"The damage, on a scale of 1 to 10, is a 12."
One better than Spinal Tap, innit?
Next on The Reg - Will Nigel Tufnel go for 13?
The US National Security Agency may have some of the most sophisticated cyber-surveillance programs in the world, but it was trivial for former NSA contractor Edward Snowden to walk off with sensitive data, sources say, owing to the agency's antiquated internal security. "The [Defense Department] and especially NSA are known …
Wrong. Just yesterday the Washington Post ran a story about amounts of money in the black budgets. They self-reported that they self-redacted from the raw files because of the damage it would cause to National Security. It pinpoints real weaknesses in intelligence gathering capabilities as well as where money has been spent on successes. All of this is classified for good reason. Now our adversaries have it. And loathe though you may be to admit it, for the most part our adversaries are your adversaries. They're just a little more focused on us because you aren't much of a threat to them at the moment. But if they can ever neutralize us, they'll be happy to go after you next.
>And loathe though you may be to admit it, for the most part our adversaries are your adversaries.
And loathe as I am to admit it the only country talking about committing an act of war in the next few days is my own (the US). The but they were all bad guys argument may work with the right in the American public but makes the rest of the world not think of us as the good guys. The right also says we don't need the rest of the world only because they don't understand history.
I think the reason us Brits are not backing the US on this one is not that we don’t think we should intervene in theory, but we just don’t want to support either the rebels or the government, we see it as a bit like Afghanistan in the 1980s with hindsight, yeah the regime is bad, but we really don’t want another Taliban type government either, and you just know as soon as the West goes in Israel is going to get even more rockets landing on them, just because its Israel.
As a fureigner I enjoy the outrage of the American people when they learn that they are not, in fact, Special but are lumped into the same "probably terrorist"-bin as us Untermenschen!
The funniest thing about Snowden is that while everyone are wailing about what he "took", nobody is bothered about what he put in ... and data integrity and stuff.
Maybe that too will come when the NSA personnel file accidentially goes on the "no-fly" or "murder by SWAT"-list.
Snowden blew the whistle on the dirty tricks our governments get up to and for that we should be grateful. It goes without saying that the activities of the state are directed at the people. Little do they care if there is a terrorist outrage, rather it gives them the excuse to watch everybody more closely.
We can only hope that more of this dirt on our governments is exposed.
What he spilled the beans on was maybe 2-3 on a scale of 1-10.
The real stuff, the 10 on a scale of 1-10 is never put onto a computer, it's the stuff that is never recorded, never talked about and never minuted in the meetings.
Don't kid yourself that Snowden is that important, he is an embarrassment and and irritation but would never have had access to the real subterfuge that goes on in Government.
Interesting though, that for all the head-banging and wailing from the governments, nobody seems to have fired for creating the mess ... somebody must have been in charge of Snowden, somebody must have been responsible for the system configuration and permissions?
they have? I suppose a mix of all kinds..
I remember getting pissed off at NT and other windows versions for blocking access to files when I was an admin. I mean if I have rights to edit the files to give myself access just let me alter the #$@# file. On the same note I have never used ACLs on *nix, and always turn off SELinux. Would you believe it I've never been hacked in nearly 15 years?(other systems that I inherited have been compromised though the fault was never mine -- I suppose one hack I was responsible for I talked a friend into switching his FreeBSD box from telnet to SSH back in 2001 - about 9 months later he was hacked via ssh exploit). Shocking I know.. it's not that hard though. It helps a lot to not be a high value target to begin with!!
One of my friends a long time ago told me how Netware was even more strict, files could be locked down so admins could not read them(or edit acls etc), and there was a special backup user for the tape backups that had access to the files, then I suppose the tapes were encrypted or something so they couldn't be restored to another system and read that way.. I dunno.
I never want to work for such an institution. It just makes the job more frustrating. Myself I don't care about the data, I have no interest in stealing it, there's no value there for me personally. I've never had an interest to open "salaries.xls" or whatever, I don't care what is in there. I don't know why I just don't. It's not that I am secretly trying to be honest and not take it - I really don't care. I'll store it on the storage, back it up, whatever. The only time I may open it is if someone asks or if it's causing a problem for some reason.
Fortunately I haven't dealt with internal IT in more than a decade so that hasn't been my problem for a long time. Now the data I have dealt with since generally is more valuable(customer data), but again I really have no interest in stealing it. The only data I have interest in is the stuff I make myself (scripts etc). Some companies like to try to lay claim to such things (none I have worked for have ever tried/cared - they benefit greatly as not having to start from scratch each time dramatically accelerates results).
I am surprised that the NSA stuff was not more locked down, the means Snowden used to access it seems pretty basic (not "brilliant" like one commenter from another article on slashdot).
If I were in Snowden's position(at the time he took the data) I'm not sure what I would do.. hard to imagine ever being in that situation to begin with I can't ever imagine ever ever working for a big institution of any kind for any price. I suspect I wouldn't take the data, because I wouldn't care enough to look to see what is there to begin with.
Though I do commend him for doing what he did I think it was wonderful.
This post has been deleted by its author
When I worked at Martlesam Heath there was a whole floor dedicated to .... well who knows?
Actually it was easy to find out when they used our line printer for their top secret security manual.
Security is easy to implement - you just shoot all the managers who want everything done now rather than securely. Fortunately that's all of them.
I remember getting pissed off at NT and other windows versions for blocking access to files when I was an admin.
That's why one of the first principles of information security is "don't grant elevated privileges to people who don't care about security".
Of course, another one is "don't give employees of contractors elevated privileges on your sensitive systems". And even before that, "don't use discretionary access controls for compartmentalized data".
The NSA has compartmentalized data. Using any sort of DAC mechanism - rather than MACs or other formal enforcement approach - is irreparably broken from the start. Storing compartmentalized data on systems that rely on DACs is irreparably broken. Storing it on systems that have the concept of "unlimited privilege" sysadmins is irreparably broken.
It's the same old story. For economic reasons (procurement costs and user acceptance) the NSA is using completely unsuitable systems for its data. Snowden is a symptom, not a cause. Closing this barn door won't help regardless of where the horse is, because the barn is only notional - just an agreement among the sysadmins to play nice.
I have to agree with you. The rubbish vetting of contractors and staff along with allowing a near 'open door' policy to data security appears 'unwise'.
We have seen some of what what one Snowden has done, how many other odd ball things have happened and are still happening? Can any of the data be trusted? The released or unreleased data are all now suspect
How much of the data collection activity has been screwed up and tainted by those who have not yet been found or perhaps more importantly ensure they are not found out doing what they are doing?.
It is fine for all those 'we should have no secrets' types to wave their flags, though perhaps not so wonderful when you or yours get blown up or gunned down because no one could look.
How many fully legitimate investigations been blown off course because a rogue employee with the key to the magic kingdom, decided to protect a 'friend' or even worse implicate an innocent party? That innocent party could be anyone anywhere.
Data abuse is a multi-way highway, travelled by many dirty feet.
Couldn't one who is quite skilled, without even being brilliant, just enter control codes or such to replace the missing "A" key from the keyboard? Or, add to the system, a file containing the necessary executable/binary, and with escalated privileges, traverse, hop, skip, and jump along and do login?
Just asking...
You're probably right. Someone with the right skill set probably could overcome the lack of an 'A' key. The only way to prevent this would be for government to hire drooling thickwits for most roles.
Although it kind of looks like they're well on their way to implementing such a policy if Snowden's boss really granted him unlimited access. Maybe all those 'A' keys will be safe after all.
Start-> Run->OSK->Ok (or just go through the start menu if you haven't a keyboard at all)
But where is the Start button on the login screen? It's still easy enough to work around - it was clearly intended as tongue in cheek after all. However, suggesting one method that doesn't work is plain retarded.
I know someone at university in the late 90's who managed to get a cursor left ASCII code into thier password this way on the basis that if anyone key logged him it would overwrite the previous character and he'd still be secure.
Almost as nice as the guy who wrote a postcript fractal generator which locked a printer for about 8 hours when sent.
I'm sorry, I have to call b*llsh*t on this.
Any database system worth its salt relies on db specific credentials, simply being root (or any user for that matter) should be absolutely insufficient to access anything in a secured database. One would hope that such a place as the three letter agencies would require authentication against the database application before providing anything classified.
I find it beyond belief that such agencies would work in any other way. In which case, Snowdon actually *had* the appropriate levels of access to the data and we're trying to be sold something to cover that up.
alan.
I don't get the credentials, or lack thereof. If the data's encrypted on the system/server, a sysadmin can fiddle to their hearts content. They could move stuff with a memory stick, but unless they could decrypt it, they couldn't leak it. It's harder to manage, but surely a lot more secure?
With root access it is possible to totally bypass the security on any database by using disk block access to the underlying data files. (Or an easier method - make the backup procedure make a copy of the database somewhere else on the disk - set that up as an instance and give yourself full access to the copy.)
In older Oracle databases (I only worked on versions 5,6,7), it was easy as a system administrator to get access to the Oracle SYS and SYSTEM accounts or to set up an OPS$ account. Once you have access then adding an account (or modifying an existing one) with the READ ALL TABLES privilege (and any specific extra tokens needed to access a specific table) is trivial. Again with Oracle, one of the standard procedures that would be done from time to time is a full database export. The export file is ASCII text with no internal protection - if data is stored unencrypted in a database then it is unencrypted text in the export file. Note also that as a system administrator it is usually easy to define or modify where exception reports are sent so if accessing a table raises a flag then the flag can be made ineffective.
Remember - all databases have a backdoor built in to recover from the case where the admin password has been lost - with Oracle it was SQLDBA (at least in versions 5,6,7). With SQLDBA it was possible to change the password for any user or to add a new user with any desired privilege.
The way I read the article that is how it was separated. He had complete access to copy the data files. To access the data he was using other people's database IDs. What isn't clear to me is whether or not he was granted permission to create/reset database IDs. Frankly, it wouldn't surprise me if they had.
Government IT security is a sad state of affairs. They seem mostly concerned about whether or not the check marks are in the correct boxes on the forms, not the extent to which good practices are being followed. Or even if the alleged good practices truly are good practices. They'll force you to change each of your ten passwords once every 30 days (different rule sets for each) but won't lock down USB ports for stick drives or forget to buy cable locks for laptops. One place I was at wouldn't let you email the fully dotted quad of a non-routable ip address but were fine with you emailing a MAC address.
>One place I was at wouldn't let you email the fully dotted quad of a non-routable ip address but were fine with you emailing a MAC address.
I bet you'd blow their mind if you told them you could convert a IP to decimal format.
IPv4: 192.168.1010
Decimal: 3232238090
Crafty people always have a way of getting around dumb policies.
My personal experience as both a Unix admin and a DBA tells me that you are wrong. Here's the thing. That database as to run as a system user, generally one with reduced privileges.
For example, let's say the Unix username the database runs under is "oracle".
As a system administrator, I have access to the Unix "root" account. I actually need it to do my job. This user, by definition, as the right to become other users. This is necessary for the OS and it's security features to work right, so can't be easily disabled. So I just switch user to "oracle" then start the CLI for my database. Voila, access to pretty much everything stored in it.
Same goes for files stored in file servers (you appear to think it's all in one uber application. Word and excel documents probably get used a lot more) because hey, it's his JOB to make sure the files are OK and not going to vanish due to a failing hard drive.
So we know MS took in millions for their dealings with the NSA, but I wonder if that is biting them in the ass now? Even though Snowden's boss appears to have greatly contributed to the problem, itsure doesn't look good for SharePoint.
If I still sold software I'd be dreading every phone call and email from prospective SharePoint clients who wanted to know why the system was so insecure that a low level admin could snag documents from his superiors. Customers don't want to hear technical details; they get fixated on the end result. The end result here is the system allowed a serious (12!) security breach and that's all the customer will hear.
Serves MS right for dealing with the devil, selling their countrymen out and using my tax dollars to do it. I know they probably didn't have a choice but to cooperate, but I can still be pissed that they did.
Except that you're mixing reporting superiors with technical superiors. As a System Admin, Snowden was at the top of the technical chain.
What has happened with government IT work is the technical work has been separated from the management responsibilities and the technical work is contracted out. That way when the manager makes a frelled decision they can fire the contractors without a complicated exit process.
What's really needed is the computer equivalent of the two person rule for banks handling money. And I hear even that is typically expanded to a three person rule with one of the three never touching the cash.
"The NSA is reportedly only now piecing together the exact steps Snowden took to infiltrate its systems, including identifying specific users whose accounts he used to access documents. But there's no clear paper trail – investigators are said to be looking for red-flag discrepancies, such as accounts that were accessed while their owners were on vacation.
Once he began collecting documents, Snowden was surely also emboldened by the fact that, as a contractor working for Booz Allen Hamilton in Hawaii, he never once needed to set foot in NSA headquarters. Instead, he could access the files he wanted from a computer terminal some 5,000 miles away."
How about also looking for multiple and concurrently-used logins? Someone could be on vacation and legitimately be accessing a file under orders (not to work for more than 20 minutes, but to open a file and relate or communicate some critical number or name or term, then log off and resume vacation)?
How about if the Snarget (SnowdenTarget) is in a protracte meeting that surely is likely to involved being logged on to access training, reporting, or other reports? That person might legitimately be granted by IT to have 3 or 4 concurrent logins, crossing various zones, regions, buildings, and so on, either under one login name, or a login name but with different passwords, or different login names (to obscure WHICH employee is accessing files when a security breach cannot be allowed to show how much deep access a director has, say) and diffferent passwords.
Now, if the Snarget is in that meeting, and no alarms/tripwires are in effect, and if Snowden or a Snow-a-Like knows this and exploits it, it might be hard to prove who was doing what -- well, until enough auditors go over all the logins and parse them via a database. The database query might be as simple as (in lay language, not structured query language):
-- Get access info on the files known to be compromised
-- find the intermediate and presumed origin (travel path) of credentials/tokens/logins used to get to the files
-- find the servers that passed on/forwarded these credentials
-- display the time zones, normal working hours, and workstation locations for the user accounts involved
-- display the HR records showing valid work hours of the user accounts involved
-- display the Payroll records of the user accounts involved (to find terms, actuals, and non-hidden "consultants" and informants, etc
-- display the IT credentials/rights/escalated privileges histories
-- find banking and one-time payee records of user accounts for active and termed accounts
-- correlate all and look for anomalies for unions/sets related to NSA and NSA-contractors and NSA-approved "special login entities" (stools, triple agents, and similars)
-- correlate all with IT repair jobs and locate which data scrubs of sensitivce hardware have two or three-person control/integrity/wipe/destruction verification
-- interview/debrief all involved user accounts and nearby workspace colleagues for "intel" not in a database, about James Snond (Snowden/Bond)
My guess on why they are having a hard time tracking Snowden in the audits... All the system admins were doing similar profile sharing/switching just to get the system to work. It's really easy to track an anomaly traverse a system, but when when the anomalous behavior is standard procedure they may never be able to figure out exactly what happened.
BTW, if the NSA allowed "Tor" or similar sytems to do remote login, or used things like "Go To My PC" from virtually ghosty nodes, and relies solely on embedded, interspersed, sychronous and asynchronous creds (maybe some quantum-computer-like stuff), then all bets potentially could be off.
If Snowden worked alone, and bypassed quantum-like creds filtering, then, possibly he IS a genious. But, and tthis is a huge but, but if he had an accomplice, a deeply sympathetic one, then things may get ugly really fast -- assuming they knew the breech/breach (both spellings) would be investigated, the only thing could possibly resort to doing would be to put in system-wide account-compromising accesses and maybe even a few time bombs to make the investigation painful and take 10-20 years to unravel, in which case, Snond and his Mr/Mrs Punneymini might have lived those 10-20 years quietly and carefully, since everyone in the organization would be so compromised that most of them woulld have to be fired, not even transferred or even demoted. Just binned, without prejudice, which might mean some handsome severence packages in the even that no prospective employer would be insterested in hiring such terminated people.
Sucks all the way around -- except for those possibly receiving without-prejudice termination packages to retire and never apply for another Intel or SysAdmin job in this lifetime....
Holes like that can be costly, painful, and destructive to any nation's national security efforts. Effectively, Snond and any involvved accomplices may have may have for some time caused NSA to mean "Negated, Sieved, Abbotoired" until they plug the leaks, loopholes, and locks better.
Snowden was a contractor, as was/is his direct report boss, who appears to have colluded with Snowden only in that he was lazy and granted far too broad of access. Presumably to save himself the hassle of doing some things himself.
The contractor part is important to your comment as those who lose their NSA positions might be assigned a new role at Booz Allen but in all likelihood will just be terminated with no severance. I was once part of a contractor team (not with Booz Allen) on an IRS project that was binned and we were binned the next day with nothing to show for it.
I also just realized that the media has stopped mentioning Booz Allen as being at the center of all this. I wonder why? Their practices and hiring/screening policies seem to leave a lot to be desired and they're major govt contractors so their staff is everywhere. There's been nary a mention of them in weeks.
Because Booz Allen is also who does a huge percentage of the vetting for security clearances. They are one of, if not the largest, provider of those services to the Federal government, who outsourced it all nearly 15 years ago. They get to vet the candidate then hire and place them into their contracts.
It is all too cozy and rife with problems stemming from decisions based on 'financial efficiency'. It is cheaper to hire someone you've already vetted and kill several birds with one stone, than it is to keep hunting for the 'perfect' candidate. They've got contracts to fulfill and they need bodies in seats to keep the money rolling in.
Booze-Allen is only responsible for their internal practices. The government is responsible for the rest. Still falls to the government.
I''m not dealing with information half as confidential as the IRS let alone the NSA, and none of the permissions are granted by actual feds. We get little pieces of paper authorizing us to grant access to others. Which means we've got access to it all and it's all dependent on trust. The feds never touch the actual systems themselves.
nominated for the Nobel Peace Prize. If Obama can get one, these two deserve it for their real personal sacrifices.
As for techs having access - this has always been the case. In my younger days I was a technician involved with Autovon, and similar systems, and the techs could always go where others couldn't. Many was the time when a scramble-egg bedecked military type would ask for a favour, like making calls home using my access.
We even used to go to microwave sites, jack in our test equipment with the security types busy trying to figure out who we were with no ID showing on their screens.
Now we have cell system test sets ...
They have temporarily slowed down the American Big Brother invasion. They have brought to light, with proof, of the virus that is known as Prism.
Which is far more than Barack Obama has ever done. Barack should have won the Nobel prise for being a "Weasel" .
"Why? Exactly what has either one done that advances the cause of world peace?"
"They have temporarily slowed down the American Big Brother invasion. They have brought to light, with proof, of the virus that is known as Prism."
Neither of which are in the criteria for awarding the Nobel Peace Prize. You might as well give it to Justin Bieber for having pretty hair.
Nobel Peace Prize awarded according to criteria defined here;
http://www.nobelprize.org/nobel_prizes/peace/
Expose U. S. war awfulness, and diplomatic and NSA activities ... "slows down American Big Brother invasion"
There seem to be quite a few missing steps here; it would be nice if you provided a bit more detail as to just how that follows, or indeed if it does. Bashar al-Assad might be inclined to doubt it.
Most people who paid attention to such matters were completely unsurprised by either set of revelations. And just which invasion would that be?
No dispute about giving it to Barack Obama, though; it ought to be awarded for accomplisments, not speculation based on campaign messages.
There seem to be quite a few missing steps here;
Bringing proof to the table makes a lot of difference; we are no longer in speculative mode
* This makes for embarrassing situations for candidates/senators etc. Therefore they will begin to think twice about the outcome, votes become scarcer therefore funding becomes scarcer.
* All the bad publicity has to be undone, this takes time and money.
* Overseas clients become reluctant about dealing with the US ( I had an example at work today where a future client asked if any of their data would be stored in the USA, the client mentioned that he would not accept our offer if it been ( we are a large international company so his question was valid). Again this has the potential of costing real money for the Americans.
* People lose faith; again this has to be built back up again, yet more money.
* Barack Obama now looks like a fool, the next president will have to be twice as careful, this takes time and time is money.....
And so the list goes on, at every step, money quickly becomes a limiting factor, lose trade or international trust is a major faux pas, new deals have to be struck , Equipment has to be changed etc etc etc .
All of this in its own way helps slow down the machine.... America might like to believe that it can do what it wants but unfortunately for them it doesn't quite work that way, karma is a bastard when it come knocking.
As far as Bashar Al Assad is concerned, he probably couldn't give a f**k. He is going to get invaded one way or other by the Saudis or the UN.... He has known he is going to get shafted for quite some time....
None of the items listed contributes materially to world peace.
* The typical U. S. officeholder or candidate is practically incapable of experiencing embarrassment - e. g., Anthony Weiner. The great revelations doubtless will bring some change, but the degree of such change is not likely to be large, nor is the defense budget likely to be measurably smaller based on shortening NSA's leash. Any shrinkage will result from continuing withdrawal from Afghanistan and general budget negotiations.
* It is well known that one way some governments under stress handle internal problems is by foreign adventurism, as described humorously in the movie "Wag the Dog". The principle is pertinent also the final two items offered as evidence. Not that the US ever would do that, of course.
* It is not obvious whether, or to what degree, non-US clients actually can do better unless they and their data are contained entirely within an area that does not include the US, Canada, Great Britain, Australia, and New Zealand, all of whom participate to a greater or lesser degree in XKeystore data capture; and unless their solution does not involve in any significant way a US company subject to US laws. What are the remaining alternatives? Is China an alternative, or Russia? Switzerland might be a reasonable choice, or Iceland, but can anyone say for sure that NSA or GCHQ don't have taps on the lines there? I don't have a lot of respect for management that thinks placing data outside the US assures them of its integrity.
I came across a nice quote from Brent Ozar that is highly relevant here [1]:
Right up there with data integrity, security's really important.
Who else has sysadmin or securityadmin rights on this instance?
I care about securityadmin users because they can add themselves to the SA
role at any time to do their dirty work, then remove themselves back out.
Don't think of them as other sysadmins.
Think of them as users who can get you fired.
[1] http://www.brentozar.com/blitz/security-sysadmins/
Actually, I am not entirely sure the publicly available information shows Snowden had admin level access to practically the whole agency, as we seem to be led to believe. The revelations pertain to a particular field of large-scale consumer communications snooping. We are told that lots and lots of documents in Snowden's haul have not been disclosed, but we are not told what they are, and they all may be "more of the same". Besides, all we have seen is some presentations and documents that were secret, but not necessarily (or even likely) the most secret stuff at NSA. In fact, the target audience of the disclosed documents likely includes anyone who works with the collected data - all we saw were high level descriptions and snippets of the basic "rules of engagement". The fact that NSA listens to comms on the planetary scale is not itself a secret (not from anyone who has ever read Clancy or Forsyth - chuckle), it's the agency's basic charter. The fact that the contents are hoovered and stored on a massive scale rather than selectively was a surprise to some, and this is what lies at the heart of the matter. There may be a single team of admins dealing with this area - it is not clear that this in itself is a major security flaw. But it is not even clear what Snowden's responsibilities were - it may be that he was just responsible for the not-so-secret (on NSA scale) "support documentation" stash and never, for instance, administered or had access to the actual collection systems.
What is immeasurably more troublesome - and not addressed at all by this "he was an admin, what could we do?" hand-waving - is that apparently any non-privileged user (an analyst, not an admin) has access to the whole ginormous stash of data and meta-data and tools to query analyse them indiscriminately. When you have this situation it is useless to lament that admins have access, except as a smokescreen in the public debate, of course.
Compartmentalization has always been a staple of the spook business. One would expect multiple admin teams each having access to only the stuff the need access to. One would expect compartmentalized "project teams" - analysts and such - having access only to stuff related to a a particular project/operation/etc. One would expect an admin team supporting a particular op, with other admins not having access to the op-specific files, data, resources, etc. Yes, it makes sharing information more difficult, but by the same token it makes security tighter.
It looks like the (multiple?) "store the internet" programs were never compartmentalized by design. It was never designed to support specific individual projects, it was designed as a wholesale warehouse. The design may facilitate efficient access to stuff individual projects need, but it is also not compartmentalized and therefore not as secure as it could be. That is not the sysadmins' fault, and that is not a consequence of the nature of sysadmins' work. That is either stupidity (nothing will ever happen) or malice (who gives a flying fuck about anyone's privacy) or both, regardless of the possibly amazing efficiency when everything works "as designed". [Allow me to doubt the efficiency, I suspect, for instance, that signal/noise sucks. It may be very good for post-event investigations though, when the signal is strong.]
And now I wish someone at NSA would think of possible consequences of the proposed 90% sysadmin RIF again: if you need to compartmentalize access you will likely need more personnel, not less.
Yes, over compartmentalization was one of the 'significant findings' of the 9/11 Commission. Various agencies had data which might have helped prevent the attacks but no one could piece it all together as it was all locked up by different departments across many agencies: They couldn't provide a clear picture.
Those problems are one of the primary justifications for the growth of NSA programs and their role as the central information clearing house for other government agencies.
Yes, it was. It does not contradict anything. I allude to the possibly increased efficiency (and my doubts thereof) myself. But the trade-off in terms of security is obvious, or should be obvious if security/secrecy is important.
Waving the efficiency flag you hoover the whole bloody Internet into your data centres, you allow every analyst at a few dozen agencies access the data on demand, in the process you necessarily tell all of them (and the auxiliary/support personnel, including contractors) that (a) the data are collected and stored, (b) the data can be queried and analysed using such and such tools, (c) the users are not really supposed to use all the data indiscriminately, and here are the rules. You will note that this is all that has been revealed so far.
And now all of this is supposed to stay top secret indefinitely? And when it is leaked, by an admin and not by an analyst (admittedly an admin would be better qualified to get the information out and not get caught too early, but any analyst likely had access to the same resources), suddenly the root cause of the leak is the nature of sysadmins' duties? Sorry, but the implied statement that admins cannot be compartmentalized is (a) false, (b) irrelevant. Nothing was compartmentalized in this case, by design, and that merely includes sysadmins.
When you are a sysadmin you can usually log in as someone who is even logged in at another location, this is usually done to help with common user problems that occur with account setup or user training I.e. helping a user find a file or access and recover a damaged file. This means that a sysadmin has enough access to log in to a VM(virtual machine) from anywhere on the internet can change his identity SU(super user) su-l and access and set up a VPN(virtual private network) to transfer or modify files and then easily run a script to erase the access logs from the primary server its self all from thousands of miles away the scary thing is the nsa has no idea what he did or how so these security holes stay open for the next guy who wants the credit card number that you used this month to pay your Verizon bill with.
Yep,
And MAC itself.
Then it looks like they gave up , as it was apparently cheaper to buy a sharepoint license and use a wiki than implement a custom system that actually implemented MAC. Never mind the fact that in any computer system, unless you want to risk total data loss from a lock out, failure or loss of personnel , there are back doors. The best you can normally do is restrict these to physical access only , with physical observation and audited logging of any access,if you are super paranoid. Of course this become near impossible once you start storing datacenters worth of stuff. This also assumes that you trust the guys who set up the secure system in the first place. and doesn't cover you for bugs in the programs.
Or alternatively you can give your top level access to people from a third party company and allow them the ability to do anything remotely with no real local oversight. I guess it was (again) cheaper.
Still, at the basic level, I imagine almost everyone working at the NSA (or for the NSA) knew about the scope of data collection, which would be apparent from the data itself. Documents like the PRISM overview, the cables taps, the GCHQ connection, would be basic orientation material for most analysts so they would know what the possible information sources were.
Because if it becomes known that he was an ordinarily skilled sysadmin then they will be shown up as incompetent but not dealing with the common (or should be expected) case of a disaffected worker. As we have seen many times with these sort of people their primary interest is in protecting their own back sides and laying the blame elsewhere - just remember how they pursued Garry McKinnon who had the 'genius' idea of using default passwords to access systems.
I do not know how clever Snowden is, however I suspect that it did not need genius level skills to do what he did, just a bit of determination.
Whether Snowden is or is not "brilliant" (my assessment based on what has been shown inclines to the latter), the NSA have been shown to have lapsed seriously in the matter of basic information assurance. Whether that constitutes overall incompetence is uncertain, but it certainly indicates that not enough people were sufficiently attentive, and there doubtless are quite a few who should suffer reassignment or retirement (civilian and military employees), or dismissal (contractor staff).
.
When I worked a U. S Government agency we had many contractors intermixed with civil service personnel. The contractor staff were, on the whole, as capable and reliable as the civil service employees. Indeed, some felt that because contractor staff could be removed pretty much at will they were likely to be more diligent and careful on average. Civil service personnel are quite difficult to remove for reasons short of criminal activity or insubordination.
There is no valid argument for insisting that only employees can be system administrators. There is, though, a valid argument for insisting that background checks be done by employees, and be done carefully and thoroughly before allowing anyone elevated privileges, especially in a sensitive system. If Booz-Allen performed Snowden's background check, as I have seen reported, it is a management error of the first magnitude, first that the function should be contracted out at all, and second that it should be done by his employer, whose interest in the matter is, to say the least, impure.
First, let's review "They are great at some sophisticated tasks but oddly bad at many of the simplest."
The NSA used to have things tightly locked down. Then, some 9-11 thing happened and everyone bitched that they couldn't access information in order to prevent a recurrence of such an event. So, access controls were massively eased back.
Manning proved it, as did Snowden.
As for an SA having access and it's unpreventable, that is also hogwash! I've set up access controls where SA's, NA's, AD admins, even enterprise admins didn't have access. Only the backup logon account had access and it was prohibited interactive logon, had a random password that remained unseen by human eyes and the password changed quite often automatically.
The only thing that the idiot General has accomplished is removing the ability for the NSA to respond to another massive data breach, like happened with the 2008 cyber attack against the US DoD.
The NSA sent hundreds of admin types to clean up that debacle.
Twice.
Twice because the contractors that set up things in such a way that the malware infection was inevitable refused to fix the baseline to standard, so they reinfected the network and servers in under a month.
Something I know quite well, as I was in the middle of it, though my installation was kept up to standard, obeyed directives and hence, remained uninfected.
First thing, lock down sysadmin access to only what's necessary for the sysadmin to do his job. Shouldn't be a global account that has access outside his well define access level and job scope.
This is one reason to not trust the NSA. If he had GOD level status just because he was a puny SysAdmin, how do we know that Putin also doesn't have access... due to high level incompetence and the data leaks this enables.
Or they intentionally wished that the information be leaked so they can build a strawman.