NSA Delayed Installing Anti-Leak Software at Base Where Snowden Worked

Software is designed to stop "insider threats"

Matthew Feeney | 10.18.2013 6:50 PM

(Laura Poitras / Praxis Films/wikimedia)

According to current and former officials, the NSA delayed installing anti-leak software designed to block "insider threats" at the base in Hawaii where the whistleblower Edward Snowden worked.

One official told Reuters that the software was not installed because there was not enough bandwidth for it to be installed and ensure that it worked properly.

From Reuters:

(Reuters) - The U.S. National Security Agency failed to install the most up-to-date anti-leak software at a site in Hawaii before contractor Edward Snowden went to work there and downloaded tens of thousands of highly classified documents, current and former U.S. officials told Reuters.

Well before Snowden joined Booz Allen Hamilton last spring and was assigned to the NSA site as a systems administrator, other U.S. government facilities had begun to install software designed to spot attempts by unauthorized people to access or download data.

The purpose of the software, which in the NSA's case is made by a division of Raytheon Co, is to block so-called "insider threats" - a response to an order by President Barack Obama to tighten up access controls for classified information in the wake of the leak of hundreds of thousands of Pentagon and State Department documents by an Army private to WikiLeaks website in 2010.

Follow these stories and more at Reason 24/7 and don't forget you can e-mail stories to us at 24_7@reason.com and tweet us at @reason247.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: David Petraeus Joining Harvard's John F. Kennedy School of Government

Hide Comments (99)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Paul. 12 years ago

I haven't read all the linked material but "anti-leak" software is fantastically broad, and in no way even suggests that Snowden would have been stopped by it had it been installed.

This sounds like the kind of thing a consultant rattles off and becomes increasingly vague the more technical questions you demand answers from him.
1. Austrian Anarchy 12 years ago
  
  From the sound of this story, they still have not installed it.
  1. General Butt Naked 12 years ago
    
    It probably pops up asking them to update and restart every time that they're doing something really important, like writing a comment on Reason.
    
    Next thing you know, all your domestic espionage activities are splashed over the pages of the Guardian.
    1. Ken Shultz 12 years ago
      
      I wonder if any of the same companies are involved; maybe they got their circuits crossed...
      
      Maybe you try to upload something to wikileaks through a browser on the NSA network, and, mysteriously, you get an email confirming that you're enrolled in ObamaCare.
      1. General Butt Naked 12 years ago
        
        The name's Henderson, Chad Henderson.
  2. Paul. 12 years ago
    
    I read the linked material, not much more detail.
    1. Austrian Anarchy 12 years ago
      
      Words and words without anything concrete? Yep, you found the tip-top secret stuff. Schwartzkopf complained about the same thing during the grand Kuwait war.
2. mr simple 12 years ago
  
  It's called FakeBlock. It's all about privacy.
  1. William of Purple 12 years ago
    
    +1 George Maharis
3. Francisco d Anconia 12 years ago
  
  This sounds like the kind of thing a consultant rattles off and becomes increasingly vague the more technical questions you demand answers from him.
  
  Why would they answer your questions? The answers are classified WAY above your grade.
General Butt Naked 12 years ago

Great. Now we can have some more moronic comments about how if snowden were a real hero he'd turn himself into the feds.
1. William of Purple 12 years ago
  
  Maybe he can become Nadine Snowden.
  1. SIV 12 years ago
    
    She, you cisnormative bastard.
Ken Shultz 12 years ago

I find all the stories about how many mistakes were made that allowed the Snowden leak to happen? entirely insulting to the American people.

If anybody should be charged with...what's the opposite of sedition? Is it collaboration?

In a perfect world, the people who were installing software to discourage insiders from informing Americans that their constitutional rights were being massively violated by their own government, they'd be the ones who ended up stuck in a Russian airport begging for someone to grant them asylum.

And the newspaper articles would all be about why we failed to prosecute the people running the NSA to the fullest extent of the law.

Some fucking country we're livin' in.
1. Ken Shultz 12 years ago
  
  "In a perfect world, the people who were installing software to discourage insiders from informing Americans that their constitutional rights were being massively violated by their own government..."
  
  I wrote "perfect world" but that's totally wrong. I guess I've been affected by ObamaWorld double-speak myself!
  
  That's what should be expected under normal circumstances. Under normal circumstances, when the constitutional rights of hundreds of millions of Americans have been massively violated by their own government, the responsible parties would be identified and prosecuted.
  
  Not in a perfect world--under normal circumstances.
  
  Obama's got eveybody's heads screwed on backwards, and I guess it's starting to affect me, too.
  1. General Butt Naked 12 years ago
    
    Agree.
    
    In a "perfect world" the gallows would be goin' up.
    1. anon 12 years ago
      
      In a "Perfect World," they'd already be hanging.
Rich 12 years ago

the software was not installed because there was not enough bandwidth for it to be installed

Shades of the Democratcare rollout -- "The system was just overloaded!"
MJGreen 12 years ago

Hahahahaha, fuck you, Feds!
Fist of Etiquette 12 years ago

...there was not enough bandwidth for it to be installed and ensure that it worked properly.

They are still using CAT3 thanks to the sequester.
1. playa manhattan 12 years ago
  
  Seriously. I have fiber in my house.
William of Purple 12 years ago

Robert Plant revealed that he has unearthed some previously unreleased Led Zeppelin recordings. "I found some quarter-inch spools recently. I had a meeting with Jimmy [Page] and we baked 'em up and listened to 'em. And there's some very, very interesting bits and pieces that probably will turn up on these things," he said.
1. SweatingGin 12 years ago
  
  Jebus! how about some warning of what he looks like on that link?
  
  Could be interesting with JPJ on lead vocals.
SweatingGin 12 years ago

I have to think it's DLP software -- Data Loss Prevention -- which would track files being emailed, or uploaded to a webmail account or something else through an un-encrypted channel.

If you needed to get encrypted data (like, say, if the user connects to gmail), you'd need to do a man-in-the-middle attack, with a fake SSL cert. No problem for NSA, especially on systems they control. DoD has a root CA that is trusted by all the big browsers (among other attacks).

Usually you can point it at a directory and say "These files can't leave the network". Then it can watch for signatures of those files.

The trick is, though, he almost certainly just tossed a bunch of files on a USB drive (I don't know that for sure, but I'm pretty sure he didn't email them or scp them). And DLP won't do a thing there.

Funny enough, NSA made a set of security extensions for linux, that *could* be used to prevent something like this. I'd imagine they have the same reaction as every other linux admin. SELinux extensions are too much of a PITA to bother with.
1. SweatingGin 12 years ago
  
  If I had to guess about lack of bandwidth, I'd say:
  
  1) NSA gets sold DLP software or appliance by Raytheon that is licensed based on amount of traffic processed
  2) Raytheon wildly underestimates bandwidth needed, in order to meet NSA budget for it
  3) No one will admit that they ordered something useless, so the appliance sits there not running, because it was never licensed enough to handle the amount of outbound traffic at the site.
  
  Just a hunch.
2. playa manhattan 12 years ago
  
  I don't know why they would allow empty USB ports anywhere outside of a SCIF. It's not like these dudes are allowed to be taking work home.
  
  Rules are, if you plug a USB drive into a classified computer, the USB drive is classified, regardless of what you did with it. Same goes for writeable CDs.
  
  If it's cheaper to buy an off the shelf Dell for your Sysadmins, epoxy the usb ports closed for fuck's sake.
  1. SweatingGin 12 years ago
    
    Because they're dumb? I don't really know if this is the case, it's just my guess.
    
    I would think the servers in the rack don't get epoxied, they're probably in cages.
    
    In the end, they trusted him with access to the files, maybe without knowing. From there, I'm sure he could find *something* to plug a tiny USB drive into.
    
    Hell, just put a raspberry pi on the network, if you have logins on switches and can set what VLAN a port can be on.
    1. playa manhattan 12 years ago
      
      I suspect that Booz Allen might get sued over this. Other contractors have had their shit together for a long time, so it's astonishing to me that someone can walk away with this amount of data (I'm glad he did, though).
      
      For instance, JT3 searches and X-rays their employees going in and out, and doesn't allow any storage devices or cell phones in the secure facilities. And obviously no internet so people can't upload to gmail...
      1. SweatingGin 12 years ago
        
        knee-jerk reaction? No suit, because too much would come out about the lack of security.
        
        Just a hunch, though. You obviously have a lot more knowledge on security procedures at .gov sites and such, I only have guesses on what their software security would look like.
        
        playa manhattan 12 years ago
        
        You're probably right. Probably an "administrative" fine of some sort instead....
      2. jesse.in.mb 12 years ago
        
        There are storage devices that are tiny and they can be made to look like other things. If someone were really trying, I'd imagine they'd be able to sneak one in and back out.
        
        playa manhattan 12 years ago
        
        EVERYTHING gets x-rayed at certain facilities. They will pick up on the circuitry during the scan, or it will squawk passing through the magnetometer. If you get caught, they have holding cells in the facility.
        
        Security clearances for the DOD involve a big carrot and a big stick. If you obtain one, you are basically guaranteed a 100K a year job for life, even if you are a complete idiot, and if you break the rules, you can count on going to federal pound-me-in-the-ass prison until retirement age.
      3. General Butt Naked 12 years ago
        
        Wouldn't being xrayed every day cause cancer?
        
        Seems a bit much.
        
        playa manhattan 12 years ago
        
        Sorry, possessions, not the person. It's airport style with a more thorough screening.
        
        General Butt Naked 12 years ago
        
        Oh. I guess you could just shove a usb drive up your ass and sneak out secrets.
        
        SweatingGin 12 years ago
        
        Five long years he wore this USB drive up his ass. Then, he died of dysentery. He give me the USB drive. I hid this uncomfortable hunk of metal up my ass two years. Then, after seven years, I was sent home to my family. Now, little man, I give the USB drive to you.
        
        Francisco d Anconia 12 years ago
        
        Nobody ever wants to check in your ass.
        
        Just sumthin bout it.
        
        Archduke von Pantsfan 12 years ago
        
        Bend over, spread your cheeks and cough.
        
        Francisco d Anconia 12 years ago
        
        Ben Dover? That guy owes me money.
        
        Archduke von Pantsfan 12 years ago
        
        Ben Dover works for the IRS
        
        Warrren 12 years ago
        
        But not Don Glover.
        
        Corning 12 years ago
        
        USBs are really friggin small. Pretty easy to encase one in a piece of metal so no circuits show up...only the metal casing. Not hard to do with a belt buckle or keychain or even some lose pocket change....hell if you know which way the x-ray is taking the image from just put it in your wallet and glue a penny over it so the penny faces the xray scan....all they will see is a penny in a wallet.
  2. Corning 12 years ago
    
    How hard is it to open the case and plug in a USB port to the motherboard?
    1. Wizard4169 12 years ago
      
      Motherboards generally don't have actual USB ports, just headers. I suppose you could take an expansion port and plug it into the headers, though. For a typical non-secure case, I could do this in a couple of minutes. Of course, it could be a lot more difficult, depending on just what measures have been taken the secure the machine.
      1. anon 12 years ago
        
        That's not true. My mobo (granted though, it's a gaming pc) has like 4 headers and at least 6 ports built onto it.
        
        I'm sad because only 2 of them are usb 3.0. 🙁
CE 12 years ago

Not enough bandwidth to install anti-leak software? So now national security is the latest casualty of Sequester-gate!
Archduke von Pantsfan 12 years ago

Canada and Europe agree to epic free trade arrangement. Of course, some on the left have a problem with this.
1. Sevo 12 years ago
  
  Can we ask them about the Cuban Embargo and watch 'em try to square the circle?
Jordan 12 years ago

Progressives in Illinois want to tax all those fatcats making $18,000 per year. This, of course, is where "soak the rich" bullshit always leads. When the Federal income tax was introduced, rates ranged from 1% to 7%, with the top bracket starting at around $11 million in today's dollars, and the bottom bracket starting at around $70,000.
1. Warrren 12 years ago
  
  The more you pay the more you respect the brave and selfless public servants.
  
  That's been proven by SCIENCE.
Archduke von Pantsfan 12 years ago

21st Century SCTV @21stCenturySCTV

Movie of the Week "Strange Brew Tew: The Sequel Eh?" (Bob & Doug Return to Elsinore Brewery to save the world from lime flavoured beer)
1. Warrren 12 years ago
  
  ThEh failed. http://www.budlightlime.com/Home.aspx
Archduke von Pantsfan 12 years ago

USA! USA!
Archduke von Pantsfan 12 years ago

USA! USA!
Archduke von Pantsfan 12 years ago

USA! USA!
Archduke von Pantsfan 12 years ago

USA! USA!
Archduke von Pantsfan 12 years ago

USA! USA!
1. Archduke von Pantsfan 12 years ago
  
  yikes
2. Thane of Steelport 12 years ago
  
  wut
3. Thane of Steelport 12 years ago
  
  Also, this was totally already posted
4. Ken Shultz 12 years ago
  
  I give him an Olympic 7 out of 10.
5. Fist of Etiquette 12 years ago
  
  11PM EDT is the new 3PM EDT.
Archduke von Pantsfan 12 years ago

I blame a video on another tab trying to autoplay.
Archduke von Pantsfan 12 years ago

Farewell ISOHUNT.COM
1. Thane of Steelport 12 years ago
  
  And that was on 24/7 a day or two ago
  
  Up your game, Pantsman
  1. Archduke von Pantsfan 12 years ago
    
    Wait, people read that?
    1. anon 12 years ago
      
      Yeah, we just save our comments for the H&R post about it.
Irish 12 years ago

I have gazed into the face of the abyss. It is called: Buzzfeedminusgifs.

Buzzfeed's "19 Reasons Why Pants are the Enemy" becomes surrealist art when you remove the gifs.
1. Archduke von Pantsfan 12 years ago
  
  I hate pants.
  1. jesse.in.mb 12 years ago
    
    My mind is blown.
Warrren 12 years ago

The Dodgers decided to take the wrong day off. You'd think their calendar guy would have been more up on when gameday was.
1. JeremyR 12 years ago
  
  I dunno, usual antics from Puig.
  
  Meanwhile, the Cardinals 22 year old calmly threw a 2 hitter, not a tantrum.
  1. The Rt. Hon. Serious Man, Visc 12 years ago
    
    That loss is on Kershaw. He just suddenly lost his ability to put away hitters with two strikes in the 3rd after that Carpenter double.
    
    He's still the obvious Cy Young, but he picked a bad game to meltdown in.
  2. BoscoH 12 years ago
    
    Puig plays with passion. Remember what he had to go through just go get here. 18 months ago, he was on a boat, caught by the Coast Guard, and taken to Haiti for processing before being sent back to Cuba.
    
    Puig will grow into being a solid big leaguer. He's got a great organization there to help him do that.
2. The Rt. Hon. Serious Man, Visc 12 years ago
  
  Of course Kershaw and Greinke both pitched great games that should have given the Dodgers a 2-0 lead and possible series sweep given how Ryu stepped up in Game 3.
  
  The biggest reason they lost the series was simply failure to get timely hits. Although to be fair, Hanley was nowhere close to being the hitter he was with that cracked rib. Joe Kelley out to be the Cards MVP for taking him out of commission.
Thane of Steelport 12 years ago

Looking at the Windows Event Viewer. Have hundreds of errors coming from VSS.

I click "Event Log Online Help". It takes me to the Bing search results page for "microsoft".

That's just fucking special, Redmond.
1. SweatingGin 12 years ago
  
  "Windows Event Viewer"
  
  Well, there's your problem.
  1. Thane of Steelport 12 years ago
    
    Yeah, I know. I've been using Linux as my primary for years but I have gotten sick of constantly switching between Windows and Linux for various reasons.
    
    Plus, I got a new wireless card, the driver for which is afflicted by a bug in the kernel that ships with Ubuntu 13.04. Just upgrading the kernel didn't seem to work, so I booted into a live session of a prerelease build of 13.10 and the wireless worked normally. So I upgraded and this being Ubuntu (a prerelease version no less), upgrading broke it spectacularly.
    
    So after some other bullshit I finally decided that at least until the semester's over I would just bite the bullet and use only Windows on my desktop.
    
    Well, fuck. After an update or something recently it went haywire and now it takes literally hours to get to the login screen.
    
    And the worst part is with Linux I know where to look to fix most shit; with Windows it's all a black box to me and I just have to kind of grope around in the dark.
Archduke von Pantsfan 12 years ago

What is this I don't even
1. Warrren 12 years ago
  
  They're normal people doing normal things Your Highness.
  
  No need to fret, we'll keep them away from the palace.
2. SweatingGin 12 years ago
  
  Puppeteer in there. Not sure if it was the OWS puppeteer.
3. MJGreen 12 years ago
  
  Just the greatest people on Earth.
  
  New Yorkers: They're better than you.
Archduke von Pantsfan 12 years ago

Well of course it's going to rain all weekend.
Archduke von Pantsfan 12 years ago

Meanwhile, in Russia
1. Winston 12 years ago
  
  Link Post You?
mad libertarian guy 12 years ago

It's tough to be a late night commenter these days. None of you fuckers are willing to entertain me at this hour.
1. Warrren 12 years ago
  
  Da da da da da I'm juggling my balls!
2. SIV 12 years ago
  
  Enjoy some racist country music.
  1. mad libertarian guy 12 years ago
    
    That's rough, dude.
  2. Pathogen 12 years ago
    
    Johnny Rebel: What the left wants to see every time they look at T.P. Conservatives... And they will not be denied!
3. Ghetto Slovak Goatherder 12 years ago
  
  I just had a third conversation with the Healthcare.gov live chat people if you want to read the transcript.
4. Snark Plissken 12 years ago
  
  Why was Tigger looking in the toilet?
  
  He was trying to find Winnie the Pooh.
mad libertarian guy 12 years ago

Still a bit early, but I've just secured my Xmas present from my wife (with the majority of hunting season happening before Xmas, I've been getting gifts early for a few years so as to be able to use them before next fall). Got a great deal on eBay for a brand new one. I look to learn how to use it this week, and bring it out as early as next weekend for a bit of Central Kentucky bow hunting. Because bow hunting is the only thing that would keep me from a TRAKTOR PULL on a Sunday.
The Rt. Hon. Serious Man, Visc 12 years ago

The last link was posted at 3:50 and it got less than 100 responses? I feel like the Robert Neville of Reason, all alone among the decay of dead comment threads.
1. Pathogen 12 years ago
  
  Hello:
  
  The Rt. Hon. Serious Man, Visc|10.19.13 @ 3:46AM|#
  
  I see that you
  
  feel like the Robert Neville of Reason,
  
  Would you like to talk about internet anonimyzerz, or how to earn $20,000,000,00 sitting on your ass in front of the computer all alone among the decay of dead comment threads.?
  
  Ukrainian zombie bot-net specialists are here to help you achieve fulfillment... Click this link
2. anon 12 years ago
  
  I blame the lack of good trolls to keep shit going.
JidaKida 12 years ago

LOL< the feds clearly have WAY too much spoare time on their hands.

http://www.Got-Privacy.com
JidaKida 12 years ago

There is a dude that knows which way is up! Wow.

http://www.Got-Privacy.com
Avg Joe 12 years ago

The government not only spies on everything we do, they also run everything in our lives. Check out this short video about that https://www.youtube.com/watch?v=vJpjF8U1CyY
thorax232 12 years ago

It's not often you can say, "Good thing the NSA is incompetent."

Please log in to post comments

NSA Delayed Installing Anti-Leak Software at Base Where Snowden Worked

Software is designed to stop "insider threats"

Latest

The Supreme Court Is About To Hear 2 Education Cases. Neither Goes Far Enough.

Trump Wants Lower Egg Prices. He's Also Putting Tariffs on Imported Eggs.

Don't Fear the Bird Flu When Dyeing Easter Eggs

Not Guilty but Punished Anyway

Marco Rubio Brags About Defending Freedom of Speech While Eagerly Undermining It

Recommended

Login Form