NSA Admits Lots Of People Could Have Done What Snowden Did
by alethoBy Mike Masnick | Techdirt | December 31, 2013
The
NSA keeps changing its story about Snowden. Was he brilliant or a
nobody? Did he have access to all these documents or did he have to hack
into systems? Did he get the important stuff or not? Each time the story seems to be different. A few months ago, you may recall the NSA insisted that Snowden needed to borrow the identities of others to access the documents he had. They also argued that he must have bypassed or deleted log files. However, in an interview, the NSA's Director of Technology, Lonny Anderson, admits that basically anyone at the NSA with top secret clearance could all access the same stuff and also claims that all the log files were there:
contrary to much of what's been reported about Snowden's work at the NSA, it wasn't his position as a systems administrator and the broad access to networks and databases that came with it that allowed him to steal so many secrets. Rather, Anderson said, "the lion's share" of the information Snowden obtained was available to him because of his top-secret security clearance -- TS/SCI -- which allowed him to access so-called sensitive compartmented information.That's an important distinction, because it means any number of the thousands of people at the NSA with the same clearance level could have done what Snowden did -- not just the smaller number of systems administrators, who have a kind of "super user" access that isn't granted to all other employees. That helps explain why Anderson couldn't tell the White House that there were no more Snowdens. Theoretically, there could have been thousands of them.
Of
course, who knows if Anderson is telling the truth. Later in the
interview he seems to contradict himself -- both claiming that Snowden's
activities on the network were tracked ("He was not a ghost. It's not
like he was so stealthy that we didn't see his activities") and that
Snowden was able to get away with what he did because he was "anonymous"
on the network.
"Where I think we were negligent -- if we were negligent -- where we were is that we allowed him some form of anonymity as he did that. Someone wasn't watching all of that. So the lesson learned for us is that you've got to remove anonymity from the network."
I
guess it's possible that the actions were tracked without the
identification of who it was. Amusingly, you could argue that the NSA
had the metadata on Snowden's actions, but not the actual details of who
he was. Oh, the irony.
The
one area where Snowden's sysadmin role apparently did play a part was
in being able to get many of those documents off the network without
being noticed. Part of his job was, as revealed earlier,
to move documents around within the NSA's network, but his sysadmin
status allowed him to download those documents without any alarm bells
going off.
What Snowden could do as a systems administrator, as opposed to an employee without those privileges, was to "exfiltrate," or remove data from the NSA networks, Anderson said. "That, a normal user would not have been able to do." He acknowledged that the NSA's information control regime is not currently designed to alert officials when documents are being removed by a systems administrator. That's going to change, Anderson said. In the future, individuals will also be locked out of the networks if they remove data without authorization.
At
this point, it's difficult to believe anything that the NSA is saying
about Snowden, because so much of it seems to contradict what the NSA
itself has said in the past. Perhaps that's just part of the
disinformation campaign. Or, perhaps it's a sign that the NSA still has
no clue what happened.
No comments:
Post a Comment