Comments on: “If it is still easy to use a thumb drive…

By: Gary

Gary — Mon, 17 Jun 2013 07:20:58 +0000

Yes, copying NSA data to a thumb drive is indeed “a major problem.” But with all due respect to Neo and others, I don’t believe one should be so surprised that someone like Snowden could pull it off. I know a bit about this stuff, though probably not as much as dicentra, who wrote:

“As a system administrator, he could have figured out a way around just about any mechanism [to prevent copying to a thumb drive]”

And Southpaw wrote:

“I guess An average technician can do the work to get a port up and running, and I suppose nobody bats an eye when they see the IT guy with a computer case open.”

The upshot being:
1) The necessary technical skills are not extremely difficult to come by, and
2) A system administrator is not likely to draw suspicion when mucking with computers, software, operating systems, hard drives, routers, etc–or poking around the network. That’s his job.

Of course a super-secret place like the NSA should have more oversight–and surely does–but they cannot watch everyone all the time. I guess my point is there’s no reliable way to prevent this once a bad actor gets inside. A lot of investigation is done before someone is granted a high-level security clearance, but no screening process is perfect. Obviously they didn’t anticipate Snowden would turn on them. But once someone like this got access and developed the intent, copying a mass of data to a thumb drive and leaking it is not, IMHO, a huge feat.

By: dicentra

dicentra — Sun, 16 Jun 2013 02:46:35 +0000

at odds with the picture of a poorly educated, low-level twerp the government is painting. Unless he's a self-educated IT whiz kid who was hired to be a white hat after they discovered him hacking into secure gubmint system. He just MIGHT be a narcissistic little twerp who sees no problem consorting with the Chinese and having his 15-30 minutes of fame AND he revealed something true and sinister at the same time. One's opinion of the guy has no bearing on the information he leaked.

By: Southpaw

Southpaw — Sat, 15 Jun 2013 19:39:44 +0000

Neo- I guess An average technician can do the work to get a port up and running, and I suppose nobody bats an eye when they see the IT guy with a computer case open. Still you would think that most computers would be essentially terminals, as are the ones I’ve seen in places where they don’t want to create the opportunity for this to happen.
If he was able to defeat security software, he must have had the password to do so, or else obtained it somehow on his own, which would suggest a level of covert skills at odds with the picture of a poorly educated, low level twerp the government is painting. If they are correct that he’s an average IT guy, then he’s definitely shown the security of their systems isn’t too impressive. Whatever the case, he’s eluding the entire US government, and that should tell everyone something about the assurances we are getting about the safety of our country’s secrets. And the fact that he can elude them this easily would suggest the FBI, CIA, et al are not that good at tracking down individuals who run off with sensitive data.

By: Ymarsakar

Ymarsakar — Sat, 15 Jun 2013 18:47:31 +0000

One of the more effective ways to destroy Snowden’s credibility or control the damage, is to destroy his authority or competency in the eyes of the public. That way, he can become another Manning, some guy with an axe to grind that had mysterious “ulterior” motives. Who didn’t know what the information he was giving out was for, who didn’t know what his long terms strategy was, and who didn’t know anything about the “real secrets”.

That becomes harder when the young kids are seen as having free power to do whatever they like to security blockades.

By: dicentra

dicentra — Sat, 15 Jun 2013 18:26:40 +0000

It is possible to set up security mechanisms such that you can’t plug in a USB drive anywhere and then effect data exchange: either into the system or out of.

It’s also possible to set up your system such that it recognizes only certain USB drives.

As a system administrator, he could have figured out a way around just about any mechanism.

By: neo-neocon

neo-neocon — Sat, 15 Jun 2013 16:18:25 +0000

Southpaw:

But from what I read, the NSA actually does do something like that, or has some sort of complicated software to prevent anyone doing what Snowden did.

Apparently he overrode it in some way. Perhaps they had the software, because it’s harder to see how he could have gotten around a mechanical disabling of the port. But perhaps it is possible—that’s the sort of thing it’s very important to find out, because if it’s possible then the security of the whole system is garbage.

By: Southpaw

Southpaw — Sat, 15 Jun 2013 15:38:51 +0000

dont forget the Sandy Berger method of arch-espionage is still effective in government buildings. just shove the hard copies into your socks.
We outsource some work to third party engineering companies whose computers have no USB ports or disc drives; in some cases they are physically disabled – meaning you can’t enable them with a mouse click. So the employees can’t copy intellectual property. Wonder why the government’s highest security agencies and contractors don’t do the same?

By: Ed Bonderenka

Ed Bonderenka — Sat, 15 Jun 2013 15:31:10 +0000

We used to prefer “No Such Agency”

By: vanderleun

vanderleun — Sat, 15 Jun 2013 14:18:34 +0000

Or case…. or a can of whoopthumbdrive.

By: vanderleun

vanderleun — Sat, 15 Jun 2013 14:18:07 +0000

Perhaps, for the new spies, it is a can of having your thumb drive up your …..