Another day and another day we see escalations into the direction that was once called ‘No Such Agency’ and now regarded as the only server in the US that allows anonymous and the People’s Republic of China to get port 8080 access. Go figure!
As we see another article in the Guardian, this time the limelight shines on Dianne Feinstein, chairperson for the Senate Intelligence Committee. It seems that she wants to a complete review of the NSA (at http://www.theguardian.com/world/2013/oct/28/nsa-surveillance-dianne-feinstein-opposed-allies)The article leaves the doctors check on the pulse that listening in on several leaders of the allied nations is taking a dip for the worst. All this is shown against another reference towards Snowden’s disclosures. This picture is wrong in many ways. You see, the first two events might have had some work by Snowden, yet overall, when we consider the amount of data that Snowden has walked away with is beyond strange.
We could come to the following conclusions.
1. The NSA is completely oblivious to a silly little thing called Common Cyber Sense.
2. The NSA is completely oblivious to standard network security and logging.
Consider that SE-Linux is a NSA invention (OK, that was a strong word, but they were the driving force of SE-Linux). The first two issues show that the NSA either lost the plot, or they decided to hire a multitude of Americans with IT skills that seems limited to the connection that their child has a Nintendo!
Now feel free to laugh out loud, but consider the information. Allegedly listening in on conversations of the leader of a sovereign nation is not something one would admit to. This is not a bulk thing, this is specific. The fact that only a chosen few had that information would be the way to go. Consider any firm having a ‘second’ bookkeeping system. What are the chances that anyone but the CEO, CFO and the head of IT knew about that? That is just a ‘little’ tax evasion and commission increase. In case of the NSA they are alleged to keep phone records on most of their European allies. You think that this is NSA lunchroom conversation material? Snowden should never have had any access to it. So either the NSA system is completely broken, or we are dealing with something completely different.
3. The NSA has decided staff monitoring was not an issue?
That point is actually less correct, however when reading “Intelligence Authorization Legislation: Status and Challenges” at http://www.fas.org/sgp/crs/intel/R40240.pdf you will see on page 15 “the Intelligence Authorization Act for FY2013, passing the legislation by a vote of 14-1, and the bill was reported to the Senate on July 30, 2012. Among other things, S. 3454 as passed by the committee:” linked to this it states: “Requires the intelligence community to develop a comprehensive insider threat program management plan.” So after the Brits showed you in the 60’s that someone could be working for MI-6 and Russia at the same time, this was not clearly in place? (actually, such systems have been in place for a long time, yet the document seems to refer to ‘developing’ and not ‘upgrading’, which makes me wonder why the tax payer is paying for all these internal security officers.
Also, this was at least 6 months BEFORE there was Snowden, and all the members of the Alphabet Soup have their own Internal Security Officers. How come the NSA missed so many alert events? I can understand some leakage with the CIA. Those people are all over the place, hundreds of locations, thousands of involved people. So statistically, if only one person slips up a day, it would be a really good day for the CIA. If we compare it to the restricted, bundled and compact NSA, they seemed to have ‘loosened’ up its standards twice each 10 minutes. This does not add up!
If you question some of this (you should always do that, never take things at face value).
Then consider that the US Intelligence Community consists of:
- Air Force Intelligence
- Army Intelligence
- Central Intelligence Agency
- Coast Guard Intelligence
- Defense Intelligence Agency
- Department of Energy
- Department of Homeland Security
- Department of State
- Department of the Treasury
- Drug Enforcement Administration
- Federal Bureau of Investigation
- Marine Corps Intelligence
- National Geospatial-Intelligence Agency
- National Reconnaissance Office
- National Security Agency (<- free data access here)
- Navy Intelligence
And the massive amount of leaked information comes from just one of these groups. Now let me make a jump out of the box. Consider the picture I have shown you and consider that the NSA was mostly invisible before the 90’s. Now, nothing remains invisible forever, yet, the step from unknown to open source is a mighty leap. Is it so weird that we should look into other directions?
What if Snowden is not the person he claims to be? I personally still believe he is a joke at best, a patsy at worst. What if the leak is NOT a person? Consider the amount of data that SIGINT parses. What if the Echelon system was compromised? Is someone having a backdoor into the SIGINT satellite system not a lot more likely than one person walking out with Gigabytes of data, through the front door of one of what used to be regarded as one of the most secure locations on the planet? Yes, these satellites are supposed to have top level encryption, yet in 2004 two Chinese academics wrote a paper on how such levels of encryption could be broken. That was 8 years ago!
This would mean that Director James Clapper has another issue on his plate. Getting into an intelligence satellite is supposed to be really hard, so was there an ‘open information supporter’ when it was build? Is there a security flaw in its logical system? Is this option so much more unlikely then a person, who was according to several magazines seen as “The CIA believed Snowden had tried to access classified data that he wasn’t authorized to view. Based on this suspicion, the agency decided to send Snowden packing.”
So that person made it into the NSA? Even if that was the case (which it was), would this person be allowed to remain unmonitored and get his hands on the amount of data that is now all over the Guardian editorial?
Not even the US could ever get to be THAT dim! Now consider what I said at the beginning, the CIA flagged him accessing data he was not cleared for. Do you think a mere technician had access to the phone data collection of not one, but a host of national leaders. Top Secret information that would have been limited to an absolute minimum number of people.
The numbers do not add up and it seems that nobody is asking the right questions.
Lawrence van Rijn - Law Lord to be 