Bruce Schneier: Sure, Russia & China Probably Have The Snowden Docs... But Not Because Of Snowden
from the because-espionage dept
Given all the fuss over the ridiculous article this past weekend -- which has since been confirmed as government stenography rather than actual reporting -- security maven Bruce Schneier has written up an article making a key point. It's quite likely that the underlying point in the article -- that Russian and Chinese intelligence agencies have access to the documents that Snowden originally handed over to reporters -- is absolutely true. But, much more importantly, he argues, the reason likely has almost nothing to do with Snowden.First, he notes, it's quite likely that Snowden -- as he has said -- no longer has access to the documents. But other people do. And they're not as knowledgeable about encryption and spycraft as Snowden is.
But, the second point is an even bigger one, which is that it's highly likely that Russian and Chinese intelligence got these documents long before Snowden gave them to the press, because that's what spies do.First, the journalists working with the documents. I’ve handled some of the Snowden documents myself, and even though I’m a paranoid cryptographer, I know how difficult it is to maintain perfect security. It’s been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it’s almost certainly not enough to keep out the world’s intelligence services.
There is a lot of evidence for this belief. We know from other top-secret NSA documents that as far back as 2008, the agency’s Tailored Access Operations group has extraordinary capabilities to hack into and “exfiltrate” data from specific computers, even if those computers are highly secured and not connected to the Internet.
These NSA capabilities are not unique, and it’s reasonable to assume both that other countries had similar capabilities in 2008 and that everyone has improved their attack techniques in the seven years since then.
Remember, this is the same government that's now reeling from the Chinese hacking of OPM getting all the secrets of government employees, including those with security clearances. It was a hack so impressive that even Michael Hayden -- former CIA and NSA boss -- can't hide his appreciation of the work that was done. Hayden called it "honorable espionage work" by the Chinese and further notes that he "would not have thought twice" if he had the ability to get the same info from the Chinese.Which brings me to the second potential source of these documents to foreign intelligence agencies: the US and UK governments themselves. I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they’ve penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades.
Those government hacking examples above were against unclassified networks, but the nation-state techniques we’re seeing work against classified and unconnected networks as well. In general, it’s far easier to attack a network than it is to defend the same network. This isn’t a statement about willpower or budget; it’s how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game. In other words, it’s all offense and no defense.
In this kind of environment, we simply have to assume that even our classified networks have been penetrated. Remember that Snowden was able to wander through the NSA’s networks with impunity, and that the agency had so few controls in place that the only way they can guess what has been taken is to extrapolate based on what has been published. Does anyone believe that Snowden was the first to take advantage of that lax security? I don’t.
These are the games that intelligence agencies play all the time. Schneier's piece has a lot more in it, but the idea that the Russians and Chinese learned anything particularly new or useful from the Snowden documents -- or that they even got them from Snowden's document dump -- seems quite dubious.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bruce schneier, china, encryption, espionage, michael hayden, russia, snowden documents
Reader Comments
Subscribe: RSS
View by: Time | Thread
The Government?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Trust us...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Glad it's B.S.! Otherwise just another conspiracy kook speculating at random on details he can't possibly know!
[ link to this | view in chronology ]
Re: Glad it's B.S.! Otherwise just another conspiracy kook speculating at random on details he can't possibly know!
One tip, blue; if you want to stop giving yourself away, stop fucking around with Tor. Your posts always come through so the double IP address-posting is useless.
[ link to this | view in chronology ]
How is this even possible? I looked through the linked article and found no mentions of this capability. I understand that in their operations where they intercept packages and add mal/hard-ware to products these could then be subverted to access another network that is connected to the "target" PC/network, but if the systems are fully isolated (and not having wireless capability built-in or attached) I don't see how this could be possible.
I suppose part of the payload they add to a package could be wireless transmitters and they could set up receivers nearby, but that's the only situation where I can imagine getting access to a fully isolated system. Or am I missing something?
[ link to this | view in chronology ]
Re:
https://www.schneier.com/blog/archives/2013/10/air_gaps.html
[ link to this | view in chronology ]
Re:
Plant mal-ware on the systems before they even arrive at their destination.
Use standard virus techniques and wait for someone to move a usb drive from one machine to another.
Bribe someone to put malware on the machine.
Inflitrate another computer, say from an AC vendor, that ends up near a wi-fi access point for the secure network.
Insert malicious code on the users phones and use it as a stepping stone to access the computer.
Once a machine is infected, there are all sorts of covert channels to move the data out. My favorite is ultra-sonic communications through the speaker.
I've been told about an air gapped network that was hacked as far back as the late 80's, and I haven't even tried to find out how far back it goes.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
If it has a wifi access point, can it really be considered a secure network?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
NSA and CIA agents.
Oh, and USB sticks.
The classic method was used to infect Iran with Stuxnet, and it has been repeated with Duqu (although with Duqu 2.0 they appear to have gone for the social engineer via email method).
All it takes is someone with 10 seconds of unobserved access to a USB port of a computer that might share passing communications with the airgapped computer in question -- an update server, for example. Since nothing malicious will be happening on that computer itself and the attack is targeted, it will likely go undetected. Then, as soon as the right circumstances present themselves... bam. Data is transferred and malicious system is set up. On the next update, the collected data goes back to the transfer medium to be sent back up to a networked machine.
And this is fancy cloak and dagger stuff; the standard kind is to have someone walk in when they know the device is unattended, slip a hardware bug (with transmitter) into the computer in question, and leave. Such methods are detailed in the Snowden documents, and have been going on since at least 2008.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Are Both True?
China hacked OPM.
Take government accusations with a grain of salt the size of our moon.
The likelihood of someone having beaten Snowden to the documents he took is high. On the other hand Snowden was looking to embarrass (erm reveal duplicity of) the Government, and others might have been looking for something else.
[ link to this | view in chronology ]
Glad it's B.S.! Otherwise just another conspiracy kook speculating at random on details he can't possibly know!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
No 'maybe' about it
Trying to blame Snowden is just a pathetic attempt at saving face, so they don't have to admit that their systems and security were/are so full of holes that anyone who put even moderate effort could have gained access.
[ link to this | view in chronology ]
Re: No 'maybe' about it
[ link to this | view in chronology ]
Michael Hayden? Expert?
Shows you how much Mr. Hayden knows about computer security. If the reports are correct, the only difference between those servers and a wet paper bag would be that the wet paper bag would have been harder to break into. I am actually more surprised that nobody else broke in. And when I mean is I am not trusting anyone who says that "they" (whether it be China or someone else) were the only ones with access to the system. And how would they know...they accidentally discovered the break-in they found. How can they have any idea who else was there?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Did TechDirt Read the Comments Section?
http://www.theglobeandmail.com/news/national/snowdens-lawyer-slams-times-story-claiming-leaks-bet rayed-british-spies/article24986059/
There we have an eyewiitness to Snowden's claim that he erased his copy of the documents before he left Hong Kong.
But that aside even if the Sunday Times article WAS true, think about it. Any knowledge the Brits might have that the Russians or the Chinese had cracked Snowden's files would surely be highly classified. Yet a British government goes and blabs about to the British press, thereby alerting the Russians and/or the Chinese that the British know. So now the Brits have their own Snowden to deal with. That is, someone (in their Home Office) leaking unauthorised material to the press.
[ link to this | view in chronology ]
Just think what's happening to all the other journalists out there. Electronic security is really really hard.
[ link to this | view in chronology ]
it is not true
[ link to this | view in chronology ]
Re: it is not true
[ link to this | view in chronology ]
When a leak is not a leak....
And a very common and familiar method it is.
And that method is that the USG itself "leaked" most of the documents to foreign powers in order to discredit Snowden in the public forum and to give phony "substance" to their claims that Snowden "gave" these foreign governments access to the documents.
Once they can get most of the US pub "behind the plan", through such subterfuge, they can Barrack O-bomber Drone Snowden's sanctuary and finally kill the man who bared their crimes to the public.
Considering the lax attitude the USG has had in past with leaking very, very sensitive documents for exactly this sort of purpose, I would suspect this to be the most likely method used.
---
[ link to this | view in chronology ]
Re: When a leak is not a leak....
[ link to this | view in chronology ]