Tag Archives: Edward Snowden

July 4, 2013 · 13:35

The Snowden principle

From my point of view we are dealing with the air that is getting slightly thick and foggy at the moment. The Edward Snowden issues are escalating and not in a good way.

This view became apparent as a flight carrying the Bolivian president was forced to land at the Vienna airport. This situation becomes even more ridiculous as “Bolivian officials claimed France, Italy, Spain and Portugal had refused to let the plane cross their airspace over ‘unfounded suspicions’ Snowden was on the jet.” Source: http://news.sky.com/story/1110864/snowden-not-on-bolivian-presidents-plane.

These nations not only knowingly hindered a presidential flight. The fact that this was all about ‘a rumour’ seems to be a clear case that the intelligence community is BLUNDERING on several national levels (including those of the commonwealth). So, basically as we read this we can conclude that as the flight time from Moscow to Vienna is a little over two hours, that including take off and all, for 3 hours no one had a clue where Snowden was. Do they know where he currently is, or are they only suspecting it? Why is all this getting bungled to the extent it currently is?

I would also like to add that it was a presidential flight; it was carrying the Bolivian president Evo Morales. The fact that this had been done, how long until US Air Force One will, on suspicions be forced down in the same way (just to check)? This is a step that should never have been allowed, whether Snowden was or was not on board.

The simple truth is that this plane had no way to make the flight in one go, so it would need to refuel in more than one place. If those countries had an extradition treaty, he could have been detained at that point, as this was a diplomatic flight, this level of breach of protocol will have far fetching consequences.

If this was about getting Snowden and if I had the call, I would have ‘accidently’ (really accidently mind you!) soured the ‘milk’ at the refuel post and offered a replacement plane (with the most humble of apologies of course). The fact that they would have to relocate to another plane gives an option that Snowden left the plane and then he could be arrested as diplomatic immunity could not have extended to him. Was that so hard a scenario to concoct?

Personally I am all for getting Snowden to the US within the boundaries of the law. This act was not one and there is every chance that heads will roll on several airports in response. The acts transgressed are clearly against the diplomatic convention.

That danger can be found in the ‘Vienna Convention on Diplomatic Relations 1961’, Article 22, s3. The premises of the mission, their furnishings and other property there on and the means of transport of the mission shall be immune from search, requisition, attachment or execution.

So in my mind I am wondering which brainless individual was responsible for that little caper. And I am actually pointing my finger at the US State Department at this point. France, Spain, Italy and Portugal made the error of barring a diplomatic flight from crossing their airspace and all at the same time? No, I do not think so. They were called, but called by whom?

In my mind, the Snowden principle is not just out of control, it is now leading us to questions we never expected to ask. The US intelligence budget has been in excess of 240 billion over the last 3 years. We have had 2 severe intrusions of data intelligence, the appearance that the NSA has a flawed HR system and now we have someone overruling diplomatic rules creating international scandals. It is likely that the last issue was driven by the US State department, yet, they should be aware of protocol, which takes us back to the intelligence community. Oh and lastly, for several hours the whereabouts of Snowden remained unknown, whilst that person was known to be in a specific building in the hours leading up to this.

Personally it seems to me that those on the hunt of the Wicked Warlock Snowden are just not thinking straight.

Classes of Classification

I was about to do that horizontal thing (sleeping, in case you wondered), where one is in a natural state and loudly snores like the local sawmill! I was actually looking forward to that event. It is almost 00:30, so I need to get up in about 5 hours. However, Sky News stopped that idea pretty quick.

The reason is that the news just showed me a part involving Edward Snowden and more information he ‘leaked’. In this case it was all about spying on the EU diplomatic mission and how that was ‘strictly confidential‘, roughly 0.0324 seconds later I was more than wide awake and started this blog.

So what are the issues? Well three come to mind, but the third one is for a little later down this story.

So the first issue is the classification. No matter, whether the documents were from the CIA, NSA or Alphabet Soup Incorporated. There are levels of classification. Confidential is a lower level. Apart from the issue that there is an issue that the diplomatic integrity of an ally was ‘transgressed’ upon, is there actually any reason why such information would not be Secret or higher? I would even think that this would be Top Secret level information and as such that information remains with a small (read extremely small) group.

Let’s take a look at this ‘Strictly confidential’. I do not have the rules that the NSA applies, but I was able to get the protocol from a World Bank document as to how this is treated. They might be kids play compared to the NSA, but you will get the idea (and I have to start somewhere).

Information and documents that are deemed to be of a highly sensitive nature or to be inadequately protected by the CONFIDENTIAL classification shall be classified as STRICTLY CONFIDENTIAL and access to them shall be restricted solely to persons with a specific need to know. The staffs of the Institutions shall establish a control and tracking system for documents classified as STRICTLY CONFIDENTIAL, including the maintenance of control logs. Documents classified as STRICTLY CONFIDENTIAL shall be:
(i) marked with such classification on each page;
(ii) kept under lock and key or given equivalent protection when not in use;
(iii) in the case of physical documents, transmitted by an inner sealed envelope indicating the classification marking and an outer envelope indicating no classification, or, in the case of documents in electronic form, transmitted by encrypted or password-secured files.

So if we consider the digital version, and consider that most intelligence organisations use Security Enhanced Unix servers, then just accessing these documents without others knowing this is pretty much a ‘no no’. EVEN if he had access, there would be a log, and as such there is also a mention if that document was copied in any way. It is not impossible to get a hold of this, but with each document, his chance of getting caught grows quicker and quicker. He did not get caught, not for many megabytes of duplication.

So, whether these events were true or not, there is now an issue. Not with external trust, but from my point of view with internal trust. If he remained undetected, then several alphabet groups have IT issues of an unprecedented level. Could this even be remotely true?

The second issue is that like any Intelligence organisation like the GCHQ for example, most people are assigned certain areas. The fact that Edward Snowden had such a wide access is more than questionable. The fact that the press seems to just take whatever he serves up with a certain air that whatever Edward Snowden claims is true should also be looked at. In my view it does not. Especially when we consider that he is stuck in some Russian airport terminal awaiting the option to ‘escape’ to Ecuador. You see, his access raises too many flags. It does not matter whether he is the IT guy. The NSA has dozens upon dozens of them, and as such, the fact that he was able to syphon off such a wide area of information (and get it out of the building) seems to be an issue that no one is too investigative about.

What is this all about? That is the question we should be asking. All these events do not add up. This is not some FBI leak (no attack on the FBI). This is a group that was referred to for a long time as ‘No Such Agency‘. The fact that he passed all kinds of interviews befroe the job (on psychological probing levels far above most can imagine), a man who ‘just’ walked away with the kitchen sink and a USB drive loaded with tagged documents. It does not add up in my book.

Now we get to the third issue.

If some amount of this data would be rock solid, then the US has an intelligence community that is leaky as a sieve.

1. A disillusioned intelligence operator gets a job at a department even more hush hush then the CIA and the psychological interview does not raise flags considering the conditions he left the CIA?
2. That person gets access to information on several levels and from several branches and no one is the wiser. More important no flags on these secure servers are tripped?
3. This person gets the goods into Hong Kong, then casually flies into Russia and now is waiting for his flight to Ecuador, whilst at the same time US extradition groups (according to Hong Kong media) drop the ball in getting a hold of Edward Snowden?

Is no one suspicious on what is going on? I for one see reason to distrust several sources at present.

Looking back, Julian Assange got access to his documents though military channels. There have been less than positive issues with the lack of Common Cyber Sense in several military areas. The fact that those events happened outside of the US and under military field conditions where certain security measures are hard to uphold is understandable. That does not make it right, but the circumstances were pretty unique. The fact that someone walks out of places like the NSA or GCHQ with a USB filled with all levels of information is an entirely different matter.

If we accept this article by Sky News as true http://news.sky.com/story/1109739/snowden-spying-claims-us-bugged-eu-offices, then we could be in for a rough ride.

In the end, reality is that spying goes on at all times on many levels (as stated by Mr Reardon on Sky News UK). Mi-5 tries to keep an eye on what the CIA does in the UK, the FBI keeps tabs on MI-6 in the US and none of them care what happens in Australia. Works for me!

So the fact that the CIA is keeping tabs on the EU makes perfect sense, especially with all those new states getting added. However, bugging the hell out of all these buildings is not that productive overall (as there are other sources to these kinds of information). So is the reality that there were just 2-3 bugs (the German Spiegel was aware of one of them) and some document Edward Snowden had just adds loads more?
What Intel does he have that is actually reliable? Are we being run by some wannabe laying it on thick hoping for a nice fat pay check? I wonder what happens now that Russia and China both lack interest (and Ecuador is not that appealing if one lives there without money). So what of Edward Snowden? Sky had another article on that. http://news.sky.com/story/1109235/whistleblower-snowden-may-return-to-the-us. In this article the father is afraid his son is being manipulated by different parties. Even by WikiLeaks. He might return to US if certain conditions are met.

Conditions? For a traitor? And next they claim that all politicians are straight shooters too!
Well, for those who believe that, I have a bridge to sell you, GREAT view on the Tower of London!

Who are the real watchers?

It is 02:00, I slowly move into the building that is owned through puppet corporations. The true owner is no one less then Vladimir Kumarin, the most powerful man in St. Petersburg. Entering the building is relatively simple. I avoid the guards, one almost saw me. It is tempting to use sentry killing, but the body will be found. There can be no trace. I install the small remote webcam. Hacking into his wireless router is relatively simple. It is military grade, but my link to the Cray Titan in Langley soon has that fixed. The router got hit by 400,000 requests a second. It cries for its mamma in less than 7 seconds, a new record. I am in and ghost accounts are set up less than 15 seconds later. The scripts run without a hitch. a low tech wireless microphone is set up 3 minutes later. That is the one they will have issues finding, but it will be found, so the rest remains invisible. I leave silent as the night, no trace left and less than 2 hours later I look like a drunk American exchange student studying in Sweden, on a train to Helsinki.

Yes, it reads like such a nice story, but none of it is true! Thinking of Splinter Cell’s Sam Fisher, I am not even that good a spy writer, so I will leave that skill to Mr Clancy. The closest I get to action is the Xbox360 edition. Suits me just fine!

If we look at today, then all we need is a little box that fits into the palm of our hand. We sit in a coffee shop where the ‘privileged young executives’ tend to show off their expensive mobile, laptop, slightly overcharged suits and they look for that young lady dressed to… ‘Impress’. He then logs in does some basic wizardry stuff and considers himself in the running for a possible afternoon of great sex. That was his plan, will she bite? Nearby is a guy who no one notices. He wears a polo-shirt, likely cargo pants too, has a crossover bag and is typing on his laptop. He looks like many Uni students that get casually ignored. He was waiting for the guy (or anyone like him) to show off. He did just that, and less than 3 seconds after the information is typed in, he has link and login details. He now knows what network he can invade. Perhaps the young executive is lucky and he is of no value. If not, his account is broken down and thousands of dollars on internal communications, price agreements, customer’s details and many more details are now duplicated. It would be worth quite a few coins for the right competitor. As such the quiet student will have all his Uni debts paid off long before he gets his degree. So, what is this about?

You see, the Guardian today is having another go at the intelligence industry. I am referring to http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa. Here they discuss several acts that GCHQ has allegedly involved in. My issue is with this part of the sentence “process vast quantities of communications between entirely innocent people“. Is that any different from what Social media and market research is doing? Let us not forget it is all about the latter part of that same sentence “as well as targeted suspects“.
If there was a way to just focus on that 0.0003% of that population, then it would be easy. But life is not that easy as we learn ourselves on a very daily basis. The only issue I truly have with that article is “Snowden told the Guardian. ‘They [GCHQ] are worse than the US’”. Really Mr Snowden? Let us go over those facts again. First he betrays his country. He is not some guy who got into the thick of it. He first does not make it past basic training. He then gets a chance to serve in the CIA (whomever gave him that brake is truly regretting that act I reckon). He then walks away and joins the NSA. Is there anyone not having any questions at present? So, he knows what is required and then he walks away and not just to anybody. He runs off to Hong Kong. In my mind, he must have thought that the Chinese cyber division would want to offer him a cushy job. But these boys would see through him in no time. Those savants know every in and out of every bit a Cisco system routes, how it does that, why it does that, and where the threats are. Snowden does not instil that level of ingenuity to me. So again, he did not go to some non-extradition country out of conviction (like Ecuador), no he went straight for the ‘enemy’ and is now allegedly enjoying Borsjt and Blackbread in Russian company.

Let us get back to the issues that really matter. This is not about those who claim to be ‘entirely innocent’. This is not even about your average criminals that much. GCHQ is one part to keep England safe. As described earlier, security is no longer done through a backpack full of tricks. The bulk of today’s danger comes to individuals we know not where, and it arrives to them in the simple form of a message. It could be an e-mail, an SMS or even a chat message left on a gaming site. To find them GCHQ needs to get to them all. Do you think they read these messages? That is not humanly possible, every second internet information is created that would take one person a lifetime just to get through. So it becomes about flagging. We can look at two flags. 1 flag is green and is zero threat. That is well over 95% of all communications. This also includes all the dicey and spicy spam messages we get. In effect, they know where it came from, where it is going to. The people they seek are of a different variety. They are all about not being able to detect, or to detect the origin. That is already less than 0.3% of all these messages. Then we go on and on. 1% out of that 0.3% is now a possible threat. Is it? They do not know yet, but the amount is now so small, they can actually start taking a look at the facts. Even then it could be harmless, yet many millions were crunched into less than 1000. That group might be part of the second flag. Even that number is still too high. As time progresses more is crunched and then those people at GCHQ will really go to town and pass on what might be a threat. So, was there an issue? You might think that it is, but if you are entirely innocent then the chance that they saw your data is actually so small that winning the lottery has a much better chance. Do I worry? Hell no. My usage is even less than that. Many download movies, some download pirated games. None of that interests the Intelligence community. They want to learn one thing. Where is the threat to us coming from?

The bulk of us will not even register on their radar. If we rely on the numbers in the article “By May last year 300 analysts from GCHQ, and 250 from the NSA, had been assigned to sift through the flood of data.” that is 550 people to sift through amounts of data that is so much that 1 minute of generated internet traffic will require them all to work their entire careers to sift through that much. Reading our emails? We are just not that important and we likely never will be.

If you are worried, then worry about real threats. The real non-terrorist threat out there today, are the many normal people, not using Common Cyber Sense as they use free internet to do what they need to do from the comfort of their non-desk. Those are the people endangering YOUR data, because they are out to get some personal gain.

1 Comment

Filed under Media, Military

Tagged as Chinese, Cisco, Common Cyber Sense, Cray, Cray Titan, Edward Snowden, GCHQ, mobile laptop, NSA, Russia, Sam Fisher, Snowden, Tom Clancy, wireless router, xbox 360

June 11, 2013 · 15:44

The Hunchback of the NSA

We have been hearing information in this regard for some time now. I added my thoughts in my last blog, and as this is such a growing story, let me see if I can add some details to this by looking at a few issues from another side. (Source: www.NOS.nl , www.Guardian.co.uk , et al).

Edward Snowden, His view is that it is up to the people to decide what is to be done. Is it?

2003: Edward joins the Army to deploy to Iraq. He suffers injuries during (basic) training and cannot continue the training.

200?: Edward has been selected into the sanctum and becomes an IT specialist with the CIA, placed in Geneva. Well, that is a nice handle up from basic training isn’t it. Some people dream of opportunities like that all their life.

He gets a dose of disillusionment. (Not my words, just quoting here). The CIA methodology does not sit well with him. As a data analyst with a few decades of experience, including some not to mention data depositories, I can tell him now, that there is method to their madness. I know where he is at this point, because when it is all about data cleaning, integrity checks and verification, whatever you do feels like carrying a bucket of water towards the ocean, but hey, that is what it is. He then decides to quit. That is fair enough! Not all are meant for that lifestyle (including unappreciative bosses that we see by the container load in the commercial world), and as such we should recognise that some of these jobs have a decidedly larger chance of burning out.

2009: He joins the NSA. Really? After he left the CIA? That is an interesting step. Especially knowing that one worries you, the other would not?

Well Edward, this is what you signed up for! But fair enough, you wanted to give it a go. He then becomes NSA’s own Arnold Benedict. Oh joy! (I say in a slightly sarcastic voice) and he ends up feeding the information to the PRESS. I will add that this is slightly better than dumping all this on Wiki-leaks. I will also applaud him for going to the Guardian as I personally see these people as slightly more devoted to Ethics then anything Rupert Murdoch has at present in my humble opinion. Still, Arnold, oops, I meant Edward goes out into the limelight. Consider that his job was to make sure that the American people remained safe. Did he? Many people including terrorists knew this was likely to happen. Now they have confirmation and they might employ new methods, making it harder for the NSA to find them. So who did Edward Snowden actually service? From my point of view it was not the American people. Oh, and Hong Kong of all places? It seems to me that he preferred to be bankable to several potential donators. (But that is just my view).

The NSA has an uncomfortable job that must be done. The terrorist (or perhaps better stated the extremist) threat is real, and as such organisations like NSA, GCHQ and DSD need to look at information as it flows to keep its citizens safe. There is an ugly looking sterile approach to information. It has no emotion; it is simple collection of data. Yes, if anyone gets the wrong phone call we could be checked. Yet, the data is up to a point so complete that these organisations can easily see whether this is a fluke, or if there is more. Is that not the best solution? Most people have this illusion that we have some kind of privacy. The reality is that our information had been collected and data mined by large corporations well over a decade before governments started to collect data.

Do you think that I am kidding?

Take a day in your life. You fill up the tank at a gas station. You use your tank pass to get the 3% extra discount. You pay with either ‘their’ card, or your card. Nowadays it is rare that people pay cash. You go to work. Lunch means that you get lunch at some place. You get a snack and you get 1-2 extra items. Anything at these points that have a pass, or card is in 70% of the cases collected data. Now you go home, get dinner, use your customer loyalty card and you go home. Whenever you did not use cash (and in some cases even if you did) your details were recorded. EVERY day of your life! Whenever you use your mobile, your mobile carrier knows roughly where you are (with some smart-phones they know exactly where you are). All that data has been collected in one way or another.

Yes, even beyond what Orwell contemplated, you are a data collection point, you are marketable!

This is the ugly reality that has been happening since even before 2001. The big problem for you is that many of these companies need to survive, they need revenue, so to survive and you are for sale. Whatever you did is for sale. No matter the amount of cleaning you think they do. It takes but one linkable fact to your raw data details to know exactly who you are, where you are and where you are likely to go. People like the NSA only want to know whether you are a danger to the nation and the people around you. Are you? The others want to make money off you? Only you know how ‘dangerous’ you are, the others want you to spend cash where they like it. It is a never-ending story of greed. So who do you really need to worry about?

So when we see the news on how politicians are all about worries, all about what was done, then ask yourself, what questions have they been asking, investigating and contemplating when it came to the data handed by all to commercial facilities.

Getting back to Edward, whatever his views are. If he was TRULY for the people, and TRULY doing something to make the world better, then he would have done something about the real issues and all those e-mails from bankers and so on. That did not happen, did it? Didn’t Julian Assange ‘vanish’ to Ecuador before he could make good on that promise? So when people are driven by who hold the usage of their credit card, what do we call them then? As for bankable matters, seems that his move to Hong Kong could be all about bankability, but who is banking who?