Journalists and their associates involved in the Edward Snowden NSA leaks affair followed almost unbelievably poor security practices while handling top-secret government files, according to a statement made in court by a British official today. The hearing was looking into the case of David Miranda, the partner of journalist …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Page:

1. 1. 1. 1. Tuesday 3rd September 2013 06:05 GMT RobHib
        
        @Matt Bryant - Re: Re Andy Mc @Thomas 4 -- Does it actually matter?
        
        Correct, but there have been many martyrs throughout history.
        
        The fact remains that the security services are still left without the key. Even torture won't help them (expect to make them feel better of course).
        
        0 0
        
        Tuesday 3rd September 2013 09:12 GMT Matt Bryant
        
        Re: RobHib Re: @Matt Bryant - Re Andy Mc @Thomas 4 -- Does it actually matter?
        
        "....there have been many martyrs throughout history....." Que? If you seriously believe Greenwald and co have any interest in martyrdom then I have some prime Florida river-side real estate to sell you! Greenwald's motivations are a lot more basic and monetary.
        
        ".....The fact remains that the security services are still left without the key....." So what? The prime aim is to stop the transfer of secret docs, so locking up all the people involved goes a long way towards that. It's also a powerful disincentive to others. You are forgetting that the NSA and GCHQ already know what's in the docs since they are their docs, what they want is to track down and arrest the people involved in stealing and distributing said docs. Tracking coms between them tells them all they need to know (conspirators' identities) without the need to decrypt docs. Once they then arrest (or stop under Schedule 7) a conspirator they can root through hiis or her data at their leisure. The ability to decrypt even a little of the docs for court evidence is a bonus, otherwise the authorities will settle for sending them to prison for several years at a time in repeat cycles until they do give up any keys. I bet the FBI are quite jealous of the UK police powers.
        
        ".....Even torture won't help them (expect to make them feel better of course)." Why do they need to torture anyone? It's kinda hard to be "an international journalist/film-maker/toyboy, tirelessly fighting the fight for the right" when you're locked up at HMG's pleasure.
        
        0 0
Friday 30th August 2013 14:50 GMT Tom7

Honestly? How hard is this?

1. Generate public-private key pair.

2. Write down the public key and take it to Germany. Or put it on a web site. Whatever.

3. Encrypt the data using the public key.

4. Transfer the data to the thumb drive.

5. Carry the thumb drive back to Brazil.

6. Get held at Heathrow but don't disclose the decryption key because YOU DON'T HAVE IT.

4 0
1. Friday 30th August 2013 15:09 GMT chris lively
  
  Re: Honestly? How hard is this?
  
  I had a similar thought. Sending both the encrypted files along the same route as the decryption key was a bad choice.
  
  It would have been trivial to use the regular postal mail to send the thumb drive to the guardian. It would have also be trivial to send the decryption key that way. Neither of which would have been jacked with.
  
  OR you could have sent 2 reporters in. One to get the decryption key and another to get the drive.
  
  The reporters on this are showing that they still have no clue what security is.
  
  5 1
  1. Saturday 31st August 2013 10:16 GMT Adam 1
    
    Re: Honestly? How hard is this?
    
    From what I understand, UK has laws that give you a choice between jail and handing over the password. All of these fancy measures of not carrying the private key or sending the key and data with different reporters doesn't get around this.
    
    The reporters may well not understand security, or maybe the revealed password was just the decoy volume of a hidden truecrypt operating system (see http://www.truecrypt.org/docs/hidden-volume). The mule need not even have known about this; one or two believable files in the outer volume that would explain the need for its encryption.
    
    ... and this way they get to post about the day their office got trashed.
    
    Mine's the one with the mobile phone that definitely doesn't have a micro SD card inside it where these files could have been hidden had they not wanted this trouble.
    
    0 0
    1. Sunday 1st September 2013 22:32 GMT Anonymous Coward
      
      Re: Honestly? How hard is this?
      
      @Adam 1 - Do you really think that the police wouldn't look in a mobile phone when they were looking for data? This is akin to the people who think that they can hide stuff under the floorboards and the coppers will never find it "cuz there all stoopid".
      
      0 0
2. Friday 30th August 2013 17:27 GMT Jason Bloomberg
  
  Re: Honestly? How hard is this?
  
  It does beg the question; ignorance, naivety, stupidity, or deliberately planned?
  
  No matter which it seems we now know a lot about how the authorities consider those documents which we would not know had Miranda been carrying nothing.
  
  2 0
  1. Saturday 31st August 2013 10:18 GMT Destroy All Monsters
    
    Re: Honestly? How hard is this?
    
    > 5. Carry the thumb drive back to Brazil.
    
    "You may want to take one of those modern train coaches, my good friend. I heard the horse-drawn carriages are increasingly being controlled by political police."
    
    0 0
Friday 30th August 2013 14:56 GMT Pierson

No one can be that incompetent, surely?

I'd love to believe that this is just HMG trying to do a snowjob(*) on Miranda, Rushbridger et al, or that the journo's are working a sophisticated sting against the spooks; but, to be honest, it really does seem that the Graun and its fellow travellers are a bunch of incompetent innocents who aren't fit to be allowed near an abacus, let alone a sensitive computer system.

These documents would probably have been a lot more secure if Rushbridger and his crew had simply communicated with each other, carefully, via PGP/GPG encrypted emails.

It reminds me of that sniffy comment by Gandalf in LOTR about his exaggerated fear of Sauron vs. his overoptimistic faith in the Innkeeper Butterbur...

(*) well, they are anyway, but I simply can't stack up the comments by the Graun, Miranda and others and still assume that they are in any way competent.

3 2
Friday 30th August 2013 15:06 GMT ed2020

Eh?

So they were taking many flights because they were concerned about the NSA and GCHQ eavesdropping on electronic communications. Presumably this means they were concerned the NSA could decrypt electronic communications so the point of encrypting the thumb drive was what...?

0 2
1. Friday 30th August 2013 17:27 GMT Anonymous Coward
  
  Re: Eh?
  
  To be generous to them: They could have encrypted the drive because they didn't want joe public to come across the information and let it leak onto the internet that way. That said, even if they believed the security services could decrypt the data, surely they were under the impression that the security services knew they had it anyway. More to this, even if they were just trying to keep Joe public away from the unredacted data - Why did they write down the key and sent it on the same flight? I'm not sure I understand any of the reasoning in this piss-poor example of IT security.
  
  1 0
2. Friday 30th August 2013 17:29 GMT Don Jefe
  
  Re: Eh?
  
  Taking many flights to escape GCHQ but transferring at Heathrow? That's not how I would have done it...
  
  1 0
Friday 30th August 2013 15:19 GMT GreyWolf

Where do you hide a book?

...in a library...

1. I want to get a copy of secret files out of UK reach

2. I make up up a shiney-shiney, a distraction, a bauble to attract the eye of spooks

3. I "hide" the real files among the shiney-shiney (encrypted differently).

4. I let it fall into the hands of GCHQ/NSA

5. Spooks are satisfied, but they don't know that the real thing has passed them by.

If you are going to Brazil from Germany, there are surely direct flights - if not, you go via Schiphol, not Heathrow. The only reason to go via Heathrow is to wave the shiney-shiney under the noses of the spooks.

16 0
1. Friday 30th August 2013 17:27 GMT Anonymous Coward
  
  Re: Where do you hide a book?
  
  If you're going to be that cunning, you'd not have the encryption key written down on a piece of paper, because that's just blindingly obvious isn't it? You'd make them work for it a bit.
  
  No, I'm going to fall on the side of the fence marked "incompetent".
  
  2 1
2. Friday 30th August 2013 17:27 GMT DrXym
  
  Re: Where do you hide a book?
  
  The classic example of this is the Cullinan diamond. A big fanfair was made of it being transported by ship from South Africa to England. It was to be locked in the captain's safe and under constant guard for its entire journey. The safe only contained a fake and was a diversion - the real diamond had been sent as registered post with the rest of the mail.
  
  2 0
3. Friday 30th August 2013 17:27 GMT knarf
  
  Re: Where do you hide a book?
  
  Eh.. No.... its sad say but people really that stupid. How else do you explain X-Factor!
  
  1 1
4. Friday 30th August 2013 17:27 GMT Anonymous Coward
  
  Re: Where do you hide a book?
  
  You're not thinking like a journalist thinks.
  
  They'll fly Heathrow cos they always fly Heathrow or because they have a regular flyer bonus or are collecting air miles.
  
  They don't think like a character from a thriller normally, though one or two have written thrillers.
  
  3 0
5. Friday 30th August 2013 17:29 GMT Brian Miller
  
  Re: Where do you hide a book?
  
  Why bother doing that? You could have a 128Gb drive full of stupid vacation photos, encrypt the files, and then use a steganography utility to hide the files in the vacation pics. Plod grabs device, looks, and only sees stupid vacation snaps. Lo and behold, plod is satisfied. You want their attention? Have a bunch of obviously encrypted files.
  
  But yeah, we are talking about journalists here who might as well have not bothered with encryption at all. Usually it's hard enough to get them to get the facts straight, let alone follow any reasonable protocol for handling data.
  
  3 1
6. Friday 30th August 2013 21:13 GMT Chris 244
  
  Re: Direct Flights
  
  LH 500
  
  Took me longer to post this comment than it did to find a direct flight from Frankfurt to Rio.
  
  1 0
Friday 30th August 2013 17:27 GMT Anomalous Cowshed

Police confiscated disks and other items capable of holding data:

A notebook.

A few loose pieces of paper.

Two palms of a hand.

One potentially tattooed skin.

A brain.

2 0
This post has been deleted by its author
Friday 30th August 2013 17:29 GMT Frankee Llonnygog

The Gov's slagging the Guardian for poor security

Had the Guardian's security been top notch, I doubt the Gov would have congratulated them.

This is rather like telling off a pickpocket for keeping your wallet in the back pocket of his jeans.

0 0
Friday 30th August 2013 17:29 GMT Anonymous Coward

So let me sum this up

UK gov't uses their powers to access this guy's encrypted data and then complains that the encrypted data was accessed. Uhh, so whose fault is that?

1 1
Friday 30th August 2013 17:29 GMT Wang N Staines

LOL.

0 0
Friday 30th August 2013 17:29 GMT CABVolunteer

Look more closely at what the government's submission said

To expand on what this government representative actually claimed in his submission, quoted in the BBC news item:

"[a] piece of paper containing basic instructions for accessing some data, together with a piece of paper that included the password for decrypting one of the encrypted files on the external hard drive".

ONE of the files?

Could it be that the file which Miranda had instructions on how to open contained contact information for a lawyer to assist if detained or even Rusbridger's phone number?

The government stooge also said that "many of the files were encrypted". So what was so damaging in the unencrypted files that their contents haven't been leaked by the government? His shopping list perhaps?

6 0
Friday 30th August 2013 18:56 GMT Anonymous Coward

"poor security practices"

Who cares? The "secrets" weren't secret any longer.

The only point of security regarding this now-not-secret information might be its commercial value as news material to The Guardian and/or the involved journalists, and what they do or don't do to protect that is entirely up to them.

0 0
Friday 30th August 2013 18:56 GMT Anonymous Coward

Someone has been duped

He is transiting through the UK with stuff and he knows that under RIPA he will go to jail if he doesnt give up the passwords so he brings a handy one with him to decrypt something.

Included in that data was the information that magically made its way to the independent newspaper.

Set a trap to catch a rat and it worked very well.

9 0
1. Saturday 31st August 2013 10:18 GMT Destroy All Monsters
  
  Re: Someone has been duped
  
  I say, my good fellow.
  
  0 0
Friday 30th August 2013 18:57 GMT Anonymous Coward

Homophobia

Can you please stop referring to David Miranda as "Snowden Journo's Boyfriend" in your headlines.

It says more about The Register and the people who write for it than the content of the story that appears below. them.

0 0
1. Tuesday 3rd September 2013 11:24 GMT gazthejourno
  
  Re: Homophobia
  
  Noted - we'll stop calling him a journalist.
  
  Homophobia? For pointing out a simple relationship which both parties have acknowledged? Jog on, matey.
  
  2 0
Friday 30th August 2013 21:13 GMT davefb

So , why does the UK feel that NSA documents have anything to do with them anyway, surely they didn't look at them then told the NSA they'd been destroyed?

Let alone the fact repeating these comments just goes to show they even admit they didn't have any concerns about Miranda being a terrorist, so should have used the correct laws.

2 0
Friday 30th August 2013 21:13 GMT John Doe 6

It really doesn't matter...

...does it ?

Those "secrets" were no longer secrets, because mr. Snowden intended to make them public when he copied them at NSA...

1 0
Friday 30th August 2013 21:13 GMT Anonymous Coward

Miranda rights

Or in this case "Miranda wrong"

(Doh!!)

1 0
This post has been deleted by its author
Friday 30th August 2013 21:13 GMT Anonymous Coward

Where's the micro SD Card?

Thumbdrives? Yeah those are sure to go unnoticed<snark>.

From day one of the Miranda drama, my question has been: where were the MicroSD card(s) hidden? Even a quick scan of TrueCrypt's own doc on plausible deniability reads like a script that Miranda executed fairly well.

Did the spooks strip his luggage down to the metal frame to discover the aluminum foil wrapped MicroSD card(s) that the xray scanner missed?

2 0
Saturday 31st August 2013 10:12 GMT jonfr

Cat photos

So the UK cops got access to 58.000 cat photos and refuse to acknowledge it. No surprise there.

0 0
Saturday 31st August 2013 10:13 GMT C. P. Cosgrove

Ummm . . .

"Metropolitan Police Service Counter Terrorism Command is now carrying out a criminal investigation, which is at an early stage."

Fascinating. Against whom might they be preparing this (possible) case ? Against the heads of NSA and GCHQ for crininal negligence ? For breaches of the Official Secrets Acts ? For aiding and comforting terrorists ?

Or are they working on behalf of Data Protection Commissioner, preparing a case under the Data Protection Laws ?

Chris Cosgrove

2 0
1. Sunday 1st September 2013 22:48 GMT Anonymous Coward
  
  Re: Ummm . . .
  
  If you're found with stolen goods, it doesn't matter how you got them, you'll be prosecuted not the person they are stolen from.
  
  0 1
Saturday 31st August 2013 10:13 GMT Anonymous Coward

fwiw Greenwald says Miranda was not carrying a password which allowed access to the "documents"

https://twitter.com/ggreenwald/status/373451644794449922

so the claim that he was carrying "some 58,000 highly classified UK intelligence documents" would appear to be speculation at best

0 0
1. Sunday 1st September 2013 22:49 GMT Anonymous Coward
  
  Are you actually citing what someone said on Twitter as evidence?
  
  0 1
Saturday 31st August 2013 10:15 GMT HippyFreetard

And Snowden a Sysadmin?

"Here's the encrypted files. Here's the password for the files. Here's some instructions on how to use the password."

Does seem a bit weird. Either incredibly stupid or incredibly clever.

Scenario 1. The real shit's just a big encrypted file, uploaded to the cloud, and all that needs to be muled is the password. Decoy Dave is sent to look all nervous with a bagful of hard disks, the password, and, in case the police are extra slow, some instructions on how to open it.

Scenario 2. Snowden's been offered assylum, so he washes his hands of the whole thing, phones Greenwald in a panic, and says "get on over here and take it. I want nothing to do with it anymore. Passwords too..."

I can't decide...

0 0
Saturday 31st August 2013 10:17 GMT Anonymous Coward

No so bright

The perps ain't as smart as they usually think they are and that's what leads to their downfall. It's going to make for good theatre seeing Snowden suffer a long, slow, painful death probably via radiation poisoning, KGB style.

0 4
Saturday 31st August 2013 10:19 GMT Anonymous Coward

Security not the issue - government over-reach is.

The issue is that the UK used a flimsy pretext and a total lack of moral authority to arrest and detain someone for reasons that are utterly unclear but cannot reasonably be thought to be in the "national interest." That excuse, as was shown in Parliament on Thursday, is now viewed with extreme scepticism, as is the immediate compliance with US military/security establishment demands. Stories from gov sources changing the agenda should be seen as such.

2 0
Saturday 31st August 2013 10:20 GMT Michael Habel

Heres hoping that...

Snowden grows a pair, and finds a place to dump everything out there into the wild. The ensuing drama would be priceless!

0 0
Saturday 31st August 2013 11:22 GMT Robinson

Remarkable.

It's remarkable to me that certain people here seem to hate their own countries more than those who are actually despotic, enough to support Snowden in his vainglorious attempt to get recognition. I mean the guy is HIDING IN RUSSIA, a country that tends to shoot awkward journalists rather than hold them at airports for a few hours.

You people DISGUST ME.

2 4
1. Monday 2nd September 2013 00:09 GMT Volker Hett
  
  Re: Remarkable.
  
  >It's remarkable to me that certain people here seem to hate their own countries more than those who are actually despotic, enough to support Snowden in his vainglorious attempt to get recognition.
  
  Funny you say that, I do love my country within reasonable limits. I really don't like GCHQ and PRISM to spy on me. Both are breaking german law doing it!
  
  1 0
2. Monday 2nd September 2013 00:09 GMT CABVolunteer
  
  Re: Remarkable.
  
  I have to fundamentally disagree with you.
  
  Whilst I might find the actions of a despotic regime in a foreign country obnoxious, I have no standing. However, when the actions of the government of the country of which I am a citizen go beyond the limits of civilized behaviour, I have the right, indeed the duty, to protest.
  
  3 0
3. Monday 2nd September 2013 00:10 GMT Anonymous Coward
  
  So you believe we should all "Follow the Government, right or wrong" then?
  
  That way lies death, destruction and genocide.
  
  A good human being will do whatever is in their power to stop a government that starts upon that road.
  
  First they came for the...
  
  2 1
4. Monday 2nd September 2013 00:10 GMT Red Bren
  
  Even more remarkable...
  
  that certain governments seem to hate their own citizens more than those who are actually despotic.
  
  It's well known that Russia is no bastion of human rights, but that doesn't justify abuses by western governments because "it's not as bad as Russia." If you were mugged, would you be satisfied if your attacker escaped justice on the grounds that they only hit you, in some places they might have shot you?
  
  You depress me.
  
  3 1
  1. Monday 2nd September 2013 10:58 GMT Matt Bryant
    
    Re: Red Bren Re: Even more remarkable...
    
    ".....If you were mugged, would you be satisfied if your attacker escaped justice on the grounds that they only hit you, in some places they might have shot you?...." Yeah, so please show us on the doll where you were hit? Oh, you can't, becase no-one is interested in reading your delusional blatherings. You haven't been "mugged", you are just hapiilly living in some fantasy where you like to imagine you are just so gosh-darn cool and rebellious that the security services would consider you a top priority intercept target, when the reality is they have real fish to fry, not wannabes. Get over yourself.
    
    0 4