I give Snowden credit.

So, tell me, how is the NSA protecting us if one guy can, without being traced, grab NSA data so easily? From the sounds of it he could've dumped it to Wikileaks and continued working at Booz Allen!

From the article:

When they're not busy spying on their lovers or stalking potential love interests.

It is about getting into our business.

The difference is why this happened.

Mr. Snowden could do whatever he likes, as long as he doesn't tell anyone. That is what all their internal "security measures" amount to: nothing, bullshit, pompous horseshit. All the real "security" features are directed outwards.

Why?

Because the people who run the system CANNOT afford to piss people who are in the system off, lest they too go "Snowden" on them. That is also why the analysts get the big bucks, it buys loyalty.

"Social engineering" is the most difficult sort of "hacking" to defeat, and the NSA by virtue of it's size and the importance and the offensiveness of its activities constitutes a huge "social engineering" hacking problem, as Mr. Snowden and Ms Manning have so graciously exemplified.

And that is why the entire project is stupid, it is premised on the idea that bigger is better, and in security matters that is exactly wrong. That way lies the totalitarian state and eventual collapse through rigidity and decay.

and I'm sure the arrogance of the NSA and the Administration admits no outsiders are superior to them in anything.

Live by the paperwork, die by the paperwork.

eom

I suppose the NSA got off pretty easy. He could have fed the data to Russia and China for years without being caught. By exposing their security weaknesses in a way that couldn't be ignored, he may have done them a favor.

And who is to say some other contractor hasn't done (isn't doing) just that?

It's ridiculous that Snowden had read/write permissions to those logs! Glad he did, but WOW!

He would have root access and privileges to change anything/everything.

Therein lies the problem, from the NSA's POV. Somewhere in the chain is a human, who may have a conscience.

the data ought to be segmented so that some sysadmins have access to X while other sysadmins have access to Y. I find it surprising for one sysadmin to simultaneously have access to eavesdropping data AND also the logs. The logs could be / could have been stored on a parallel server that he does not have access to. Shows that their system of backups is not too robust, or they really don't hold on to data for very long.

although it makes it pretty hard to do your job as a sysadmin without access to logs.

IT Security 101.

I really thought the NSA and CIA had their own private Operating System, independent of Unix or Linux or Windows, completely unique and built from the ground up so this sort of thing would be much more difficult. But I guess if you want to use outside contractors you have to keep it simple.

I think the saddest part of this whole Snowden affair is that it is proving that the government (including President Obama despite his vows to transparency) prefers to deny an obvious truth about its actions rather than explain them. In this case, there is no National Security involved as to the spying on Americans--no foreign government and diplomatic situations to navigate--it is American citizens being spied on, yet the Feds won't just admit it and tell us why.

***I realize that the full scope of the situation involves foreign governments but the Feds won't even admit they monitor us. Perhaps that would be the hardest thing for we, citizens, to accept but it is obviously happening and them just waiting for something to take over the news cycle is pathetic.

The CIA sponsors a venture capital firm, In-Q-Tel, to identify promising tech firms and invest in them. (Endgame Systems is one of the recipients.) It helps keep them up to speed, but it relies on outside contractors.

The NSA seems to be even more behind the times. When Michael Hayden became director in 1999, the computer systems and managerial structures were such a disaster that he launched an expensive project to update them called Trailblazer -- and outsourced it to SAIC, Booz Allen, and others. By 2005, Hayden had to admit that the project was years behind and hundreds of millions of dollars over budget and it was shut down, though not before having helped authorize warrantless surveillance. (http://en.wikipedia.org/wiki/Trailblazer_Project)

According to Wikipedia, a replacement project called Turbulence was then begun to attempt to mean the same goals in smaller and cheaper steps, but by 2007 it was also over budget and not meeting its goals. I haven't been able to find out what's happened since, but I have to imagine that the NSA is even more dependent on its contractors and no less of a mess.

So the idea that these guys might actually have an operating system of their own, and be able to keep it secret and hacker-proof, it kind of a laugh.

MS-DOS just translates very basic machine code (hex or binary) into something accessible with alphanumeric language humans can understand. MS-DOS was primitive and easily replicable. If the NSA had a program to develop a new base language using completely different command structures then only those with an understanding of the fundamentals of the language would have the ability to access the system as a whole. What could it cost? An educated "hacker" with an interest in such things could do it himself. A team of 5 could do it for a million dollars. A team of 100 could do it for 100 million and make it impenetrable.

I really thought I read somewhere that the Pentagon uses its own system. There must be a way to make a document readable only on one OS. As long as the fundamentals of how the OS works are kept secret.

NSA really, REALLY liked VAXes - if you were building a new system and you had enough lead time to get the preferred hardware, your system would be based on a VAX. They also liked IBM 43xx mainframes and Series/1 minis. The standard desktop OS used to be Unix, but there was also a shitload of DOS in that place; from about 1983 on the most common desktop terminal was the Agency Standard Terminal Workstation, which was probably responsible for adding five years to the product life of the IBM XT because NSA bought thousands and thousands of XTs for this application. Right now the most common desktop OS is probably Windows. In applications where commercial off the shelf (or COTS) equipment will work, it's used because it's cheaper and quicker to implement it than to develop something in-house.

The flipside of this is, they are a government agency and as a government agency they are required to do the lowest-bidder thing, so they've got a lot of weird shit. Because of this lowest-bidder requirement, they used to be the dumping ground for things that weren't worth buying...William Odom, who was NSA director when Reagan was in power, once said that if we wanted to end the Cold War in one week all we'd need to do is airdrop half NSA's computers on the Soviet Union; they would try using them, decide we were a lost cause, and surrender out of the goodness of their hearts.

What the hell is going on over at Booz Allen?

. . . is that the NSA and its subcontractors are incompetent to handle, let alone safeguard, the vast amount of information they are collecting. It's an argument for dismantling the agency.