity than what one is used to at home or in a company. Actually, the root account is almost certainly a mere worst-case fallback account with the necessary access information securely locked away in some safe that can be opened only by two persons. Everyday operations are done through a second layer of specialized operator accounts.
But there is another and more important issue: systems typically aren’t administrated physically nowadays (but remotely). One – and an important – reason is that probably the most critical attack vector for any system is physical access.
And all this goes very nicely hand in hand with the holy principle of compartmentalization.
When new computers are delivered, say from dell, they are “templated” that is, a prepared installation image is put on them with quite little information added. Next those newly installed computers are – in another department by other people – automatically checked and verified. Next, in yet another department further, more application specific, applications are installed and verified (4 eyes, actually “6 eyes” because quite certainly some automatic testing is included) – and all that, each step, is logged. last, any sensitive information is set through a system that involves 2 or more high security clearance (and certainly not external) personel, again with each and every step logged.
In other, more simple words: The complexity of IT can actually be used as a *chance* if done properly. Furthermore employing solid security principles and paradigms (e.g. 2 or even 3 factor authorization) along with e.g. physically widely dispersed personel, one can very well a very high security – and – at the same time outsource a major part of operations to companies like booz.
The real danger is in 2 or more people that are supposed to never be in contact (like, say, a 4 star general from one agency and some operator from another agency or department) to actually be in contact and, even more, to co-operate (in other words: intentionally cross the compartmentalization boundaries).
And that is, I’m quite sure, what really happened here – and what drives the americans so crazy. It’s not Snowdon; it’s the urgent need to know about his contacts/cooperators.
Probably, so my suspicion, it’s even uglier by Snowden not being a intentional party but rather a played/used party, thinking he is smart and a morally good guy but actually having been set up from the beginning. One reason for my suspicion is the fact that he knows and talks about information that would never ever be available to a (relatively) lowly operator.
The person(s) playing Snowden are way more dangerous to zusa than he himself is. That person(s) has/have almost certainly way higher security clearances and zusa understandably is crazily concerned about them.
Posted by: Mr. Pragma | Jun 28 2013 11:17 utc | 38
Rowan Berkeley (60)
This is why Russia is launching a major strategic rearmament program, by the way, though it may be rather too late, such programs being measured by the decade. So let’s pay attention to the facts.
Facts? OK.
No. Russia is neither launching (but running since quite a while) nor having a major rearmament program for the reasons you tell.
The reason is simple: After the end of the Sowjet regime, zusa willfully plundered and destroyed major parts of Russias industry, in particular the military industry, as well as millions of Russian lifes.
After very serious and painful efforts to recover from that destruction Russia now, having widely recovered, needs to rebuild its military, its weapons and its industry corresponding to its position in the world as well as to defend itself. Furthermore, the military industry very typically is a key industry with many welcome side effects in other areas.
At the same time Russia unfortunately has, thanks to zusa bluntly – and habitually – breaking contracts, agreements and international law, to confront a significantly changed defense situation at and around its borders; next to countries with fake governments payed for and remote controlled by zusa, it has zato and zusa aggression weapons near its borders.
But there is another reason for me to oppose your leadership bla bla.
First, as said before, the concept of taking leadership in running in one way or another against other countries is an american principle that, of course, doesn’t fit a civilized and souvereign country like Russia. Furthermore this leadership-against concept has been proven stupid, shortsighted, expensive and burdened with ugly recoil effects again and again; if at all used it should be left to american thugs and mass murderers.
More importantly however, this concept that you propagate so enthusiastically, is based on a plainly wrong assumption in the first place, namely that zusa has any major significance.
You like facts – at least you sound like that.
So, kindly open your eyes and look at the facts.
zusa failed to win the war in Iraq – although it was started at their conditions and at the time of zusas choosing.
zusa failed to win the war in Afghanistan – although it was started at their conditions and at the time of zusas choosing.
Right now zusa is failing in Syria.
And so are zusas “high tech”, “superiority” weapon systems. Their super-duper new jets get more and more expensive, their order volume gets smaller and smaller and all that while those jets falls out of the sky without any enemy fire, simply by pilots fainting because those super-duper superiority jets have serious flaws (Well, let’s be fair. The zusa military didn’t really buy technical equipment but rather nice stuff out of PR brochures …).
At the same time, Russias missiles, no matter whether air to air, air to ground, anti-ship, aso., aso. actually *are* vastly superior and well proven to work.
To name just one example: The hit rate of S-400 is, depending on the target, in the 85% – 95% range, and it offers by far superior parameters. The best american AD system offers around 30% hit rate under optimal (or, more frankly, cheating) conditions and around 5% – 10% in realisic scenarios.
Short: there is no need whatsoever for a major power like Russia to take any leadership or to even take zusa seriously. Failing to decisively win a war against Iraq basically means that zusa is like a crippled drunkard that makes lots of noises from the front and the back and likes to threaten old ladies but does not justifie any major efforts from a strong country like Russia.
There is some limited need for some limited support for small or otherwise weak countries that happen to get attacked by zusa directly or indirectly, like Syria, and that support is provided and evidently working well.
Feel free to tell me about any not insignificant danger that zusa could pose to Russia.
Posted by: Mr. Pragma | Jun 28 2013 21:49 utc | 63
|
