×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

NSA: Others Implicated in Making Snowden Data Leaks Possible

timothy posted about 2 months ago | from the who's-leaking-on-what? dept.

Government 118

NBC News reports that "A civilian NSA employee recently resigned after being stripped of his security clearance for allowing former agency contractor Edward Snowden to use his personal log-in credentials to access classified information, according to an agency memo obtained by NBC News. In addition, an active duty member of the U.S. military and a contractor have been barred from accessing National Security Agency facilities after they were 'implicated' in actions that may have aided Snowden, the memo states. Their status is now being reviewed by their employers, the memo says." You can read the memo for yourself.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

118 comments

D'oh! (-1)

Anonymous Coward | about 2 months ago | (#46238777)

Why in the world would you let someone use YOUR OWN PERSONAL login credentials? Why not just give him a key that you can lock out after he's done his work. I cannot believe that someone was deliberately this stupid

Re:D'oh! (1)

Anonymous Coward | about 2 months ago | (#46238855)

Don't field many gov't contracts, I take it?

Re:D'oh! (2, Insightful)

Anonymous Coward | about 2 months ago | (#46238905)

Why in the world would you let someone use YOUR OWN PERSONAL login credentials? Why not just give him a key that you can lock out after he's done his work. I cannot believe that someone was deliberately this stupid

So Snowden social hacked a couple of people into allowing him to use their login credentials. That isn't exactly big news and while I'm not saying it's a particularly smart thing to do I seriously doubt that these people are the only ones in NSA history to share login credentials. The real news is that now that the US authorities can't get Snowden they are going to do the next best thing which is to hang these people out to dry as accomplices. I believe that's a mistake since don't think that the vindictiveness of the Obama administration and the US security apparatus is going to do them any favours in the long run but at least it is in the very best traditions of American 'come down on them like a ton-of-bricks' justice.

Re:D'oh! (0)

Anonymous Coward | about 2 months ago | (#46238949)

or was it the jedi mind trick.

Re:D'oh! (5, Insightful)

Anonymous Coward | about 2 months ago | (#46238967)

It's not vindictiveness -- it's procedure. Anyone with a TS-SCI clearance gets the "we'll ruin your life if you screw up" speech when they accept the status. And, given how often you're required to review training on how not to screw up, these people have zero room to complain about any proverbial ton of bricks.

Re:D'oh! (5, Informative)

davester666 (731373) | about 2 months ago | (#46239839)

Yes it is. The people looking up their girlfriends info and obviously violating FISA warrants don't get fired. The ones sending information to the FBI with "don't tell anybody we are doing this and make sure to claim your "investigation" started with some other evidence don't get fired.

Re:D'oh! (1, Insightful)

Anonymous Coward | about 2 months ago | (#46240131)

No, it isn't. If Snowden wanted to make a point, he would have only released information pertinent to the Fourth Amendment. Instead, he did a data dump that pretty much showed the extent to which the NSA spies on foreigners, which is their fucking job.

If the enabled the latter half of the above sentence, then they're quite burnable.

Re:D'oh! (4, Insightful)

davester666 (731373) | about 2 months ago | (#46240191)

then why the fuck hasn't the people in the NSA who have been targeting American's [namely " The people looking up their girlfriends info" and "obviously violating FISA warrants" and "the ones sending information to the FBI with "don't tell anybody we are doing this and make sure to claim your "investigation" started with some other evidence", which CLEARLY violates the law don't face similar punishments?

Or is it just a pick and choose method of law enforcement.

And don't get me started on the whole "it's an emergency, no need to follow procedure anymore".

Re:D'oh! (1)

Anonymous Coward | about 2 months ago | (#46240677)

which CLEARLY violates the law don't face similar punishments?

Because it isn't CLEAR that any laws were broken. People around here like to point to some advisory board report that said the activities were probably illegal, but that 5-person board was split 3-2 so you can't say that CLEARLY the activities were illegal. It is CLEAR to you because that is what you believe it to be, but (fortunately) the US legal system isn't beholden to what you specifically believe.

Re:D'oh! (3, Insightful)

Anonymous Coward | about 2 months ago | (#46240911)

which CLEARLY violates the law don't face similar punishments?

Because it isn't CLEAR that any laws were broken. People around here like to point to some advisory board report that said the activities were probably illegal, but that 5-person board was split 3-2 so you can't say that CLEARLY the activities were illegal. It is CLEAR to you because that is what you believe it to be, but (fortunately) the US legal system isn't beholden to what you specifically believe.

Ah, sorry, but the fourth Amendment is pretty fucking CLEAR. Argue all you want about FISA panels and other such bullshit we've legalized in the last decade to completely fucking derail that Right, but it is VERY fucking CLEAR what laws have been broken and by whom here if you're willing to dilute the issue down to the very basics where it belongs. It's this bullshit dissection of these kinds of violations that allows you and everyone else to not see the fucking elephant in the room CLEAR as day. An "investigation" is opened, and results are published about 6 months after the last person stopped giving a shit about any of it. And then the illegal activity continues, just as it will here.

Knowing where the violations are, and having the power to do fuck-all about it, are worlds apart. This is why we all know they're breaking laws, and yet not a fucking thing has changed to stop it. If any concept is CLEAR here, that one is.

Re:D'oh! (5, Insightful)

davester666 (731373) | about 2 months ago | (#46240975)

unless every single LOVEINT target was not a US citizen, the law was broken [as the NSA isn't permitted by law to spy on US citizens]

and a FISA judge [he should know] said the NSA violated his warrant for YEARS.

How more illegal do you need to get?

Re:D'oh! (0)

Anonymous Coward | about 2 months ago | (#46240747)

I think this is exactly pick and choose law enforcement.

Law enforcement can choose not to enforce a law. They risk having their budgets cut or regulated to all hell if they ignore the regulators, but the current law enforcers don't have that fear since they have a do nothing regulating body watching over them.

Re:D'oh! (1)

mjwalshe (1680392) | about 2 months ago | (#46241189)

The lloveint cases where new hires and got found out pretty much immediately - presumably the usual suspects will be publishing how many Googlers , yahoo apple and phone company employees have accessed things they should have not.(looking up the presidents private phone number medical records etc)

Best practice is to have phone company employees with with wide access to the systems access pass TS (DV in the UK) clearance.

Re:D'oh! (4, Informative)

MightyMartian (840721) | about 2 months ago | (#46238999)

Apart from the fact that I'm glad the leaks happened, it betrays an extraordinary amount of stupidity on the part of those who gave Snowden their credentials and indicates, at least to me, a considerable lack of training.

The company I run has some government contracts dealing with a considerable amount of very personal and detailed information of unemployed and disabled persons. I can tell you right now that we regularly drum into everyone's heads the level of confidentiality we require, that under no circumstances are you to give someone your IDs and passwords, or let them use your workstation while you're logged in. Every access to client information is logged, and information is strictly limited to what is needed by each employee to do their job.

Re: D'oh! (-1)

Anonymous Coward | about 2 months ago | (#46239031)

wow your a real hot shot, it must be cool to have such a secret super important job containi g addrwsses of *unemployed people*.

Re: D'oh! (0)

Anonymous Coward | about 2 months ago | (#46239249)

That's digital gold. A hacker redirects a few thousand unemployment checks, and they're rolling in dough.

Re:D'oh! (3, Funny)

dcollins117 (1267462) | about 2 months ago | (#46239289)

I can tell you right now that we regularly drum into everyone's heads the level of confidentiality we require, that under no circumstances are you to give someone your IDs and passwords, or let them use your workstation while you're logged in. Every access to client information is logged, and information is strictly limited to what is needed by each employee to do their job.

You should contract work for the NSA. Apparently, they need someone with your expertise.

Re:D'oh! (1)

MightyMartian (840721) | about 2 months ago | (#46240391)

There's not much expertise in saying "You will be fired... and worse." We make it very clear that violation of both government privacy rules and company policies could very well invite legal proceedings.

Re:D'oh! (0)

Anonymous Coward | about 2 months ago | (#46240819)

I've never had to work on anything that was really confidential but I had hoped that the security for those that do would be better than "you're fired" if you share your credentials. Most people share their credentials because it's simply so much more efficient. Who wants to wait days for someone to get clearance so they can do something they need to do in 5 minutes. Until you fix that problem, no amount of training or threats in the world will fix human nature.

Re:D'oh! (0)

Anonymous Coward | about 2 months ago | (#46240935)

There's not much expertise in saying "You will be fired... and worse." We make it very clear that violation of both government privacy rules and company policies could very well invite legal proceedings.

Yeah, and Snowden probably thought the whistleblower laws were "very clear" at one point too. So much for that shit. Obviously any law can be bent around to fuck you in the ass if they want to label you a criminal bad enough.

Re:D'oh! (2)

Stormy Dragon (800799) | about 2 months ago | (#46239311)

I can tell you right now that we regularly drum into everyone's heads the level of confidentiality we require, that under no circumstances are you to give someone your IDs and passwords, or let them use your workstation while you're logged in.

And I can tell you right now that unless you're a tiny operation, people are doing it anyways.

Re:D'oh! (0)

Anonymous Coward | about 2 months ago | (#46239341)

There's nothing extraordinary about it at all, and if you have more than a handful of people at your company I'll bet it still happens despite the training, just less often.

Some people just like sharing and being helpful, and don't attach any special significance to that thing you type in to get the computer to work.

Re:D'oh! (1)

poetmatt (793785) | about 2 months ago | (#46241169)

This is hilarious. You think there's some company that doesn't say you're fucked if you give out your information? It's just legal boilerplate. That doesn't mean it's enforceable.

The fact that they're restricting access that was easily and openly given out before is just a slow attempt to cover up the barn door which has been left open. It's pretty funny, to be quite honest.

Re:D'oh! (1)

Rich0 (548339) | about 2 months ago | (#46241435)

Well, it probably is enforceable in most cases, but that doesn't mean it doesn't happen all the time anyway. If people actually followed corporate policies there would be very little successful social engineering.

My workplace has a sign up that it is against policy to bring a cell phone camera onto the site. Probably every employee from the CEO to the janitor violates this policy.

Re:D'oh! (5, Interesting)

boristdog (133725) | about 2 months ago | (#46239081)

I guarantee you Snowden really did no "social hacking" at all.

If you have EVER been someone who solves people's computer problems (sysadmin, DT support, phone support, etc.) you know that LOTS of people will just flat out tell you their passwords when they contact you. They'll put their passwords on post-its, in e-mails, even in the trouble ticket itself. Or they'll just tell you on the phone or in person. No matter how you try to tell them "I don't want or need that information" they still do it. Upper management and C-levels are the worst about doing this, and their accounts can usually access anything in the organization.

Hell, I don't even do support any more, but people still leave me notes or tell me their passwords if they want me to help them with something IT won't do.

Re:D'oh! (1)

Hamsterdan (815291) | about 2 months ago | (#46239195)

I used to work for an ISP and *many* customers would call back after we cut off access because we couldn't talk to them would say "But I gave you my login and password already, you asked me by email because you found an incoherence"

(their account were used to send junk mail via the webmail service).

Since people are giving away credentals by *email*, not surprising they would give them out in person.

Re:D'oh! (1)

adolf (21054) | about 2 months ago | (#46239431)

The company I work for the IT folks keep a complete list of usernames and passwords in a text file, stored on a machine open to the Internet (including FTP!) which is, itself, is "protected" by those same passwords.

Oh, but it's OK, they told me once: It's in a password-protected zip file, so it's safe.

I'm sure that the unencrypted plaintext is scattered all over the temp directory of every machine they've ever used to view this file.

I'm (very) glad I don't get paid to care about that network anymore.

Re:D'oh! (0)

Anonymous Coward | about 2 months ago | (#46241075)

Beyond the obvious sheer stupidity you called out, unless they are using modern extensions to the zip password format, the password protection will be laughably easy to break.

See:
http://link.springer.com/chapter/10.1007%2F3-540-60590-8_12

Observe that it took only a few hours, and that was years ago.

Re:D'oh! (1)

Khashishi (775369) | about 2 months ago | (#46239715)

I certainly hope that NSA contractors are a little better than your run-of-the-mill company in terms of security.

Re:D'oh! (2)

Gr8Apes (679165) | about 2 months ago | (#46240073)

I certainly hope that NSA contractors are a little better than your run-of-the-mill company in terms of security.

Hate to break it to you....

Re:D'oh! (2, Interesting)

Anonymous Coward | about 2 months ago | (#46240561)

The failing startup I was stuck at for a few years eventually hired some expensive ex-NSA security company to spy on us. I won't go into the reasons why, but it was purely political, and an empty gesture to satisfy some of our more vocal/deluded shareholders. You can imagine what it does to morale to have someone being paid at least twice your salary to monitor you, but I digress.

The point is, they went around one day, asked us each for our password(s), and then wrote them down on a legal pad. When it was my turn, they were impressed because I had the only password in the entire company that wasn't trivially crackable and, to prove it, showed me the legal pad with everyone's passwords on it.

I really hope that they were trying to set me up into using someone else's login (which of course I wouldn't), and that they weren't actually that stupid. I respect malice over incompetence, but I suspect that in reality they were just that incompetent.

Posting anonymously out of paranoia. I don't think the company even exists anymore, but whatever.

Re:D'oh! (1)

coolsnowmen (695297) | about 2 months ago | (#46239931)

Just a tip, if a cute person leaves you a sticky note saying, "meetMeAfterWork!"...that might NOT be their password"

Re:D'oh! (0)

Anonymous Coward | about 2 months ago | (#46240213)

I guarantee you Snowden really did no "social hacking" at all.

If you have EVER been someone who solves people's computer problems (sysadmin, DT support, phone support, etc.) you know that LOTS of people will just flat out tell you their passwords when they contact you. They'll put their passwords on post-its, in e-mails, even in the trouble ticket itself. Or they'll just tell you on the phone or in person. No matter how you try to tell them "I don't want or need that information" they still do it. Upper management and C-levels are the worst about doing this, and their accounts can usually access anything in the organization.

Hell, I don't even do support any more, but people still leave me notes or tell me their passwords if they want me to help them with something IT won't do.

Yeah, but this is the NSA. I'd expect better of them.

Re:D'oh! (1)

boristdog (133725) | about 2 months ago | (#46240611)

I worked in Gov't IT for 8 years. Employees were constantly drilled about protecting sensitive information.

Same kind of thing happened all the time. Passwords on post-its, in e-mail, etc. People are still people even if they work for the government.

Re:D'oh! (1)

Anonymous Coward | about 2 months ago | (#46240753)

Not at the TS level. You'd get your balls busted if you gave out your password or put it up on a sticky note. They take that shit VERY seriously. Not only were these guys not supposed to let them use their credentials, which is a HUGE no-no to begin with, but by training they should have filed a security incident report if Snowden asked them if he could use their login. They most certainly get busted for this. They are the reason that people with clearances have to complete so many annual security refreshers.

Security and Failed Logon Attempts (0)

Anonymous Coward | about 2 months ago | (#46240277)

For security you log and report on failed logon attempts. A common reason for a failed logon attempt is the user's password in the username field.

Re:D'oh! (2)

ganjadude (952775) | about 2 months ago | (#46239015)

If I had to guess, They wanted him to do what he did.At least I would like to believe anyway that he wasnt the only one sick of unconstitutional acts

Re:D'oh! (2)

Kookus (653170) | about 2 months ago | (#46239077)

When access to resources is a difficult or lengthy process, and deadlines for products using those resources don't take that into consideration, then it is easier to hand over your credentials.

If the processes for gaining access were streamlines and efficient, then this wouldn't occur. Since it probably is not streamlines and efficient, this is what you get.

No hardware access tokens? (4, Interesting)

hawguy (1600213) | about 2 months ago | (#46238799)

The NSA, the "experts" in computer security, doesn't use hardware access tokens? Everyone knows that passwords can be compromised (and a PKI certificate adds little since an attacker could copy the cert).

Though I guess since the NSA already hacked RSA, they knew they couldn't trust RSA tokens.

Re:No hardware access tokens? (0)

Anonymous Coward | about 2 months ago | (#46238921)

The Chinese hacked RSA

No hardware access tokens? (1)

abirdman (557790) | about 2 months ago | (#46239053)

This is the type of government organization that hires groups like RATFOR as security consultants. Who knows what they used for security procedures? Password list in /?

Re:No hardware access tokens? (1)

lennier (44736) | about 2 months ago | (#46242643)

This is the type of government organization that hires groups like RATFOR as security consultants.

They outsourced security to a Fortran 66 preprocessor [wikipedia.org] ? Well that explains why my Linksys router is currently trying to crack Minuteman silo launch codes.

Re:No hardware access tokens? (5, Informative)

jafac (1449) | about 2 months ago | (#46239089)

HSPD-12 says that since 2006, they are REQUIRED (**SHALL**) to use them.

Doesn't mean they do. Just sayin'.

Re:No hardware access tokens? (2, Funny)

Anonymous Coward | about 2 months ago | (#46239339)

Am I missing something, or are they hiring a Fortran pre-processor as a body of workers?

AKA: We're gonna punish somebody (1)

Anonymous Coward | about 2 months ago | (#46238805)

We can't let folks think that they could get away with this, of course.

Re:AKA: We're gonna punish somebody (2)

canadiannomad (1745008) | about 2 months ago | (#46238849)

This was my immediate thought too....

Re:AKA: We're gonna punish somebody (5, Insightful)

FriendlyLurker (50431) | about 2 months ago | (#46239177)

My immediate thought was: They fire, Investigate and prosecute everyone involved except those in power that systematically broke our laws on a massive scale and violated our constitution. If ever there was an example of how far we have sunk into a corporate fascist dictatorship hiding behind words like "freedom", "democracy", then this must be it.

Re:AKA: We're gonna punish somebody (-1)

Anonymous Coward | about 2 months ago | (#46240943)

Specifically, what laws are you talking about that were broken? And don't just flail your arms around and cry 4th Amendment like some bible thumper who pulls out some passage as proof that God hates gays. And also, don't pull out the much ballyhooed advisory panel report, because that august panel of five were split 3-2 on whether any activity was illegal (or if you want to use that as evidence, you have to at least acknowledge that it is not "clear" or "obvious" that many around here like to say). I would think much more of your kind of sophomoric comments if they could actually be backed up by SOMETHING. In your favor I'll admit that it is a great karma whoring argument.

Re:AKA: We're gonna punish somebody (1)

Rich0 (548339) | about 2 months ago | (#46241453)

Specifically, what laws are you talking about that were broken?

Uh, the 4th amendment? And if they didn't break any laws it represents a defect in the laws more than anything else.

Snowden did not act alone (5, Interesting)

mbone (558574) | about 2 months ago | (#46238857)

It has been obvious to me for a while that Snowden did not act alone, and that he probably represents a surface manifestation of deep divisions within the intelligence community.

Re:Snowden did not act alone (4, Interesting)

marcello_dl (667940) | about 2 months ago | (#46238997)

Given that a lot of people in intelligence communities believe they are working for the good side, I have no troubles believing your hypothesis.

Anyway, when a guy leaks about possibly corrupt institutions, and the reaction is on the guy and possible accomplices, don't we have a bigger problem? It means justice is in bed with corrupt institutions.

Re:Snowden did not act alone (3, Informative)

Chas (5144) | about 2 months ago | (#46239025)

It means justice is in bed with corrupt institutions.

No. It means that justice is dead and the corrupt institutions have a penchant for necrophilia and buggery.

Re:Snowden did not act alone (4, Interesting)

ZouPrime (460611) | about 2 months ago | (#46239533)

> Given that a lot of people in intelligence communities believe they are working for the good side, I have no troubles believing your hypothesis.

A truckload of people in the security and intelligence communities have issues with domestic surveillance and were against the Patriot Act from the very begining. It's far from a minority opinion.

Re:Snowden did not act alone (4, Interesting)

s.petry (762400) | about 2 months ago | (#46240825)

The Feb. 10 memo was signed by Ethan Bauman, the NSA’s director of legislative affairs. It was sent to the congressional committees after repeated questions from senior members about whether the NSA intended to hold any of its employees accountable for the security lapses that enable Snowden to gain access to massive volumes of classified documents that he later leaked to the news media.
“Has anybody been disciplined at NSA for dropping the ball so badly?” Senate Judiciary Committee Chairman Sen. Patrick Leahy, D-Vt., demanded of NSA Director Gen. Keith Alexander at a Dec. 11 hearing. Alexander at the time replied that the agency had three “cases” that “we’re currently reviewing.” (An NSA spokeswoman Vanee Vines declined comment Wednesday night, writing in an email: “I don’t have anything for your story.”)

They don't want to stop spying and shitting on personal liberties, they want people held accountable for giving a whistle blower access to data. TFA is of course a piece of government run propaganda^W^W^Wshit, who never does real journalism. They simply repeat the "kill the messenger" message these hearings bring out from the people holding government offices. A real journalist asks real questions, and points out truth that should make people uncomfortable if they are doing something wrong.

Snowden denied claims of "tricking" people or "stealing" long ago. I think the more likely collaboration was people sympathetic to his cause who gave access and pointed at things. This means they are not jailed as being whistle blowers, because.. well there is a history of (especially this administration) punishing whistle blowers.

What does TFA and the message boil down to? Easy, more "kill the whistle blowers" message and more "fuck the citizens" messages. Not one lick of journalism of course, just more repeated propaganda.

Re:Snowden did not act alone (1)

skribe (26534) | about 2 months ago | (#46242545)

Everyone believes they are working on the good side. Even Hitler and his cronies believed they were doing good by eliminating the Jews, Romany, homosexuals and others. The road to hell is paved with good intentions. </godwin>

thank you for not using "theory" (0)

Anonymous Coward | about 2 months ago | (#46242631)

oh god, thank you for using hypothesis instead of theory

Re:Snowden did not act alone (1)

Khashishi (775369) | about 2 months ago | (#46239735)

Hmm, I got the impression that he did act alone. In his interviews, he stated that he knew if he didn't act, nobody else would.

Re:Snowden did not act alone (1)

Vitriol+Angst (458300) | about 2 months ago | (#46239899)

Unbeknownst to many in our "Security USA Hell Yeah! Inc." there may be real heroes hidden behind those made in China flag pins.

The witch hunt continues (0)

Anonymous Coward | about 2 months ago | (#46238889)

"It's a conspiracy! It goes all the way to the top!"

I wonder - was it social engineering? (5, Interesting)

blackwizard (62282) | about 2 months ago | (#46238893)

I can easily imagine a situation where he calls up someone with access to classified info, and says something like, "this is Snowden from IT; we're having problems restoring the backup of your encrypted data files on such-and-such server; can you loan me your login information so we can properly validate the checksums? You can change your password right afterward."

Re:I wonder - was it social engineering? (5, Informative)

gstoddart (321705) | about 2 months ago | (#46238993)

It has already been revealed he did stuff like that.

But at an agency which is supposed to be secretive and paranoid -- if you have people falling for that, they're really not qualified to be working in that kind of environment.

Every few months my company sends out test emails to check for phishing, people's likelihood to click on spam, or chance of falling for social engineering. If you fail, you get sent to remedial data security training. If you repeatedly fail, they might decide you can't really be trusted around computers.

If the NSA has people who are not aware enough of these things to not do it, then they're doing a piss-poor job of training their people. There really is no excuse for people who have access to Top Secret information falling for this kind of thing -- there should never be a situation in which it makes sense to give your password to IT as far as I'm concerned.

Re:I wonder - was it social engineering? (3, Insightful)

Anonymous Coward | about 2 months ago | (#46239043)

It doesn't take much to breach security when you can exploit peoples' ignorance, especially when it comes to complex matters like PKI. I once worked at a company that provided PKI services to fortune 500 companies. At one point, we asked for a customers' CA certificate to troubleshoot an issue they were seeing. They exported it from the CA in PFX format **INCLUDING THE PRIVATE KEY**!

Re:I wonder - was it social engineering? (0)

Anonymous Coward | about 2 months ago | (#46239175)

Man, just ask around the people if https is really secure, and why is, or why is not....you will be surprised of the level of ignorance.

Re:I wonder - was it social engineering? (0)

Anonymous Coward | about 2 months ago | (#46241049)

It has already been revealed he did stuff like that.

But at an agency which is supposed to be secretive and paranoid -- if you have people falling for that, they're really not qualified to be working in that kind of environment.

Ah, if you have people that secretive and paranoid working for you, chances are they aren't driving a mouse playing desk jockey. They are the ones in the field doing the actual HUMINT. They are unique individuals.

I've worked for a lot of "secretive and paranoid" agencies. Doesn't mean I'm some paranoid nutjob, but I do consider myself well-versed in InfoSec.

There is a difference in an agency mission, and the people behind it. If there were not, then I would consider every single executive working for tobacco companies as nothing more than a mass murderer. Perhaps some do, but it's not exactly an accurate or fair label.

Re:I wonder - was it social engineering? (0)

Anonymous Coward | about 2 months ago | (#46239027)

OK. I don't work in super secret _anything_ but if a coworker asked to "borrow my login" for any purpose whatsoever I'd give him/her/it the hairy eyeball.

Seriously, anyone who fell for this in a corporate environment should be sent to re-education camp. Anyone who fell for this in a national security environment should be promptly fired (along with whoever hired them, and whatever manager didn't figure out that they were a moron before handing them the keys to the kingdom)

Re:I wonder - was it social engineering? (0)

Anonymous Coward | about 2 months ago | (#46239057)

yeah but we're talking about an environment where military morons with access to classified data are always coming in and out... not your average tech shop...

Re:I wonder - was it social engineering? (2)

X0563511 (793323) | about 2 months ago | (#46239353)

Read the memo. The user entered it themselves, he just manipulated them into doing so on a machine he controlled (eg keylogger)

Keylogger, not sharing (5, Informative)

tomhath (637240) | about 2 months ago | (#46238959)

FTFA

“At Snowden’s request,” the civilian NSA employee, who is not identified by name, entered his password onto Snowden’s computer terminal, the memo states.

“Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information,” the memo states.

Snowden lied to the other employee in order to steal classified information.

Re:Keylogger, not sharing (0, Insightful)

Anonymous Coward | about 2 months ago | (#46239107)

Steal? As if the NSA had the right to collect this data in the first place. It's OUR data. Snowden just gave it back.

Re:Keylogger, not sharing (4, Insightful)

ganjadude (952775) | about 2 months ago | (#46239123)

so, we have an unknown person making claims that his account was stolen with a keylogger. Call me skeptical but I need a little more than an un named employee. Lets hear it from the employee, not the group in the process of doing damage control.

I am not sayign that this is not how snowden got the information, Im just saying I need more proof than the guys who are using unconstitutional secret courts word for it

Re:Keylogger, not sharing (0)

Anonymous Coward | about 2 months ago | (#46242481)

so, we have an unknown person making claims that his account was stolen with a keylogger.

Not identified, but not unknown. Since been fired from his job too.

Im just saying I need more proof than the guys who are using unconstitutional secret courts word for it

Unconstitutional in who's opinion? Yours obviously, but that doesn't make it so.

Re:Keylogger, not sharing (-1)

Anonymous Coward | about 2 months ago | (#46239149)

OMG!!!1111!!!!

Snowden teh badz!

Wanker.

Re:Keylogger, not sharing (1)

MrEricSir (398214) | about 2 months ago | (#46239297)

It's hardly Snowden's fault that his fellow employees were too stupid to follow basic computer security procedures, like not entering their passwords on untrusted systems.

If these are the kinds of people who work for the NSA, wouldn't you want them kicked out of their jobs ASAP?

Re:Keylogger, not sharing (1)

Anonymous Coward | about 2 months ago | (#46239427)

It's hardly Snowden's fault that his fellow employees were too stupid to follow basic computer security procedures, like not entering their passwords on untrusted systems.

Untrusted systems? Unless the NSA's policy is that you can only log in on your own machine, presumably other computers at the NSA count as trusted.

Re:Keylogger, not sharing (1)

MrEricSir (398214) | about 2 months ago | (#46240375)

Snowden's system was not an NSA-owned computer.

Re:Keylogger, not sharing (0)

Anonymous Coward | about 2 months ago | (#46241111)

Snowden's system was not an NSA-owned computer.

Perhaps I'm reaching for the obvious here...if that's true, then how the fuck did he even get the computer into the building?

How the fuck did that computer connect to the local network?

As usual, the people collecting the most sensitive information on the planet can't seem to find the time or effort to exercise basic physical security measures. I mean damn, physical security inspection and MAC filtering is Security 101 for shit like this.

In the meantime, the perimeter is guarded 24x7x365 with a small army carrying assault rifles...not quite sure why...

Re:Keylogger, not sharing (0)

Anonymous Coward | about 2 months ago | (#46239397)

FTFA

“At Snowden’s request,” the civilian NSA employee, who is not identified by name, entered his password onto Snowden’s computer terminal, the memo states.

“Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information,” the memo states.

Snowden lied to the other employee in order to steal classified information.

Not necessarily, he could have just watched the employee not log out and copied information from the employee's account. Often it takes some time to perform the diagnosis for a support task, and seldom does the person requiring assistance have the time or patience to actually watch the work performed.

In which case, the lie was a lie by omission at best, as in "I fixed your problem (omitted.... and made a copy of everything you had because you were too foolish to watch me do my work)"

Who knows, perhaps there was even a policy that a backup had to be made before work was performed. If so, a poorly designed (for secrecy) backup procedure would require the backup be made to an account that Snowden could access. There's just not enough freely available information to really know what happened, but one can come up with fantasy scenarios to paint anyone as the victim (or conversely anyone as the party at fault).

Re:Keylogger, not sharing (2, Informative)

Anonymous Coward | about 2 months ago | (#46239863)

You missed the first part. When the employee logged in he knew he was providing Snowden access to data he wasn't supposed to have. Nothing innocent there. What he didn't know was the Snowden was stealing his key to obtain "even greater access to classified information" [he wasn't supposed to have].

Re:Keylogger, not sharing (1)

Anonymous Coward | about 2 months ago | (#46239719)

Maybe he did, maybe he didn't.

Snowden has already repeatedly demonstrated that virtually every NSA public communication, including those given under oath to Congress -- were completely, utterly false/fabricated/misleading/specious, bullshit.

These generally weren't little lies/whitewashing/spinning, they were total bullshit.

This has happened repeatedly.

At this point, *ANY* statement from the NSA about how things happened or what happened, should be taken with the same level of confidence we would take from anything stated by a

chronic/compulsive/habitual/pathological liar.

And as a result, it's not that we say "the nsa is wrong".

We do however say: "We do not believe any statement made by the NSA in the absence of direct, verifiable evidence"

(Indirect evidence is no longer good enough with someone with their history).

The story could be believable if it came from another party. From them... it's just not good enough unless they have cryptographically checksummed video footage stored in a distinterested third party's vault, a previous policy existing why this exists, a data retention policy indicating it should be deleted and showing why it has not been, a signed, audited paper trail showing how they obtained the records, and an audited, policy compliant configuration showing how said video was created and archived.

In short -- there's not a chance in hell they can possibly do anything to make this statement believable at this point.

These are problems that pathologically lying organizations have while trying to generate evidence. There's a pretty easy cure for it...

YANAL (3, Interesting)

s.petry (762400) | about 2 months ago | (#46241275)

This is what is called speculation, and would be thrown out in court. Snowden claimed long ago he didn't, these people are claiming he did. I trust Snowden a bit more than I trust most of the shitheads we currently have in Government, and could easily find character witnesses who are unbiased to support Snowden.

Keep being distracted by all the hand waives though.

For what it's worth, IANAL either. I am not fooled by the distractions they keep playing against people.

angel snowden (2)

watcher-rv4 (2712547) | about 2 months ago | (#46239063)

What he accomplished, worth much more in so many levels, that social engineering, lies or even keylogger, means nothing.

After rain... (1)

Anonymous Coward | about 2 months ago | (#46239113)

....umbrella, as we used to say.

This reminds me of some famous quote that the military is always prepared to win...past battles....

This just in! (4, Funny)

tlambert (566799) | about 2 months ago | (#46239133)

This just in!

Officials are investigating the Washington Metropolitan Area Transit Authority, which is alleged to have aided Snowden in getting to and from secure facilities!

so there's down to this.... (1)

Anonymous Coward | about 2 months ago | (#46239157)

finding low level scapegoats

Others? I'd start with Clapper (4, Insightful)

Subm (79417) | about 2 months ago | (#46239169)

> Others Implicated in Making Snowden Data Leaks Possible

Since Snowden mentioned Clapper's lying to Congress got him to release the documents, I'd start by implicating Clapper.

From there it's hard not to implicate the Presidents who didn't honor their pledge to uphold the Constitution. Congress. Decision-makers within the NSA.

Without all of them, there would be nothing for Snowden to release.

Re:Others? I'd start with Clapper (2)

X0563511 (793323) | about 2 months ago | (#46239371)

I'm willing to lend a benefit of the doubt to the Presidents and such, but this does not extend to Clapper.

Keylogger + Data Scraper (1)

Anonymous Coward | about 2 months ago | (#46239271)

He used a Key Logger and Data Scraper, nothing complicated. Just goes to show the NSA has no clue regarding secure systems!

High school dropout not a Super Genius?? (0)

gelfling (6534) | about 2 months ago | (#46240085)

Oh it was mostly just plain old stealing and treason. Ok thanks. We knew that.

Treason is still treason. (-1, Flamebait)

hessian (467078) | about 2 months ago | (#46240303)

Looks like we need more rope.

If we don't punish these people, we're going to have more transsexuals and flakeout hipster potheads leaking information every time they have a relationship failure.

These people are neurotics, not heroes.

All we know for sure... (1)

Chelloveck (14643) | about 2 months ago | (#46240425)

All we know for sure is that there's a witch involved in here somewhere, and she will be hunted down and burned!

Ineffective security should not be a surprise... (1)

MobSwatter (2884921) | about 2 months ago | (#46240479)

The government has failed to uphold it's most basic responsibility of upholding the constitution, what makes you all think they are effective in handling computer security? It is in fact ineffective in a lot more ways than that.

Of COURSE he had accomplices (2)

DoofusOfDeath (636671) | about 2 months ago | (#46241129)

The accomplices were the perps who violated our Constitution. Without them, Snowden would have had nothing to expose.

why so much snowden love? (0)

Anonymous Coward | about 2 months ago | (#46241661)

Some say Snowden was trying to stick it to politicans. There's one problem.
The people who get screwed by leaked operational intelligence aren't the politicians.

It is Private Snuffy the 19 year old bulletlauncher fresh out of high school & basic who pays the price.

The reason we have sysops paid $200k in NSA is to make sure our neighbor's 19 year old kid
comes back in one piece -- and that kid has a salary 1/10th of what Snowden earned. Snowden
was in a position of -trust-.

People imagine a lot bullcrap when it comes to government surveillance. Lots of hypotheticals and
arguments about principles. But I assure you, dead soldiers is all too real. And thats why every
branch of government supports snooping w/ a warrant.

snowden snowden snowden (0)

Anonymous Coward | about 2 months ago | (#46241945)

When will we see the NSA in the news for their involvement in illegal activity and overwhelmingly compromising our national security.

Admin (0)

Anonymous Coward | about 2 months ago | (#46242103)

Here's how I think it went down.

"I need to fix something. What's your login info?"

"Username: PatriotFreedom2001 Password: GeorgeWBushlovesCheney1234"

"Thanks."

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...