Slash Boxes

SoylentNews is people

posted by Fnord666 on Tuesday June 20 2017, @06:43PM   Printer-friendly
from the do-as-I-say dept.

Second-rate opsec remained pervasive at the United States' National Security Agency, according to an August 2016 review now released under Freedom of Information laws.

It's almost surprising that the agency was able to cuff Reality Winner, let alone prevent a wholesale Snowden-style leak. The Department of Defense Inspector General report, first obtained by the New York Times, finds everything from unsecured servers to a lack of two-factor authentication.

The formerly-classified review (PDF) was instigated after Snowden exfiltrated his million-and-a-half files from August 2012 to May 2013.

"NSA did not have guidance concerning key management and did not consistently secure server racks and other sensitive equipment in the data centers and machine rooms" under its "Secure-the-net" initiative, the report says.

Data centre access is supposed to be governed by two-person access controls, the report notes, and the rollout of 2FA to "all high-risk users" was incomplete at the time of writing.

The agency had too many users with admin privileges, the report continues, they're insufficiently monitored, and the NSA had not cut the number of agents authorised to carry out data transfers.

Giving the NSA more funding could probably fix it.

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by FatPhil on Wednesday June 21 2017, @12:48PM (1 child)

    by FatPhil (863) <reversethis-{if.fdsa} {ta} {tnelyos-cp}> on Wednesday June 21 2017, @12:48PM (#528983) Homepage
    > You say "a government is instituted to provide services for its citizens" and then note about the NSA "I don't believe the service they provide is useful or even necessary to the citizenry."

    That's not a contradiction, that's an observation that it's an imperfect implementation. I say a school exists to provide useful lessons to children but some of the teachers are crap. I say a restaurant exists to provide tasty food, but some of the dishes suck. These are not contradictions.

    > You imply that it's good and proper to force people to fund the military, yet you note that you want to fund the military—no force is necessary.

    That's not a contradiction either. It's good and proper to force rail providers to run their trains on time, yet I note that rail providers want to run their trains on time with no force necessary. Not a contradiction.
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Wednesday June 21 2017, @11:50PM

    by Anonymous Coward on Wednesday June 21 2017, @11:50PM (#529274)
    • The implication is that a government will do well by its citizens, but then that point is contradicted. In actuality, you cannot be sure, which makes suspect the whole idea of granting this one particular organization such a magical role.

    • The implication is that it's necessary to force people to fund a particular organization in order to ensure their defense, but the OP says he'd gladly fund an organization that is defending him—there's no reason that a government must be that organization.