Ed Snowden Covered His Tracks Well; How Many Other NSA Staffers Did The Same?
from the gone-baby-gone dept
As we've seen, the NSA's story on "abuses" keeps changing. First there were no abuses at all, then there were a whole lot of abuses (but all unintentional) and now we know that there also were a bunch of intentional abuses. But here's the thing: these are only the abuses that the NSA caught. And, even then it's sketchy. As Marcy Wheeler has detailed, many of the "unintentional abuses" look like they were merely classified that way, when, in reality, they may have been intentional. Thanks to the magic of the NSA's special dictionary, they redefine abuses that exceed legal authority but are "performing the mission that the NSA wants them to perform" not as "abuses" but as "mistakes."Either way, that only counts the abuses and "mistakes" that the NSA's audits discover. As we pointed out, it appears the NSA still has no idea what Ed Snowden took, which calls into question how good these so-called "audits" are. The latest reports coming out reveal that Snowden carefully bypassed or deleted the logs concerning his downloading actions:
The U.S. government's efforts to determine which highly classified materials leaker Edward Snowden took from the National Security Agency have been frustrated by Snowden's sophisticated efforts to cover his digital trail by deleting or bypassing electronic logs, government officials told The Associated Press. Such logs would have showed what information Snowden viewed or downloaded.Remember when Snowden claimed that, from his desk, he could run searches on anyone, and various NSA defenders like Rep. Mike Rogers scoffed at the idea and called him a liar? They claimed that any such searches would turn up in the audits. But, of course, if you can delete the log files, then those audits are meaningless.
The government's forensic investigation is wrestling with Snowden's apparent ability to defeat safeguards established to monitor and deter people looking at information without proper permission, said the officials, who spoke on condition of anonymity because they weren't authorized to discuss the sensitive developments publicly.
And, if Snowden could do it, it's very, very likely that he's not the only one employed by the NSA or contracting for the NSA who knows how to cover their digital trail. And that leads to a very obvious question: sure, the NSA knows about thousands of unintentional violations and a bunch of intentional violations -- but what about all the violations it has no idea about because someone was able to bypass or delete the log files? Given that NSA employees almost certainly know that searches are audited, you'd have to imagine that nearly everyone who decided to willfully violate the law to, say, spy on a love interest (hello: LOVINT) or, perhaps, a personal enemy, would also seek ways to do so without leaving an incriminating log file. Snowden's efforts show that's possible -- meaning that it's likely others knew that as well.
And, given that it appears that top NSA brass may have been taken by surprise by this rather basic revelation (no audits are perfect, and smart folks like ones the NSA employs often know how to get around such things), it seems quite likely that the number of intentional NSA violations is much, much, much higher than is being reported, in part because the NSA itself still hasn't been able to figure out what happened.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: abuses, audits, ed snowden, keith alexander, log files, nsa, nsa surveillance, violations
Reader Comments
The First Word
“I love the officials who leak info about their efforts to get a guy who leaked info...
Subscribe: RSS
View by: Time | Thread
What I'm mostly concerned about are abuses at high level to spy on people who are supposed to provide whatever minimal checks and balances we still have on NSA.
[ link to this | view in thread ]
Smarter mice
The only way to solve the problem for good is to remove the food source entirely.
Anyone who has lived on a farm knows this.
[ link to this | view in thread ]
Still not the point
Even if there had never been a single abuse, the surveillance program is still unconstitutional.
[ link to this | view in thread ]
Re: Still not the point
[ link to this | view in thread ]
Re: Smarter mice
tldr: don't collect more than you need, and stop doing things in secret and abuses go away.
Addendum: Hollow Man was not a good movie, but I love this line from it: "It's amazing what you can do... when you don't have to look at yourself in the mirror any more." Hide everything and the mirror goes away along with the desire to follow all the little societal norms that enable trust to exist.
[ link to this | view in thread ]
Pretty good
[ link to this | view in thread ]
Google Engineer Fired For Spying On Teen Users; Serious Privacy Concerns Raised
Auditing is intentionally easy to defeat because no spooks want to see more than a single bad ice cube in their iceberg of evil.
And by the way, Snowden was not an "NSA staffer", merely a contract employee of Booz Hamilton, didn't have high privileges.
[ link to this | view in thread ]
Who knows if your ex-girl friend might just be... an EVIL TERRORIST! After all, she left you for some guy with a beard! That's good enough evidence that she's into men who are terrorists!
[ link to this | view in thread ]
Unknown unknowns
How good of Rumsfeld to have predicted this already.
[ link to this | view in thread ]
Another possibility is that they're simply lying that auditing even exists!
[ link to this | view in thread ]
Talk about epic failure. And these are the experts? Just wow.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Flaw in the Audits
Alternatively if logs are deleted on a very regular basis, say every 8 hrs audit trails would be very difficult to reconstruct.
Either way, it would be impossible to reconstruct what happened if the events occurred more than a few hours earlier.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
I love the officials who leak info about their efforts to get a guy who leaked info...
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Google Engineer Fired For Spying On Teen Users; Serious Privacy Concerns Raised
[ link to this | view in thread ]
Or this being the government, they probably forgot to enable Auditing.
Truth be told if he had access to the password files ... he could have pretended to be anyone after about a week of number crunching, faster if CUDA'd it.
[ link to this | view in thread ]
The answer was here earlier in Techdirt
http://www.techdirt.com/articles/20130627/15455123642/former-east-german-stasi-officer-e xpresses-admiration-dismay-us-governments-surveillance-capabilities.shtml
This is the best quote:
Schmidt, 73, who headed one of the more infamous departments in the infamous Stasi, called himself appalled. The dark side to gathering such a broad, seemingly untargeted, amount of information is obvious, he said.
“It is the height of naivete to think that once collected this information won’t be used,” he said. “This is the nature of secret government organizations. The only way to protect the people’s privacy is not to allow the government to collect their information in the first place.”
[ link to this | view in thread ]
You mean 'only the abuses the NSA has voluntarily admitted to, while our only means of verification is leaked documents.'
Given that congress is only getting what information the NSA deems it needs, and the FISC is only getting the information the NSA gives it, there is (as far as I know) no oversight to the NSA that actually has access to information on the NSA that doesn't come from the NSA.
[ link to this | view in thread ]
I now understand that there is no truth in these matters coming from official sources. So that means future releases attempting to cover it up or make it sound better; they are lies too. Creditability is nil. The time is long past when they could have told the truth. Now is too little, much too late.
Congress will be coming back in session and they have frittered away what possible good will they could have had over coming clean with these security abuses. The question now is, how many changes, to whom, and how serious is congress about remaining in good light from their voters?
It is very plain that status quo is no longer defensible and no longer justifiable.
[ link to this | view in thread ]
[ link to this | view in thread ]
Drain the GAS!
To be fair, the NSA thought they were above reproach, above the law: safe. I think in the end, they may be. I believe the politicians will fabricate some excuse to absolve NSA and their ilk of the wrong doing. They will just keep coming up with new excuses, new definitions (a la Bill Clinton), new interpretations of the constitution and wear the citizens down. The media will continue to attack Snowden and vilify him, call him a traitor, etc, etc. Never will they ever admit the people who should be vilified are the ones who created this debacle in the first place: the people who lied and lied and kept secrets from its own citizens. No, that won't do. Attack the whistle blower instead. He's one target, as opposed to multitudes of duplicitous insiders who enabled this mess.
My next question is what is Snowden not revealing to us? I see the current revelations like an ice berg: we can see the very top, but not the rest hidden under water. I think what we're seeing is only what's palatable to the public. I think what is hidden is so bad we don't have the imagination to consider it.
My solution is easy. Defund. Remove the fuel. We can't undo what was done, but the machine is so big and so thirsty, defeating it is simple. Remove the gas, the money or whatever euphemism you want to call it. That will do just fine. It's completely simple and then the money can be put to better use.
[ link to this | view in thread ]
Well, since they apparently don't create log backups or somesuch, I suppose we'll never know.
(...Now I wonder how many of the top brass still defending the NSA's spying capabilities were making money from it on the side. Maybe the easily deletable logs were set up that way intentionally?)
[ link to this | view in thread ]
Re: Pretty good
[ link to this | view in thread ]
It's likely that searches were done through a designated application, which produced the logs and audit trail. If you didn't use that application, no logs were produced.
This approach is pretty much required with massive databases. Imagine a 1TB database is on a network file system, and the whole database needs to be scanned to get possible matches. You can record the query, which is probably a single line of text, you can record the results, which could be millions of records with an unexpectedly loose search, or you can record ever block read, which would be a very large list of every block in the file.
So it may be that the possible set of compromised files is every one that his machine had access to.
[ link to this | view in thread ]
Re: The answer was here earlier in Techdirt
So, he's saying there is no way to prevent it since that's now proved to have failed to have any effect. Otherwise is like hoping for charity and mercy from a slavering predator as it circles you preparing to make a meal of you.
[ link to this | view in thread ]
Identity theft is already easy and you don't even need 100% correct information you just need the right support operator and it's all over. Social engineering can go a long way and with complete data any average Joe could pull it off with no social engineering skills period.
Social engineering is far more than just lying to someone you're evaluating every little thing of the person you're talking with.
Are they tired? This can be good or bad depending on the person and it's relatively easy to to judge if they are.
Are you able to throw them off with questions about the company? If so it's very likely they're new.
Can you make a personal connection with their personality?
If so try bullshitting with them and if they're laughing you got them because they're connecting with you therefore lowering their guard. That means while you're scamming them all you have to do is keep them laughing while resetting data to give you fresh passwords even if I only knew about 40% of the security information. They'll chock it up to me being a moron who cannot remember their security info. It happens so much operators overlook that it's easily abused.
It gets easier at the end of the week because they want to go home. Same goes for weekends because people hate working weekends.
With perfect information I wouldn't have to do any of that to get what I wanted.
In the past I've done this all in person almost flawless over 200 times. Although mine was not to seal identities, but to forge prescriptions for narcotic pain killers. They both work the same way.
Now lets look at what happens when a leak happens. It's going to be nearly impossible to prove who you say you are unless it's in person. It would flip the online banking world upside down. Any website with account recovery options would be forced to disable it.
That type of database should not exist EVER it's a fucking atomic bomb with with no visible timer.
[ link to this | view in thread ]
Re: Re: Pretty good
[ link to this | view in thread ]
Re: Re: Still not the point
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
Honestly, the NSA needs to pay you PR damage control guys more if this is the best they get currently...
[ link to this | view in thread ]
Re: Drain the GAS!
I think it may be too late - we have passed the tipping point. Imagine what happens if a load of well paid spooks suddenly find themselves on the jobs market.
Ability to infect and own a computer from the other side of the world is probably of little interest to Wallmart or McDonalds so there will suddenly be a large number of cyber-terrorists for hire, just as many former KGB operatives went into some very disreputable occupations when they lost their day jobs.
I suggest that after de-funding the NSA the people who are let go either by the NSA or by private enterprise should be rendered immediately to Gitmo as they are much more likely to become terrorists than most of the current occupants.
Is there an ice-cube's chance in Hell of this happening? I think not
[ link to this | view in thread ]
Re: Re: Drain the GAS!
[ link to this | view in thread ]
Re: Re: Still not the point
It most certainly is not pointless; rather, it is crucial (in my opinion) to continue to communicate that Constitutional violations may not be swept aside in favor of the endless lies, equivocating, and instances of limited-hangout they're selling us as a distraction.
To play along with their charade is tantamount to saying (during an imaginary murder trial), "Alright, enough about the murder of your wife — we really need to talk about the verbal abuse. What were the arguments about, and had you ever been drunk on those occasions? These are the important matters to focus on."
[ link to this | view in thread ]
Re: Google Engineer Fired For Spying On Teen Users; Serious Privacy Concerns Raised
[ link to this | view in thread ]
Our government inaction
[ link to this | view in thread ]
Re: Re: The answer was here earlier in Techdirt
[ link to this | view in thread ]
false assumption #2: There were tracks to hide. How good or poorly is NSA actually tracking data access? It's been sounding like a free-for-all without any tracking at all.
[ link to this | view in thread ]
Re:
Manager: "Hey you, sysadmin, can you get me a log of everything any sysadmin has ever accessed? I need to find out who has access what and when."
Sysadmin: "You want a log of everything I've ever touched?... HAHAHAHAHAHAHAHAHA! Oh sorry, I couldn't help myself..."
[ link to this | view in thread ]
Justice
[ link to this | view in thread ]
Hint - Who administers your logs
[ link to this | view in thread ]
Snowden a Liability
[ link to this | view in thread ]
Re: Re:
Whether your bogeyman of choice is George Soros or the Koch Brothers, I'm certain that they have their fingers in the NSA, most likely through contacts that their private security people have.
This is not about some LOVINT abuses. This is about a new class divide between the knows and the know-nots.
[ link to this | view in thread ]
Re:
Talk about epic failure. And these are the experts? Just wow.
Redundant log backups alone don't protect against this situation if the same person has access to both sets of logs. It would need to be set up so that the admins who have access to the primary logs do not have access to the backups, and vice versa. I'm not sure how easy that is to do, but apparently beyond the capability (or interest) of the NSA. Presumably they'll be looking into it now.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: The answer was here earlier in Techdirt
[ link to this | view in thread ]
What implicitness are you inferring about my explicitness?
Ignorance is bliss? You sure could fool me.
[ link to this | view in thread ]
What implicitness are you inferring about my explicitness? Maybe you and I aren't just machine, excuse me, artificial intelligences.
Ignorance is bliss? You sure could fool me.
In this world you have to know what is happening before you can defend. But where are the proofs?
Agencies like the NSA have them.The machines that these agents work on are always in jeopardy every moment they live. It becomes easier with experience to become slotted into someone's drawer in a typical bureaucratic sense.
If you are working for the government you cannot abet anyone that runs the risk of taking money from her. It means the security of a position in jeopardy. If you are this person then it means your financial security. And God forbid, we can't change that.
[ link to this | view in thread ]
Re: Re: Re: Still not the point
[ link to this | view in thread ]