Feeds

back to article Snowden journo's boyfriend 'had crypto key for thumb-drive files written down' - cops

Journalists and their associates involved in the Edward Snowden NSA leaks affair followed almost unbelievably poor security practices while handling top-secret government files, according to a statement made in court by a British official today. The hearing was looking into the case of David Miranda, the partner of journalist …

COMMENTS

This topic is closed for new posts.

Page:

Bronze badge

Write me down a mule

Not wise, but it seems a bit much for the intelligence agencies to beef about someone else's security discipline.

15
2
Silver badge
Joke

Re: Write me down a mule

Yeah, it's not like he left it on a bus or anything.

24
2
Silver badge

Re: Write me down a mule

After forcing down the plane of a head of state over Europe; I don't believe anything they say. "He was carrying hologrammatic child porn; terroristic plans for orphanages; and the passwords he carried unlocked the secret to undoing YOUR way of life".

Meh.

6
3
Silver badge
Facepalm

Re: disgruntled yank Re: Write me down a mule

"....it seems a bit much for the intelligence agencies to beef about someone else's security discipline." Actually, the files in question seem to have come from Snowden, and he was a contract employee of the NSA, not GCHQ, so a Yank security problem, thank you.

1
2
Silver badge
FAIL

Re: moiety Re: Write me down a mule

"After forcing down the plane of a head of state over Europe....." Sorry to correct your hysterical shrieking but no such event happened. The Bolivian aircraft was merely refused permission to cross airspace, then was requested to submit to a passenger check. The Bolivians could have refused and returned to Russia but needed to refuel, but no-one was "forced down". Please do try to keep at least one foot in reality whilst bleating.

3
6
Silver badge

Re: moiety Write me down a mule

So if say Canada merely refused permission for any flights to the US to enter it's airspace - leaving Americans only able to fly to S.E. Asia - that would be merely an adminsitrative matter?

3
1
Silver badge
Boffin

Re: YAAC Re: moiety Write me down a mule

"So if say Canada merely refused permission for any flights to the US to enter it's airspace....." Yes, Canada has complete sovereinty of its airspace so it is within the rights of the Canadian government to close their airpsace to US flights. But diplomaticy they would need to supply a reason for doing so. In the case of Morale's aircraft, it was because he was suspected of transporting a person not on the passenger manifest, which is in breach of the Chicago Convention. Rather than go for a request for a search, France and Spain seem to have taken the slightly less diplomaticly upsetting refusal for overflight, as is their right. Austria simply added the request that if the Bolivian aircraft landed to refuel then the Austrians would exercise their right to check the manifest against the actual people on the aircraft. Morales could have refused and returned to Russia but decided to accept the Austrian request.

2
0
Anonymous Coward

Ouch!

Still, given what's going on, one imagines that they will learn from their mistakes quite quickly; maybe the guardian should invest in hiring an amazingly paranoid InfoSec adviser.

Still, given that these documents are almost certainly the contents of the latest wiki leaks insurance file, the possibility remains open that all of the information will be released to the public sooner or later no matter what they do - intimidation and accusations of criminality only increase the likelihood of this happening more quickly, as would any attempt to extradite/render Snowden or anyone connected with him against their will.

5
2

Guardian learning?

They apparently didn't learn anything from the last time. It was a Guardian journalist who published the password to 250,000 unredacted US government cables.

Admittedly he didn't know the password for his file would unlock the "insurance" file, and WikiLeaks are at fault for reusing passwords (another basic fail), but he shouldn't have published the password anyway. Just knowing the general form that WikiLeaks uses (eg, that it contained a date in verbose format), would help someone trying to crack other WikiLeaks files. (See http://www.wikileaks.org/Guardian-journalist-negligently.html.)

Whether this justifies the interference with the press is another matter.

4
1
Anonymous Coward

Re: Guardian learning?

My understanding was that the Guardian journalist published his WikiLeaks password because he assumed for some reason that his access was short-term and that they had deleted his account. I don't believe that WikiLeaks was at fault or had lax security.

3
3
142
Stop

Re: Guardian learning?

Brangon: Source for your statement that the previous password leak was the password for the insurance file?

0
1
Silver badge
Stop

Re: Brangdon Re: Guardian learning?

".....Whether this justifies the interference with the press is another matter." Whilst you're right about both the Guardian journos and Dickileaks making far too many assumptions around security (and it the Guardian's case seemingly pretty uninformed about simple tech like zipped files), I would have to point out that Mr Miranda was not a Guardian employee nor a registered journalist, so no "interference with the press" took place.

2
1
Anonymous Coward

Highly sensitive UK documents? Really?

Well, I suppose those thumb drives now have whatever the government says was on those thumb drives. However, since Snowden primarily leaked NSA documents, you can paint me sceptical.

My spider senses are telling me there's a stitch up in progress. Perhaps someone in the Westminster regime wants the Graun bringing to heel (or simply made to be history).

Anon, because I just know the honourable peeps at El Reg can be trusted not to leak my identify.

20
3
(Written by Reg staff)

Re: Highly sensitive UK documents? Really?

Right y'are there Bob!

(wait a sec...)

13
0
Silver badge

Re: Highly sensitive UK documents? Really?

" "highly classified UK intelligence documents"."

This is the bit that's really confusing me. The Uk Gov keep going on about how Snowden has all these top security uk documents, but didn't he just dump a large part of the NSA database?

At what point did he access UK GCHQ servers?

This all smells to high heaven, and I personally think that the uk spooks just wanted to know what the US spooks knew about them (they don't tell each other *everything* obviously).

As a bonus they get loads of US-centric stuff too to boost their own intel. All the while they are dressing this up as some kind of crime by Snowden against the UK. They haven't said that exactly, but that seems to be the impression they are trying to portray.

17
3
Silver badge

@Sir Runcible

The UK and US (and Canada, Australia and New Zealand) have long-standing arrangements to share much* of their intelligence information. So it's perfectly possible that NSA databases would contain sensitive UK material.

* Not everything, of course, material may be marked as NOFORN (at least, in the US where they're public about their security classification) - often stuff that says rude things about partner governments or intelligence services :)

7
0
Thumb Up

Re: Highly sensitive UK documents? Really?

"Perhaps someone in the Westminster regime wants the Graun bringing to heel (or simply made to be history)."

One can live in hope that its forced out of existence ASAP. Its a hopless comic for communists with all the journalistic integrity of a teenage girls blog. I'm constantly amazed that its readers don't comprehend its being the left wing Dail Mail.

8
21
Bronze badge

Re: Highly sensitive UK documents? Really?

El Graun is a "...a hopless comic for communists with all the journalistic integrity of a teenage girls blog."

In fairness, 50% of their content is the blogs of teenage girls who've grown up.

7
0
Childcatcher

Re: Highly sensitive UK documents? Really?

Not only that, but a general scan of the comments here indicate electric-Pavlovian-knee-jerk supportive comments of each other, all trying to be witty [while remaining ....generally unwitting...gotcha!..]

It's my guess that they're all quite young and have never had any real hands-on responsibility for much of anything.

When was the last time they posted pics of their genitals on the Internet?

Kiddies! Share your awesomeness! Here!

Mo'! Commenters! Are! Standin'! By!

1
6
Bronze badge

Re: Highly sensitive UK documents? Really?

"Perhaps someone in the Westminster regime wants the Graun bringing to heel (or simply made to be history)."

Sadly given its recent financial performance and insistence on throwing more and more money at the loss making online edition it may well do this to itself.

4
0
Silver badge

Re: Highly sensitive UK documents? Really?

GCHQ and the NSA aren't allowed to spy on their own citizens, so they spy on each other's citizens and exchange the information they receive. That's why the top secret uk documents would be on the NSA server.

3
0
Silver badge

Re: Highly sensitive UK documents? Really?

And 98% of El Reg is from teenage boys who have grown up. Doesn't really tell you anything other than they are about 50% female.

3
0
Bronze badge

@Sir Runcible -- Re: Highly sensitive UK documents? Really?

I'd reckon Chris Miller is correct. Remember this League of Gentlemen has been swapping vigorously since at least WWII. (Governments have even said so from time to time.)

0
0
Silver badge

Re: Highly sensitive UK documents? Really?

>And 98% of El Reg is from teenage boys who have grown up

haven't

2
0
Bronze badge
Thumb Up

Re: Highly sensitive UK documents? Really?

Correct. In brief, when Margaret Thatcher wanted a couple of her senior ministers checked out for suspect associations, she passed the job on to either the Americans or the Canadians. I think the latter, but can't be sure. Dammit, I have to say it; Echelon is one of the facilities at work here, but no one seems to worry about it.

Oh that's better. Almost as good as a man dump. Now for a post work shower.

0
1

"very poor information security practice"

This, coming from a government who refuse to use any form of encryption themselves?

A government who repeatedly leave huge quantities of sensitive information on trains, taxis, park benches, public bins?

11
0
Silver badge

Re: "very poor information security practice"

A government who repeatedly leave huge quantities of sensitive information on trains, taxis, park benches, public bins?

Well yes, they've had a lot of practice and know what they are talking about :-)

8
0
Bronze badge

Re: "very poor information security practice"

Wasn't that under Labour? Mind you, it's happened so often that keeping records is difficult. However, the reason why we know so much is the speed and pervasiveness of digital news gathering and reporting. In the past it was a 'dark figure'.

0
1
Silver badge
Black Helicopters

It was formatted with TrueCrypt...

... so there's always the possibility of a hidden volume or two. They might have found enough to keep them happy and let him go but not everything.

6
0
Silver badge

Re: It was formatted with TrueCrypt...

Well they did say the password unlocked a portion of the documents. Quite possible there was a hidden partition with the remaining docs locked away still. Miranda wouldn't even need to be aware of it. In his knowledge he gave them the password to the information.

7
0
Silver badge
Facepalm

.

See icon ->

3
0
Bronze badge

Pot, meet kettle

et cetera

2
0
Silver badge
Facepalm

Crypto key written down!!!!!!!

Crypto key written down!!!!!!!

ID 10T error code

5
0
Silver badge

Windscale is now Sellafield

Special Branch is now 'Counter Terrorism', to justify giving it excessive powers which they will then still manage to abuse.

Next week the traffic wardens will be renamed "Directorate of Anti-Paedophile Operations"

13
1

Re: Windscale is now Sellafield

It has been since 2006. Originally it was the Special Irish Branch until they decided it wasn't just the Fenians they wanted to keep an eye on.

2
0

Passwords or Jail

Given that if you must hand over passwords when requested under threat of immediate imprisonment, (and possibly Gitmo if they think what you are hiding is dangerous enough) and that covers ANY password on any device you have or own. I think I might take precautions against forgetting the odd password.

7
0
Silver badge

Re: Passwords or Jail

I wonder why they even need a mule. There are so many places that documents can be dumped, and if they were signed and encrypted, then the recipient could be sure they had not been read or tampered with.

And even if they did use a mule they should give the mule the passphrase. And if they had to give him a passphrase, it should be to a shadow file which contains plausibly sensitive but harmless information while keeping the real data safe.

2
0
Bronze badge

Re: Passwords or Jail

> if they think what you are hiding is dangerous enough

s/dangerous/embarrassing/

1
0
Anonymous Coward

"It will not escape Reg readers' consideration that while the Guardian's security may have been poor, it was the US and UK governments' security regimes which allowed the information to escape in the first place."

Bingo. And unlike some mule and friend/partner of a newspaper journalist, the people surrounding the initial leaks are professionals in data security. Or supposed to be anyway.

On top of that it's foolish to believe that the some 58,000 documents do not exist anywhere else. And they certainly have never been stored on the graphics card in the picture published by the Guardian re destruction of data....

Assuming that digital data is gone once destroyed/seized is mid-20th century logic.

Seriously, who are the governments and authorities trying to fool.... their own "actors" (aka officials, MPs and up)?

10
1
Bronze badge
FAIL

B*llocks!

Detained under anti-terrorism law and now criminal charges? He "had" the key write down on a piece of paper? They found "highly sensitive information"? WTF?? The UK and the rest of the world really need a Vendetta!

0
3
Silver badge

Does it actually matter?

They collared the guy before knowing anything about what he was carrying or how well protected it was. 9 hours being interrogated by spooks was going to cough a password either way, whether it had been written down or not.

If it had been written down and the password was immediately available, why the need to hold him for 9 hours?

8
0
Bronze badge

Re: Does it actually matter?

Apparently he spent 8 of those 9 hours waiting for his lawyer, not being questioned.

4
4
Anonymous Coward

Re: Does it actually matter?

I think it looks like a targeted arrest, I don't believe they should have used anti-terror laws, but it does appear that Miranda had a whole load of classified documents. It doesn't matter if other people have them as well, he had them. I'm only surprised that he was allowed to proceed as he was obviously being used as a courier for classified information.

In other comments: Who the hell sends their partner with classified material through an airport, they must have realised that the Police would want to have a chat with him as he'd be a prime suspect.

6
1
Anonymous Coward

Re: Does it actually matter?

"Apparently he spent 8 of those 9 hours waiting for his lawyer, not being questioned."

Nope, he was flat-out denied legal counsel immediately, which is possible because he was in the legal no-man's-land of an international airport terminal.

6
1
WTF?

Re: Does it actually matter?

"Apparently he spent 8 of those 9 hours waiting for his lawyer, not being questioned."

I thought part of the "terrorism" act meant you didnt get access to a lawyer unless you were charged?

7
0
Anonymous Coward

Re: Does it actually matter?

As I understood it, I think this came from Radio 4 news, he was offered legal representation as soon as he was arrested, but turned it down in preference for his personal lawyer.

0
1
Bronze badge

Re: other comments

>Who the hell sends their partner with classified material through an airport

Someone trying to bait the powers that be into doing something pointless and dumb. It has been heavily speculated on Schneier's blog comments section that this was indeed the case, what with Greenwald releasing a little info, the spies scrambling to 'explain', Greenwald then shows how the 'explanation' is false with more evidence, cycle repeats.

Classic trolling, just give them more rope, they will invariably tie a noose. Hopefully if they get enough rope the head will just pop off when the trap door opens.

1
0
Bronze badge

@Thomas 4 -- Re: Does it actually matter?

And I've probably capitulated in the circumstances.

But if I'd have been the mule, as would anyone with any sense, I'd have isolated myself from the encryption and password process then I could genuinely claim that I wasn't lying. What's more, I could even give particulars and they'd be little the wiser and no closer to the docs.

...And why didn't he (or others) send the stuff electronically beforehand (so there was nothing to intercept)? Also, why did he go via the U.K. anyway?

Essentially, Miranda is a fool or awfully naive.

If Miranda is not a fool then perhaps we're all being fed a fairytale and actual events are quite different.

1
0

Re: @Thomas 4 -- Does it actually matter?

The whole not knowing the encryption key thing doesn't help you if the security services believe otherwise... How can you prove you don't know it?

1
0
Silver badge
Go

Re Andy Mc Re: @Thomas 4 -- Does it actually matter?

"The whole not knowing the encryption key thing doesn't help you if the security services believe otherwise...." Indeed, the law states you have to provide the key, and is not conditional that you are the originator or that you know it yourself, so if the encryption has been done by others you still have to convince those others to hand over the key or suffer the consequences yourself.

0
0

Page:

This topic is closed for new posts.