The NSA and Snowden: Securing the All-Seeing Eye 97
First time accepted submitter ChelleChelle2 (2908449) writes "Edward Snowden's release of classified material exposing the existence of numerous global surveillance programs (obtained while working as an NSA contractor at Booz Allen Hamilton) has been referred to as 'the most damaging breach of secrets in U.S. history.' Regardless of whether one choses to champion or condemn Snowden's actions, it is apparent that the NSA needs to dramatically rework its security measures. In this article Bob Toxen, renown author of several books and articles on Linux Security, discusses the security practices that could have stopped Snowden. Equally interesting, he weighs in on the constitutionality and morality of the NSA's spying on all Americans."
That's only what we know yet (Score:5, Insightful)
With all the leaks, corruption scandals (quite a show here in Montreal), and all the law-breaking from those agencies and governments, I wish there were more like Snowden. That's only the tip of the iceberg boys & girls,
Re:That's only what we know yet (Score:4, Insightful)
Its too easy for people to trust the government. They promise to take care of you, keep you safe and fed and all the other things. Its easier to trust them than to have a mind on your own, to have to think, plan, and work. It usually all goes well for a while until corruption creeps in and politicians think they know better than you how you should live your life...
The US had an amazing run and I wish I could somehow know what future generations will define as the point in time where the US government turned sour. The current NSA affair? What about the creating of a for-profit, private bank that's put in charge of ruining the dollar value? I'm sure some racists will point to the 13th amendment but I bet 9/11 would be a much more likely choice. Maybe the Nixon years with Watergate and the removal of the gold standard? Oh so many choices... I personally pick the day the southern states seceded. While the North was right and slavery had to go, I still can't find a legal reason that prohibited the South to withdraw from the United States...
Peter.
Re: (Score:3)
Um, no. The Whiskey Rebellion had nothing to do with "shitting on veterans". Veterans rallied around George Washington to put down the rebels.
George Washington was a millionaire at the time because he owned some extremely popular Whiskey distilleries, so when he imposed the first taxes of the nation (largely to pay our war debts), the first thing he did was put on a tax that hit himself hardest. This was considered fair. Even in those days, it was well known that alcohol came with severe social consequence
Re: (Score:2)
Why would you need to be a racist to point at the 13th amendment? It doesn't forbid slavery, it monopolises it. The 13th says the government can enslave anyone convicted of a crime, and it's not a coincidence that the US has a ludicrously high incarceration rate and a for-profit prison industry.
Re: (Score:3)
Which is why I think doing anything to help the NSA/GCHQ is immoral.
Re: (Score:2)
Montreal is scandalous? Who knew? All I ever hear about from Canada these days is how the Toronto mayor manages to surpass a former Washington DC mayor for being able to overcome his disabilities.
Re: (Score:2)
All I ever hear ah-boot from Canada these days is how the Crack Smokin Mayor manages to surpass a former Washington DC mayor for being able to overcome his disabilities. Eh!
FTFY! Living in Detroit made me fluent in Canadian!!
Re: (Score:1)
It would be, but Canada's press is terrible, as CSIS and CSEC are both taking it up the ass from the NSA and CIA, in order to give them whatever they want.
Re: (Score:3)
People seem to have entirely forgotten the last few catastrophes, like the 3rd Reich, the USSR, etc. But then, people are stupid and usually deserve all the pain they help bring their way.
Re: (Score:2)
Re: (Score:2)
1) John Walker
2) Vidkum Quisling
3) Aldrich Ames
4) Philby, Donald Maclean and Guy Burgess
5) William Joyce
6) Marcus Brutus
7) and Judas
There are plenty like him.
Had he stayed on track about the spying on just America, or even just the west, he would ONLY be a hero. Now, he is both hero and traitor, just like many of the above.
Bad logic (Score:1)
No, their lax security measures are achieving exactly the right results for our democracy at the moment. I am completely against them reworking them, unless you mean subjecting them all to potential veto by a select group of thoughtful small-government patriots.
Re:Bad logic (Score:4, Insightful)
That's like saying when aliens attack you'll be glad you bought UFO insurance. Just because you can imagine a scenario does not make it likely. I have seen no compelling evidence that terrorism is a battle worth giving up my privacy and freedom for.
Re: (Score:2)
Risking death to have freedom is more than worth it. Even if the NSA is effective, it should've thought of that before violating the highest law of the land and everyone's fundamental liberties; then they could've carried on with their actual goals.
Re:Bad logic (Score:4, Insightful)
Except there is also the fact that some of the NSA's main goals, despite its draconian and probably unconstitutional methods, are still counterterrorism and counterintelligence. When a friend or family member is killed in a terrorist attack because the NSA's security wasn't adequate you can be proud you encouraged it.
The NSA's mass-surveillance techniques have not been proven effective for counter-terrorism, nor do those techniques represent a cost-effective method of lowering the overall US death rate, nor are they worth (in my opinion) the egregious violation of our Constitutional rights.
I believe that a cursory glance at global affairs — in particular, which entities commit terror attacks upon which nations; the attackers' motives; and attacked nations' foreign policies — suggest that the most effective counter-terrorism results come from not interfering in the sovereignty or affairs of foreign governments, and not violating the human/civil rights of foreign and domestic populaces.
Were a friend or family member killed in a terror attack, I'd be upset they died even though their Constitutional rights were being violated, and I'd be upset that they likely died as a result of blowback from unilateral US action abroad intended to increase or maintain the power and wealth of US oligarchs, likely in violation of international law. If mass-surveillance were ended and a friend or family member were killed in a terror attack, I would take solace in death(s) as free people.
Re: (Score:2)
I have no more mod points, but would like to say that this entirely, and eloquently, sums up my views on this matter. Well said.
Re:Bad logic (on logic) (Score:1)
Except there is also the fact that some of the NSA's main goals, despite its draconian and probably unconstitutional methods, are still counterterrorism and counterintelligence. When a friend or family member is killed in a terrorist attack because the NSA's security wasn't adequate you can be proud you encouraged it.
Whatever the "claimed" goals of government are, its real actions are the things that count, and nowadays, in terms of something resulting from NSA intrusions, an American is more likely to be harmed by her or his own government than harmed by a "terrorist attack". The NSA has not been very successful in citing successes in its protecting of Americans.
If you could guarantee the goals of the NSA were always noble, then I would favor granting them far-reaching authority. But, in reality, the government, and
Re: (Score:2)
A 9/11 event would have to happen twice a week or more to crack the top 5 causes of death in the US. Why is it so important to give up on fundamental freedoms (i.e. the 4th Amendment)? Does it seem more or less important to you after considering that by the NSA's own admission, not a single terrorist has been caught or a citizen's life saved by this surveillance?
Re: (Score:2)
The NSA does not work for us. I don't care about their security.
Re:Bad logic (Score:5, Insightful)
In the light let's correct the the heading. Edward Snowden did not cause the 'the most damaging breach of secrets in U.S. history.', he exposed the 'the most damaging breach of secrets in U.S. history.'. Let's be clear on this, it was the NSA that was conducting the illegal breach of secrets of people from all over the globe, no one was safe and no countries laws were respected, not the US not anyones. It was the NSA that was the completely unrepentant criminally insane computer network hacker, hacks not in the hundreds or thousands but very likely in the millions. This had nothing to do with securing anything for the US but everything to do with empowering the insane head of the NSA and his backers in their grab for power. He is now protected status by the secrets he holds, he knows more about the criminal activity of politicians from all over the globe than any other person in US history. As the the puppet president Uncle Tom Obama the choom gang coward, well, he runs nothing and has not done so for years, he just does as he is told to do and smile when he reads his instructions in front of the public on the teleprompter, the puppet prompter, what a way to go no in history, really lame.
Re: (Score:1)
In the light let's correct the the heading. Edward Snowden did not cause the 'the most damaging breach of secrets in U.S. history.', he exposed the 'the most damaging breach of secrets in U.S. history.'. ....
Agreed. It's amazing how people mindlessly parrot the government slant.
Pretty much if the government states something, the opposite is true. The "corrections" department does not correct people; it punishes them. The "defense" department is for offense. The Division of Family Services breaks up families. The Patriot Act is unpatriotic. The ones who "serve and protect" really take your money and your freedom. Etc.
Re: (Score:2)
Indeed. Best summary so far. The NSA seems to be turning more and more into a GeStaPo. On the plus side, they usually kill people outright (or help to do so), instead of torturing them first. So maybe they are still a bit better than the GeStaPo.
Re: (Score:1)
I like to think their fuck ups are what is good for our REPUBLIC.
Democracy is a bad thing, I prefer to accentuate the positive.
Taking a cue from the so called consultant field, I would combine the NSA, CIA and Secret service, fire half of them and make them WORK for a living.
Then I would put the FBI to work at the borders helping to fulfill the Constitutional duty of the Government. Hey, while Im at it, I would put all the other junk agencies on the same detail, but not before firing half of them to begin w
Re: (Score:2)
Dumbass, we were a Republic less than a century ago. So far Democrazy has done nothing good for us. ESAD
Re: (Score:2)
How did we vote before we were a Democrazy? This was less than a century ago.
Re: (Score:1, Funny)
Re: (Score:2)
You don't seriously expect people to spend the day plowing through this without a summary, do you? Where's the abstract for this report, book, manifesto, or whatever it is?
Re: (Score:2)
You don't seriously expect people to spend the day plowing through this without a summary, do you? Where's the abstract for this report, book, manifesto, or whatever it is?
The video game generation strikes again.
Windows - they've got you by the balls! (Score:1)
"People are aware that Windows has bad security but they are underestimating the problem because they are thinking about third parties. What about security against Microsoft? Every non-free program is a 'just trust me program'. 'Trust me, we're a big corporation. Big corporations would never mistreat anybody, would we?' Of course they would! They do all the time, that's what they are known for. So basically you mustn't trust a non free programme."
"There are three kinds: those that spy on the user, those tha
Well, if it was easy to stop him (Score:1)
Then maybe the whole thing is intentional. After all, the voters, in their conditioned helplessness, aren't going to elect anybody to stop it, so what "damage" is the NSA going to suffer? Smooth everything over with a little PR, and it's back to business as usual. In fact nothing has changed except increased chatter on the internet.
Re: (Score:2)
The whole idea of the NSA is deeply flawed. But, judging from how things are going with the human race, maybe entirely deserved.
The sidebar was the most interesting part... (Score:5, Insightful)
I started reading but soon moved on to just skimming the article. It read like a very logical but basic security primer... Until I hit the sidebar. Wow, I've never seen a better laid out, yet brief, history lesson that got straight to the point. Our government needs to remember that its "For the People, by the People" not "For those people, by these people"
Peter.
Re: (Score:2)
That is the old slogan. Today those in power have banded together against the people. It has been quite a while since any US government though it was "for the people".
Re: (Score:1)
Re: (Score:2)
I started reading but soon moved on to just skimming the article.
So did I, but I didn't find the 1 fact that would be most relevant to this conversation:
http://www.nytimes.com/2013/12/15/us/officials-say-us-may-never-know-extent-of-snowdens-leaks.html [nytimes.com]
Officials said Mr. Snowden, who had an intimate understanding of the N.S.A.â(TM)s computer architecture, would have known that the Hawaii facility was behind other agency outposts in installing monitoring software.
According to a former government official who spoke recently with Gen. Keith B. Alexander, the N.S.A. director, the general said that at the time Mr. Snowden was downloading the documents, the spy agency was several months away from having systems in place to catch the activity.
The Hawaii network that Snowden was assigned to had not yet had its security upgraded as part of the fallout from Manning's massive leak.
Most, if not all, of the security measures mentioned in this book summary had already been implemented elsewhere and Snowden intentionally picked Hawaii because of this.
I hope the book goe
Inevitable (Score:4, Informative)
Rename USA to North American Korea (Score:1)
Never in history North Korea and USA were so close. It is true love between regimes of two countries.
Anyone arriving in USA is terrified by the large number of security forces and STASI type lifestyle so much prevalent.
Kim Jong Un blesses USA
Re: (Score:1)
easy (Score:5, Insightful)
The easiest fix would be to stop violating our constitutional rights. Snowden would have never leaked anything had the NSA been acting within the bounds of the constitution. Violate the constitution and everyone working for you that is a patriot is bound by honor to thwart you. Righteous anger is a SOB.
Re: (Score:2)
This is especially true, since the security measures suggested by TFA are only designed to stop the lone rouge sysadmin. Even with all those measures in place, it would still be possible for two sysadmins working together to extract top secret documents.
Re: (Score:2)
Well, maybe that's true for Snowden, but it's just him. In practice, disclosure of sensitive information happens whether "constitutional rights" are respected or not, and the security controls that can be used to secure this information don't change.
Re: (Score:2)
Well, maybe that's true for Snowden, but it's just him. In practice, disclosure of sensitive information happens whether "constitutional rights" are respected or not, and the security controls that can be used to secure this information don't change.
Yes, but how many people work for the NSA and would commit treason for profit or evil?
Violate the constitution and now everyone that works there and cares about their country are against you as well. The point is, illegal acts raise the number of adversaries they need to deal with my orders of magnitude.
Re: (Score:2)
The unauthorized disclosure of sensible US information has happened regularly in the 20th century. Act of spying are motivated differently depending of the individual. Interestingly enough, it's rarely a question of ideology.
Sure, illegal acts, or perceived as illegals, can motivate some people in doing what Snowden did. And yes, I guess stopping to do these acts will remove the incentive. But it doesn't mean that it's a solution for the actual security problem. And it certainly how the NSA will see it too.
Re: (Score:2)
Considering that the US Government hid Operation Mockingbird and COINTELPRO for decades (and is still hiding information on those programs), many people see no choice but to leak when the situation seems dire. In these situations it's not the whistle blower that's to blame. Those are just 2 of thousands of examples.
Re: (Score:2)
Well... sure... but how is this related to what I wrote?
Re: (Score:2)
Sure, illegal acts, or perceived as illegals, can motivate some people in doing what Snowden did
I based my comment on that statement. Also read what whistle blowers themselves state, which is usually along the lines of "there was no choice because leadership is complicit"
More of a correction that it's not a matter of just being motivated by something illegal. It isalso a belief that the only way to make corrections is to be a whistle blower.
Re: (Score:2)
Are you kidding? The very purpose of government is to oppress its population and tell them everything is "fine" as long as they are docile little sheep. You thing the Constitution has any value today? Think again.
My 2 cents (Score:2)
Securing that global database (Score:3)
No contractors, no private sector, no ex gov staff moving around, people without exhaustive gov staff real world full family tree, education, friends interviewed background results.
2. Drive the private sector contractors out of the gov networks. Fancy 3rd party network wide security software will not stop a trusted system admin, it will just give the security software bosses a nice gov contract bonus.
3. Go back to finding all your staff from top universities after watching them in the wild for a few years. When ready, offer them a great job, for life with academic freedoms and an above great wage. Make sure they feel invited in.
a) Interview them in person using gov staff only staff.
b) If accepted as useful to the gov:
Interview their extended family in person using only gov staff. Interview their recent academic staff in person using gov staff. Drive out to their local community and find friends, cops, ex cops, sealed court records, all teachers at every stage of schooling.... in person using gov only staff.
Look at generations of book lists, magazines, newspapers, payments, gambling, faith with links to other nations, cults with links to other nations, holidays, charities, political causes, the probability of placing another nation/faith/cash/cult interests above all gov security levels.
Build up a real world life story with real world contact with every close person or event and keep looking.
Note: a database search is not a real world interview. A database search by a 3rd party private sector security cleared person is not a real world interview.
Some data on a random gov computer about past good work been seen by a 3rd party private sector security cleared person is not a real world interview.
Keep interviewing, testing, profiling your new staff using trusted gov staff - in house staff, not a 3rd party private sector security cleared person invited in with a new 'system' to rent.
4. The file systems need to be kept air gapped and back to best practice compartmentalization. No new 3rd party cloud, no outside big brand private sector 'helpers' beyond installs.
5.. Dont trust any paperwork from any other sector of the gov/private sector on an individual. If they have great paperwork and want to move jobs, something interesting might be missing from that great 'story'.
6. Stop political suggestions over 'sharing' the cloud and other ways into what should be a sealed gov network.
Some better ways to alter public perception:
Hint at a limited hangout, or partial hangout, the idea that the material was baited provides endless speculation and academic busy work on web 2.0 and beyond.
Drop hints via trusted cutouts to the 'alternative media' that will take years to work out.
A sockpuppet is not a useful cutout.
The hardware and software, junk encryption was for domestic use by 'others' in the wider US legal system. The results of a splitter, tame corporate/academic decryption ended up with any number of diverse ongoing very legal domestic criminal probes is a great talking point.
Hint at a political culture for weakening once strong gov only security clearance levels.
8. Talk the the UK about decades of tell all books, newspapers, interviews and 'documents' ie the magical "why" nothing ever got much traction beyond academic history books and obscure university level history papers.
9.. As all this is now in the open and telco immunity is/was in place move forward with a domestic locked box for all telco metadata. Move in front of "damaging breach" to a post telco immunity budget and gov security expansion needs.
Versus -- increasing Cognitive Diversity... (Score:2)
My essay: http://www.phibetaiota.net/201... [phibetaiota.net]
"This essay discusses how the USA's security clearance process (mainly related to ensuring secrecy) may have a counter-productive negative effect on the USA's national security by reducing "cognitive diversity" among security professionals."
An example I have there:
----
Let us contrast two candidates with different very backgrounds and ask which one would get a security clearance. Which of the two would be hired to create the social and technical systems to define US
Re: (Score:2)
They are the classic butterfly collectors or anthropologist with deep cover in distant lands as used over generations.
You have very smart people with the ability to hide their needs. One event may have pulled them very close to the security/mil sector.
What happens
Re: (Score:2)
And they are not very talented either. I now personally that they have to outsource critical stuff because they just cannot hack it themselves...
What the author seems to be missing.... (Score:3)
...is somewhere along the line SOMEONE has to be trusted. That secure program that transfers files? How do you know it doesn't have a back door/hidden features? You audit that source code..do you trust the auditor? How do you know he's not in collusion with the programmer? Hmm, better get someone or someones to audit them. And so on....
Technical restrictions are good, but they're not the be-all. Technically, the best locked down systems aren't usable (any geezers here remember C2 [orange book] Windows NT 4 systems? Very secure (especially for NT in the day)...and wholly unusable).
His comments about securing ssh are just common sense and best practices (for once they coincide). As he pointed out, metal detectors would have caught the egress of the thumb drives. Just as locks on reinforced cockpit doors would have prevented 9/11, sometimes the low-tech scalable solution is the best solution.
It's "renowned" not "renown" (Score:2)
If you are of renown, you are renowned. You'd think folks sensitive to the exacting demands of various languages would be more respectful of English. Sheesh.