Edward Snowden's not a one-off: US.gov hunts new secret doc leaker It appears former NSA contractor Edward Snowden is not the only leaker of secret US documents around, as the US government searches for another whistleblower in the aftermath of another leak of classified information. CNN reports that leaked documents related to a terrorist watch list and published by The Intercept (a site …
Private contractors? Aren't they the kind of people who might benefit from a leaked secret document before offering to sell more security and audit software to the public sector paymasters?
One way to reduce the risk of a widely distributed list being leaked is to salt it with a few unique names/records for each copy - makes it pretty quick to tell if the list came from the cops or haliburton or whoever, narrows down the chase somewhat already
680,000 suspects and only 220 convictions over the last decade (http://www.thewire.com/politics/2013/04/civilians-courts-vs-military-courts-terrorism/64489/).
These guys are way better at slacking than I am! It's like were being guarded by an army of Wallys.
On the other hand, maybe it's just too easy to get on the list? I demand a more exclusive terror watch list!
That would explain why I am being upsold by ExplosivesRUs!!
"Dear Mr. Hack,
While most of our customers are happy to order C4, you're special. You're the kind of violent ideologue who expects only the best! Frankly, you seem like more of a Semtex man. And lucky for you this month we have a special...."
I can foresee a complete inversion of the security-threat-level (whatever that's called) and the El Register recommendation level.
Whenever something is at a threat-level 55 (mid-high?) the recommendations should come in at around 5+.
Eventually this will lead to the security agencies trying to up their threat levels so they get a higher El Reg recommendation. Pretty soon, secretaries from MI6 and the NoSuchAgency will be spilling their bosses beans all over the tubes - just for a better thumbs-up score.
In the end, secrecy will be a thing of the past along with wingless dinosaurs. We'll all live in blissful abondance of TMI.
It means that the data is kept secure in an extreme fashion, requiring two people to input passwords simultaneously (think Golden-Eye two-key access to the arming mechanism), and people who do access can only access the data that their authorizations subset allows them to, access being monitored automatically with red flags sent to monitoring personnel when out-of-line access requests are made, monitoring personnel who will then investigate the demand and compare with previous out-of-line demands - make too many mistakes and you're fired.
Two man rule: It requires two people with seperate access codes, iris scans, keys etc to open a system. One can not do this without the other "man" being present
Role based monitoring: You have a set framework within which you carry out your duties. Operating outside of these parameters will trigger a red flag. Similar to trying to do something on your PC at work which is outside of the permissions set by the Sys Admin. Try to do something and it will be noticed.
What it means is that they need a shed load of internal "watchers" to watch the "watchers"
At some point in the future things will get so big and complex within the organization, circles within circles etc, that it will no longer be able to support its own weight and entropy will do its thing that it does with all systems which are out of balance.
At some point in the future things will get so big and complex within the organization, circles within circles etc, that it will no longer be able to support its own weight and entropy will do its thing that it does with all systems which are out of balance.
For all we know it might already be the case that two-thirds of NSA employees are there purely to watch NSA employees. It would certainly explain why they have to rely so heavily on contractors!
You could well be correct. I touched upon the weaknesses of this type of organization in something I wrote last year. Link here: http://russellchapman.wordpress.com/2013/09/26/a-question-about-the-terrorist-attack-in-nairobi-kenya/
Entopy always wins in the end, you can't beat physics. This is also why I am betting on a financial crisis in the next 3-4 months, I might be wrong on the exact timing but it will make 2007/08 look like a walk in the park.
> This is also why I am betting on a financial crisis in the next 3-4 months, I might be wrong on the exact timing
I'm pretty sure you are, too much confidence around now. Misplaced confidence but it makes no difference. My guess is it's further off, perhaps a year or two.
> but it will make 2007/08 look like a walk in the park.
yep :(
I don't think it will be as far away as two years. The collapse of the holding company of Bank Espirito Santo, a major Portugese bank is a signal of the on going weakness of the banking system in the periphery of Europe. Russia is in a much more fragile economic situation than many realize and China has huge debts which are hidden by its shadow banking system.
I happen to know several directors of major banks in Switzerland. All are saying that global stock markets are way over valued, price/earning ratios are crazy. Profit is coming from price/cost cutting rather than earnings on activity. It will only take one shock in the right place to start a chain reaction.
" China has huge debts which are hidden by its shadow banking system."
Would you mind elaborating on the Chinese debts? I thought they practically owned the West. Unless they're worried that our debts to them won't be honoured when we collapse?
Hi Auburnman
Read this Forbes article to get the lowdown on the Chinese shadow banking sector
http://www.forbes.com/sites/ywang/2014/05/21/chinas-shadow-banking-valued-at-80-of-gdp/
Japan is actually the USA's largest creditor and I wrote an article about it including some other research which put things into words more effectively than I can:
http://russellchapman.wordpress.com/2013/09/18/global-gdp-vs-global-debt-what-is-really-going-on/
Russell 6:
With the Putin vs. The West playing out as it is, I just hope some Shadow Recruit can stop a possible Russian Operation Lamentations. Some truth to the line that the Russians would be crushed, but would recover. The West might not be able to...
The best defense against a leak is to immediately leak a flood of substantial information yourself on a similar yet less important subject, but deliberately promote it as a shocking reveal. That way the media will focus on the larger more detailed leak you provided and overlook the real less detailed damaging leak.
We just have a global, federated LDAP, and each system authenticates against it. If you want to use a system you need to be added to that system's group(s). You can request that yourself, and the permissions thing just looks up who your manager is and who else should be informed, and they need to approve it electronically. If you haven't used that system for a while generally you'll get swept out of the group.
Easy, quick, pretty secure by default. I can't believe a defence agency trusts everyone on its network by default.
Western whistle-blowers just leak "mostly benign" information from "mostly benign" countries.
It is very easy to leak from a western country, they can imprison you, but the likelihood of a western country putting a bullet in your head after having being tortured for weeks is low.
I would like to see the Snowdens of the world leak information from less benign countries.
It is very easy to ask for peace and freedom from the middle of Trafalgar Square, London, United Kingdom, but try to do the same from Pyongyang's Kim Il-sung Square in N. Korea. Or from Beijing's Tiananmen Square, China, or from Havaba's Plaza de la revolucion, Cuba.
The story is similar in Russia, where some 60 journalists have been assassinated, whilst former Soviet States Chechnya, Dagestan, Georgia, Ukraine, Trans Dniester and the like can hardly believe that the USSR has gone away. It is almost certain that Snowdon has divulged everything to his new owners.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
