Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday June 20 2017, @06:43PM   Printer-friendly
from the do-as-I-say dept.

Second-rate opsec remained pervasive at the United States' National Security Agency, according to an August 2016 review now released under Freedom of Information laws.

It's almost surprising that the agency was able to cuff Reality Winner, let alone prevent a wholesale Snowden-style leak. The Department of Defense Inspector General report, first obtained by the New York Times, finds everything from unsecured servers to a lack of two-factor authentication.

The formerly-classified review (PDF) was instigated after Snowden exfiltrated his million-and-a-half files from August 2012 to May 2013.

"NSA did not have guidance concerning key management and did not consistently secure server racks and other sensitive equipment in the data centers and machine rooms" under its "Secure-the-net" initiative, the report says.

Data centre access is supposed to be governed by two-person access controls, the report notes, and the rollout of 2FA to "all high-risk users" was incomplete at the time of writing.

The agency had too many users with admin privileges, the report continues, they're insufficiently monitored, and the NSA had not cut the number of agents authorised to carry out data transfers.

Giving the NSA more funding could probably fix it.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by frojack on Tuesday June 20 2017, @08:26PM

    by frojack (1554) on Tuesday June 20 2017, @08:26PM (#528698) Journal

    Reality Winner was pretty stupid person. Yellow dots have been a thing for well over 10 years.
    The intel she stole wasn't worth the effort, it was all Russian info, and contained nothing that was
    not clearly within the Congressionally mandated mission of the NSA. It was only classified because
    it revealed sources, not because the content was official US secrets.

    I half suspect she was a pawn used by someone else to achieve a short lived political talking point.

    Snowden was much smarter.

    I doubt he would be hindered by any of the changes recommended in this Review, because, after all, he was authorized to utilize all of those 1.5 million files that he exfiltrated, if not by eyes on each of them, then simply by use of automated search and retrieval tools.

    --
    No, you are mistaken. I've always had this sig.
    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3