Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
China Government Security United States

Schneier: China and Russia Almost Definitely Have the Snowden Docs 157

cold fjord writes: Writing at Wired, Bruce Schneier states that he believes that China and Russia actually do have the Snowden documents, but that the path by which they got them may be different than what has been reported: "... The vulnerability is not Snowden; it's everyone who has access to the files. I've handled some of the Snowden documents myself, and even though I'm a paranoid cryptographer, I know how difficult it is to maintain perfect security. It's been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it's almost certainly not enough to keep out the world's intelligence services. .... Which brings me to the second potential source of these documents to foreign intelligence agencies: the US and UK governments themselves. I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside."
This discussion has been archived. No new comments can be posted.

Schneier: China and Russia Almost Definitely Have the Snowden Docs

Comments Filter:
  • Timmy! (Score:1, Insightful)

    by Anonymous Coward

    Wow, more speculation under the guise of actual reporting. Almost definitely? Sounds like a bad romantic comedy.

  • by Anonymous Coward

    If China and Russia stole the docs from NSA, then he should refer to them as the NSA docs. MSM will take this out of context as damning evidence against Snowden.

    • Re:facepalm (Score:5, Informative)

      by guestapoo ( 4136621 ) on Friday June 19, 2015 @08:37PM (#49949765)
      It was taken out of context, by the *TITLE* of Wire article, what Schneier said:

      I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they’ve penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades.
      This is why I find allegations that Snowden was working for the Russians or the Chinese simply laughable. What makes you think those countries waited for Snowden? And why do you think someone working for the Russians or the Chinese would go public with their haul?

      Like, which Snowden and journalists working with him, said trillion times, he kept nothing, everything were handled to journalists, before he went to Russia, but the MSM "accidentally" forget this.
      Every time, when something from his documents is debunked, exposed by *journalists*, each time, I see the "innocent" title like "Snowden releases X", "Snowden claims Y", etc...
      And, each time, comments like "when Putin get all infos from this traitor, he is doom" get soil to grow!

  • by Anonymous Coward

    "I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside."

    As a computer security professional I would be most interested in your thoughts on what were these files even doing on these networked computers

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      "I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside."

      As a computer security professional I would be most interested in your thoughts on what were these files even doing on these networked computers

      These files were not on Internet connected machines. The computers in question were networked on an isolated network called JWICS which is air-gapped from the Internet. Schneier isn't saying Russia and China hacked into them in the traditional sense, he is saying they were hacked via a mole (same way Snowden did) or via a technical means like a computer with a hidden transceiver that gets installed on the network, thereby giving access to the foreign power.

      • by tshawkins ( 1239974 ) on Friday June 19, 2015 @09:58PM (#49950083)

        They are probaly on machines that accessed by other machines that may either permenatly or tempoarily connected to the internet. You can build malware that could be used to infect a laptop that waits until it is connected to an internal network and then grabs files for later transmission when its reconnected to the internet.

        Remember that the incompetance of any goverment agency is dependant on its weakest link and tends to infinity..

        • They are probaly on machines that accessed by other machines that may either permenatly or tempoarily connected to the internet. You can build malware that could be used to infect a laptop that waits until it is connected to an internal network and then grabs files for later transmission when its reconnected to the internet.

          So you're saying the NSA network is permanently or temporarily connected to the Internet, and employees are allowed to take their laptops home. Riiiight, sure, if you say so.

          • Re: (Score:3, Insightful)

            by dbIII ( 701233 )
            Since they got a Hollywood set designer to do their operations room there are probably a long list of stupid failures from these toy soldiers possibly up to and including public internet connectivity and laptop misuse.
            The mere fact that Snowden got so much and that there appears to be no records of how much he got shows some serious breakage.
            • From a security stantpoint, "they don't know what he took" is the biggest problem. It means they don't have a logging file system. If you don't log access then you can't look for unusual patters of access, like some guy taking everything in the computer. It means the Russians only need to recruit 1 contractor with skills, and they get anything they want, forever.
            • Since they got a Hollywood set designer to do their operations room there are probably a long list of stupid failures from these toy soldiers possibly up to and including public internet connectivity and laptop misuse.

              Maybe you could explain a few things here? For instance, why do you think that having a Hollywood set designer either design or have input to an operations room layout is a bad thing? Set designers in Hollywood are highly skilled professionals that have to mix artistic concerns with practical ones to produce a function product suitable for use. It was noted decades ago that the US Navy was interested in the layout of the science fiction program Star Trek's bridge layout, just as there was military inter

              • I'm sure I replied to this but must have failed to submit it properly or something.
                In short, hiring a set designer is a gross symptom of a mindset of appearance over function to such an extent that a security risk and PR failure if it leaks overwhelms any positive outcome. It's wandering into "heck of a job" horse judge territory in terms of demonstrating someone is way out of their depth.

                Second, the Navy trek thing is backwards. The Navy found it interesting that Trek sets had been inspired by submarine
          • by Sique ( 173459 ) on Saturday June 20, 2015 @07:21AM (#49951151) Homepage
            No. That's not what he said. The only reason we know that you can take NSA documents to the outside is because Edward Snowden actually told us that he pulled this stunt, and he could prove it to us by publishing the documents he took. As I wrote back then already: Something Edward Snowden did probably has been done before but the others didn't become public with it. We don't know how many times this has happened before, and we don't know how many documents have been leaked before, and who got them. We just know that this has been possible at the time, Edward Snowden was still working at the NSA.

            From a security point of view, from the moment that Edward Snowden went public you have to operate under the premise that those leaks have happened before, and that other interested parties had and still have unencrypted access to all the documents Edward Snowden took, and to other documents Edward Snowden didn't took because he either didn't knew about them or hadn't had access to them.

            • It pretty much comes down to how far do you dare trust your employees. Network security can only get you so far. It ultimately boils down to trusting people not to take your secrets whether they are on physical media or in their head and share or sell them.

              So far as I understand it there are only a few reasons people commit espionage; loyalty to something else whether it be a principle or nation, money, or boredom. You can screen people for those things but eventually you come to a point where you just have

    • It probably has to do with the fact that a write-only database is a little too secure.

    • "I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside."

      As a computer security professional I would be most interested in your thoughts on what were these files even doing on these networked computers

      As a computer professional I would be most interested in why you claim the title of security professional but can't work out why files that are shared with thousand of people throughout the world would be on a network.

    • by gweihir ( 88907 )

      You cannot be very good at IT. One of those "computer security professionals" that cannot program, set up a network or analyze a large bulk of data?

      Quite obvious, these documents were used in daily work and in meetings and doing that exclusively with non-networked computers is extremely hard. What you do is have a "classified net" and then you make damned sure it is secure. Of course, with the NSA being in the business of making everybody less secure these days, they may just not have the skills anymore. An

      • by dbIII ( 701233 ) on Saturday June 20, 2015 @06:34AM (#49951075)

        that means the agency that spies on everybody and keeps a file on everybody cannot keep the data is gathers secure

        One of the things that came out of the Manning leak was that an oil company operating in Nigeria already had that opinion and was very reluctant to share confidential information with US agencies.

        • by gweihir ( 88907 )

          Interesting. I missed that.

        • So you are saying that Bradley Manning's leaks did harm the US*? Delayed recognition is better than none I suppose.

          *Not that there was any real question about that. High cost, no useful outcome.

          • by IamJaxn ( 455539 )

            So you are saying that Bradley Manning's leaks did harm the US*? Delayed recognition is better than none I suppose.

            *Not that there was any real question about that. High cost, no useful outcome.

            How could you possibly come to that conclusion? There's no way @dbll was saying that. I don't want to speak for him/her, but they said the oil company already had that opinion (that the US couldn't keep its intel secure).

            By oil company, they surely meant "Shell", the US based juggernaut. The documents revealed that the company had inserted staff and fully infiltrated the Nigerian government, hence they told the US they could ensure that the Nigeria's 2009 Petroleum Industry Bill would favorably treat the

            • ... you mean "Royal Dutch Shell"?

              Its owned almost entirely by a parent company out of the Hague. The headquarters of the US branch is in the US and the company is traded separately on the stock exchange but... it is not a "us oil company" anymore than Nintendo or Sony are US companies even though they have operations in the US. Or Apple is Chinese for that matter even though they have operations in china.

              Its a dutch oil company.

          • by dbIII ( 701233 )
            Only if you think Hillary Clinton is the US. There was some pretty embarrassing stuff about her, such as asking agents to get blackmail material on diplomats of allied nations.
            • by dbIII ( 701233 )
              Nothing but the sound of crickets. You talk a big game but are really a cowardly bully Cold Fjord.
    • My suspicion is this news story is cover for the fact another leak occurred and compromised current operations.

      The US intelligence agencies would have to assume that after Snowden, their undercover operatives were compromised. Any serious spy agency would not trust a renegade spy hiding in Russia and a bunch of foreign journalists to hold onto state secrets indefinitely. Even if they believed that Snowden was well intentioned, every spy agency in the world will be trying to get a copy of Snowden's databa

  • by flug ( 589009 ) on Friday June 19, 2015 @07:42PM (#49949535)

    I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside.I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside.

    Uh, yeah. This was obvious from the beginning. If it was that easy for Snowden to grab all of those files without anyone noticing anything until it was too late, how many other bazillions of employees, contractors, sysadmins, etc etc etc etc also had similar access.

    The Chinese & Russians (and others--Brits, Israelis, what have you) are actively trying to subvert all these thousands of folks.

    It's really not rocket science, or even computer science. More, do you have the right contact. With so many potential contacts it becomes almost inevitable.

    And that's without even getting into technical break-ins--which also seem very, very possible given the lax security that the Snowden affair demonstrates. If Snowden can get unauthorized access to all those files, then it's possible for others to do so as well.

    • by tshawkins ( 1239974 ) on Friday June 19, 2015 @10:01PM (#49950095)

      In fact snowden may have inadvertantly given them cover, now they can act on the intelligence in the files they stole from the NSA directly without revealing that they powned the NSA networks because the world thinks that snowden did it.

      • Does that really matter?

        The NSA is more concerned with the dirty laundry being airedbagainst Americans, rather than what foreign intelligence services have compromised their firewalls. Absurd to say the least.

      • by AK Marc ( 707885 ) on Saturday June 20, 2015 @12:04AM (#49950437)
        Much like The US/UK let friendly ships be sunk to prevent it from being known that they had broken Enigma. With the knowledge it was broken elsewhere, they can claim they broke into the Snowden files, not the NSA files, when the reality is the opposite.
    • by gweihir ( 88907 )

      Indeed. And that amply demonstrates why universal surveillance is an extreme problem: The data gathered cannot be secured effectively. For example, even if the NSA does not do industrial espionage on it themselves (which is doubtful), then China and Russia can steal the data and mine it for relevant findings. Or if the NSA does not use it to pressure and manipulate politicians and public figures (again doubtful), then others can do so after stealing the data.

      The concepts of privacy and secrecy are important

  • by Anonymous Coward

    keep them locked up and off the fucking internet.

    • by nickweller ( 4108905 ) on Friday June 19, 2015 @07:52PM (#49949571)
      @Anonymous Coward: "keep them locked up and off the fucking internet."

      Are you a security professional?
    • Except that's still not enough. If you ever need to copy anything to or from the computer you'd be likely to use a USB-device for that and, well, it's been shown already that such things can be infected even at the firmware-level, not even to mention USB-keyboards, mice and all those things that can also be compromised.

      • and, supposedly, the russians are returning to using type-writers instead of computers, for their secret memos and spy schtuff.

        let me tell you this; the pidgeons are starting to look pretty scared, at this point...

        • and, supposedly, the russians are returning to using type-writers instead of computers, for their secret memos and spy schtuff

          Talking about typewriters ... China recently executed a typist who leaked sensitive information to foreign spy (or spies)

          That only goes to show that there always exist the possibilities of leakage no matter which route it takes

    • I thought for a minute that you were referring to Dice...
    • by gweihir ( 88907 )

      Unfortunately that is not easy at all, as then you cannot work with them anymore. This is not _archived_ data we are talking about here. The only thing you can do is effective access control and restriction to a small group with "need to know". The NSA obviously failed completely at the latter or Snowden would never have gotten access.

  • Oh Bullshit! (Score:1, Interesting)

    by rfengr ( 910026 )
    Give up on the conspiracy bullshit. He is just trying to excuse what Snowden did. Snowden had physical access to the network and still had to social engineer passwords.
    • Re:Oh Bullshit! (Score:5, Interesting)

      by dcollins117 ( 1267462 ) on Friday June 19, 2015 @08:26PM (#49949715)

      Give up on the conspiracy bullshit. He is just trying to excuse what Snowden did. Snowden had physical access to the network and still had to social engineer passwords.

      It's a bit naive to think that professional foreign intelligence spies don't have the same access a low level NSA contractor does. There are clearly no safeguards against copying anything you want and walking away with it. That's not conjecture; we have direct evidence how easy it is. The only difference is actual spies know enough to keep their mouths shut about how ineffectual and incompetent US security is.

      • by gweihir ( 88907 )

        Very much this. Malicious spies (i.e. people very unlike Snowden) will just keep siphoning data and will make damned sure the NSA does not find out how badly its internal security sucks.

    • . He is just trying to excuse what Snowden did. Snowden had physical access to the network and still had to social engineer passwords.

      And we know that's something the Russians and Chinese would never do.

    • by vux984 ( 928602 )

      Snowden had physical access to the network and still had to social engineer passwords.

      Anyone who thinks Snowden is the first and only person who had the access, ability, and inclination to take the data he took is as high as a fucking kite.

      Snowden is just the only one who went public.

      Snowden didn't have special access or magical powers. Thousands of other people work there just like he did; do you really think its inconceivable none have them have sold out? or have been compromised and are under foreign leverage? or outright work for a foreign government?

      • Re: Oh Bullshit! (Score:5, Interesting)

        by Demonoid-Penguin ( 1669014 ) on Friday June 19, 2015 @11:10PM (#49950315) Homepage

        Snowden had physical access to the network and still had to social engineer passwords.

        Anyone who thinks Snowden is the first and only person who had the access, ability, and inclination to take the data he took is as high as a fucking kite.

        Or just stupid.

        Snowden is just the only one who went public.

        If you had been reading Bruce's posts over the last few months you'd know that there is definitely at least one other NSA leaker. As to other leakage (other than to the media) - that is the main thing that the NSA is scrambling to divert everyone's attention from. The fact that so many companies have been tasked with gathering and processing the material (not just meta-data) that FiveEyes gather - given that it's impossible to stop them using that information to advance their own corporate interests. That and the fact that a NSA core mission is to protect the economic dominance of the USA - not just "from terrorism".

        • by gweihir ( 88907 )

          Snowden had physical access to the network and still had to social engineer passwords.

          Anyone who thinks Snowden is the first and only person who had the access, ability, and inclination to take the data he took is as high as a fucking kite.

          Or just stupid.

          As most people that are stupid (and there are lots and lots of them) have no clue that they are stupid (Dunning-Kruger Effect), that is likely the best explanation. The utter clueless nonsense that can be found even in the comments on this story are staggering. Every competent computer security expert was aware that these documents must have been stolen several times over by the time Snowden did it. There was not even a discussion about this. Schneier is merely pointing this out now for the non-experts.

          • As most people that are stupid [...]

            Except me! I'm unique.
            Just because I have no actual experience with the NSA, or any spy agency, it's obvious how they'd do things.

            Likewise stonemasons - how gullible do they think I am? They might of needed to spend years to gain the basic knowledge and experience needed to do their jobs - but not me! Hit rock with hammer, repeat until done, collect lots of money, go to pub. Easy.

            I only have to glance at any given subject to intuitively understand it completely. Except medicine - I had to watch an hour of

    • by gweihir ( 88907 )

      And rather obviously NSA internal access control sucked badly, and quite a few more people must have had access comparable to that of Snowden? Really, you have no clue about IT security. Schneier is just pointing out what any real security professional has been thinking since Snowden became a public figure.

  • typewriters (Score:2, Interesting)

    by Anonymous Coward

    Years ago there was story about Russian intelligence services using typewriters and putting sensitive data on paper documents to avoid digital security breeches.

    Very clever, these Russians.

  • what people can pull out their asses

  • What the hell does "almost definitely" mean? Is it like near miss?
    • by Anonymous Coward

      More like

      almost pregnant
      regaining virginity
      slightly dead
      silently yelling
      toxic masculinity
      holy shit

      you get the idea

    • by qpqp ( 1969898 )
      It probably means "with the probability [of the event] approaching (or adjacent to) certainty."
  • it may now be time to deregister from slashdot.

    our 'favorite' bootlicker gets a submission. this is not a good sign; but then again, dice has been ruining slashdot for quite a while, now.

    why CF is wants us to read bruce's article, though, is a mystery to me. CF is NOT a fan of snowden and yet this article defends snowden.

    something seems a bit off, here.

    • by Anonymous Coward

      Yup, reads like Bruce is saying China got the Snowden documents, NOT (as is actually the case) that he's saying they have access to the same documents without Snowden.

      This is why cuntfuck wanted to take this on: so he can control the heading, the bit that turns up most visibly in websearches.

      Control the first impression, you capture the mind.

      • (mod parent up, please)

        I think he has a valid point. I suspected something is going on here and he may have nailed it.

    • by Anonymous Coward

      it may now be time to deregister from slashdot.

      our 'favorite' bootlicker gets a submission

      Oh noes... an article was accepted by someone you disagree with and now you just want to go home. BTW whose is the groupthink bootlicker here i wonder?

    • I'm fine with cold fjord getting on the front page. I don't agree with him most of the time, but that doesn't have any bearing on the quality of his submission.

      • except for when there is a lie of omission.

        headline says that x and y 'almost definitely' (huh?) have the snowden docs. but it leaves out that bruce believes that x and y had the docs (and not 'the docs' but info that can be found in those docs, plus probably a shitload MORE that snowden didn't get!) aside from and apart from ed snowden. ie, this is not about snowden and how x and y have more advantage now. they always had this info, according to bruce (or speculating by bruce).

        therefore, the meaning is

        • Why don't you check out Wired's [wired.com] title and get back to us with an update of your theory?

          Changing the title as you suggest would mislead people. Bruce is intellectually honest enough to state other possibilities for what has happened despite what he believes. And to be clear, he doesn't really have any evidence for his belief. There are a number of reasons to believe that things didn't unfold as Bruce suggests.

          You have once again made a post with a significant gap between reality and your views.

      • by Uberbah ( 647458 )

        I'm fine with cold fjord getting on the front page.

        As long as you're fine with equivalent submissions from other sources, like some stooge from North Korea.

        • I thought Slashdot knew what ad hominem attacks were and how to avoid them by judging content rather than messenger.

          I'm fine with submissions from anyone if they're relevant to news for nerds or stuff that matters.

          • I thought Slashdot knew what ad hominem attacks were and how to avoid them by judging content rather than messenger.

            "Well, you were wrong"

    • you are now accepting articles from cold fjord? it may now be time to deregister from slashdot.
      our 'favorite' bootlicker gets a submission. this is not a good sign; but then again, dice has been ruining slashdot for quite a while, now.

      Slashdot has put 121 of my stories on the front page now, and they've been doing it for 5 years. I've submitted stories on many different topics. I believe this story is my first accepted submission [slashdot.org]. My posts go back many years before that. Does that scare you? (5 years? Hmmm ... that seems to predate Snowden's arrival on the scene. Am I psychic?)

      why CF is wants us to read bruce's article, though, is a mystery to me. CF is NOT a fan of snowden and yet this article defends snowden.

      something seems a bit off, here.

      Something is "a bit off"? Maybe you can figure it out. In your dwelling it is highly likely that there is something which is highly useful for this investig

      • we (many, not just me) simply do not trust your motives.

        you HAVE been called out and people know you for what you are.

        deal. you made your bed, now lie in it.

        as for slash taking your submissions, that speaks more against slash, I guess; but I suppose they are LOOKING for contentious click-bait and so this is why they welcome your submissions.

        and so, my respect for slash is lower, still. so, you hang out here, I'll go over to the Other Site(tm) and perhaps that's a good way to work it.

        slashdot is now yours.

  • by mtrachtenberg ( 67780 ) on Friday June 19, 2015 @08:43PM (#49949797) Homepage

    Here is the key point Schneier's post makes:

    "Do countries like China and Russia have copies of the Snowden documents? I believe the answer is certainly yes, but that it’s almost certainly not Snowden’s fault...I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they’ve penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades."

    To headline this story without including some reference to China and Russia having penetrated NSA networks is to imply Schneier is saying Snowden provided China and Russia with information they did not have already. It is either sloppy or intentionally misleading. The headline could have been "Schneier: Chinese and Russian Spies Probably Had Snowden Docs Before Snowden."

  • Snowden files? (Score:5, Insightful)

    by Narcogen ( 666692 ) <.narcogen. .at. .rampancy.net.> on Friday June 19, 2015 @08:50PM (#49949831) Homepage

    "I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside."

    If Russia and China had the files before Snowden took them then they are in no meaningful way "Snowden files". They are merely a set of documents that may, or may not, overlap a portion of Snowden's files. By repeating your opinion that Russia and China have them (apparently without having to decrypt them, if they received them separately from Snowden) you are bolstering the narrative that Snowden has done damage to the government and the people of the US rather than exposing the damage done by the government of the US to the people of the US and the world.

    Well done, sir.

    • Wait...what?
    • Well put. That's what effectively happens. That is what a poll before and after would show up, despite verifiable claims that the article states China/Russia did probably not get the files from Snowden.

  • by tinkerton ( 199273 ) on Saturday June 20, 2015 @06:54AM (#49951111)

    It's useful to keep in mind there's two layers to the Snowden-betrayal array of claims.
    - There's the claims that he did damage.
    - there's the underlaying claim that this proves that he did wrong.

    In fact whenever a whistleblower comes out, there will be some damage in some areas. The same applies to journalism. Whenever you expose wrongdoings or questionable practices from those in charge it can be argued this helps the enemy, even if only by tarring the image of the government. But I think the main point is, it should be considered an acceptable cost of transparency of governance. Transparency has been embedded in the US constitution 200 years ago for a reason. Mostly, those accusing Snowden don't understand that reason, or see no reason to bother with it. Transparency means that to some extent the governing still represent the governed(although you need to close the feedbackloop to really achieve that).

    So yes, I think the claims that Snowden damaged the US foreign policy are wildly out of proportion, but I also think that as long as some precautions were taken to limit damage done, then it's acceptable. That should be the general attitude towards whistleblowers: that some damage due to disclosures is acceptable, worth it.

The longer the title, the less important the job.

Working...