Americans can be counted on to do the right thing - after exhausting every other possiblity.
Sadly I'm not there yet.
Keith Alexander.
The NSA has admitted that the organization's use of Microsoft SharePoint allowed an unnamed sysadmin to leak information. In what can be perceived as either a ringing endorsement of SharePoint's "collaborative power", or a depressing admission that, yes, spooks use the same infuriating software as we do, NSA chief General …
"...measures the NSA is introducing to make sure that sysadmins cannot leak information to the public, such as working in pairs a..."
I think that might backfire. Most lone sysadmins wouldn't have the gumption to pull a "Snowden". But a pair might egg each other on. You can imagine the conversation: "This is really heinous stuff these spooks are up to." "Yeah, man, totally heinous." "Do you think maybe we should tell some one?" "What, leak it?" "Yeah, leak it." "Totally, let's leak it." *high fives*
Trusting one dumbass sysadmin is bad; trusting your sharepoint server to Bill & Ted is a whole afterlife more trouble.
There's also an information sharing system called A-Space which the analysts and some collectors use to collaborate, its compartmented of course and all distribution is limited based on cryptonym and distribution caveats (NOFORN, SI, etc) but it is rated to handle up to TOP SECRET information and is located on the JWICS as well as the NIPRnet and SIPRnet. NSAnet (also on JWICS) gets used occasionally for the same purposes too, but other agencies (even some parts of the Service Cryptological Elements and CSS) have no access to NSAnet whereas they do have access to A-Space.
Given that nothing Snowden (who I'm assuming is the "unnamed systems administrator" General Alexander was speaking of) has released carries a Top Secret* classification, when a great deal of the meat of the program undoubtedly is, he probably grabbed it from the Sharepoint network location at NSA Hawaii and Ive never heard of a Network Security Officer being able to connect Sharepoint or Lotus to JWICS
*-Snowden claimed that he has it but refuses to release it. Given his distinct lack of scruples and willingness to break the law to suit his ideals, I don't think that's what stopped him. He probably just didn't possess a TS-SCI/SAP clearance which he'd need for JWICS access. I might possess one, and in theory its a real bitch to initially get and very difficult to maintain. The Single Scope Background Investigation is the easy part, the excruciatingly hard credit check (they know if you've ever been late on a bill, anywhere at anytime, if you've ever bounced a check, even if you've ever replaced a debit card, all kinds of crazy shit), plus the Lifestyle and Counterintelligence Scope Polygraph examinations are the harder parts and they tend to keep the numbers working in Strategic (or Level Above Corps in Army parlance) Intelligence collection and analysis pretty small and the number of people working at a lower level generally much higher.
> There's also an information sharing system called A-Space etc. etc.
More acronyms and kewl buzz than Calvin can come up in an afternoon of dwelling in the house of club GROSS ("Get Rid of Slimy Girls").
You guys really need to have the keys taken away.
"Given his distinct lack of scruples and willingness to break the law to suit his ideals, "
The same sort of thing was said about:
The suffragettes
Those against the slave trade
Black civil rights protesters
Anti-Apartheid protesters
The French Revoloution
Ghandi
Forest Dwellers of Borneo
Syrians
Egyptians
Irainians
Jordanians
and on and on and on and on and on.......
"The NSA has admitted that the organization's use of Microsoft SharePoint allowed an unnamed sysadmin to leak information."
Bullshit.
It's not the use of SharePoint which allowed this sysadmin access; it's the idiot administrator who gave him access in the first place.
What is this anyway; an attack on Microsoft to try and restore their reputation a bit? ("You see; even the NSA doesn't like Microsoft. Surely the NSA would like Microsoft if they had just rolled over?").
Obviously the black helicopter.
Absolutely. It's not the use of SharePoint, it's the fact that he had access to the data. He could've been using a snow shovel to move the data - that's irrelevant.
Always assume that a sysadmin can - legitimately or otherwise - bypass any technical security in the system. Then assess and manage the risks accordingly.
Actually sharepoint seems to distribute permissions much like a Santa in a Xmas parade. The hardest/best SA efforts to secure it are brought low when inexplicable hidden sticky permissions suddenly - and without logging - grant temporary admin permissions to clueless content contributors.
I bet foreign intelligence operations had admin permissions to that host before the NSA senior managers could even smugly browse their first report.
Forget Snowden...the idiots who bought Sharepoint for the NSA and the Microsoft sales weasels who lied through their teeth about the actual auditable security level of their product should be charged for aiding and abetting the enemy. Snowden at least was on the side of the public at large, while those weasels were operating purely for the sake of their greed or laziness.
"Actually sharepoint seems to distribute permissions much like a Santa in a Xmas parade. The hardest/best SA efforts to secure it are brought low when inexplicable hidden sticky permissions suddenly - and without logging - grant temporary admin permissions to clueless content contributors."
SharePoint permissions are straight forward and easily managed. It would never 'grant temporary admin permissions' - either you gave them admin or you didn't. Logging is also up to you to enable / disable.
i.e. this is purely a lack of basic competency on your behalf...
That is utter bullshit, over 10 years of managing a datacenter and I've never needed removable media. I have a network boot server that is just loaded with the DaRT toolkit, WinPE and a bootable OpenBSD install. Anything that can be done with removable media can easily be done with network-based utilities.
@AC: You need ability to insert usb drives into machines before you setup the whole infrastructure. Once you have basic infrastructure in place, then you put Secret or Top Secret data in the network.
Then you'd need to do it again only in the case of total network meltdown.
"Anything that can be done with removable media can easily be done with network-based utilities."
Except when the network card is broken. Or disconnected. Or misconfigured. Or Boot from LAN is disabled, etc. etc.
Why would ANY of those situations require that you carry confidential information of the sort Snowden released about on a USB stick? At MOST it'd be a boot image or maybe some drivers. Once the network connection is up the confidential data can be put back onto the server over EITHER a locked-tighter-than-a-gnat's-ass network connection or, if time is a factor due and your internet connection's just not quick enough (or you suspect your LAN is compromised), by a trained and trusted team of specialists carrying a spare HDD or two in a magnesium-and-flashpaper case- drives that can be copied onto the computer locally and then dumped in the 'to be thermited' bin for immediate secure disposal.
"Except when the network card is broken. Or disconnected. Or misconfigured. Or Boot from LAN is disabled, etc. etc."
In any of those situations, all you;d need is a screw driver, the keyboard or a network cable.
I feel like I'm bucking the general trend here of the comments and about to be shot down. However, I actually agree with the NSA chap that the decision to use SharePoint was an extremely large reason for administrators being able to leak information.
I know nothing about SharePoint administration so I am expecting to be shot down in flames, but to have just a few basic thoughts on how I might design a security focused collaboration tool. I'd probably ensure that all the content was stored and served up encrypted. There would obviously be no need for someone with root on the machines serving content to be able to see the unencrypted content for backup or permission related issues. I'd probably delegate the actual job of decrypting the content that was being served up for particular user tokens to separate servers with more restricted access that only managed decryption and re-encryption of "resource {token} stored on source {token} being requested by {token}" to separate out and simplify the authentication job and limit the attack surface of what actually matters if it is compromised. I'd also probably split up keys storage into a number of different and disjoint fiefdoms under different control and use the academic research on byzantine generals problems to ensure that it required a majority of systems (and people) to be compromised before information was leaked beyond the intended targets.
The point I'm trying to make is that the design of a secure system for the NSA would seem to be very different to (my imagination of) a simple microsoft collaboration tool. It seems they were remiss in going for the easy option and not putting the possibility of spies at the heart of their IT policy. And thank god for that, now we know what we always suspected. :)
The problem isn't really come from any technology people use. That's all about awareness and security management applied to the system. I've recently done a penetration testing on an internal SharePoint environment for an international airport and seen there are lots of issues and threats the SharePoint administration team were making themselves. For example, the password is easily predictable. There is no policy of password complexity ever on that environment. Another example is the use of All-in-one account for all things (services, server, whatever). They didn't apply the latest security updates for the SharePoint system. Well bum! they absolutely failed in SharePoint security.
I have to agree about what someone above said: "Not securing the system is a serious failure". Do have plan for hardening SharePoint using industry-accepted standard such as PCI DSS, penetration testing monthly or so on. Don't rely much on the technology, looking into the human factors is worth spending some time on.
-T.s
"The problem isn't really come from any technology people use. That's all about awareness and security management applied to the system."
The (flawed) assumption is that people with access to the systems have authorisation to do so.
This same flawed assumption is seen in BGP4 - which has been locked down a lot in the last 20 years - and in the world's phone number routing system (which has not and is subject to repeated hijackings even today - if you think bank coverups of security botchups are common you haven't seen anything.
So are they saying that NSA Hawaii isn't linked the rest of the NSA? That's the only reason you'd need to have bill and ted copy content to a USB stick. I can't copy any content to a USB stick in my workplace, which isn't the NSA that's for sure. Don't want your content copied then wrap some IRM round it, turn off the USB ports and any USB sticks given out are taken back and scanned for suspect content. Oh if it is on your network you can move content between farms by publishing or even migrating content plenty of tools to do that.
And bill and ted still can't copy it to a USB stick.
Don't blame the software cos you don't secure your content properly. Don't blame apps cos you never read security for dummies.
Finally clue is in the name it's called sharepoint for a reason.
Seems to me there are several problems...
Well, problem 0) Good thing the NSA is so lax with security so people got definitive evidence of their illegal and unconstitutional spying programs, instead of hints of their existence with people saying those who believed these hints needed a tin foil hat. Of course, most people still do not have the proper level of outrage here in the US, which is damned unfortunate.
1) Yes, Sharepoint itself is a problem. It is extraordinarily hard to secure, and make sure it stays secure, compared to, well, any sane system. It's easy for Microsoft apologists to just say the admins hadn't set it up and admin'ed it right (which is true) but see AlgoRythm's post for insights into the kind of pain an orginization brings itself by introducing Sharepoint in a high security environment. Don't get me wrong, any system could have been set up too laxly and permitted leaks like this.
2) No, admins don't need removeable devices to do their work. These systems should have had USB stick support disabled as far as I can tell. If there's some exceptional case, then the stick should be issued on site, and the admin shadowed until they relinquish the stick (which would then be erased and ready for next temporary use.)
3) Of course, this lax of security makes a good case for NSA's illegal and unconstitutional spying programs to be shut down... even if you're one of these weirdos who thinks NSA should be trusted to do whatever they want with no oversite whatsoever, to me this demonstrates that even if they have the best of intentions they are still not trustworthy enough to hold onto my private information.
"It is extraordinarily hard to secure, and make sure it stays secure, compared to, well, any sane system"
It's actually very easy, flexible and powerful to set permissions in Sharepoint. Just because you walked up to it without any training and expected to be able to do everything without RTFM doesn't make the product the failure here...
@Henry: Your post would have a lot more credibility if you didn't use expressions such as "Microsoft Apologist". It detracts from any message you are trying to get over with everyone except the most anti-microsoft, who were already there before you in any case.
I use FOSS every day at home and work, I also use COTS from pretty much all major manufacturers. I saw the expression "Microsoft Apologist" and skipped to the reply button.
I hate buzz words, but in this case 'core competency' is very applicable. By definition the NSA gathers and keeps secrets, that is their job. The management of the systems, and their secrets, should never have been contracted out. That should have been handled by internal staff with proven loyalties, not handed off to what are, in effect, mercenaries.
I'm not knocking contractors as a whole, I did my time too, but when you don't have the internal staff to manage what you've created something has gone terribly wrong.
Something not discussed much in the whole NSA/Snowden mess is the catastrophic management failures inside the agency. If the core service they provide is so out of kilter I can only imagine how bad the unaccountable financial clusterfuck must be.
why is the NSA reviewing it's collection and storage of data and adopting the EU plan of common carriers doing the storage?
Wonder what other Constitution breaches are under review?
Snowden deserves a Nobel award for this, at least he is more deserving than Obama.
Reading the comments, it seems only two commenters have any actual knowledge of what goes on at the NSA program. The remainder speak from their vast store of ignorance and ill will. Then there are the persons of such vastly superior intellect that they are able to interpret "unconstitutional and illegal" behavior better than SCOTUS and the FISA courts. And don't forget those whose response to others with whom they do not agree is always the infamous ad hominem attack.
I seem to remember that the telephone company collects your phone call metadata and uses it to send you a bill. Some ISPs monitor your internet usage and send you a bill. NSA collects phone number, phone called, length of call. Stores it. At this point, it is No-Name data, less than your telephone companies gather. Some other authorized agency decides they need your data so they look in the PUBLIC telephone directory or get the address online, get the FISA court to authorize the release of data from NSA, nd NSA complies with the court order. Linking a name to the metadata is done under court order, as is further processing.
It would be physically impossible to actually listen to and record every telephone call and every internet message of everyone. How many zetabytes of storage would that require? How many people would be required to listen in to all conversations? Try to think logically for a change.
As for Snowden, he has admitted he deliberately wormed his way into NSA in order to find evidence of things he did not like. That is almost the definition of a mole spy. He undoubtedly considers himself to be a righteous crusader. I consider him guilty of Treason.
As Senator Moynihan said, you are entitled to your own opinion but not to your own facts.
This post has been deleted by its author
I've got two issues with your point of view and one issue with your "facts".
Fact first. Any agency that needs info from NSA or the NSA requesting info from its own servers does not require to go through FISA more than once. This is because FISA has been granting over wide "warrants". In the UK courts you are supposed to make a new request for surveillance type information for each "case" or "person of interest". FISA seems to have accepted "all info pertinent to the search for terrorists" as a valid request. No real limitations to this.
I agree that no one is looking through all the data. I very much doubt that my phone calls/ internet searches/email are being read by anything more than the equivalent to Google's Spiders. However, the fact that they can (and probably are) looking at all of the phonecalls and internet searches and related information that they can get their hands on for some people worries me. This is because I don't want the NSA to be looking for blackmail-able material for UK Judges, Journalists, politicians, company managers etc. Oh and their families (If I can't blackmail the PM, can I blackmail his cousin/nephew etc).
TL:DR Just because my info is not of interest doesn't mean that the info they are looking at isn't actively detrimental to my life/sources of info/access to justice.
This post has been deleted by its author
...is that our Matrix/Minority Report-style tech fantasies are brought down by the crushing realisation that twelve years after 2001 the spooks are using the same annoying point-and-click shite inflicted on the rest of us.
I haven't felt this demoralised since that woeful "THIS IS A UNIX SYSTEM" 3D file explorer in Jurassic Park.
Green screens, 3D gesture recognition or GTFO.
Yup, the good old days of Blunt, Burgess, Philby and Maclean. The British Establishment made sure that there weren't too many "outsiders", thus ensuring excellent security.
When it really was a matter of national security, i.e. WW2, the "outsiders" who had to be recruited kept the secrets very well. The answer, of course, is to be unambiguously on the right side so that intelligent people who think a lot about things give you their support, instead of behaving like power mad toerags and upsetting them.
No, threes; one who could read, one who could write, and one to keep an eye on the two dangerous intellectuals.
That is actually the root problem with things like the NSA and GCHQ: they want very intelligent people, but sadly these tend to come with the baggage of independent thinking skills.
The fascinating part of this thread is the war between Sharepoint admins. Either there are a lot of admins who can't properly configure the system or there are some complacent admins who think they've configured the system properly and don't realise the security is shot. I have never used it, so I have no idea which is true.
As someone who works in SharePoint, SharePoint is not the problem. It is yet again, a problem of correct use of governance. When a company chooses not to use governance policies that align with SharePoint's built-in capabilities, they leave holes in their environments for things to happen. Don't blame it on the platform for user-error mistakes.