Russians and Chinese Got Snowden Documents the Old-Fashioned Way

By hacking the NSA computers. So says security analyst Bruce Schneier.

Ronald Bailey | 6.16.2015 1:47 PM

British surveillance functionaries placed a story over the weekend in the Sunday Times (London) claiming that the Russians and Chinese had gotten hold of the documents that Edward Snowden sneaked out of the NSA computers and had broken their encryption. As my colleague Scott Shackford points out the Sunday Times offered nothing more than the assertions of unnamed British spy agency sources as evidence. He noted that one of the Sunday Times' reporters actually admitted on CNN: "We just publish what we believe to be the position of the British government at the moment."

Over at Wired, cryptographer and Harvard Berkman Center fellow Bruce Schneier also dismisses the claims against Snowden made by British intelligence service disinformation specialists published in the Sunday Times. On the other hand, he does think that Russian and Chinese spies have in fact obtained most of the documents taken by Snowden, but not from Snowden. First, try as they might, journalists to whom Snowden delivered the documents will have great difficulty in preventing digital infiltration by national intelligence services.

Secondly, Russian and Chinese hackers (at the behest of their governments) have had great success in penetrating U.S. government networks. Consequently, they are very likely to have taken many of the Snowden documents directly from the NSA's own servers. Schneier explains:

I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades…

In general, it's far easier to attack a network than it is to defend the same network. This isn't a statement about willpower or budget; it's how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game. In other words, it's all offense and no defense.

In this kind of environment, we simply have to assume that even our classified networks have been penetrated. Remember that Snowden was able to wander through the NSA's networks with impunity, and that the agency had so few controls in place that the only way they can guess what has been taken is to extrapolate based on what has been published. Does anyone believe that Snowden was the first to take advantage of that lax security? I don't.

This is why I find allegations that Snowden was working for the Russians or the Chinese simply laughable. What makes you think those countries waited for Snowden? And why do you think someone working for the Russians or the Chinese would go public with their haul?

So Snowden becomes a cover-your-ass excuse for the failures of surveillance state fuctionaries.

Hat tip Richard Rohde.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Neil Peart: Rand Paul 'hates women and brown people'

Hide Comments (31)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Puddin' Stick the Dark One 10 years ago

Well, the US government does believe Chinese hackers have gotten the OPM and security check background information databases the old fashioned way, too.
Judge Chipper 10 years ago

"we simply have to assume that even our classified networks have been penetrated."

Given that, how could we still have operatives in the field?
1. mad.casual 10 years ago
  
  Assume, for a minute, that our operatives are somehow enormously effective or constitute a gross threat, is Russia or China the target?
  
  Additionally, what's good is it to execute/expel operatives that you know to be under the control of a foreign agent?
2. R C Woodchipper 10 years ago
  
  From Russia/China's perspective, the last thing they want to do is blow the covers on any identified operatives. The best outcome for them is for those operatives to stay in the field forever, where they can be managed by Russian or Chinese counterespionage, and fed bad intel.
  
  From an American spymaster's perspective, the last thing they want to do is pull all the operatives out. That would be admission of failure, which is worse than actually failing.
  1. Judge Chipper 10 years ago
    
    How can they be managed by Russian or Chinese counterespionage, given that we know that they know who these operatives are, and we would presumably be filtering any gained intelligence through that understanding?
    1. bassjoe 10 years ago
      
      We also know that they know and we know also know who their operatives and counter-operatives are.
      
      Essentially, superpower espionage is likely one big joke that doesn't do anything... but something we have to continue spending money on because otherwise the other side may actually get something useful.
      1. Judge Chipper 10 years ago
        
        So it's like a make-work project for James Bond types.
        
        bit15 10 years ago
        
        More like a big-budget DMV.
    2. R C Woodchipper 10 years ago
      
      we would presumably be filtering any gained intelligence through that understanding
      
      Even more opportunity for maskirovka, nyet?
mr lizard 10 years ago

"So Snowden becomes a cover-your-ass excuse for the failures of surveillance state fuctionaries."

So he is a hero... For the right TOP MEN
Sudden 10 years ago

I think we should pin the Russian and Chinese hacking on the St Louis Cardinals and simply expel them from beisbol.
1. Curt 10 years ago
  
  I think that Belichick and the Patriots are more likely.
  1. Sudden 10 years ago
    
    They have no previous track record of sophisticated computer hacking. St Louis Cardinals do as of this morning.
    1. Curt 10 years ago
      
      Nice, I had missed that. I'm sure the Patriots just haven't been caught yet.
Libertymike 10 years ago

What about Ivan in Novgorod who is rumored to have contacted other wood chippers about harming the egosystem of a Ukrainian forest?
Raven Nation 10 years ago

I was convinced by Shackford's story yesterday that the claim the UK intelligence networks were penetrated because of Snowden was bunk. But, sorry, this story doesn't have much more evidence:

Secondly, Russian and Chinese hackers (at the behest of their governments) have had great success in penetrating U.S. government networks. Consequently, they are very likely to have taken many of the Snowden documents directly from the NSA's own servers

Very likely? Maybe, maybe not. The speculation here is somewhat more grounded than that of the schills in the UK, but it's still speculation. Maybe the whole story was made up (i.e. no penetration, no reassignment of agents).
Sevo 10 years ago

"So Snowden becomes a cover-your-ass excuse for the failures of surveillance state fuctionaries."

Bill Mauldin relates the story about a WWII army pack-mule that went over a cliff in Italy. The quartermaster is responsible for all the gear in the outfit, and he took the opportunity to report that poor animal must have been packing several tons of material.
Government functionaries will take any excuse they can find; this is a golden opportunity.
Suthenboy 10 years ago

"We just publish what we believe to be the position of the British government at the moment."

This astounding admission describes more news agencies than not. Amazing that he just came out and said it.
TChipperman 10 years ago

The Occams Razor factor is clearly implied in this scenario by Bruce-

Does anyone believe that Snowden was the first to take advantage of that lax security? I don't.

It's no big secret that governments are terrible at managing large databases, and our government is particularly large and particularly terrible when it comes to security. I have zero doubt that Snowden wasn't the only person (oh Hai CHELSEA MANNING!) that simply walked out the door with reams of data they weren't supposed to have.

At least in the business world when you lose customers data there are consequences in terms of lost sales. In the government world there aren't really any consequences for this. I haven't heard that anyone has been fired or even demoted since this most recent data theft, nor do I expect to.

Bureaucracies gotta bureaucracy.
1. Suthenboy 10 years ago
  
  It occurs to me that the Ruskies and the Chicoms are no better.
  1. TChipperman 10 years ago
    
    They aren't, and we've definitely hacked them too, but as Schneier points out it's all offense out there. There is very little defense being played by anyone.
    1. Curt 10 years ago
      
      I think the best defense in this case is building a lot of fake goals on the field.
      
      Or to switch metaphors, creating a shit ton of haystacks that contain shit tons of fake needles.
      1. Raven Nation 10 years ago
        
        +1 Ghost Army
        
        http://www.thehindu.com/multim.....62398g.jpg
      2. Puddin' Stick the Dark One 10 years ago
        
        Those are called "honeypots".
WoodSlayer 10 years ago

How our and other governments can push for encryption back doors in light of the shitstorm of government and private sectors hacks is really beyond me. But I guess it was never really about security anyway, more about control.
1. BuSab Agent 10 years ago
  
  If they were serious about security, certain records would never be committed to electronic format. It's really simple to get an electronic file, but getting a paper file means you actually have to get a person into the records room. And you can put a flash drive with a million records in your bra. Good luck putting a million paper files any where unnoticeable.
D M Ryan 10 years ago

Finally...a real cryptographer with common sense weighs in. Nice!
Jerry on the sea 10 years ago

Peter Thiel on the NSA: Modern day Keystone Cops.

It's a good thing all these government agencies tend to be utterly incompetent. Too bad Thiel gets his neocon boner on with Palantir Technologies.
bassjoe 10 years ago

Maybe UK's agents just sucked at their jobs?
Fist of Etiquette 10 years ago

The Sunday Times has come up with an excellent rebuttal to Glenn Greenwald's criticism of their not entirely robust journalism: They're suing him for copyright infringement.
SjamesF 10 years ago

Now, it seems, the NSA and CIA, are using Snowden as a whipping boy for all of their failures. The sad part is that they seem to think they are getting away with this charade.

Please log in to post comments

Russians and Chinese Got Snowden Documents the Old-Fashioned Way

By hacking the NSA computers. So says security analyst Bruce Schneier.

Latest

Marco Rubio Says He's Revoked 300 Student Visas Over Campus Activism

Pam Bondi Aims To Revive a Moribund Legal Process for Restoring Gun Rights

Trump Is Sabotaging His 'Drill, Baby, Drill' Agenda

How Backpage Became MILFS.com

The 'Meritocracy' Lie

Recommended

Login Form