Bruce Schneier: Sure, Russia & China Probably Have The Snowden Docs... But Not Because Of Snowden

from the because-espionage dept

Wed, Jun 17th 2015 10:42am — Mike Masnick

Given all the fuss over the ridiculous article this past weekend -- which has since been confirmed as government stenography rather than actual reporting -- security maven Bruce Schneier has written up an article making a key point. It's quite likely that the underlying point in the article -- that Russian and Chinese intelligence agencies have access to the documents that Snowden originally handed over to reporters -- is absolutely true. But, much more importantly, he argues, the reason likely has almost nothing to do with Snowden.

First, he notes, it's quite likely that Snowden -- as he has said -- no longer has access to the documents. But other people do. And they're not as knowledgeable about encryption and spycraft as Snowden is.

First, the journalists working with the documents. I’ve handled some of the Snowden documents myself, and even though I’m a paranoid cryptographer, I know how difficult it is to maintain perfect security. It’s been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it’s almost certainly not enough to keep out the world’s intelligence services.

There is a lot of evidence for this belief. We know from other top-secret NSA documents that as far back as 2008, the agency’s Tailored Access Operations group has extraordinary capabilities to hack into and “exfiltrate” data from specific computers, even if those computers are highly secured and not connected to the Internet.

These NSA capabilities are not unique, and it’s reasonable to assume both that other countries had similar capabilities in 2008 and that everyone has improved their attack techniques in the seven years since then.

But, the second point is an even bigger one, which is that it's highly likely that Russian and Chinese intelligence got these documents long before Snowden gave them to the press, because that's what spies do.

Which brings me to the second potential source of these documents to foreign intelligence agencies: the US and UK governments themselves. I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they’ve penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades.

Those government hacking examples above were against unclassified networks, but the nation-state techniques we’re seeing work against classified and unconnected networks as well. In general, it’s far easier to attack a network than it is to defend the same network. This isn’t a statement about willpower or budget; it’s how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game. In other words, it’s all offense and no defense.

In this kind of environment, we simply have to assume that even our classified networks have been penetrated. Remember that Snowden was able to wander through the NSA’s networks with impunity, and that the agency had so few controls in place that the only way they can guess what has been taken is to extrapolate based on what has been published. Does anyone believe that Snowden was the first to take advantage of that lax security? I don’t.

Remember, this is the same government that's now reeling from the Chinese hacking of OPM getting all the secrets of government employees, including those with security clearances. It was a hack so impressive that even Michael Hayden -- former CIA and NSA boss -- can't hide his appreciation of the work that was done. Hayden called it "honorable espionage work" by the Chinese and further notes that he "would not have thought twice" if he had the ability to get the same info from the Chinese.

These are the games that intelligence agencies play all the time. Schneier's piece has a lot more in it, but the idea that the Russians and Chinese learned anything particularly new or useful from the Snowden documents -- or that they even got them from Snowden's document dump -- seems quite dubious.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bruce schneier, china, encryption, espionage, michael hayden, russia, snowden documents

28 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Ninja (profile), 17 Jun 2015 @ 9:29am

Does anyone believe that Snowden was the first to take advantage of that lax security?

The Government?
[ link to this | view in chronology ]
Baron von Robber, 17 Jun 2015 @ 10:54am

"No secrets"
[ link to this | view in chronology ]
Anonymous Coward, 17 Jun 2015 @ 11:01am

Trust us...
We're from the government. We're here to help. Let us and our corporate brethren hold your information for you. Or at least give us golden keys to it all. It will all be perfectly safe. We promise. Trust us.
[ link to this | view in chronology ]
Agonistes (profile), 17 Jun 2015 @ 11:12am

At this point, I actually put more clout in the Chinese denial of the hack than anything .gov tells us.
[ link to this | view in chronology ]
Self-declared Non-kook, 17 Jun 2015 @ 11:13am

Glad it's B.S.! Otherwise just another conspiracy kook speculating at random on details he can't possibly know!
THIS is what I come to Techdirt for: another version of The Official Sub-sub-story, instead of whether the seven top internet corporations are in cahoots with globalists besides NSA. It's safe and doesn't disturb.
[ link to this | view in chronology ]
- Anonymous Coward, 18 Jun 2015 @ 2:28am
  
  Re: Glad it's B.S.! Otherwise just another conspiracy kook speculating at random on details he can't possibly know!
  Seriously, you can't even parody right.
  
  One tip, blue; if you want to stop giving yourself away, stop fucking around with Tor. Your posts always come through so the double IP address-posting is useless.
  [ link to this | view in chronology ]
ottermaton (profile), 17 Jun 2015 @ 11:14am

the agency’s Tailored Access Operations group has extraordinary capabilities to hack into and “exfiltrate” data from specific computers, even if those computers are highly secured and not connected to the Internet.

How is this even possible? I looked through the linked article and found no mentions of this capability. I understand that in their operations where they intercept packages and add mal/hard-ware to products these could then be subverted to access another network that is connected to the "target" PC/network, but if the systems are fully isolated (and not having wireless capability built-in or attached) I don't see how this could be possible.

I suppose part of the payload they add to a package could be wireless transmitters and they could set up receivers nearby, but that's the only situation where I can imagine getting access to a fully isolated system. Or am I missing something?
[ link to this | view in chronology ]
- Anonymous Anonymous Coward, 17 Jun 2015 @ 11:19am
  
  Re:
  Try this one.
  
  https://www.schneier.com/blog/archives/2013/10/air_gaps.html
  [ link to this | view in chronology ]
- Anonymous Coward, 17 Jun 2015 @ 11:22am
  
  Re:
  There are many ways.
  
  Plant mal-ware on the systems before they even arrive at their destination.
  
  Use standard virus techniques and wait for someone to move a usb drive from one machine to another.
  
  Bribe someone to put malware on the machine.
  
  Inflitrate another computer, say from an AC vendor, that ends up near a wi-fi access point for the secure network.
  
  Insert malicious code on the users phones and use it as a stepping stone to access the computer.
  
  Once a machine is infected, there are all sorts of covert channels to move the data out. My favorite is ultra-sonic communications through the speaker.
  
  I've been told about an air gapped network that was hacked as far back as the late 80's, and I haven't even tried to find out how far back it goes.
  [ link to this | view in chronology ]
  - Anonymous Coward, 17 Jun 2015 @ 11:42am
    
    Re: Re:
    Wim van Eck wrote his paper in 1985 about copying CRT transmissions through electromagnetic radiation, that was probably the first air gap compromise that I'm familiar with. I'm almost positive though that there must be something further back perhaps WWII and figuring out the codex for Engima, though that was a network in itself so wouldn't count.
    [ link to this | view in chronology ]
  - nasch (profile), 22 Jun 2015 @ 6:49pm
    
    Re: Re:
    Inflitrate another computer, say from an AC vendor, that ends up near a wi-fi access point for the secure network.
    
    If it has a wifi access point, can it really be considered a secure network?
    [ link to this | view in chronology ]
- Anonymous Coward, 17 Jun 2015 @ 12:19pm
  
  Re:
  During one of the penetration test exercises, the vendor was about to give up because they couldn't get in, until someone plugged in a laptop, which bridged the secure network with a "guest" network. Leveraging that bridge they were then quickly able to exploit a network printer which provided a more robust connection. Went downhill from there on.
  [ link to this | view in chronology ]
- Anonymous Coward, 17 Jun 2015 @ 4:24pm
  
  Re:
  You're missing something...
  
  NSA and CIA agents.
  
  Oh, and USB sticks.
  
  The classic method was used to infect Iran with Stuxnet, and it has been repeated with Duqu (although with Duqu 2.0 they appear to have gone for the social engineer via email method).
  
  All it takes is someone with 10 seconds of unobserved access to a USB port of a computer that might share passing communications with the airgapped computer in question -- an update server, for example. Since nothing malicious will be happening on that computer itself and the attack is targeted, it will likely go undetected. Then, as soon as the right circumstances present themselves... bam. Data is transferred and malicious system is set up. On the next update, the collected data goes back to the transfer medium to be sent back up to a networked machine.
  
  And this is fancy cloak and dagger stuff; the standard kind is to have someone walk in when they know the device is unattended, slip a hardware bug (with transmitter) into the computer in question, and leave. Such methods are detailed in the Snowden documents, and have been going on since at least 2008.
  [ link to this | view in chronology ]
- Anonymous Coward, 17 Jun 2015 @ 9:02pm
  
  Re:
  Look up the Equation group. A cool-sounding psuedonym for NSA's TAO
  [ link to this | view in chronology ]
Anonymous Anonymous Coward, 17 Jun 2015 @ 11:16am

Are Both True?
North Korea hacked Sony.

China hacked OPM.

Take government accusations with a grain of salt the size of our moon.

The likelihood of someone having beaten Snowden to the documents he took is high. On the other hand Snowden was looking to embarrass (erm reveal duplicity of) the Government, and others might have been looking for something else.
[ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

Self-declared Non-kook, 17 Jun 2015 @ 11:18am

Glad it's B.S.! Otherwise just another conspiracy kook speculating at random on details he can't possibly know!
THIS is what I come to Techdirt for: another version of The Official Sub-sub-story, instead of whether the seven top internet corporations are in cahoots with globalists besides NSA. It's safe and doesn't disturb.
[ link to this | view in chronology ]
wereisjessicahyde (profile), 17 Jun 2015 @ 12:46pm

Spies doing secret err..spiey stuff, whatever next? The worlds gone mad I tell you.
[ link to this | view in chronology ]
Anonymous Coward, 17 Jun 2015 @ 2:04pm

i still think the main aim of the article was to put more credence on to the plans of that dangerous UK Home Secretary, Theresa May. she wants to be able to hack into any computer, anywhere in the world, open any and all emails, txts, and letters, as well as able to hear actual conversations!
[ link to this | view in chronology ]
That One Guy (profile), 17 Jun 2015 @ 2:07pm

No 'maybe' about it
The only reason the NSA knows that Snowden grabbed anything is because he told them. If their internal security is that pathetic, it is absolutely guaranteed that other government spy agencies had, and quite likely continue to have, access to NSA files, whether it's through hacking in, or having someone on the inside feeding them intel.

Trying to blame Snowden is just a pathetic attempt at saving face, so they don't have to admit that their systems and security were/are so full of holes that anyone who put even moderate effort could have gained access.
[ link to this | view in chronology ]
- observer, 17 Jun 2015 @ 5:21pm
  
  Re: No 'maybe' about it
  It's what I've been saying throughout. If one rogue sysadmin can pwn the mighty NSA so hard it doesn't even know how hard it's been pwned, what chance does it have against the Russian or Chinese government?
  [ link to this | view in chronology ]
Anonymous Coward, 17 Jun 2015 @ 5:49pm

Michael Hayden? Expert?
It was a hack so impressive that even Michael Hayden -- former CIA and NSA boss -- can't hide his appreciation of the work that was done.

Shows you how much Mr. Hayden knows about computer security. If the reports are correct, the only difference between those servers and a wet paper bag would be that the wet paper bag would have been harder to break into. I am actually more surprised that nobody else broke in. And when I mean is I am not trusting anyone who says that "they" (whether it be China or someone else) were the only ones with access to the system. And how would they know...they accidentally discovered the break-in they found. How can they have any idea who else was there?
[ link to this | view in chronology ]
Anonymous Coward, 17 Jun 2015 @ 5:51pm

If they have the shit on every federal employee why not this also? Seems to be the American government mind set, we don't need to solve the countries problems, we need to find a scapegoat.
[ link to this | view in chronology ]
Stephen, 17 Jun 2015 @ 7:37pm

Did TechDirt Read the Comments Section?
If they had they might have seen the one I posted, which read as dollows:
Mr Schneier should go read the Globe and Mail's article titled "Snowden’s lawyer slams Times story claiming leaks ‘betrayed’ British spies".

In that article the lawyer, Robert Tibbo, who was Snowden's lawyer in Hong Kong, in an interview is quoted as saying "'There was no data in a cloud. He passed the data on to the journalists and that was it. Any actual copy he had with him was destroyed [before he left Hong Kong], precisely to avoid it from being seized or intercepted. I was a witness to all of that.'"
That article can be found at:

http://www.theglobeandmail.com/news/national/snowdens-lawyer-slams-times-story-claiming-leaks-bet rayed-british-spies/article24986059/

There we have an eyewiitness to Snowden's claim that he erased his copy of the documents before he left Hong Kong.

But that aside even if the Sunday Times article WAS true, think about it. Any knowledge the Brits might have that the Russians or the Chinese had cracked Snowden's files would surely be highly classified. Yet a British government goes and blabs about to the British press, thereby alerting the Russians and/or the Chinese that the British know. So now the Brits have their own Snowden to deal with. That is, someone (in their Home Office) leaking unauthorised material to the press.
[ link to this | view in chronology ]
Anonymous Coward, 17 Jun 2015 @ 10:46pm

Bruce makes a good point about journalists getting hacked. I believe Glen Greenwald has stated that someone broke into his house and stole one of his laptops. Plus what happened to his partner at the UK airport.

Just think what's happening to all the other journalists out there. Electronic security is really really hard.
[ link to this | view in chronology ]
Sorgfelt (profile), 18 Jun 2015 @ 3:52am

it is not true
Knowing how government intelligence operates, my first reaction to this is that the government story is totally false. There were no documents decrypted. They are just using this false story as an excuse to degrade support for Snowden in preparation for an extraordinary extradition.
[ link to this | view in chronology ]
- Anonymous Coward, 18 Jun 2015 @ 8:20am
  
  Re: it is not true
  I only hope that Putin's version of the KGB is on their toes. With public opinion swinging even more toward Snowden and away from the government (like it's possible to get farther away!), The US government is starting to sound a little desperate to grab him.
  [ link to this | view in chronology ]
GEMont, 18 Jun 2015 @ 1:37pm

When a leak is not a leak....
One other way that these documents could end up in the hands of the Chinese and others, was missed by the article.

And a very common and familiar method it is.

And that method is that the USG itself "leaked" most of the documents to foreign powers in order to discredit Snowden in the public forum and to give phony "substance" to their claims that Snowden "gave" these foreign governments access to the documents.

Once they can get most of the US pub "behind the plan", through such subterfuge, they can Barrack O-bomber Drone Snowden's sanctuary and finally kill the man who bared their crimes to the public.

Considering the lax attitude the USG has had in past with leaking very, very sensitive documents for exactly this sort of purpose, I would suspect this to be the most likely method used.

---
[ link to this | view in chronology ]
- observer, 21 Jun 2015 @ 10:48pm
  
  Re: When a leak is not a leak....
  Except that Snowden's sanctuary is in Moscow. You can't drone-bomb it, and if you tried then you'd start World War III. For all the US and UK governments and their apologists/propagandists are somewhat irrational in their hatred of Snowden - what exactly would all the grotesque revenge fantasies you see in newspaper comment threads accomplish at this stage? - I doubt they're quite THAT irrational.
  [ link to this | view in chronology ]