10 comments

[ 3.0 ms ] story [ 36.0 ms ] thread
This is a calculated smearing, by "[government] officials, who spoke on condition of anonymity". It's blatant PSYOP. Obviously, audit trail systems are worthless if they allow deletions at will (and without, hah, a trail).
If it's a 'blatant' smear, what would be it's agenda? The main thing anyone could take from this is that the NSA's systems are broken or that they're incompetent and can't be trusted to know who's stealing their data. Also that Edward Snowden isn't stupid.

I mean, it could be a smear from an agency who are hostile to the NSA for some reason (that stuff happens; like Valerie Plame, or the notion that Watergate was the result of the FBI leaking against the CIA and the White House). It's hardly likely to be from the NSA or the Whitehouse, who are currently in damage limitation mode; contrasting their own incompetence with that of the guy they're up against doesn't seem like a smart move...

That might be the message to us, but the way this news article (press release, rather) is written, the majority of the population will think Snowden is a hacker that circumvented the movie-level-sophistication systems of the NSA. Also see the friendly reminder at the end, that Snowden just took all kinds of material without first-hand experience of the systems described therein.
> The disclosure undermines the Obama administration's assurances to Congress and the public that the NSA surveillance programs can't be abused because its spying systems are so aggressively monitored and audited for oversight purposes: If Snowden could defeat the NSA's own tripwires and internal burglar alarms, how many other employees or contractors could do the same?

This is the take-home message.

The steady stream of security breaches and information leaks in recent years has taught us that the only way to guarantee information does not fall into the wrong hands is not to record the information in the first instance.

Exactly! In fact, given the revelations of NSA employees spying on their "love interests" and that most of the breaches are self-reported, it really appears that the assurances of security are misleading.
This hopefully puts everything into perspective for people who are all-in on NSA spying. Even if you believe it's a good thing that the government can view everyone's communications, surely this makes it clear that if the information exists somewhere, someone besides the government you trust will eventually get their hands on it?

You'd think politicians would realize this the most. In 20 years time when the people running the NSA have changed and a different party or group is at the top of the pyramid, are they not going to use communications you used 10 years ago for their own ends? I'm hoping pure survivalist instinct will win out eventually and some politicians will vote the right way.

Really? They didn't consider the notion that someone might delete logs (or disable logging)? Maybe they should be using a better logging daemon...
"Snowden's hacking prowess"

So we're back to this. First the "Snowden had a Hacker Certification" nonsense (ignoring that CEHs are required by DoD for OPS jobs and aren't exactly high-quality to begin with) and now deleting log files equaling "hacking". I guess it is easier to make him seem like some super skilled hacker than admit that oversight and access controls were probably non existent.

Selfishly, I really don't even care about Snowden at this point but I do fear that the trend developing is to paint him as a "Hacker" putting security researchers as the next major "threat".

Completely agree. This is extremely basic stuff you should be doing on supposedly secure systems. It should be difficult to disable logging, and logs obviously shouldn't be stored on the same machine with write access to anyone who might be doing something nefarious. This paints the NSA in an extremely bad light from a security perspective and contradicts all of the bogus claims of impenetrable security by politicians.
It looks like NSA is the real security threat. So much data readily accessible.