Wednesday, July 3, 2013

Some Thoughts on the Snowden Fallout

Via Wes

http://a.abcnews.com/images/International/ap_snowden_hong_kong_protest_lt_130613_wg.jpg

The Guardian just published new revelations on past and ongoing data sniffing by the National Security Agency on foreigners as well as U.S. citizens. For now I do not have time to go into those and will leave it to emptywheel and others to comment on them.

But lets think a bit of what all these revelations mean for the NSA and for Snowden's future.

Snowden had system administrator access to a whole bunch, if not all, of network and server equipment at the NSA. Sysadmin access means being in total control of the machine. While a typical Unix computer like those the NSA uses, typically logs all access events a sysadmin can hide that he accessed a machine, loaded stuff up and down or started or stopped this or that process.

 Unless the NSA is using some unknown super-tool to supervise and log what its sysadmins do (and who would system administrate that tool?) it will have no clear idea what systems Snowden actually accessed or what he did to those machines.

It is the worst case any Chief Information Officer can think about. What did Snowden take? Did he leave some virus? Did he leave some logic time bomb that could wipe out anything it reaches.

 Where?




The NSA's damage assessment team will also have lots of questions. What papers or files does Snowden have? What does he know additionally to what is in those files? Who might he have given those files to? Only the Guardian and the Washington Post? What about the Chinese and the Russians? They sure would love to have copies. What about the encrypted "insurance files" Snowden gave to "some people" who will be able to open and publish them should someone capture or kill him?

There are so many questions to ponder. Even if Snowden did not talk with the Chinese and Russian secret services the NSA will have to assume that he did and that they now have access to all the material Snowden acquired including, possibly, secret U.S. communication codes.

In short: For the next years at least the NSA is.......



More @ LRC

No comments:

Post a Comment