Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Government Security

The NSA and Snowden: Securing the All-Seeing Eye 97

First time accepted submitter ChelleChelle2 (2908449) writes "Edward Snowden's release of classified material exposing the existence of numerous global surveillance programs (obtained while working as an NSA contractor at Booz Allen Hamilton) has been referred to as 'the most damaging breach of secrets in U.S. history.' Regardless of whether one choses to champion or condemn Snowden's actions, it is apparent that the NSA needs to dramatically rework its security measures. In this article Bob Toxen, renown author of several books and articles on Linux Security, discusses the security practices that could have stopped Snowden. Equally interesting, he weighs in on the constitutionality and morality of the NSA's spying on all Americans."
This discussion has been archived. No new comments can be posted.

The NSA and Snowden: Securing the All-Seeing Eye

Comments Filter:
  • by Hamsterdan ( 815291 ) on Saturday May 10, 2014 @12:25AM (#46964953)

    With all the leaks, corruption scandals (quite a show here in Montreal), and all the law-breaking from those agencies and governments, I wish there were more like Snowden. That's only the tip of the iceberg boys & girls,

    • by loony ( 37622 ) on Saturday May 10, 2014 @03:27AM (#46965349)

      Its too easy for people to trust the government. They promise to take care of you, keep you safe and fed and all the other things. Its easier to trust them than to have a mind on your own, to have to think, plan, and work. It usually all goes well for a while until corruption creeps in and politicians think they know better than you how you should live your life...

      The US had an amazing run and I wish I could somehow know what future generations will define as the point in time where the US government turned sour. The current NSA affair? What about the creating of a for-profit, private bank that's put in charge of ruining the dollar value? I'm sure some racists will point to the 13th amendment but I bet 9/11 would be a much more likely choice. Maybe the Nixon years with Watergate and the removal of the gold standard? Oh so many choices... I personally pick the day the southern states seceded. While the North was right and slavery had to go, I still can't find a legal reason that prohibited the South to withdraw from the United States...

      Peter.

      • by Sabriel ( 134364 )

        Why would you need to be a racist to point at the 13th amendment? It doesn't forbid slavery, it monopolises it. The 13th says the government can enslave anyone convicted of a crime, and it's not a coincidence that the US has a ludicrously high incarceration rate and a for-profit prison industry.

    • by AmiMoJo ( 196126 ) *

      Which is why I think doing anything to help the NSA/GCHQ is immoral.

    • by SpzToid ( 869795 )

      Montreal is scandalous? Who knew? All I ever hear about from Canada these days is how the Toronto mayor manages to surpass a former Washington DC mayor for being able to overcome his disabilities.

      • by s.petry ( 762400 )

        All I ever hear ah-boot from Canada these days is how the Crack Smokin Mayor manages to surpass a former Washington DC mayor for being able to overcome his disabilities. Eh!

        FTFY! Living in Detroit made me fluent in Canadian!!

      • It would be, but Canada's press is terrible, as CSIS and CSEC are both taking it up the ass from the NSA and CIA, in order to give them whatever they want.

    • by gweihir ( 88907 )

      People seem to have entirely forgotten the last few catastrophes, like the 3rd Reich, the USSR, etc. But then, people are stupid and usually deserve all the pain they help bring their way.

    • by gmuslera ( 3436 )
      And with that security measures, they could happily anounce and promise that they will be well behaved, stop spying and so on, and keep doing the same or even far worse things. What stops you from lying if you won't get caught anyway?
    • There are plenty like him:
      1) John Walker
      2) Vidkum Quisling
      3) Aldrich Ames
      4) Philby, Donald Maclean and Guy Burgess
      5) William Joyce
      6) Marcus Brutus
      7) and Judas

      There are plenty like him.

      Had he stayed on track about the spying on just America, or even just the west, he would ONLY be a hero. Now, he is both hero and traitor, just like many of the above.
  • Regardless of whether one choses to champion or condemn Snowden's actions, it is apparent that the NSA needs to dramatically rework its security measures.

    No, their lax security measures are achieving exactly the right results for our democracy at the moment. I am completely against them reworking them, unless you mean subjecting them all to potential veto by a select group of thoughtful small-government patriots.

    • The NSA does not work for us. I don't care about their security.

      • Re:Bad logic (Score:5, Insightful)

        by rtb61 ( 674572 ) on Saturday May 10, 2014 @07:56AM (#46965979) Homepage

        In the light let's correct the the heading. Edward Snowden did not cause the 'the most damaging breach of secrets in U.S. history.', he exposed the 'the most damaging breach of secrets in U.S. history.'. Let's be clear on this, it was the NSA that was conducting the illegal breach of secrets of people from all over the globe, no one was safe and no countries laws were respected, not the US not anyones. It was the NSA that was the completely unrepentant criminally insane computer network hacker, hacks not in the hundreds or thousands but very likely in the millions. This had nothing to do with securing anything for the US but everything to do with empowering the insane head of the NSA and his backers in their grab for power. He is now protected status by the secrets he holds, he knows more about the criminal activity of politicians from all over the globe than any other person in US history. As the the puppet president Uncle Tom Obama the choom gang coward, well, he runs nothing and has not done so for years, he just does as he is told to do and smile when he reads his instructions in front of the public on the teleprompter, the puppet prompter, what a way to go no in history, really lame.

        • by Nehmo ( 757404 )

          In the light let's correct the the heading. Edward Snowden did not cause the 'the most damaging breach of secrets in U.S. history.', he exposed the 'the most damaging breach of secrets in U.S. history.'. ....

          Agreed. It's amazing how people mindlessly parrot the government slant.
          Pretty much if the government states something, the opposite is true. The "corrections" department does not correct people; it punishes them. The "defense" department is for offense. The Division of Family Services breaks up families. The Patriot Act is unpatriotic. The ones who "serve and protect" really take your money and your freedom. Etc.

      • by gweihir ( 88907 )

        Indeed. Best summary so far. The NSA seems to be turning more and more into a GeStaPo. On the plus side, they usually kill people outright (or help to do so), instead of torturing them first. So maybe they are still a bit better than the GeStaPo.

    • by flyneye ( 84093 )

      I like to think their fuck ups are what is good for our REPUBLIC.
      Democracy is a bad thing, I prefer to accentuate the positive.

      Taking a cue from the so called consultant field, I would combine the NSA, CIA and Secret service, fire half of them and make them WORK for a living.
      Then I would put the FBI to work at the borders helping to fulfill the Constitutional duty of the Government. Hey, while Im at it, I would put all the other junk agencies on the same detail, but not before firing half of them to begin w

  • by Anonymous Coward

    "People are aware that Windows has bad security but they are underestimating the problem because they are thinking about third parties. What about security against Microsoft? Every non-free program is a 'just trust me program'. 'Trust me, we're a big corporation. Big corporations would never mistreat anybody, would we?' Of course they would! They do all the time, that's what they are known for. So basically you mustn't trust a non free programme."

    "There are three kinds: those that spy on the user, those tha

  • Then maybe the whole thing is intentional. After all, the voters, in their conditioned helplessness, aren't going to elect anybody to stop it, so what "damage" is the NSA going to suffer? Smooth everything over with a little PR, and it's back to business as usual. In fact nothing has changed except increased chatter on the internet.

  • by loony ( 37622 ) on Saturday May 10, 2014 @01:40AM (#46965085)

    I started reading but soon moved on to just skimming the article. It read like a very logical but basic security primer... Until I hit the sidebar. Wow, I've never seen a better laid out, yet brief, history lesson that got straight to the point. Our government needs to remember that its "For the People, by the People" not "For those people, by these people"

    Peter.

    • by gweihir ( 88907 )

      That is the old slogan. Today those in power have banded together against the people. It has been quite a while since any US government though it was "for the people".

    • I started reading but soon moved on to just skimming the article.

      So did I, but I didn't find the 1 fact that would be most relevant to this conversation:
      http://www.nytimes.com/2013/12/15/us/officials-say-us-may-never-know-extent-of-snowdens-leaks.html [nytimes.com]

      Officials said Mr. Snowden, who had an intimate understanding of the N.S.A.â(TM)s computer architecture, would have known that the Hawaii facility was behind other agency outposts in installing monitoring software.

      According to a former government official who spoke recently with Gen. Keith B. Alexander, the N.S.A. director, the general said that at the time Mr. Snowden was downloading the documents, the spy agency was several months away from having systems in place to catch the activity.

      The Hawaii network that Snowden was assigned to had not yet had its security upgraded as part of the fallout from Manning's massive leak.
      Most, if not all, of the security measures mentioned in this book summary had already been implemented elsewhere and Snowden intentionally picked Hawaii because of this.

      I hope the book goe

  • Inevitable (Score:4, Informative)

    by dbIII ( 701233 ) on Saturday May 10, 2014 @01:44AM (#46965099)
    Personally I see using outside contractors such as Booz Allen Hamilton as the massive security breach.
  • by Anonymous Coward

    Never in history North Korea and USA were so close. It is true love between regimes of two countries.
    Anyone arriving in USA is terrified by the large number of security forces and STASI type lifestyle so much prevalent.

    Kim Jong Un blesses USA

    • Except that North Korea is not disrespecting every other nation's laws and people. As a Latin American, I don't feel any threats from North Korea. My constitutional rights and my human rights (from the international agreement) are not being violated by North Korea, only by the US.
  • easy (Score:5, Insightful)

    by Charliemopps ( 1157495 ) on Saturday May 10, 2014 @01:57AM (#46965139)

    The easiest fix would be to stop violating our constitutional rights. Snowden would have never leaked anything had the NSA been acting within the bounds of the constitution. Violate the constitution and everyone working for you that is a patriot is bound by honor to thwart you. Righteous anger is a SOB.

    • This is especially true, since the security measures suggested by TFA are only designed to stop the lone rouge sysadmin. Even with all those measures in place, it would still be possible for two sysadmins working together to extract top secret documents.

    • Well, maybe that's true for Snowden, but it's just him. In practice, disclosure of sensitive information happens whether "constitutional rights" are respected or not, and the security controls that can be used to secure this information don't change.

      • Well, maybe that's true for Snowden, but it's just him. In practice, disclosure of sensitive information happens whether "constitutional rights" are respected or not, and the security controls that can be used to secure this information don't change.

        Yes, but how many people work for the NSA and would commit treason for profit or evil?

        Violate the constitution and now everyone that works there and cares about their country are against you as well. The point is, illegal acts raise the number of adversaries they need to deal with my orders of magnitude.

        • The unauthorized disclosure of sensible US information has happened regularly in the 20th century. Act of spying are motivated differently depending of the individual. Interestingly enough, it's rarely a question of ideology.

          Sure, illegal acts, or perceived as illegals, can motivate some people in doing what Snowden did. And yes, I guess stopping to do these acts will remove the incentive. But it doesn't mean that it's a solution for the actual security problem. And it certainly how the NSA will see it too.

          • by s.petry ( 762400 )

            Considering that the US Government hid Operation Mockingbird and COINTELPRO for decades (and is still hiding information on those programs), many people see no choice but to leak when the situation seems dire. In these situations it's not the whistle blower that's to blame. Those are just 2 of thousands of examples.

            • Well... sure... but how is this related to what I wrote?

              • by s.petry ( 762400 )

                Sure, illegal acts, or perceived as illegals, can motivate some people in doing what Snowden did

                I based my comment on that statement. Also read what whistle blowers themselves state, which is usually along the lines of "there was no choice because leadership is complicit"

                More of a correction that it's not a matter of just being motivated by something illegal. It isalso a belief that the only way to make corrections is to be a whistle blower.

    • by gweihir ( 88907 )

      Are you kidding? The very purpose of government is to oppress its population and tell them everything is "fine" as long as they are docile little sheep. You thing the Constitution has any value today? Think again.

  • I think that the degree of spying by the US government and the availability of computers and the net are locked hip to hip. Computers and somewhat open communication are powerful tools and the US government equates paranoia with responsibility.
  • by AHuxley ( 892839 ) on Saturday May 10, 2014 @04:30AM (#46965455) Journal
    1. Take control of your own networks via your own staff again.
    No contractors, no private sector, no ex gov staff moving around, people without exhaustive gov staff real world full family tree, education, friends interviewed background results.
    2. Drive the private sector contractors out of the gov networks. Fancy 3rd party network wide security software will not stop a trusted system admin, it will just give the security software bosses a nice gov contract bonus.
    3. Go back to finding all your staff from top universities after watching them in the wild for a few years. When ready, offer them a great job, for life with academic freedoms and an above great wage. Make sure they feel invited in.
    a) Interview them in person using gov staff only staff.
    b) If accepted as useful to the gov:
    Interview their extended family in person using only gov staff. Interview their recent academic staff in person using gov staff. Drive out to their local community and find friends, cops, ex cops, sealed court records, all teachers at every stage of schooling.... in person using gov only staff.
    Look at generations of book lists, magazines, newspapers, payments, gambling, faith with links to other nations, cults with links to other nations, holidays, charities, political causes, the probability of placing another nation/faith/cash/cult interests above all gov security levels.
    Build up a real world life story with real world contact with every close person or event and keep looking.
    Note: a database search is not a real world interview. A database search by a 3rd party private sector security cleared person is not a real world interview.
    Some data on a random gov computer about past good work been seen by a 3rd party private sector security cleared person is not a real world interview.
    Keep interviewing, testing, profiling your new staff using trusted gov staff - in house staff, not a 3rd party private sector security cleared person invited in with a new 'system' to rent.
    4. The file systems need to be kept air gapped and back to best practice compartmentalization. No new 3rd party cloud, no outside big brand private sector 'helpers' beyond installs.
    5.. Dont trust any paperwork from any other sector of the gov/private sector on an individual. If they have great paperwork and want to move jobs, something interesting might be missing from that great 'story'.
    6. Stop political suggestions over 'sharing' the cloud and other ways into what should be a sealed gov network.
    Some better ways to alter public perception:
    Hint at a limited hangout, or partial hangout, the idea that the material was baited provides endless speculation and academic busy work on web 2.0 and beyond.
    Drop hints via trusted cutouts to the 'alternative media' that will take years to work out.
    A sockpuppet is not a useful cutout.
    The hardware and software, junk encryption was for domestic use by 'others' in the wider US legal system. The results of a splitter, tame corporate/academic decryption ended up with any number of diverse ongoing very legal domestic criminal probes is a great talking point.
    Hint at a political culture for weakening once strong gov only security clearance levels.
    8. Talk the the UK about decades of tell all books, newspapers, interviews and 'documents' ie the magical "why" nothing ever got much traction beyond academic history books and obscure university level history papers.
    9.. As all this is now in the open and telco immunity is/was in place move forward with a domestic locked box for all telco metadata. Move in front of "damaging breach" to a post telco immunity budget and gov security expansion needs.
    • My essay: http://www.phibetaiota.net/201... [phibetaiota.net]
      "This essay discusses how the USA's security clearance process (mainly related to ensuring secrecy) may have a counter-productive negative effect on the USA's national security by reducing "cognitive diversity" among security professionals."

      An example I have there:
      ----
      Let us contrast two candidates with different very backgrounds and ask which one would get a security clearance. Which of the two would be hired to create the social and technical systems to define US

      • by AHuxley ( 892839 )
        Both exhibit what any intelligence service would desire. The ability to work in the community facing interesting events, languages, rapidly changing slang, people, cultures, locations and living with habits that are not without constant risk.
        They are the classic butterfly collectors or anthropologist with deep cover in distant lands as used over generations.
        You have very smart people with the ability to hide their needs. One event may have pulled them very close to the security/mil sector.
        What happens
  • by Rick Zeman ( 15628 ) on Saturday May 10, 2014 @12:00PM (#46967475)

    ...is somewhere along the line SOMEONE has to be trusted. That secure program that transfers files? How do you know it doesn't have a back door/hidden features? You audit that source code..do you trust the auditor? How do you know he's not in collusion with the programmer? Hmm, better get someone or someones to audit them. And so on....
    Technical restrictions are good, but they're not the be-all. Technically, the best locked down systems aren't usable (any geezers here remember C2 [orange book] Windows NT 4 systems? Very secure (especially for NT in the day)...and wholly unusable).

    His comments about securing ssh are just common sense and best practices (for once they coincide). As he pointed out, metal detectors would have caught the egress of the thumb drives. Just as locks on reinforced cockpit doors would have prevented 9/11, sometimes the low-tech scalable solution is the best solution.

  • If you are of renown, you are renowned. You'd think folks sensitive to the exacting demands of various languages would be more respectful of English. Sheesh.

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...