Edward Snowden

Russians and Chinese Got Snowden Documents the Old-Fashioned Way

By hacking the NSA computers. So says security analyst Bruce Schneier.

|

CrptographyBroken
zdnet

British surveillance functionaries placed a story over the weekend in the Sunday Times (London) claiming that the Russians and Chinese had gotten hold of the documents that Edward Snowden sneaked out of the NSA computers and had broken their encryption. As my colleague Scott Shackford points out the Sunday Times offered nothing more than the assertions of unnamed British spy agency sources as evidence. He noted that one of the Sunday Times' reporters actually admitted on CNN: "We just publish what we believe to be the position of the British government at the moment."

Over at Wired, cryptographer and Harvard Berkman Center fellow Bruce Schneier also dismisses the claims against Snowden made by British intelligence service disinformation specialists published in the Sunday Times. On the other hand, he does think that Russian and Chinese spies have in fact obtained most of the documents taken by Snowden, but not from Snowden. First, try as they might, journalists to whom Snowden delivered the documents will have great difficulty in preventing digital infiltration by national intelligence services.

Secondly, Russian and Chinese hackers (at the behest of their governments) have had great success in penetrating U.S. government networks. Consequently, they are very likely to have taken many of the Snowden documents directly from the NSA's own servers. Schneier explains:

I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades…

In general, it's far easier to attack a network than it is to defend the same network. This isn't a statement about willpower or budget; it's how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game. In other words, it's all offense and no defense.

In this kind of environment, we simply have to assume that even our classified networks have been penetrated. Remember that Snowden was able to wander through the NSA's networks with impunity, and that the agency had so few controls in place that the only way they can guess what has been taken is to extrapolate based on what has been published. Does anyone believe that Snowden was the first to take advantage of that lax security? I don't.

This is why I find allegations that Snowden was working for the Russians or the Chinese simply laughable. What makes you think those countries waited for Snowden? And why do you think someone working for the Russians or the Chinese would go public with their haul?

So Snowden becomes a cover-your-ass excuse for the failures of surveillance state fuctionaries.

Hat tip Richard Rohde.

NEXT: Neil Peart: Rand Paul 'hates women and brown people'

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Well, the US government does believe Chinese hackers have gotten the OPM and security check background information databases the old fashioned way, too.

  2. “we simply have to assume that even our classified networks have been penetrated.”

    Given that, how could we still have operatives in the field?

    1. Assume, for a minute, that our operatives are somehow enormously effective or constitute a gross threat, is Russia or China the target?

      Additionally, what’s good is it to execute/expel operatives that you know to be under the control of a foreign agent?

    2. From Russia/China’s perspective, the last thing they want to do is blow the covers on any identified operatives. The best outcome for them is for those operatives to stay in the field forever, where they can be managed by Russian or Chinese counterespionage, and fed bad intel.

      From an American spymaster’s perspective, the last thing they want to do is pull all the operatives out. That would be admission of failure, which is worse than actually failing.

      1. How can they be managed by Russian or Chinese counterespionage, given that we know that they know who these operatives are, and we would presumably be filtering any gained intelligence through that understanding?

        1. We also know that they know and we know also know who their operatives and counter-operatives are.

          Essentially, superpower espionage is likely one big joke that doesn’t do anything… but something we have to continue spending money on because otherwise the other side may actually get something useful.

          1. So it’s like a make-work project for James Bond types.

            1. More like a big-budget DMV.

        2. we would presumably be filtering any gained intelligence through that understanding

          Even more opportunity for maskirovka, nyet?

  3. “So Snowden becomes a cover-your-ass excuse for the failures of surveillance state fuctionaries.”

    So he is a hero… For the right TOP MEN

  4. I think we should pin the Russian and Chinese hacking on the St Louis Cardinals and simply expel them from beisbol.

    1. I think that Belichick and the Patriots are more likely.

      1. They have no previous track record of sophisticated computer hacking. St Louis Cardinals do as of this morning.

        1. Nice, I had missed that. I’m sure the Patriots just haven’t been caught yet.

  5. What about Ivan in Novgorod who is rumored to have contacted other wood chippers about harming the egosystem of a Ukrainian forest?

  6. I was convinced by Shackford’s story yesterday that the claim the UK intelligence networks were penetrated because of Snowden was bunk. But, sorry, this story doesn’t have much more evidence:

    Secondly, Russian and Chinese hackers (at the behest of their governments) have had great success in penetrating U.S. government networks. Consequently, they are very likely to have taken many of the Snowden documents directly from the NSA’s own servers

    Very likely? Maybe, maybe not. The speculation here is somewhat more grounded than that of the schills in the UK, but it’s still speculation. Maybe the whole story was made up (i.e. no penetration, no reassignment of agents).

  7. “So Snowden becomes a cover-your-ass excuse for the failures of surveillance state fuctionaries.”

    Bill Mauldin relates the story about a WWII army pack-mule that went over a cliff in Italy. The quartermaster is responsible for all the gear in the outfit, and he took the opportunity to report that poor animal must have been packing several tons of material.
    Government functionaries will take any excuse they can find; this is a golden opportunity.

  8. “We just publish what we believe to be the position of the British government at the moment.”

    This astounding admission describes more news agencies than not. Amazing that he just came out and said it.

  9. The Occams Razor factor is clearly implied in this scenario by Bruce-

    Does anyone believe that Snowden was the first to take advantage of that lax security? I don’t.

    It’s no big secret that governments are terrible at managing large databases, and our government is particularly large and particularly terrible when it comes to security. I have zero doubt that Snowden wasn’t the only person (oh Hai CHELSEA MANNING!) that simply walked out the door with reams of data they weren’t supposed to have.

    At least in the business world when you lose customers data there are consequences in terms of lost sales. In the government world there aren’t really any consequences for this. I haven’t heard that anyone has been fired or even demoted since this most recent data theft, nor do I expect to.

    Bureaucracies gotta bureaucracy.

    1. It occurs to me that the Ruskies and the Chicoms are no better.

      1. They aren’t, and we’ve definitely hacked them too, but as Schneier points out it’s all offense out there. There is very little defense being played by anyone.

        1. I think the best defense in this case is building a lot of fake goals on the field.

          Or to switch metaphors, creating a shit ton of haystacks that contain shit tons of fake needles.

          1. +1 Ghost Army

            http://www.thehindu.com/multim…..62398g.jpg

          2. Those are called “honeypots”.

  10. How our and other governments can push for encryption back doors in light of the shitstorm of government and private sectors hacks is really beyond me. But I guess it was never really about security anyway, more about control.

    1. If they were serious about security, certain records would never be committed to electronic format. It’s really simple to get an electronic file, but getting a paper file means you actually have to get a person into the records room. And you can put a flash drive with a million records in your bra. Good luck putting a million paper files any where unnoticeable.

  11. Finally…a real cryptographer with common sense weighs in. Nice!

  12. Peter Thiel on the NSA: Modern day Keystone Cops.

    It’s a good thing all these government agencies tend to be utterly incompetent. Too bad Thiel gets his neocon boner on with Palantir Technologies.

  13. Maybe UK’s agents just sucked at their jobs?

  14. The Sunday Times has come up with an excellent rebuttal to Glenn Greenwald’s criticism of their not entirely robust journalism: They’re suing him for copyright infringement.

  15. Now, it seems, the NSA and CIA, are using Snowden as a whipping boy for all of their failures. The sad part is that they seem to think they are getting away with this charade.

Please to post comments

Comments are closed.