Discovering NSA Code Names Via LinkedIn 201
Okian Warrior writes with this news as reported by TechDirt: "The Washington Post revealed some of the code names for various NSA surveillance programs, including NUCLEON, MARINA and MAINWAY. Chris Soghoian has pointed out that a quick LinkedIn search for profiles with codenames like MARINA and NUCLEON happens to turn up profiles like this one which appear to reveal more codenames: 'Skilled in the use of several Intelligence tools and resources: ANCHORY, AMHS, NUCLEON, TRAFFICTHIEF, ARCMAP, SIGNAV, COASTLINE, DISHFIRE, FASTSCOPE, OCTAVE/CONTRAOCTAVE, PINWALE, UTT, WEBCANDID, MICHIGAN, PLUS, ASSOCIATION, MAINWAY, FASCIA, OCTSKYWARD, INTELINK, METRICS, BANYAN, MARINA.' TRAFFICTHIEF, eh? WEBCANDID? Hmm... Apparently, NSA employees don't realize that information they post online can be revealed."
Re:A fleeting moment of rich irony. (Score:4, Insightful)
People will keep looking until they find something. Give them what they wanted to find and they'll stop looking.
Re:A fleeting moment of rich irony. (Score:4, Insightful)
These idiots have some level of access to the assets that the NSA is developing.
And that is reason enough to shut the NSA down completely, and charge its career bureaucrats with criminal negligence wrt corruption of the US Constitution which they are supposed to be protecting.
If the NSA can allow these idjits to mess around, then how many of their other, more intelligent, personnel have found ways to make a little cash on the side by selling the kind of stuff Snowden has given away?
Re:A fleeting moment of rich irony. (Score:5, Insightful)
Submitted earlier with a better headline. (sigh) [slashdot.org]
No, the gotcha is not revealing project code names. Why post code names if the names are secret? The gotcha is...(ahem)
REVEALING THE NAMES OF ANALYSTS WITH ACCESS TO TOP SECRET PROJECTS!
Re: Irony as now google is your pal (Score:5, Insightful)
Digging a little deeper, if you refactor the contents of those search results, you get a VERY complete picture of what's going on... for example, PINWALE is the code name for Mission Systems, developed for the Military by Northrop Grumman. Most of the people who developed the system appear to be on LinkedIn :)
That's just a taste; anyone good at graph theory and data mining could probably put together quite a dossier of people and projects based on the public info available through LinkedIn/Google.
Re:A fleeting moment of rich irony. (Score:4, Insightful)
The names are mostly random because they don't necessarily bear any resemblance to the projects.
But having a publicly-trawlable bunch of data that links real-world humans, their real-world qualifications, and the projects that they've been read in on, however, is precisely the sort of social graph that an adversary could use to figure out what the codenamed projects are actually all about.
If there are dozens of cunning linguists and digital signal processing experts working on DEATHSTAR, and all the people who list MSPACMAN happen to have oceanography backgrounds or prior experience at companies that make precision optics, it doesn't take a genius to see that despite their names, DEATHSTAR is the project that's more likely to be NSA Line Eater [catb.org], and MSPACMAN the project that involves sharks with frickin' lasers on their heads.
Re:A fleeting moment of rich irony. (Score:4, Insightful)
REVEALING THE NAMES OF ANALYSTS WITH ACCESS TO TOP SECRET PROJECTS!
That, and a lot more is easy to find now that the NSA data centres are off in the middle of no where.
When your major work is done in major metropolitan places this is hard, but in bluffdale Utah this is super easy. Look for the expensive houses on the land registry and being publicly listed. Anyone who doesn't have any obvious source of a big income works on something important at either camp williams or the NSA data centre. You have their house, spouse(s), kids, kids schools everything. All with public information.
Small towns are incredibly easy to infiltrate for this sort of thing. If you want to know who is most vulnerable all you need is the local pimp and an employee at the local credit union and you can find everything you need about enough people in the town to get everything you want.
There are other things you could look for too. Who has the fastest internet service, who gets a lot of computer parts packages from newegg etc. Who frequents the expensive restaurants, who drives the newest most expensive cars? If you want to figure out who the special forces guys are in any western country, go to the city where their training base is are and look for sports cars. (Gurkha's obviously not until recently as they weren't paid enough for sports cars).