General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsUS doesn't know what Snowden took, sources say
US doesn't know what Snowden took, sources say
By Michael Isikoff, Matthew Cole, and Richard Esposito
NBC News
More than two months after documents leaked by former contractor Edward Snowden first began appearing in the news media, the National Security Agency still doesnt know the full extent of what he took, according to intelligence community sources, and is overwhelmed trying to assess the damage.
Officials, including NSA director Keith Alexander, have assured the public that the government knows the scope of the damage, but two separate sources briefed on the matter told NBC News that the NSA has been unable to determine the full extent of the data he removed.
Sources said authorities believe the trove of unreleased materials includes details of data collection by U.S. allies, including the U.K., Canada, Australia and New Zealand. These English-speaking allies, known along with the U.S. as the "Five Eyes," are critical to U.S. intelligence efforts.
NSA had poor data compartmentalization, said the sources, allowing Snowden, who was a system administrator, to roam freely across wide areas. By using a thin client computer he remotely accessed the NSA data from his base in Hawaii.
One U.S. intelligence official said government officials are overwhelmed" trying to account for what Snowden took. Another said that the NSA has a poor audit capability, which is frustrating efforts to complete a damage assessment.
...
http://investigations.nbcnews.com/_news/2013/08/20/20108770-us-doesnt-know-what-snowden-took-sources-say?lite
Luminous Animal
(27,310 posts)Catherina
(35,568 posts)They're not even sure if he can still able to access NSA's internal servers. I don't have a link to that one but it came up a few weeks ago.
RKP5637
(67,101 posts)bhikkhu
(10,714 posts)its not that hard to copy stuff and cover your tracks if you have a modicum of skills. Probably the whole thing with using outside contractors makes it even more of a mess to keep track of.
Nuclear Unicorn
(19,497 posts)DisgustipatedinCA
(12,530 posts)Step 1: Use a freaking syslog server!
Step 2: Read this excellent set of router security configuration guidelines from some government agency:
http://www.nsa.gov/ia/_files/routers/C4-040R-02.pdf
Step 3: Maybe you'll want to secure your servers too, and not just your networks. Here's another security guide from that government agency I recommended:
http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml
I'm done talking to the NSA now. For those who may not be familiar, the NSA has for a long time put out security best practices guidelines for network equipment and servers, for both the business and home. The incompetence they're displaying with the Snowden story is nothing short of staggering. And in case you're wondering, yes, my employer would fire me in very short order if I'd permitted security to be as lax as it apparently was at Booz-Allen-Spyelton.
hootinholler
(26,449 posts)When the first name of the company you hire is Booze?
Aerows
(39,961 posts)and expecting the NSA to listen.
Aerows
(39,961 posts)"For those who may not be familiar, the NSA has for a long time put out security best practices guidelines for network equipment and servers, for both the business and home."
and 99% of it is better off shoveled with the rest of the horseshit, or fed to the pigs.
Tierra_y_Libertad
(50,414 posts)Catherina
(35,568 posts)They don't know what Snowden took. And they assure us analysts are so closely monitored that secret abuses are impossible.
So say I worked there and say I hated Elliot Spitzer. Say I then took some information about him and *tipped* off law enforcement to bring him down? You get the idea. Controls lol.
Aerows
(39,961 posts)Vinnie From Indy
(10,820 posts)On the one hand, we are told that the NSA is under incredible oversight and has multiple layers of accountability and scrutiny and on the other we are told they have no real good idea what was downloaded from their servers.
I wonder how many lower level analysts are BANKING big money from insider information.
bemildred
(90,061 posts)He was crawling their nets with wget. And if he doesn't know I am damn sure Alexander doesn't have the foggiest idea.
Catherina
(35,568 posts)bemildred
(90,061 posts)This is flat out incompetent, and that's assuming it makes any sense to do this in the first place, which it does not. Secrecy has it's place, but it is a VERY SMALL place, always, in a Democracy. This is ludicrous.
hootinholler
(26,449 posts)If this is proven, then claims about the auditablility of the NSA corpus are completely and utterly bogus.
Catherina
(35,568 posts)The claims are completely and utterly bogus.
hootinholler
(26,449 posts)In that they claimed they keep track of who has accessed it and why. They may have made that claim to Congress, I would have to research it but don't have time at the moment.
Aerows
(39,961 posts)and if they were audited, who do you think would do it? They just label everything top secret and that pretty much leaves nobody with the ability to do so.
"Hello, I wish to audit you."
"That's national security and classified."
"Okay."
Aerows
(39,961 posts)they finally figured out what he took.
KoKo
(84,711 posts)Some of us DU'ers have felt that their EXTREME Jackbooting against Greenwald and with the Latest Fiasco of Raiding Guardian and Chopping up Laptop's Hard Drives in Guardian Newspaper Basement...has all been ....A STEP TOO FAR...to FASCISM.
Maybe these people don't think that there are folks around who are Babies of WWII, Cold War and all the CORRUPTION of US Govt. Since with Assassinations, Riots for Rights during the 60's and what's Gone Down Since!
They think we are so old and Dying Off that we can't FIGHT BACK? That we've Lost our Memories or something?
BUT...the STASI Like Tactics by Cameron and Obama is starting to make me think...they Learned NOTHING from HISTORY!
Aerows
(39,961 posts)It is fascism, plain and simple.
Hydra
(14,459 posts)Not just to the collected spying info, ALL of it.
He didn't hack that. This is normal network policy for them.
So much for "Greenwald and Snowden lied"
they don't go full scale smashing hard drives in the office of a newspaper if there isn't some serious shit about to be released. Whether it is good or bad for proles in the US, is anyone's guess, but I suspect someone is going to be exposed as majorly on the take, along with a band of thieves that profit handsomely. Just my conjecture.
JoeyT
(6,785 posts)If you can't tell what one guy did, you sure as shit can't tell what thousands did with any degree of accuracy.
Another talking point dies a horrible death.
You think anyone can oversee an agency that can hide shit from Congress, uses a secret court that admits it is toothless, and an Executive branch that gives them a pass?
Please explain what oversight could be done in that situation, because I can't see how anyone could (not snarling at you, just pissed because there is no oversight, and we as American citizens are supposed to think this is okay.)
JoeyT
(6,785 posts)But "THERE IS OVERSIGHT YOUR TIN FOIL HAT IS TOO TIGHT DUMB LEFTIST!" talking points have been floating around. Now not only is there the problem that Congress couldn't really have oversight, they apparently couldn't oversee themselves, even if they wanted to.
Even if Congress, FISA, the Executive branch, and the NSA got together and decided to have fully transparent oversight, the infrastructure to oversee it apparently doesn't even exist, or they'd know exactly what was taken and when.
I was hoping they did know exactly what was taken: I'd rather them be nefarious than incompetent. We can reign nefarious in. Incompetence is going to blunder stupidly in whatever direction it wants and we can't stop what they're doing because they don't even know what they're doing.
Aerows
(39,961 posts)But they probably JUST NOW figured out what Snowden took, that's why they are releasing that they don't know what he has.
They will now use incompetence as a shield, while thinking they have the cards to prevent another disastrous situation such as the POTUS saying "No we don't do this" then the leak shows "Oh, we do this."
JoeyT
(6,785 posts)Aerows
(39,961 posts)since that would mean my government is actually worthwhile, or that I'm right in being cynical.
The whole situation reeks like ten day old meat in the sun, and I'm not going to sit here and pretend it smells like roses. It pisses me off that there are people that do, but it isn't the end of the world or the Presidency. It just stinks a bunch.
nadinbrzezinski
(154,021 posts)Thin thread client...who is running the show, the keystone cops?
Free clue, less humans won't solve this (from the NSA perspective).
Zorra
(27,670 posts)primarily used to squelch democracy and promote and protect the interests of transnational corporations throughout the world.
The kind of stuff that, if released publicly, would piss everyone off so much it would lead to a worldwide Bastille Day.
Quien sabe?
DirkGently
(12,151 posts)Good.
Catherina
(35,568 posts)DirkGently
(12,151 posts)Not that I don't credit The Speech. It was a good thing, and a step in the right direction, even if tapping Clapper to head up the "review" undercut things pretty deeply.
But I've got a strong sense of, "Hey, let's stop looking down this rabbit hole NOW. Please. Please?"
I can smell them sweating from here.
kentuck
(111,069 posts)Because they obviously have no idea what might be in the hands of the Russians or the Chinese? They don't even know what files Snowden "touched" or had access to? They don't know whether to shit or go blind.
Catherina
(35,568 posts)They expressed fears that foreign governments, in particular Russia or China, could hack into the Guardian's IT network. But the Guardian explained the security surrounding the documents, which were held in isolation and not stored on any Guardian system.
However, in a subsequent meeting, an intelligence agency expert argued that the material was still vulnerable. He said by way of example that if there was a plastic cup in the room where the work was being carried out foreign agents could train a laser on it to pick up the vibrations of what was being said. Vibrations on windows could similarly be monitored remotely by laser.
http://www.theguardian.com/world/2013/aug/20/nsa-snowden-files-drives-destroyed-london