Editorials & Other Articles

bemildred

(90,061 posts) Tue Aug 27, 2013, 07:41 AM Aug 2013

1,000 Sys Admins Can Copy Any NSA Document Without Anyone Knowing About It; Think Only Snowden Did?

I worked as a Unix sysadmin for about ten years (1991-2001) officially and unofficially, and I can state that this is the default situation, the default power that Unix sysadmins hold, to impersonate any other user, to change anything on the computer to say whatever they choose. It's not easy, it takes some knowledge, but it's also not hard, the tools lie ready to hand, and they can be used on Windows machines too.

Following on our earlier story about how Ed Snowden covered his tracks -- showing that the NSA's vaunted "auditability" of its systems is a complete joke -- comes the news that there are approximately one thousand sys admins with Snowden's authority, who can basically go through any document without any trace. Even more incredible: they can "appear as" anyone else when doing things on the system. In other words if a sys admin wanted to frame an NSA analyst, it sounds like that would be quite easy. The report also notes that, for all of the talk about how great the NSA is at cybersecurity, and the fact that part of the point of CISPA was to try to have the NSA in charge of the nation's cybersecurity, the agency does a piss poor job protecting itself:

“It’s 2013 and the NSA is stuck in 2003 technology,” said an intelligence official.

Jason Healey, a former cyber-security official in the Bush Administration, said the Defense Department and the NSA have “frittered away years” trying to catch up to the security technology and practices used in private industry. “The DoD and especially NSA are known for awesome cyber security, but this seems somewhat misplaced,” said Healey, now a cyber expert at the Atlantic Council. “They are great at some sophisticated tasks but oddly bad at many of the simplest.”

---

As for the thousand or so sys admins on staff, it appears that they have no restrictions or tracking of what they do:

As a system administrator, Snowden was allowed to look at any file he wanted, and his actions were largely unaudited. “At certain levels, you are the audit,” said an intelligence official.

He was also able to access NSAnet, the agency’s intranet, without leaving any signature, said a person briefed on the postmortem of Snowden’s theft. He was essentially a “ghost user,” said the source, making it difficult to trace when he signed on or what files he accessed.

If he wanted, he would even have been able to pose as any other user with access to NSAnet, said the source.

http://www.techdirt.com/articles/20130826/12223124315/1000-sys-admins-can-copy-any-nsa-document-without-anyone-knowing-about-it-think-only-snowden-did.shtml

8 replies

= new reply since forum marked as read

Highlight:

1,000 Sys Admins Can Copy Any NSA Document Without Anyone Knowing About It; Think Only Snowden Did? (Original Post) bemildred Aug 2013 OP

I've always admired Snowden for the fact that he did NOT fasttense Aug 2013 #1

I agree. I've seen things quite suitable for blackmail in the course of my duties bemildred Aug 2013 #2

I think we should be thanking Manning and Snowden for showing Downwinder Aug 2013 #3

NBC: Snowden Impersonated NSA Officials to Get Files bemildred Aug 2013 #4

Kicked and recommended. Uncle Joe Aug 2013 #5

My pleasure, trying to raise the level of debate. bemildred Aug 2013 #7

They've loaded dummy documents now, probably setting a trap to see if anyone else tries it. The Stranger Aug 2013 #6

This is hardly the first time with the thumb drives, that's what Manning used. bemildred Aug 2013 #8

fasttense

(17,301 posts)

1. I've always admired Snowden for the fact that he did NOT

Reply to bemildred (Original post)

Tue Aug 27, 2013, 07:59 AM

Aug 2013

suck up info on a Congressman's mistress, or the dead hooker in a CEO' bed. Then use that info to make a huge fortune in blackmail. Instead, he revealed this awful mess to the American people.

Just think about this. Men motivated by nothing more than greed, some of them psychopaths, have access to some very sensitive information that if used correctly, can bring in lots of blackmail money. And NO ONE is checking up on them. It's a criminal conspiracy just waiting to happen, or already happened.

bemildred

(90,061 posts)

2. I agree. I've seen things quite suitable for blackmail in the course of my duties

Reply to fasttense (Reply #1)

Tue Aug 27, 2013, 08:09 AM

Aug 2013

many times. People are quite naive about the illusion of privacy on a computer. It is not by design or by intention a private space. Protections are intentionally, necessarily, weak. You risk locking yourself out too, if you get too anal about security, and people are lazy, and it was always considered necessary to keep the machines "easy to use": marketing marketing marketing.

Downwinder

(12,869 posts)

3. I think we should be thanking Manning and Snowden for showing

Reply to bemildred (Original post)

Tue Aug 27, 2013, 08:42 AM

Aug 2013

how weak our security really is.

bemildred

(90,061 posts)

4. NBC: Snowden Impersonated NSA Officials to Get Files

Reply to bemildred (Original post)

Thu Aug 29, 2013, 12:48 PM

Aug 2013

---

His job as a system administrator gave Snowden the power to access the NSA servers with various user profiles, thus impersonating others when accessing files.

It seems that the NSA whistleblower also had the right to download files from his computer to an external storage device, which helped him take about 20,000 documents onto thumb drives.

“The damage, on a scale of 1 to 10, is a 12,” a former intelligence official told NBC.

This proves, once more, that Snowden is even smarter than US officials believed. As one US official told the aforementioned source, “this is why you don’t hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.”

http://news.softpedia.com/news/NBC-Snowden-Impersonated-NSA-Officials-to-Get-Files-379152.shtml

Uncle Joe

(58,355 posts)

5. Kicked and recommended.

Reply to bemildred (Original post)

Thu Aug 29, 2013, 01:20 PM

Aug 2013

Thanks for the thread, bemildred.

bemildred

(90,061 posts)

7. My pleasure, trying to raise the level of debate.

Reply to Uncle Joe (Reply #5)

Thu Aug 29, 2013, 01:28 PM

Aug 2013

I've seen lots of spin and hand-waving, very little about how things actually work, and why.

The Stranger

(11,297 posts)

6. They've loaded dummy documents now, probably setting a trap to see if anyone else tries it.

Reply to bemildred (Original post)

Thu Aug 29, 2013, 01:27 PM

Aug 2013

bemildred

(90,061 posts)

8. This is hardly the first time with the thumb drives, that's what Manning used.

Reply to The Stranger (Reply #6)

Thu Aug 29, 2013, 01:38 PM

Aug 2013

The upshot of the Manning adjustments was Snowden, i.e. even more and bigger "leaks".

The problem is not the lack of proper procedures. Sysadmins are the guys that implement "proper procedures", and they can do as they like. It has been customary up to now to treat sysadmins as a special case because:

1.) People who are willing and able to do the job well are not common.
2.) So they are expensive and overworked.
3.) Because, let's face it, there are way the heck more computers out there than sysadmins.
4.) Which is why, if one must have this sort of operation at all, it must be kept small.
5.) And is also why if you have thousands of sysadmins, some will not take direction well.

Reply to this discussion