NSA has yet to fix security holes that helped Snowden leaks
Edward Snowden's success in leaking NSA data was chalked up in part to the agency's own security lapses, so you'd think that the agency would have tightened up its procedures in the past five years... right? Apparently not. The NSA Inspector General's office has published an audit indicating that many of the Snowden-era digital security policies still haven't been addressed, at least as of the end of March 2018. It hasn't correctly implemented two-person access controls for data centers and similar rooms, doesn't properly check job duties and has computer security plans that are either unfinished or inaccurate.
The audit also showed that the NSA hasn't implemented the latest federal security guidance, doesn't have a complete inventory of its IT framework and isn't gathering all the documentation it needs before it gives a computer system the go-ahead. And while Snowden didn't rely on malware, the NSA isn't thoroughly scanning for viruses on USB thumb drives and other removable media.
(Score: 5, Funny) by c0lo on Monday July 30 2018, @06:57AM (6 children)
Obvious solution: bring Snowden back and let him loose for pen-testing.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Monday July 30 2018, @12:57PM (3 children)
We tried [wikipedia.org] tobring him back. He may overstay his welcome in Russia. See also Julian Assange.
(Score: 3, Touché) by c0lo on Monday July 30 2018, @02:01PM (1 child)
Well, you tried to bring him for a trial, not pen-testing. No wonder he wasn't interested.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Monday July 30 2018, @06:06PM
You don't know how this works? We offer a plea bargain. You can work for us or go to prison. See: Sabu, Adrian Lamo, etc.
(Score: 2) by looorg on Monday July 30 2018, @02:19PM
There is no doubt in my mind that he will eventually overstay his welcome in Russia and find himself in the trunk of a car or similar. After all just like Assange he has not exactly faded into oblivion but instead keeps tweeting, posting and digitally-attend various conferences. Not to mention the Intercept keep making news now and then from as of yet unused leak material. The gift that keeps on giving will probably one day deliver some very bittersweet gifts.
(Score: 2) by looorg on Monday July 30 2018, @02:21PM (1 child)
Why bring him back? They clearly have not even learned any of the lessons from his last visit. No need to pile on more embarrassment then what they are already suffering.
(Score: 3, Insightful) by c0lo on Monday July 30 2018, @02:35PM
NSA and embarrassment suffering - that's weird. You reckon they still have the necessary organs to suffer the embarrassment?
I was under the impression it was a condition of employment to have that organ surgically removed - otherwise I can find no explanation how they can live with the shame of breaking your constitution for a living.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Monday July 30 2018, @08:04AM (1 child)
So, let me get this right... Snowden spills the beans, and the TLA's are all upset.
But, the TLA's are working with Intel to get bean-spilling technology baked into everyone's silicon?
I guess its OK if it involves a computer, but bad if a human does it?
(Score: 2, Insightful) by Anonymous Coward on Monday July 30 2018, @01:01PM
It's bad if it's the TLAs' secrets. It's OK if it's other people's secrets.
(Score: 3, Interesting) by progo on Monday July 30 2018, @08:35AM (1 child)
NSA's automated IT security and standard operating procedures and policies maybe can't be made any more draconian than they were in Snowden's time unless you want to prevent any work from actually getting done.
You can work on building trust and trustworthiness among employees, but you can never check a box that says that trust is working perfectly.
(Score: 2) by JoeMerchant on Monday July 30 2018, @09:51PM
I'd say: the hell they haven't fixed the Snowden problem. The solution has been known for centuries, the old movie "Master and Commander" has a good demonstration of how to keep discipline: fear. Fear of punishment. Terrible, possibly life ending punishment. Terror, if you will, that's how you keep security tight: scare the living shit out of everybody in sight, fear will keep them in line.
Nope, never perfect, and in a soft, cushy, giant faceless machine like the NSA they really should be using something else, because that terror model doesn't scale well beyond about 200:1 ratio between the terrorized and the terrorists, tight IT security should cost a lot less than 0.5% of total productivity.
While I was working in a "sensitive" but not even secret organization, we'd get annual security briefings from the FBI - they'd come in and give the speech about how the enemy thinks differently and we shouldn't be sharing information un-necessarily with people who don't need to have it. They even ran post-lecture undercover tests - some guy wearing an absurd pink polo shirt walking a pansy dog just wanders into our lobby and starts asking technical questions about our product a few days after the briefing - jeez guys, can't you even wait 6 months to see if the training stuck, and maybe be a little less obvious with your leak testers?
🌻🌻🌻🌻 [google.com]
(Score: 5, Insightful) by Anonymous Coward on Monday July 30 2018, @10:26AM
So, exactly like every other Enterprise scale organisation?
(Score: 1, Interesting) by Anonymous Coward on Monday July 30 2018, @05:08PM
Or didn't implement but watching, you decide.