It is so difficult to parse this kind of article. We don't know if the sources are actually from the intelligence community, or politicians who are being fed a narrative by actual intelligence sources.
My hunch is that these agencies are compromised by hackers and most of this is a response to that in one way or another. Just this week we found out how security-clearance information has been extracted by attackers. This include records of “foreign contacts”—lists of non-U.S. officials that a person might know or have relationships with [1]. But maybe just blame everything on Snowden!
It's not the first time security clearance information has been exposed. Back in 2014 several of the contractors who do background investigations had breaches.
We haven't seen any proof in the OPM case. And I don't think any journalists reporting it have been made privy to any proof that's gone unpublished. Maybe I'm wrong, but every story I've seen just regurgitates what officials are saying. Meanwhile they're pushing for stronger "cyber security" legislation and trying to stoke cyber fears as the country slowly recovers from the collective 9/11 PTSD.
My thoughts exactly, I can't find the link now but last night someone published this story that linked to a photo image of the printed page and I thought it was a joke.
Made me wonder if some groups in gov't were either A) getting a little uncomfortable with all the heat on the survelliance programs or B) needed public pressure to pass more restrictive laws and decided to make up some claims to get public opinion back on their side. Any way you look at, articles like this one are why I stay away from mainstream news sources.
Mainstream media sources about most topics are propaganda, plain and simple. You can call it marketing, you can call it public relations, or you can call it propaganda. Same god damn'd thing. The news is simply a good way to know what the opinion leaders want us to think about various things.
If there's any truth at all to the allegations, a much more likely scenario is the Russians and Chinese have either turned other NSA contractors, or have entered NSA computers via contractors' computer networks (see RSA SecurID breach).
Anyway, which idiot put the names of field agents on a computer which is accessible to contractors?
If I were a betting man, this is what I would go with. I imagine the Chinese/Russians are rigorously reviewing all the foreign contacts listed on the SF86 and checking that with whatever database their governments maintain for suspicious persons. I'd think they would be building a web of who's who that has contacts with clearance-holding Americans.
if i were playing the black hat, i would have targeted the reporters who have the document dump. they are least likely to have the technical know how to keep it secure. i think i recall that snowden gave them some instructions around how to access/keep safe, but i suspect when you have government agencies specifically targeting you, it becomes quite difficult even under the best conditions
But that dump is now 2 years out of date. Turning a current NSA contractor, or (even safer) just attacking an insecure network from afar gives them the up to date information.
While I absolutely agree with you, I'd like to point out that in the real world of armies and politics, 2 years is not fresh but definitely not out-of-date.
Military and diplomatic careers last 20 years (especially among people that matter). And things reportedly in the OPM breaches, such as medical and psychological issues usually stay relevant for even longer than that.
If I remember correctly, Snowden himself said in Citizen Four that intelligence agencies use aliases for assets and not targets. Which would mean that if any agents had actually been named in the docs, their masters saw them not as assets but as potential targets, which is damning unto itself.
Occam's razor. We know that someone recently stole the exact information they are complaining about being exposed. This is probably how the agents were compromised.
A lying anonymous government source (from one of the governments that has anonymously lied to us so many times in the past) is far more plausible than some bizarre 2 year delay and subsequent cryptographic breakthrough by the "Chinese and Russians" (who are now allied?).
The Sunday Times story is the same kind of bullshit journalism unleashed on Scots during the Independence Referendum and on the run up to the 2015 general election - "Independence Bad" "Too wee, too poor, too stupid", "SNP BAD" "Subsidy Junkies!" etc.
Over the past two years, I think rather fortunately, the Scottish electorate learned how to read newspapers with a great deal of scepticism. The indyref, despite resulting in a "No" vote (by just 6%) did however have the benefit of making our electorate more informed and more likely to question what they see printed by the metro-London press machine, and the shoddy journalism and reporting by the BBC in Pacific Quay (BBC's Scottish branch office).
And that's no coincidence: the prospect of Scottish independence was seen as a grave threat to the United Kingdom by HMG; so, yes, they conducted information operations against it.
I am quite sure that seeing the results that the SNP got in the General Election, however, may give them pause for thought about how such things may backfire.
And yet, they still aren't learning their lesson - from either the indyref or GE2015. Early polling suggests that the SNP will probably take all or most the constituency seats in next year's Scottish Parliamentary elections, and probably a good chunk of the list seats, resulting in an even larger majority for the SNP (in a system designed to prevent this happening).
Meanwhile in the face of this the unionist press continue unabated with the same shreaking and yelling about how shit Scotland is and that "you've had your wee moment of fame" and we should "just shut up and dae whit yer telt". The debate over Full Fiscal Autonomy being the current example [0].
> (...) I've reviewed the Snowden documents and I've never seen anything in there naming active MI6 agents.
Which documents does he mean? The ones that have been published so far? Or has he access to all of them and looked through them all (if so, why weren't they all released by now?)?
He works at the Intercept so presumably as seen the real set of documents held by Greenwald. The aren't all released for obvious reasons, not least because the source said they shouldn't all be released.
Not only could it be a cover up campaign to divert attention from recent unrelated leaks, it is more likely to be preparing the British public to accept new laws to increase surveillance - the so called Snoopers Charter.
The Sunday Times, and the weekday Times, cast about for relevance these days since their content is not available online. Hence big splash stories with little substance like this, to keep their name current.
Let's set aside the question of whether what Snowden did was right or wrong for a moment, and look at the situation objectively and logically, and taking into account the NSA's perspective.
I think we can safely assume that, when the Snowden story broke, the NSA had no idea what documents he had taken. Even today, they may not know for certain[1] (except for the 58,000 documents David Miranda was carrying when he was detained in Heathrow). From a damage assessment perspective, all they could do is look at what he had access to, and assume that he took it all.
The first few stories that emerged were about Verizon and Prism. At that point, it looked like Snowden was whistleblowing about NSA surveillance of Americans. However, he then revealed details of NSA operations targeting Hong Kong and mainland China[2], including IP addresses[3].
At that point, it became clear that Snowden was not going to limit himself to revelations about domestic survillance, and that he had downloaded and was prepared to release details of foreign operations. If he had the IP addresses of targets, it seems plausible that he would also have information that could potentially be used to identify intelligence officers. It is probably somewhat less plausible (but still not beyond the realms of possibility) that he would have information that could be used to identify HUMINT sources (i.e. "agents").
Greenwald later said that “What motivated that leak though was a need to ingratiate himself to the people of Hong Kong and China”[4]. Snowden was later allowed to leave Hong Kong, despite an extradition request from the US[5]. Some suspect that China was able to copy the contents of the four laptops he took to Hong Kong[6].
So, from the NSA's perspective, they're dealing with a guy who stole operational details about operations against a foreign (and, from their perspective, hostile) power, and released that information "to ingratiate himself" with that foreign power.
So when, after having been stuck in Sheremetyevo Airport for more than five weeks, Snowden is granted asylum by Russia, it would not be unreasonable for the NSA to suspect the possibility of some kind of quid pro quo deal.
While Putin would probably have been happy to grant Snowden asylum anyway, just to embarrass the United States, I think it's safe to assume that Putin would have sought to obtain as much advantage as possible from the situation and I, for one, can easily imagine him threatening to return Snowden to the US if he didn't cooperate.
We only have Snowden's word that he didn't share anything with the Russians (or the Chinese, for that matter) and, from the NSA's perspective, Snowden's word means nothing - as far as they're concerned, he already lied, stole and revealed sensitive information to a hostile power, so they have no reason to trust anything he says.
However, let's set Snowden's trustworthiness aside for a moment and look at how else his archive may have ended up in the hands of the Russians or Chinese.
We know that large portions (if not all) of the archive were handed over to Greenwald, Poitras and various newspapers, who wrote stories based on the information contained therein, redacting information as they saw fit. For example, the location of the GCHQ monitoring station in the Middle East was initially kept secret by the media[7] but was subsequently revealed by Duncan Campbell[8]. We also saw Guardian staff redacting slides for publication in Citizen Four.
Would foreign intelligence services (FIS) have sought to obtain a copy of the archive that was held by those reporters and newspapers? Almost certainly. Given their capabilities and resources, would a FIS have been successful in that endeavour? I would say "Probably".
It also emerged that Snowden had distributed copies of his archive (by which I mean the entire archive, not just the subset that was handed over to the journalists and newspapers) to various people so that they could be released if anything happened to him[4]. Allusions were made to it having been encrypted but, at the end of the day, the key is out there somewhere. We know that at least one of the people involved was not particularly good at operational security (c.f. David Miranda carrying the password for an encrypted file on a piece of paper[9]) and was susceptible to being pressured into giving up information under interrogation (c.f. David Miranda's disclosure of his passwords[10]).
What are the chances that other people involved, whether couriers like Miranda, or the individuals to whom Snowden distributed copies of his archive, have been identified and targeted by FIS? Given the value of the information in the archive, it seems likely that they would be prepared to devote a fair amount of resources to such an effort. Knowing what we do now (thanks to Snowden!) about the capabilities of the US and UK intelligence services, and working on the assumption that the Russian and Chinese intelligence services must possess similar capabilities, it doesn't seem to be beyond the realms of possibility that such an effort could have been successful.
So, there we have three potential "attack vectors" by which FIS could have obtained a copy of the archive: from Snowden himself, from his media partners, and from the people he gave copies to.
If you're a decision-maker at the NSA or GCHQ and you know that Snowden had access to information that could be used to identify an intelligence officer or agent, you have a choice to make: Do you assume that (a) Snowden stole that information and it has ended up in the hands of a FIS (in which case your guy is at risk), or do you hope that (b) either he didn't steal it, or that, if he did, it hasn't been acquired by a FIS?
The story in the Sunday Times suggests that they went with (a).
> The story in the Sunday Times suggests that they went with (a).
Is that an agreement with the The Intercept's claim that the Sunday Times will publish, without fact checking, anything the UK gov asks them to? [1]
Surely the logical, standard sequence for a story such as this would be:
1. GCHQ et al. make a statement.
2. Journalists review that statement, and give due diligence to determining the statement's accuracy.
3. Publish an unbiased article with their findings.
It seems that step 2 is missing completely, and therefore step 3 (already an idealistic goal) can never happen.
> let's set Snowden's trustworthiness aside for a moment and look at how else his archive may have ended up in the hands of the Russians or Chinese.
There is no evidence that the unencrypted Snowden archive is in the hands of the Russian or Chinese governments. Claiming otherwise is pure speculation.
> Let's set aside the question of whether what Snowden did was right or wrong for a moment, and look at the situation objectively and logically, and taking into account the NSA's perspective.
By definition, if you take into account the NSA perspective, I don't think you're being objective (nor logical).
> However, let's set Snowden's trustworthiness aside for a moment
I think that's really a bit of an attack with a strong suggestion of untrustworthiness which you're pretending to not comment on whilst actually reinforcing a claim of the NSA/US/UK Government - for some reason the UK seems to be most strongly critical of Snowden from my experience.
> We know that at least one of the people involved was not particularly good at operational security
You refer to David Miranda but omit to mention that it was MI5 in the UK who put the pressure on. You were front and center will accusations against the Chinese and Russians but strangely it's Snowden's fault when it's the 'friendly' UK doing the pressuring.
From a strategic perspective, there was little 'lost' by giving MI5 the files since they would already have had access to the material (so it tells them nothing new) and would know from their own access logs that Snowden had them (so, again, nothing new gained). I understand Miranda handing them over as, in the UK, he has no prospect of protection by the courts (which, paradoxically, he possibly would have had in the US). The encryption alone would be sufficient to jail him for many years in the UK and it was value-less to resist.
If you didn't have a reasonable karma, I would think your comment was carefully placed propaganda/character assassination on behalf of a TLA.
I don't think it serves anyone to take such a biased position on Snowden and side with the governments who have created such a massive breach of privacy on the bogus claims of protecting us from terrorists (something which they have miserably failed in).
As other comments have already made clear, the information breaches as much more likely to have occurred through other security breaches and hacks - publicly disclosed - than through the Snowden files. At nation-state level, you can be pretty sure a large proportion of classified material is generally known. Effort is only made to keep the really sensitive stuff secure and, from breaches like the vetting records, we know that's probably little more than a hit-or-miss affair.
No, he denied having "spoken with, worked with, or provided any journalistic materials to the Independent."
Duncan Campbell has explicitly said that the information in question was in "documents revealed by Edward Snowden to journalists including Glenn Greenwald" and implies that the Guardian opted to not release the information as part of the deal with the UK government[1].
It is transparently made-up BS on every level, down to "encryption is magical so you should give us more security powers to protect you from evil wizards."
People have been praising him a bit much recently after various governments have been reigning in the surveillance communities. I suspect this is a part of a campaign to keep public opinion against him.
I expect as a security contractor, Snowdon knew how to encrypt things securely. The NSA were for ages saying they didn't know what was in the files, and I expect if the Russians and Chinese can crack no doubt heavy grade encryption, the Yanks can too.
Given what they were accusing wikileaks, Manning and Snowden of there should be. But I don't see anybody standing up yet and taking responsibility publicly for being so terribly sloppy with all this information. Much easier to blame the people we already know about and who the government has a score to settle with.
Another question missed to date by those looking at this article is that if the Chinese and the Russians have cracked this archive of data how come the United States is still in the dark about what exactly was taken (which they've admitted they do not know) and that they implicitly claim to have a full copy of the archive in readable form as well (otherwise the UK government could not make the claims they're making here).
So what, they got those documents a long time ago, that's not the same as suddenly claiming access to a 1M+ documents archive unless something has dramatically changed and there isn't a shred of proof for any of that.
Another question missed to date by those looking at this article is that if the Chinese and the Russians have cracked this archive of data how come the United States is still in the dark about what exactly was taken (which they've admitted they do not know) and that they implicitly claim to have a full copy of the archive in readable form as well (otherwise the UK government could not make the claims they're making here).
I'm merely pointing out that the UK retrieved a subset of the archive when they detained Miranda. Therefore, the US/UK don't necessarily need "a full copy of the archive in readable form" to be able to come to the conclusion that the full archive contains information that would compromise ongoing operations. If the 58,000 documents they got from Miranda contain any such information, it inevitably follows that the full archive must too.
And again, no proof was presented to indicate that this is the case. But who needs proof when anonymous quotes are all that's needed anyway. For all you know the 'journalist' (for want of a better word) could have sucked this whole story out of his left thumb and you still wouldn't know the difference.
> And again, no proof was presented to indicate that this is the case.
That what is the case? That the full archive contains information that would compromise ongoing operations?
We already know that the archive includes operational details. For example, the IP addresses of NSA targets in Hong Kong and China that Snowden released[1] in order to (as Greenwald put it) "ingratiate himself to the people of Hong Kong and China”[2].
Besides, if the archive didn't contain any such information, why didn't he simply dump the entire archive onto the Internet, WikiLeaks-style? I seem to recall that the stated reason for releasing it through newspapers was so that they could redact any such information before publishing it.
Despite that he brought no files with him from Hong Kong, I can readily accept that the Chinese or Russians obtained the files from someone else.
The term "black bag job" commonly means stealing a codebook. Spy movies depict Peter Gunn breaking into an embassy then cracking a safe.
Real black bag jobs are such social engineering as when the Pentagon ordered the commanding officer of Midway Island to request a replacement for the base's broken water desalination plant:
"$THE_ISLAND_WERE_ABOUT_TO_ATTACK needs a new desalinator" reported a japanese spy.
Nobody (especially in the HN echo-chamber) wants to entertain the idea that what snowden did endangered hundreds of people directly, and the entire US indirectly, by leaking what he did. It is truly amazing to read the rationales on here avoiding this idea.
For me I wouldn't say that you have to be blindly accepting of the good of what Snowden did to be critical of this article. It lacks anything beyond the claims of a single unnamed source with absolutely no back-up. That's not good journalism regardless of the story that's being run.
Also the timing of this story is odd, to me. Surely any changes to the operational procedures of the american and UK agencies in question would have happened immediately they realised they lost control of the documents (two years ago), and they wouldn't wait around till there was evidence that Russia/China had decrypted them?
So why a story now in June 2015 about this?
As to the harm/benefit of Snowdens actions, I think it very much depends on who you are and your role as to your perspective.
From the perspective of a non US citizen it has shone a light on what a "friendly" government considers an appropriate level of spying on its allies and clearly shows that all governments are engaging in "offensive" operations on IT systems, and the lengths that they'll go to to achieve that goal.
Given the context (national/international security) is that really surprising? People who have their necks on the line aren't jumping out of the woodwork to comment? C'mon, think.
> changes to the operational procedures of the American [you had a typo] and UK agencies in question would have happened immediately
If you're an intelligent person (and I would like to assume you are) changing policies on a dime, esp. when it comes to govt. policy, doesn't happen in a day, or even a year. I think everyone reading this knows better than that. That is a weak argument.
>As to the harm/benefit of Snowdens actions, I think it very much depends on who you are and your role as to your perspective.
No shit. If you want to harm the US, its not a negative action. Else, its a goddamn negative action. I'm trying really hard to figure out why else you would make that argument.
> From the perspective of a non US citizen it has shone a light on what a "friendly" government considers an appropriate level of spying on its allies and clearly shows that all governments are engaging in "offensive" operations on IT systems, and the lengths that they'll go to to achieve that goal.
Imagine what non "friendly" governments are doing.
> Given the context (national/international security) is that really surprising? People who have their necks on the line aren't jumping out of the woodwork to comment? C'mon, think.
No, you really need to do a bit more thinking. A journalist shouldn't just publish what an anonymous source says without corroborating their story with other evidence. You can keep your source anonymous, but they need to provide some physical evidence or you need to confirm it some other way.
Exhibit A, how Greenwald handled Snowden. Every story he had was based off documents provided that could be examined and published as evidence. Everything was based on physical evidence collected by Snowden, not just some stories he told. If a journalist just took anonymous sources stories at face value w/o evidence anyone associated with an intelligence agency could feed in false information whenever they... oh wait, could that be happening here??
And Greenwald himself goes into a lot more detail about it here, just got on the frontpage on HN:
> No shit. If you want to harm the US, its not a negative action. Else, its a goddamn negative action. I'm trying really hard to figure out why else you would make that argument.
How hard have you tried? Do you honestly think nothing good can come out of this for US citizens?
>Given the context (national/international security) is that really surprising? People who have their necks on the line aren't jumping out of the woodwork to comment? C'mon, think.
I am thinking, I'm thinking that a single unnamed source from a government with no back-up isn't a reliable source, just the same as a single unnamed source from a non-government angle isn't. I can claim anything you like came from a single unnamed source :)
One of the points of jounalists is that they're meant to get other information to corroborate or disprove the things they are told, that's kind of the point. If all they do is print things one person tells them, they're just really propaganda agencies. If one source tells them this, they should have other sources they can ask to confirm/deny.
>> changes to the operational procedures of the American [you had a typo] and UK agencies in question would have happened immediately
>If you're an intelligent person (and I would like to assume you are) changing policies on a dime, esp. when it comes to govt. policy, doesn't happen in a day, or even a year. I think everyone reading this knows better than that. That is a weak argument.
I don't think they can change on a dime as you put it but I do think that if agents were at serious risk of harm it wouldn't be two years down the line that this would be the case. are we seriously suggesting that the UK gov. left their agents out on a limb for two years at risk of compromise?
>>As to the harm/benefit of Snowdens actions, I think it very much depends on who you are and your role as to your perspective.
>No shit. If you want to harm the US, its not a negative action. Else, its a goddamn negative action. I'm trying really hard to figure out why else you would make that argument.
ahh consider the perspective of a European country. You consider yourself an ally of the US/UK etc only to find out that for spying purposes you're not much of an ally at all, you're a target. People say "well they're spies that's what they do", problem is that people assume that their friends don't spy on them. And also remember that the spies aren't just looking for terrorists, they're working to create advangage for their corporations. So the europeans found out that the US considers them a valid target for economic espionage, I'd imagine that they're quite happy about that as they can now change their actions accordingly.
>> From the perspective of a non US citizen it has shone a light on what a "friendly" government considers an appropriate level of spying on its allies and clearly shows that all governments are engaging in "offensive" operations on IT systems, and the lengths that they'll go to to achieve that goal.
>Imagine what non "friendly" governments are doing.
Indeed they're all at it. What irritates me personally is the double standards. Right before Snowdens revalations, the US were decrying Chinese spying and demanding a common standard of behaviour on the Internet which precluded that kind of thing. Then it turns out that they're up to their necks in exactly the same kind of behaviour.
I'm in IT security and for me this is really sad, as there's a real risk that government "offensive cyber operations" or whatever they want to call it, will have a seriously bad long term effect. It funnels loads of money into people working out how to compromise IT systems and places economic incentives on not fixing security issues, so those issues can be used to attack other countries.
You pull out the standard argument of authoritarian types in your last sentence. Fear. You are unconcerned about the decline of human rights in your country because some anonymous government source has conjured up some sinister foreign boogeyman.
Unfortunately, nobody (especially in the intelligence community echo-chamber) wants to entertain the idea that some of what they have been doing endangers thousands of people directly, and all the Five Eyes and beyond indirectly, by deliberately sabotaging infrastructure they use themselves in an effort to "master the internet". It is truly amusing to read some of the bullshit posted by JTRIG and CESG supporting their ideas.
This is truly embarrassing work: half-baked propaganda, with overt lies in it. Shameful and disappointing.
"It is truly amazing to read the rationales on here avoiding this idea."
No its not. If you read the original article or this link dissecting it, it raises so many questions it makes any free thinking person skeptical. Please read the link and then explain to me how the HN rationales expressed here are "truly amazing".
I think the question is if Snowden recklessly (i.e. without careful consideration of consequences) endangered the lives of <insert arbitrary people group here>.
Information is power. Snowden leaked damaging information about corruption in one of the most powerful and important surveillance groups. The public <replace with Russian, Chinese, child pornographers for emotional poignancy> has access to said damaging information.
The OP and the Times article are evaluating whether certain groups have 'privileged' access to the Snowden archive and that considerable harm has been done to British intelligence operations.
I think it's more damaging to not critically evaluate claims made by the Sunday Times article than to dismiss the HN discussion because of reverb in the echo chamber.
This article is full of downright lies. If you have such proof, please present it otherwise there is no reason at all to believe anyone was endangered.
Nobody (especially in the security theatre echo-chamber) wants to entertain the idea that what Snowden did alerted the public to the growing trend towards the establishment (presumably by mistake?) of all the apparatus of tyranny in countries like the US and the UK and to the dangers contained therein.
Hello Ernest Voice. Nice to meet you. (For those that don't know Ernest Voice is an NSA bot that posts stuff like this on forums.)
EDIT I doubt that this particular poster is actually such a bot. I am suggesting that his post is based upon not actually reading any of the facts and merely taking an opinion.
It's not ok to make swipes like this in HN comments. The implication of shilling is out of line, and even if someone hasn't read any facts, posting a comment that is itself factless doesn't help.
> We the willing, led by the unknowing, are doing the impossible for the ungrateful. We have done so much, with so little, for so long, we are now qualified to do anything with nothing.
Actually no this comment and this policy are not OK. Shilling happens on this forum and it is never called out. It needs to be otherwise it will in time kill the forum.
My hunch is that these agencies are compromised by hackers and most of this is a response to that in one way or another. Just this week we found out how security-clearance information has been extracted by attackers. This include records of “foreign contacts”—lists of non-U.S. officials that a person might know or have relationships with [1]. But maybe just blame everything on Snowden!
[1] http://www.wsj.com/articles/security-clearance-information-l...