back to article Edward Snowden's not a one-off: US.gov hunts new secret doc leaker

It appears former NSA contractor Edward Snowden is not the only leaker of secret US documents around, as the US government searches for another whistleblower in the aftermath of another leak of classified information. CNN reports that leaked documents related to a terrorist watch list and published by The Intercept (a site …

  1. Gordon 10
    Thumb Up

    Whoot!

    Go nameless guy! I just hope he/she has a better escape plan in place than Snowden did.

    Hopefully they are already sunning themselves in Ecuador.

    1. Version 1.0 Silver badge

      Re: Whoot!

      It's going to be a lot harder to catch this leaker - I'm guessing that they printed the list out and put it in the US Mail to a third party in Brasil. Nobody checks the mail these days.

      1. Cliff

        Re: Whoot!

        Private contractors? Aren't they the kind of people who might benefit from a leaked secret document before offering to sell more security and audit software to the public sector paymasters?

        One way to reduce the risk of a widely distributed list being leaked is to salt it with a few unique names/records for each copy - makes it pretty quick to tell if the list came from the cops or haliburton or whoever, narrows down the chase somewhat already

        1. Matt 21

          Re: Whoot!

          Another way would be to keep to the law so there's nothing to expose.

  2. Anonymous Blowhard

    Amazing!

    680,000 suspects and only 220 convictions over the last decade (http://www.thewire.com/politics/2013/04/civilians-courts-vs-military-courts-terrorism/64489/).

    These guys are way better at slacking than I am! It's like were being guarded by an army of Wallys.

    On the other hand, maybe it's just too easy to get on the list? I demand a more exclusive terror watch list!

    1. Pascal Monett Silver badge
      Coat

      A V.I.P. watch list, perhaps ?

      With a golden membership card ?

      1. Anonymous Coward
        Anonymous Coward

        With a golden membership card

        Platinum. You really don't want a credit limit to kick in when you're paying for a БУК launcher from MissilesЯUs.

        1. b0hem1us
          Go

          Re: With a golden membership card

          I would go for iridium, that would pay for the whole komplet, not just one battery.

    2. Irony Deficient

      insidious Marxism

      Pah — I refuse to join any terror organization that would have me as a member.

      1. Cipher
        Joke

        Re: insidious Marxism

        They, the alphabets, seem to be devoted whistlblower hunters, just inneffectual at it...

  3. russell 6

    Quite funny actually

    If true then it will create lots of paranoia inside the organization, they will then lock permissions down so tightly that nobody will be able to get any work done

    1. Anonymous Coward
      Big Brother

      Re: Quite funny actually

      But they will probably still all be able to see our data!!

  4. DropBear
    Mushroom

    The leaked database is shared with local law enforcement agencies, private contractors, and foreign governments.>

    Really? ...how quaint.

    1. Anonymous Coward
      Mushroom

      @ Dropbear

      That would explain why I am being upsold by ExplosivesRUs!!

      "Dear Mr. Hack,

      While most of our customers are happy to order C4, you're special. You're the kind of violent ideologue who expects only the best! Frankly, you seem like more of a Semtex man. And lucky for you this month we have a special...."

      1. b0hem1us
        Angel

        Re: @ Dropbear

        Hey man Semtex is cool, we even have an energy drink here named that. http://www.semtexculture.cz/

  5. P. Lee
    Paris Hilton

    Insider Threat

    Generally slightly less of an issue if you are a government with the moral high-ground.

    1. Anonymous Coward
      Anonymous Coward

      Re: Insider Threat

      a government with the moral high-ground

      I wasn't aware those existed anymore, where might I find one?

      1. Anonymous Coward
        Anonymous Coward

        Anymore?

        Are you saying there used to be governments with the moral high ground? Where can I read about one?

        1. elDog

          Re: Anymore?

          I can foresee a complete inversion of the security-threat-level (whatever that's called) and the El Register recommendation level.

          Whenever something is at a threat-level 55 (mid-high?) the recommendations should come in at around 5+.

          Eventually this will lead to the security agencies trying to up their threat levels so they get a higher El Reg recommendation. Pretty soon, secretaries from MI6 and the NoSuchAgency will be spilling their bosses beans all over the tubes - just for a better thumbs-up score.

          In the end, secrecy will be a thing of the past along with wingless dinosaurs. We'll all live in blissful abondance of TMI.

  6. Arctic fox
    WTF?

    Somebody got a universal translator handy?

    "Access controls including the two-man rule, role-based monitoring and data encryption are key requirements to make this happen, especially in highly concentrated environments like virtualisation and cloud,"

    What hell does that mean?

    1. Pascal Monett Silver badge

      It means that the data is kept secure in an extreme fashion, requiring two people to input passwords simultaneously (think Golden-Eye two-key access to the arming mechanism), and people who do access can only access the data that their authorizations subset allows them to, access being monitored automatically with red flags sent to monitoring personnel when out-of-line access requests are made, monitoring personnel who will then investigate the demand and compare with previous out-of-line demands - make too many mistakes and you're fired.

    2. russell 6

      Re: Somebody got a universal translator handy?

      Two man rule: It requires two people with seperate access codes, iris scans, keys etc to open a system. One can not do this without the other "man" being present

      Role based monitoring: You have a set framework within which you carry out your duties. Operating outside of these parameters will trigger a red flag. Similar to trying to do something on your PC at work which is outside of the permissions set by the Sys Admin. Try to do something and it will be noticed.

      What it means is that they need a shed load of internal "watchers" to watch the "watchers"

      At some point in the future things will get so big and complex within the organization, circles within circles etc, that it will no longer be able to support its own weight and entropy will do its thing that it does with all systems which are out of balance.

      1. Rich 11

        Re: Somebody got a universal translator handy?

        At some point in the future things will get so big and complex within the organization, circles within circles etc, that it will no longer be able to support its own weight and entropy will do its thing that it does with all systems which are out of balance.

        For all we know it might already be the case that two-thirds of NSA employees are there purely to watch NSA employees. It would certainly explain why they have to rely so heavily on contractors!

        1. russell 6

          Re: Somebody got a universal translator handy?

          You could well be correct. I touched upon the weaknesses of this type of organization in something I wrote last year. Link here: http://russellchapman.wordpress.com/2013/09/26/a-question-about-the-terrorist-attack-in-nairobi-kenya/

          Entopy always wins in the end, you can't beat physics. This is also why I am betting on a financial crisis in the next 3-4 months, I might be wrong on the exact timing but it will make 2007/08 look like a walk in the park.

          1. BlueGreen

            Re: Somebody got a universal translator handy?

            > This is also why I am betting on a financial crisis in the next 3-4 months, I might be wrong on the exact timing

            I'm pretty sure you are, too much confidence around now. Misplaced confidence but it makes no difference. My guess is it's further off, perhaps a year or two.

            > but it will make 2007/08 look like a walk in the park.

            yep :(

            1. russell 6

              Re: Somebody got a universal translator handy?

              I don't think it will be as far away as two years. The collapse of the holding company of Bank Espirito Santo, a major Portugese bank is a signal of the on going weakness of the banking system in the periphery of Europe. Russia is in a much more fragile economic situation than many realize and China has huge debts which are hidden by its shadow banking system.

              I happen to know several directors of major banks in Switzerland. All are saying that global stock markets are way over valued, price/earning ratios are crazy. Profit is coming from price/cost cutting rather than earnings on activity. It will only take one shock in the right place to start a chain reaction.

              1. DropBear
                Devil

                Re: Somebody got a universal translator handy?

                I don't think it will be as far away as two years.

                Well then, it's simple: if nothing particularly noteworthy happens to the financial sector until January 1, 2015 do I get a fridge full of Guiness...?

                1. russell 6

                  Re: Somebody got a universal translator handy?

                  No. But if nothing of particular note happens to global markets in a negative way by Jan 1st 2015, I will donate £50 to your favourite charity.

              2. auburnman

                Re: Somebody got a universal translator handy?

                " China has huge debts which are hidden by its shadow banking system."

                Would you mind elaborating on the Chinese debts? I thought they practically owned the West. Unless they're worried that our debts to them won't be honoured when we collapse?

                1. russell 6

                  Re: Somebody got a universal translator handy?

                  Hi Auburnman

                  Read this Forbes article to get the lowdown on the Chinese shadow banking sector

                  http://www.forbes.com/sites/ywang/2014/05/21/chinas-shadow-banking-valued-at-80-of-gdp/

                  Japan is actually the USA's largest creditor and I wrote an article about it including some other research which put things into words more effectively than I can:

                  http://russellchapman.wordpress.com/2013/09/18/global-gdp-vs-global-debt-what-is-really-going-on/

          2. Richard Parkin

            @Rich11 - GK Chesterton got there before you

            1908 The Man Who Was Thursday.

          3. Cipher

            Re: Somebody got a universal translator handy?

            Russell 6:

            With the Putin vs. The West playing out as it is, I just hope some Shadow Recruit can stop a possible Russian Operation Lamentations. Some truth to the line that the Russians would be crushed, but would recover. The West might not be able to...

            1. russell 6

              Re: Somebody got a universal translator handy?

              Hi Cipher

              We are all in this together. West and Russia. It will be Operation Lamentations all round.

        2. elip

          Re: Somebody got a universal translator handy?

          ...just so we're clear, its not just the NSA. 70% of the "employees" of the US Federal Government are private contractors. Always makes me chuckle when someone bashes the public sector while praising the private.

      2. Arctic fox
        Thumb Up

        @ Pascal Monett and russell 6. Re "What the hell does that mean?"

        Thank you gentlemen for your efforts. One of the things I like about El-Reg is that if you admit sincere ignorance someone will usually help you! :)

        1. russell 6

          Re: @ Pascal Monett and russell 6. Re "What the hell does that mean?"

          Kein problem, mein freund

    3. Someone Else Silver badge
      Thumb Up

      @ Arctic fox -- Re: Somebody got a universal translator handy?

      It means...I got BINGO!

  7. Red Bren

    Insider threats can cause the most damage to any organisation?

    Surely it's the idiots in charge that do the most damage, through incompetence, greed and illegal or immoral actions.

  8. NomNomNom

    The best defense against a leak is to immediately leak a flood of substantial information yourself on a similar yet less important subject, but deliberately promote it as a shocking reveal. That way the media will focus on the larger more detailed leak you provided and overlook the real less detailed damaging leak.

  9. Robert Grant

    Or

    We just have a global, federated LDAP, and each system authenticates against it. If you want to use a system you need to be added to that system's group(s). You can request that yourself, and the permissions thing just looks up who your manager is and who else should be informed, and they need to approve it electronically. If you haven't used that system for a while generally you'll get swept out of the group.

    Easy, quick, pretty secure by default. I can't believe a defence agency trusts everyone on its network by default.

  10. John Sanders
    Meh

    People do not like to hear this but here it goes...

    Western whistle-blowers just leak "mostly benign" information from "mostly benign" countries.

    It is very easy to leak from a western country, they can imprison you, but the likelihood of a western country putting a bullet in your head after having being tortured for weeks is low.

    I would like to see the Snowdens of the world leak information from less benign countries.

    It is very easy to ask for peace and freedom from the middle of Trafalgar Square, London, United Kingdom, but try to do the same from Pyongyang's Kim Il-sung Square in N. Korea. Or from Beijing's Tiananmen Square, China, or from Havaba's Plaza de la revolucion, Cuba.

    1. Rainer

      Re: People do not like to hear this but here it goes...

      True,

      but at least in China, nobody claims it's a democracy.

      1. Anonymous Coward
        Anonymous Coward

        Re: People do not like to hear this but here it goes...

        In fact, in China there are no leaker - at least outside "reeducation camps".

        1. Scorchio!!

          Re: People do not like to hear this but here it goes...

          The story is similar in Russia, where some 60 journalists have been assassinated, whilst former Soviet States Chechnya, Dagestan, Georgia, Ukraine, Trans Dniester and the like can hardly believe that the USSR has gone away. It is almost certain that Snowdon has divulged everything to his new owners.

      2. Scorchio!!

        Re: People do not like to hear this but here it goes...

        Yes, and your point is?

    2. Anonymous Coward
      Anonymous Coward

      Re: People do not like to hear this but here it goes...

      You mean like David Kelly? Or Mordechai Vanunu?

  11. Anonymous Coward
    Anonymous Coward

    It's all good

    The more crims they eliminate, the better.

  12. Anonymous Coward
    Anonymous Coward

    I wonder if NSA is planting decoys...

    ... to see who access what data and where data ends...

  13. heyrick Silver badge

    "it is impossible to tell a good guy from a bad guy; that person can take their time to siphon off large amounts of data without being detected."

    To be fair, one could say exactly the same thing about entire governments.

  14. noodle heimer

    How sure are they that they'd finished resetting the passwords? The doc's only three months after Snowden left. I've had access-via-incompetence at old worksites for far, far longer than that.

  15. Anonymous Coward
    Anonymous Coward

    My country right or wrong... Protect the Organization at all costs...

    I see this as all good. It will spark off a series of McCarthy like witch-hunts on the inside of the 5-Eyes.... Thus hopefully keeping them busy looking in all the wrong places, with less time to spy on us on the outside.

  16. Mitoo Bobsworth
    Black Helicopters

    Terrorist

    (ˈtɛrərɪst) n.

    One who employs terror or terrorism, esp. as a political weapon.

    Sounds like a fair description of the current US regime to me.

    What's that noise.....?

    1. RandiO

      nullum crimen sine lege

      ...you gotta define it before you can prosecute or punish an act (like 'terrorism')

      Obstacles to a comprehensive International definition of 'terrorism"

      Bassiouni notes: "to define "terrorism" in a way that is both all-inclusive and unambiguous is very difficult, if not impossible. That is why the search for and internationally agreed upon definition may well be a futile and unnecessary effort."

      Sami Zeidan, a Lebanese diplomat and scholar, explained the political reasons underlying the current difficulties to define terrorism as follows:

      "There is no general consensus on the definition of terrorism. The difficulty of defining terrorism lies in the risk it entails of taking positions. The political value of the term currently prevails over its legal one. Left to its political meaning, terrorism easily falls prey to change that suits the interests of particular states at particular times."

      "The Taliban and Osama bin Laden were once called freedom fighters (mujahideen) and backed by the CIA when they were resisting the Soviet occupation of Afghanistan. Now they are on top of the international terrorist lists". "Today, the United Nations views Palestinians as freedom fighters, struggling against the unlawful occupation of their land by Israel, and engaged in a long-established legitimate resistance, yet Israel regards them as terrorists."

      Israel also brands the [Hezbollah] of Lebanon as a terrorist group, whereas most of the international community regards it as a legitimate resistance group, fighting Israel's occupation of Southern Lebanon."

      "The repercussion of the current preponderance of the political over the legal value of terrorism is costly, leaving the war against terrorism selective, incomplete and ineffective." partially pasted from >> http://en.wikipedia.org/wiki/Definitions_of_terrorism

      FBI Definitions of Terrorism in the U.S. Code >> read it here >> http://www.fbi.gov/about-us/investigate/terrorism/terrorism-definition

      'just sayin'

      1. Matt Bryant Silver badge
        FAIL

        Re: RandiO Re: nullum crimen sine lege

        "....Bassiouni....." That would be Cherif Bassiouni, linked by the FBI to 'Palestinian' terror groups and blocked from serving on the UN war crimes panel for the former Yugoslavia because he was described as a 'Muslim fanatic'? Not exactly a shining example of impartiality then.

        ".....Sami Zeidan....." Is a 'news' anchor on the pro-jihadi, Qatar-funded Al Jazeera network. It's a bit like saying Joseph Goebbels was a scholar and diplomat when presenting his views on the SS.

        ".....The Taliban and Osama bin Laden were once called freedom fighters.... ". The Taliban were not labelled terrorists when they took over Afghanistan. They were not labelled terrorists when they fought the other Afghan Mujahadeen. They were even not labelled as a terror group when they ethnically-cleansed Shia tribesmen. The UN and groups like the EU even gave them development aid and tried to help them set up a state. They were labelled terrorists when they refused to denounce and stop sheltering AQ, who were indulging in terror attacks outside of Afghanistan, including 9/11. They have remained labelled as terrorists as the Taliban have employed terror tactics against Afghan and Pakistani civilians.

        ".....Today, the United Nations views Palestinians as freedom fighters....."" So, please do show an UN statement classing any 'Palestinian' group as freedom fighters. And please note the recognition of 'Palestine' as a non-member 'state' is dependent on them agreeing borders with Israel in a final peace agreement - no agreement on borders means no state of Palestine.

        "...,struggling against the unlawful occupation of their land by Israel....." So please do show which international court has passed any such judgement. It hasn't happened because the 'Palestinians' threw away their chance to have a state of 'Palestine' and their sovereign legal rights when they rejected the 1948 UN Partition Plan, unlike the Israelis. There is no such sovereign country as 'Palestine' and won't be until they sign a final peace treaty with Israel. And please also note the UN recognition is for the Palestinian National Authority, that being the old PLO, and NOT HAMAS, which has zero standing in the UN.

        1. RandiO

          Re: RandiO nullum crimen sine lege

          Don't shoot the messenger. Matt Bryant:

          As you can see, those particular citings were obtained from an article in Wikipedia (per my reference stating "partially pasted from >> http://en.wikipedia.org/wiki/Definitions_of_terrorism"). I was not (and am not) defending any particular faction about who should or should not be labeled as a terrorist but every definition of the word Terror/ist/ism that I have come across (including 3 online dictionaries), contains 2 main/operative words in their definition(s): One of the words is related to 'fear' and the other word is related to 'politics'.

          The gist of my post was not to enter into a political argument about terror/ist/ism but only to make others be aware that this word has always been a moving target; depending on which side of the argument one is behind. You may wish to deduce that I am siding/defending with those who are (or who cause) terror/ist/ism but first we must establish a proper and agreed-upon definition of this word (the "moving target") as it applies to one side or another! Hence the title "nullum crimen sine lege", especially since the international community is yet to define the word properly to the satisfaction of all involved!

          If you throw a rock at my house window and you bring about fear in my children and in defense I throw a boulder onto the roof of your house that also causes fear in your children: Who, then, would be to blame for terror/ist/ism?

          I doubt that pacifism is the answer!

          I also doubt that the first person who accuses/labels (in the media and normally 5 times) the other side to be responsible for terror/ist/ism should walk away as the innocent party! << "nullum crimen sine lege"

          I was not attempting to defend one side or the other but can same be said of your reply? 'just askin'

          1. Matt Bryant Silver badge
            Facepalm

            Re: RandiO nullum crimen sine lege

            "Don't shoot the messenger...." Then try researching your sources before passing them off as either unbiased or professional.

  17. Someone Else Silver badge
    Big Brother

    There are three-quarters of a million terrierists in the US?!?

    Yay US!

    At that rate, every man, woman and child (+ dog) in the entire country should be on the list by 2022. (And then what good would it be?)

    1. Denarius
      Unhappy

      Re: There are three-quarters of a million terrierists in the US?!?

      isn't that because once on, there is no way to be taken off ? An Intel VP has to fly with an FBI escort for this reason. On list for no reason but even a wealthy person can't get off.

      1. kain preacher

        Re: There are three-quarters of a million terrierists in the US?!?

        I;ll do you one better, There was an air marshal the got rejected from a flight because his name matched.

        They way it works is if john smith is banned, every one named john smith is banned. Even if you are 2 year old

    2. tom dial Silver badge

      Re: There are three-quarters of a million terrierists in the US?!?

      There may be other and more shocking documents yet to come, but the one so far shown on the Firstlook web site is pretty much a bore.

      A quick scan of the Intercept article suggests that a majority of the nearly 700K TIDE listees are not US people. The one document referenced in that article suggests the number of US citizens or residents probably is in the order of 10,000, or roughly 3/1000 of one per cent of the population. I made no effort to add up the numbers, which probably would not be meaningful anyhow, as the referenced document is a typically turgid bureaucratic self congratulation such as all federal agencies prepare near the end of the fiscal year. This is done so that their bosses, who receive the report, can attach it to their annual list of accomplishments. I saw, and was required to provide "input" to more than a few such documents in 40 years of federal employment.

  18. Matt Bryant Silver badge
    Facepalm

    "Poor old Julian Assange – whistleblower went straight to Glenn Greenwald"

    Well d'uh - Greenwald is backed by a lot of cash and can pay for leaks, whereas A$$nut and Dickileaks are just about broke.

    1. Anonymous Coward
      Anonymous Coward

      Re: "Poor old Julian Assange – whistleblower went straight to Glenn Greenwald"

      Shows the intellect of someone when the sum total of their post is throwing childish name insults.

      Enjoy the playground Clapper

      1. Matt Bryant Silver badge
        Happy

        Re: Anon Cluetard Re: "Poor old Julian Assange – whistleblower went straight to Glenn Greenwald"

        "Shows the intellect of someone when the sum total of their post is throwing childish name insults...." Shows your inability to argue the fact that Greenwald is funded by Omidyar and is a professional, paid-for journo, not the crusading holyman of truth you very obviously think he is. Oh, but it would take a measure of intellect to actually debate the point....

        Me, I'm off to buy some Polish apples.

  19. Eguro
    Holmes

    Might just be me,

    But I can't stop thinking of the wonderful work environment that'll be promoted by the implementation of security measures after this.

    That'll be sure not to plant more dissatisfaction with the work place.

    It's all those lovely cases of "I really just need that one file - why the hell am I not allowed in there without Keith watching over me"

    (Sherlock cause it's the closest I could get to a magnifying glass)

    1. Matt Bryant Silver badge

      Re: Eguro Re: Might just be me,

      ".....It's all those lovely cases of "I really just need that one file - why the hell am I not allowed in there without Keith watching over me"...." If you work in secure government environments you accept it as part of the job and just get used to it. I have worked on contracts where I not only had a technical escort to monitor which files I accessed on a system (on a couple of systems I was not even allowed to touch the keyboard) but also had to be accompanied at all times onsite by an armed guard. After a few days it was routine.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like