Yeah. For example, a recent reddit post for example highlighted how you can extract private SSL keys from the memory on any virtual machine if you have access to it.
It looks like even Reuters engages in link baiting now. This is a non-story. In the original Guardian article, Snowden says that the FBI was at his house asking questions before the release, but only because they were concerned about his disappearance.
> When Booz Allen checked in with him, Snowden said he was suffering from epilepsy and needed more time off. When he failed to return after a longer period, and the company could not find him, it notified intelligence officials because of Snowden's high-level security clearance, one of the sources said...The government did not know Snowden was the source for the stories until he admitted it on Sunday, the sources said.
So the Feds "hunted" for him the same way a parent "hunts" for his child that has wandered off in a store.
I doubt this is true. When someone with that kind of clearance disappears the feds are going to put some effort into trying to figure out what's going on. That someone may have turned him is a possibility they have to consider, among others.
The thing that allows me to rest assured at night is the sheer level of incompetence of our officials and agencies. I dread the day that the infrastructure that now exists and goes far deeper and broader than everyone realizes is taken control of by someone with authoritarian tendencies for efficiency and accountability.
It's the difference between your buddy cracking your phone and pulling some prank; and someone else cracking your phone and using the information to bleed you dry, torment you, and mess with your life for decades.
This is a strange and ambiguous statement, I think:
> Several sources said that as a systems administrator, Snowden would have been unable to actively spy on people, even though he told the Guardian newspaper, "I, sitting at my desk, certainly had the authority to wiretap anyone, from you or your accountant, to a federal judge, to even the President."
What does "actively spy on people" mean in this case? As a systems administrator, did Snowden have a way to get to the private data, even illegal or otherwise?
To me what Snowden said, considering his position and assumed competence, what the aforementioned sources say seems to contradict that. However, they might just rely on saying that sysadmins don't have the legal power to do so, or that other sysadmins would notice it even if he breached his privileges and so on, rather than that there is no way Snowden could have done that.
A play on words and not revealed meanings might just be turning a fact into fiction here, at least that would be in the best interests of NSA for sure, so there's also the motive for such wordplay.
Or then Snowden is a liar, which I find doubtful, especially in such a clear case and would turn up being harming for his cause.
They've misquoted a sentence from the video interview, the same way many others have. Reuters quotes Snowden as saying:
"I, sitting at my desk, certainly had the authority to wiretap anyone, from you or your accountant, to a federal judge, to even the President."
Meanwhile, the way his wording sounded to me (and is quoted more often elsewhere) was:
"I, sitting at my desk, certainly had the authorities to wiretap anyone, from you, or your accountant, to a federal judge, to even the President if I had a personal email."
The differences are the pluralization of authorities and the addition of the conditional-qualifier "if I had a personal email".
Of course people speaking in an unrehearsed manner may mix up tenses, pluralization, and speak with imprecision as they shift between thoughts and chosen emphases. But I suspect those portions of the quote Reuters messed up were significant.
First, it sounded to me like 'authorities' was likely a term-of-art in his intelligence-analyst line of work, meaning specific rule-artifacts in the access system, representing a mix of 'proper credentials' and 'suitable legal/system authorization'.
After all, NSA defenders have given the impression that even though there is a massive amount of data collected, including on US citizens under no suspicion, it's OK because those records sit idle, never looked at unless and until the right conditions are met.
I have a hunch those conditions are called 'authorities'. So when you've got records on individuals A, B, and C, and your algorithms tell you A & B are 51%-plus likely to be US citizens, but C is 55% likely to be a foreigner, well, you can use the longstanding 'authority' allowing analysts of your grade to do warrantless surveillance of foreigners, to start pulling things up on C, from anywhere and everywhere (including previously-bulk-warehoused call recordings, colloquially 'wiretaps').
And then when you see that C has been emailing B, that alone, or perhaps the contents of those messages, might be enough to activate another 'authority' - suspicion, or association, or content-pattern based - which then allows at least a peek into B's records. Perhaps that peek confirms B is a foreigner - now the identity is marked that way, and it's all wide open. Or maybe the peek shows B to be a citizen... well, now you've got 1 week to ask the FISA court for a warrant. Better read fast! (Open question: if NSA decides after this 'free look' they have no interest in continued surveillance of target person B, does the warrant for retroactive permission ever get requested? Are there any records or repercussions from the 'free look'?)
Of course, the visibility of some target-records might be over-determined: multiple active 'authorities' all allow viewing. Others might require some "good at the keyboard" analyst creativity to activate: is there a past-travel, likely-associations, prior-suspicious activity, etc. 'authority' that could be applied? Still other 'authorities' might only be available to more senior analysts: maybe targets who are themselves state/federal employees, elected officials, etc. have an extra sheath-of-privacy that prevents easy peeks by junior people using the most simple and elastic 'authorities'.
Which brings us to Snowden's other carefully-qualified bombshell: "…to even the President if I had a personal email." Let's say person B above is in fact the US President... perhaps using a separate personal email address. (There is of course controversy about officials having separate email accounts, but it's almost certainly a rampant practice – see especially the recent Petreaus affair and allegations administration officials in the EPA, HHS, or Labor department have used secondary addresses, sometimes under alternate names, for official business or ...
I read "authorities" as "clearance" or "permissions", not that the system had green light the sifting of communication of a particular person. My reasoning here is that he mentioned the President as well. It seems that any personal account is fair game so long as you have the permissions to perform a search in the system and you have the personal email to use as a unique identifier.
> "Snowden already had a Top Secret clearance before he joined Booz Allen in April, two sources said, adding that he likely obtained that clearance - which involves passing a polygraph exam..."
I know for a fact that most government top secret clearances don't require a polygraph. Not that it means shit, since polygraphs have never been proven to prove anything. I just hate when I see things written by "credible" people that will be taken by fact by hundreds of people when it is not entirely true. Working in environments where all of the fine details are rarely shared, you see this a lot in the media.
Law enforcement in general (Anywhere from city to FBI) is known to give polygraphs before a conditional offer of employment is given. However, this is not the case with all agency's.
You know, the thing that gets me most about all of this state surveillance that Bush initiated but has been in place for decades now to a lesser and more controlled extent, is that it is absolutely inefficient and inefficacious. The NSA claims they have disrupted "dozens" of terrorist plots, so why not publicize them once they are disrupted? They're disrupted, they're done. The "terrorists" would have surely realized their plan didn't go quite as planned.
So the NSA disrupted some plots and turned an asset that simply told their terror boss "bummer, XYZ didn't work because I lost the keys" and he's now snitching for us. That being said, there are surely "plots" that could easily be publicized. The thing people don't realize is that under the blanket of classification lies a heaping pile of shit, corruption, incompetence, and abject stupidity.
Secrecy can protect, but more often than not is simply obscures, disguises, compounds, and perpetuates failure and corruption. Case in point, the FISA "Court" that's rubber-stamping requests. 100% approval??? At the very least there is a far too close relationship, which is more common than not in Government and Military, and is a form of pernicious, systemic corruption, and FISA requests are simply being constructed so they are guaranteed to rationalize approval on technical terms. But I can assure you, there is deep, systemic, putrid rot below the new coat of paint.
21 comments
[ 4.1 ms ] story [ 52.4 ms ] threadNot sure about CIA or Booz but at every company I've worked at a good sys admin can get anything.
[0] http://www.reddit.com/r/linux/comments/1fxg9k/do_more_people...
> When Booz Allen checked in with him, Snowden said he was suffering from epilepsy and needed more time off. When he failed to return after a longer period, and the company could not find him, it notified intelligence officials because of Snowden's high-level security clearance, one of the sources said...The government did not know Snowden was the source for the stories until he admitted it on Sunday, the sources said.
So the Feds "hunted" for him the same way a parent "hunts" for his child that has wandered off in a store.
That's a fatuous analogy. Parents aren't primarily concerned with getting to their kid before the kid tells some "stranger" something.
It's the difference between your buddy cracking your phone and pulling some prank; and someone else cracking your phone and using the information to bleed you dry, torment you, and mess with your life for decades.
> Several sources said that as a systems administrator, Snowden would have been unable to actively spy on people, even though he told the Guardian newspaper, "I, sitting at my desk, certainly had the authority to wiretap anyone, from you or your accountant, to a federal judge, to even the President."
What does "actively spy on people" mean in this case? As a systems administrator, did Snowden have a way to get to the private data, even illegal or otherwise?
To me what Snowden said, considering his position and assumed competence, what the aforementioned sources say seems to contradict that. However, they might just rely on saying that sysadmins don't have the legal power to do so, or that other sysadmins would notice it even if he breached his privileges and so on, rather than that there is no way Snowden could have done that.
A play on words and not revealed meanings might just be turning a fact into fiction here, at least that would be in the best interests of NSA for sure, so there's also the motive for such wordplay.
Or then Snowden is a liar, which I find doubtful, especially in such a clear case and would turn up being harming for his cause.
"I, sitting at my desk, certainly had the authority to wiretap anyone, from you or your accountant, to a federal judge, to even the President."
Meanwhile, the way his wording sounded to me (and is quoted more often elsewhere) was:
"I, sitting at my desk, certainly had the authorities to wiretap anyone, from you, or your accountant, to a federal judge, to even the President if I had a personal email."
The differences are the pluralization of authorities and the addition of the conditional-qualifier "if I had a personal email".
Of course people speaking in an unrehearsed manner may mix up tenses, pluralization, and speak with imprecision as they shift between thoughts and chosen emphases. But I suspect those portions of the quote Reuters messed up were significant.
First, it sounded to me like 'authorities' was likely a term-of-art in his intelligence-analyst line of work, meaning specific rule-artifacts in the access system, representing a mix of 'proper credentials' and 'suitable legal/system authorization'.
After all, NSA defenders have given the impression that even though there is a massive amount of data collected, including on US citizens under no suspicion, it's OK because those records sit idle, never looked at unless and until the right conditions are met.
I have a hunch those conditions are called 'authorities'. So when you've got records on individuals A, B, and C, and your algorithms tell you A & B are 51%-plus likely to be US citizens, but C is 55% likely to be a foreigner, well, you can use the longstanding 'authority' allowing analysts of your grade to do warrantless surveillance of foreigners, to start pulling things up on C, from anywhere and everywhere (including previously-bulk-warehoused call recordings, colloquially 'wiretaps').
And then when you see that C has been emailing B, that alone, or perhaps the contents of those messages, might be enough to activate another 'authority' - suspicion, or association, or content-pattern based - which then allows at least a peek into B's records. Perhaps that peek confirms B is a foreigner - now the identity is marked that way, and it's all wide open. Or maybe the peek shows B to be a citizen... well, now you've got 1 week to ask the FISA court for a warrant. Better read fast! (Open question: if NSA decides after this 'free look' they have no interest in continued surveillance of target person B, does the warrant for retroactive permission ever get requested? Are there any records or repercussions from the 'free look'?)
Of course, the visibility of some target-records might be over-determined: multiple active 'authorities' all allow viewing. Others might require some "good at the keyboard" analyst creativity to activate: is there a past-travel, likely-associations, prior-suspicious activity, etc. 'authority' that could be applied? Still other 'authorities' might only be available to more senior analysts: maybe targets who are themselves state/federal employees, elected officials, etc. have an extra sheath-of-privacy that prevents easy peeks by junior people using the most simple and elastic 'authorities'.
Which brings us to Snowden's other carefully-qualified bombshell: "…to even the President if I had a personal email." Let's say person B above is in fact the US President... perhaps using a separate personal email address. (There is of course controversy about officials having separate email accounts, but it's almost certainly a rampant practice – see especially the recent Petreaus affair and allegations administration officials in the EPA, HHS, or Labor department have used secondary addresses, sometimes under alternate names, for official business or ...
I know for a fact that most government top secret clearances don't require a polygraph. Not that it means shit, since polygraphs have never been proven to prove anything. I just hate when I see things written by "credible" people that will be taken by fact by hundreds of people when it is not entirely true. Working in environments where all of the fine details are rarely shared, you see this a lot in the media.
Law enforcement in general (Anywhere from city to FBI) is known to give polygraphs before a conditional offer of employment is given. However, this is not the case with all agency's.
I think it unlikely that he had a false passport.
So the NSA disrupted some plots and turned an asset that simply told their terror boss "bummer, XYZ didn't work because I lost the keys" and he's now snitching for us. That being said, there are surely "plots" that could easily be publicized. The thing people don't realize is that under the blanket of classification lies a heaping pile of shit, corruption, incompetence, and abject stupidity.
Secrecy can protect, but more often than not is simply obscures, disguises, compounds, and perpetuates failure and corruption. Case in point, the FISA "Court" that's rubber-stamping requests. 100% approval??? At the very least there is a far too close relationship, which is more common than not in Government and Military, and is a form of pernicious, systemic corruption, and FISA requests are simply being constructed so they are guaranteed to rationalize approval on technical terms. But I can assure you, there is deep, systemic, putrid rot below the new coat of paint.