NSA's Latest Euphemism For Security Lapses That Allowed Snowden Leaks: The Leaks Were 'Masked By His Job Duties'

from the in-other-words,-it-was-not-secure dept

Thu, Sep 19th 2013 2:49pm — Mike Masnick

We've already covered a few times how, despite the NSA's (and its defenders') repeated claims that its systems can't be abused because of its vaunted "auditability," the fact that Snowden got access to all those documents without anyone being able to figure out what he took shows that the audits don't work. It became clear that the audits appear to only apply to analysts, but not sys admins like Snowden, and there are around 1,000 of those, leading to the obvious question: how many others also got classified info without anyone noticing it? One officials has tried to make it out that Snowden was "too brilliant" to work for the NSA, since he covered his tracks. While every indication is that Snowden was, in fact, quite good at his job, and able to cover his tracks well, it's not at all clear that what he did was particularly unique or special.

In fact, the latest spin from the NSA is to claim that he wasn't that "gifted" at all, but rather than the leaks were "masked by his job duties."

"His job was to do what he did. He wasn't a ghost. He wasn't that clever. He did his job. He was observed [moving documents], but it was his job."

That report also quotes the NSA's CTO as saying that now, about four months later, the NSA finally has a "good idea" of what Snowden got:

"We have an extremely good idea of exactly what data he got access to and how exactly he got access to it," says the NSA's chief technology officer, Lonny Anderson.

Only took four months. Of course, all of this, once again, raises all sorts of questions. It shows that the NSA's audits were basically non-existent for a very large number of people. It shows that the NSA has almost no legitimate way to go back and see if there were widespread abuses among others with similar "job duties." If it was his "job" to do these kinds of things, and there was no real way to track him without many months of work (and even then, only to the degree that the NSA has a "good idea" of what he did), then there's no real accountability there at all. At this point, it seems reasonable to use this to assume that the NSA's systems aren't even remotely secure, and have regularly been abused, without anyone at the NSA even knowing about it. After all, the NSA itself is admitting that someone doesn't even need to be "that clever" to abscond with tens of thousands of classified info on top secret programs and leave an almost non-existent trail.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: accountability, audits, ed snowden, lonny anderson, nsa, nsa surveillance

23 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

silverscarcat (profile), 19 Sep 2013 @ 1:07pm

It's a good thing...
That Snowden isn't a traitor. Imagine if he had as many morals as the NSA does or Obama does...

He could have sold all classified dealings to Russia and China, putting troops in harms way, revealing spies that worked for the CIA, gotten China and Russia HUGE advantages when it comes to economic policies for money.

Or even worse, he could have given it to Al Qaeda secretly so they could kill more people easier in the Middle East.

I bet that there's at least one person who works for the NSA that would have or could have done that.
[ link to this | view in chronology ]
- Anonymous Coward, 19 Sep 2013 @ 3:13pm
  
  Re: It's a good thing...
  The NSA's own claims that 20% of those applying to that agency for jobs were Al Qaeda linked does not give one confidence that the NSA is all that secure. It only takes one in Snowden's position to set all of the security measures as non-existent.
  
  Given that the left does not know what the right hand is doing, exactly how are we more secure with NSAs functions? I'd say it is the opposite. When they have a known, verifiable, leak and can't tell precisely what was taken, how much easier must it be to be an unknown doing that? Again we see that the functions the NSA wants to continue doing, is highly suspect.
  
  We're not even talking about how the public views these operations nor how the public is considered the enemy. This is a bad setup, doing illegal things against the Constitution, with no oversight, no accountability, and no method of knowing exactly what anyone is really doing to look at it on the surface.
  
  The more that comes out, the worse it continues to look.
  [ link to this | view in chronology ]
  - Todd Knarr (profile), 19 Sep 2013 @ 3:31pm
    
    Re: Re: It's a good thing...
    The number of applicants isn't a good measure. Anybody can fill out the paperwork and apply. I'd look at the number who got past the point in the screening process where they check your background for links to enemy organizations. And even then, the biggest threats are going to be the ones who had no such connections when they were hired but have acquired them subsequently. Well, the second-biggest threats, the biggest IMO are the employees who aren't connected to any enemies, they've simply decided that the NSA itself is a threat that needs exposed.
    [ link to this | view in chronology ]
    - Anonymous Coward, 19 Sep 2013 @ 3:52pm
      
      Re: Re: Re: It's a good thing...
      If you throw enough darts at a dart board, sooner or later you're gonna hit the thing. Throwing applicants at the NSA for hire will sooner or later allow them to figure out how to get by. When they do, exactly how will you know? A sleeper isn't going to willingly give himself away, he's going to wait on some good stuff to do whomever the most good.
      
      If they can't tell now, what Snowden got exactly, how will they tell when the next yoyo comes up to try it? Would they be able for instance to say that all operatives in such and such area are now known and pull them out or would it come down to so many turning up dead before they figure out it isn't accidents, it's planned reprisal. Without being able to trace who goes where and does what on an internal supposedly secure network, there's no clue as what or who is in danger. Much better not to have that supposed data gathered in the same network at all.
      
      Yet we are to trust big brother with this info when even they can't get a handle on it nor tell with all of it there that there is early warning of some incident happening. With all the clues, with Russia telling them there was a problem with two brothers, with a couple of years advance notice, they still weren't able to prevent the Boston Bombing. Sure doesn't sound to me with the risk involved that it is worth having that data, much less collecting it.
      [ link to this | view in chronology ]
- Anonymous Coward, 19 Sep 2013 @ 3:59pm
  
  Re: It's a good thing...
  The safest assumption at this point is that NSA is infiltrated by various foreign agencies and possibly some major corporations.
  [ link to this | view in chronology ]
  - Anonymous Coward, 19 Sep 2013 @ 7:22pm
    
    Re: Re: It's a good thing...
    I might rephrase that as "...NSA is infiltrated by various major corporations and possibly foreign agencies."
    [ link to this | view in chronology ]
- Corwin (profile), 20 Sep 2013 @ 8:24am
  
  How many were there who did the bad thing?
  With their hilarious colander-level security, unaccountability, impossibility to audit - how many of the 1,000 remaining sysadmins HAVE stolen data to sell to China or Iran?
  [ link to this | view in chronology ]
Anonymous Coward, 19 Sep 2013 @ 3:12pm

Duh
...he was an admin, with root access to some systems, how hard could it be to cover your tracks in this scenario.

He made the rules, they have no idea how much he took not even a good idea that's BS just to save face. They see what he let them.
[ link to this | view in chronology ]
- Trails on a phone, 19 Sep 2013 @ 3:33pm
  
  Re: Duh
  This problem has been solved in the private sector for some time. A secure auditable system has a separation. The audit log is kept on specific system. People who have access to the audit log cannot access the audited data and vice versa.
  
  That Snowden appeared to have both indicates a key process flaw at the NSA. That this is SOP in regulated private sector should be particularly embarrassing to the NSA.
  [ link to this | view in chronology ]
  - Spaceman Spiff (profile), 19 Sep 2013 @ 5:49pm
    
    Re: Re: Duh
    Unfortunately, the NSA's attitude that the normal rules of secure systems engineering does not apply to them (they are "better" than that) is what has hoist them by their own petard.
    [ link to this | view in chronology ]
  - Anonymous Coward, 19 Sep 2013 @ 9:37pm
    
    Re: Re: Duh
    "SOP"? Snowden: Operation Pirate
    [ link to this | view in chronology ]
Nastybutler77 (profile), 19 Sep 2013 @ 3:36pm

Four months. And that's with Snowden comming forward and announcing that he was responsible. Imaging how screwed the NSA would be if they didn't even know who was leaking this info. So the fact that others could be doing the same thing, but just selling the info to other countries, should be a wake up call to Clapper and the rest of these unscrupulous morons.
[ link to this | view in chronology ]
Anonymous Coward, 19 Sep 2013 @ 3:43pm

NSA: Lie lie lie lie lie lie, "authority" lie lie lie "legal" lie lie lie.....
[ link to this | view in chronology ]
Anonymous, 19 Sep 2013 @ 4:14pm

She's gone from WKRP to the NSA. Oh no, wait, that's...
[ link to this | view in chronology ]
Hephaestus (profile), 19 Sep 2013 @ 4:23pm

We have an extremely good idea of exactly what data he got access to

Everything?
[ link to this | view in chronology ]
- Not an Electronic Rodent (profile), 20 Sep 2013 @ 3:39am
  
  Re:
  Everything?
  Good call. I was gonna go with "We have a good idea he got access to all the documents it was his job to move because we gave it to him so he probably has some or all of those we think maybe" but that's much more succinct.
  [ link to this | view in chronology ]
More lies, 19 Sep 2013 @ 5:01pm

from the NSA
I have a buddy who is an analyst working on tracking down what Snowden took. They have no clue what he's taken other than what has been reported or what has been found by looking at the email accounts associated with the reporters.
[ link to this | view in chronology ]
- SpaceLifeForm, 19 Sep 2013 @ 10:38pm
  
  Re: from the NSA
  Don't believe your buddy.
  I have a very sound clue as to what he did.
  And the fact that they say they know, or they don't know,
  has to tell you that they are liars.
  That have to have a good idea (since I do), and for
  some reason, they don't really want to admit it.
  Which tells you how really insecure their systems are.
  When the NSA kicks Microsoft to the curb, maybe, just maybe,
  you can start believing what they have to say.
  Until then, the NSA is completely non-trustable.
  [ link to this | view in chronology ]
Anonymous Coward, 19 Sep 2013 @ 5:30pm

funny...in the private sector...a security breach involves fines of millions of dollars...simply for losing silly things like users SSN or DOB.

http://nakedsecurity.sophos.com/2012/03/15/health-insurer-fined-data-breach/
[ link to this | view in chronology ]
Wiley Q, 19 Sep 2013 @ 7:19pm

Doesn't the NSA understand...
...that the old rhetoric is part of the PR problem and not the solution?

Every misstep they take in this public relations skirmish could have one wondering - are they really this incompetent and out of touch with their audience, the public? or is it some strategy of three dimensional chess they're mounting?

I think neither. It's easy to play dumb when you've done something dumb, because dumb never has to apologize or pay penance for being dumb. It's considered politely excusable. It's an easy strategy to fade into the shadows, like some juvenal embarrassment...which is where all this sneaky, unconstitutional and perverse behavior by the NSA started.
[ link to this | view in chronology ]
Anonymous Coward, 19 Sep 2013 @ 8:06pm

NSA hacked Belgium Foreign Ministry
http://www.deredactie.be/cm/vrtnieuws.english/News/130919_hacking

Not proven yet, but with the $50 billion dollar guerrilla (sic) in the room, it's a near certainty.
[ link to this | view in chronology ]
Anonymous, 20 Sep 2013 @ 8:10pm

The NSA is full of duties.
[ link to this | view in chronology ]
jean, 31 Dec 2013 @ 7:20am

Thanks
We have an extremely good idea of exactly what data he got access to

Everything?
[ link to this | view in chronology ]