
Snowden Used Low-Cost Tool to Best N.S.A - ColinWright
http://www.nytimes.com/2014/02/09/us/snowden-used-low-cost-tool-to-best-nsa.html
======
hendzen
To quote Julian Assange: "The more secretive or unjust an organization is, the
more leaks induce fear and paranoia in its leadership and planning coterie.
This must result in minimization of efficient internal communications
mechanisms (an increase in cognitive "secrecy tax") and consequent system-wide
cognitive decline resulting in decreased ability to hold onto power as the
environment demands adaption. Hence in a world where leaking is easy,
secretive or unjust systems are nonlinearly hit relative to open, just
systems. Since unjust systems, by their nature induce opponents, and in many
places barely have the upper hand, mass leaking leaves them exquisitely
vulnerable to those who seek to replace them with more open forms of
governance."

~~~
growupkids
Didnt wikileaks require staffers to sign an NDA?

[http://www.geek.com/news/wikileaks-hypocritical-
confidential...](http://www.geek.com/news/wikileaks-hypocritical-
confidentiality-agreement-1377913/)

~~~
stcredzero
Needing privacy/confidentiality doesn't mean you are necessarily evil...yet.
It's almost certainly a sign that one is trying to concentrate power or keep
it to oneself.

------
girvo
Gosh I love this statement from Snowden:

 _" Through his lawyer at the American Civil Liberties Union, Mr. Snowden did
not specifically address the government’s theory of how he obtained the files,
saying in a statement: “It’s ironic that officials are giving classified
information to journalists in an effort to discredit me for giving classified
information to journalists. The difference is that I did so to inform the
public about the government’s actions, and they’re doing so to misinform the
public about mine.”"_

It's pretty on point. I'm going to believe he wrote it himself, as it's just
the right amount of factual, snarky prose that I'd expect from a sysadmin!

------
vwinsyee
Contrary to the current HN title, the article points out:

 _Evidence presented during Private Manning’s court-martial for his role as
the source for large archives of military and diplomatic files given to
WikiLeaks revealed that he had used a program called “wget” to download the
batches of files. That program automates the retrieval of large numbers of
files, but it is considered less powerful than the tool Mr. Snowden used._

So the tool wasn't wget. curl, perhaps?

~~~
3pt14159
Having done this type of work before for a legitimate purpose, it is almost
certainly a python or perl script with a nice library in front of it that
makes it easy to follow links.

wget is too brittle, not extensible enough, and not as maintainable as a nice
python script.

~~~
wslh
Wget is also single threading which is a slow strategy to download pages.

~~~
Fasebook
that's what xargs -n _x_ is for

~~~
wslh
Can you elaborate?

------
joe_the_user
[I can imagine some bureaucrat somewhere is saying]

 _Woah!_

 _You mean he could just automatically download without even using a browser??
And he didn 't need an expensive tool to do it? On a normal computer? People
like that are dangerous, maybe we should be licensing that kind of
knowledge..._

~~~
Zancarius
> maybe we should be licensing that kind of knowledge...

Or regulate it until it's illegal.

~~~
Zigurd
I'm sure Stephen Heymann and his ilk are working on a theory of how wget,
curl, and some spiders are "burglarious tools."

~~~
cynwoody
In the Bradley Manning case, the prosecution laid a computer fraud charge on
top of the espionage and other charges, based on Manning's use of wget.† They
argued that, although Manning was authorized to access the files he disclosed,
the fact that he used wget to download them constituted computer fraud, since
he was not authorized to have wget on his computer.

†[http://www.washingtonpost.com/blogs/worldviews/wp/2013/07/30...](http://www.washingtonpost.com/blogs/worldviews/wp/2013/07/30/the-
free-web-program-that-got-bradley-manning-convicted-of-computer-fraud/)

------
sillysaurus2
The most newsworthy aspect of this post is that the NSA didn't
compartmentalize their information. This spidering should have been impossible
at the network level, even as an admin.

~~~
stevep98
I used to work on software purchased by the DoD, and the amount of access
control, logging, auditing, and other related security features required to
fulfill the requirements was astounding.

I totally agree with you that the apparent openness of the intelligence
networks information systems is the most newsworthy aspect of this. I don't
think that journalists are really knowledgeable at all about intelligence
community is supposed to handle compartmentalization. They think the NSA
handles things just like they do at their paper.

(The sad part is that apparently, the journos are right.)

The problem of these loopholes allowing classified information to leak was
exposed with Bradley Manning. Yet, even in that case, I didn't hear any calls
from the press or public to see head further up the chain roll.

But, that should have been enough to highlight the holes in our networks.
Apparently it wasn't, and exactly the same thing has happened again.

I want to see heads roll right up the chain for this lack of duty with respect
to protecting our national secrets.

By the way, none of the above is intended to imply that I think what the NSA
has been doing is legitimate. I am glad that Snowden came public with this
information. However, how do we know that other, more critical secrets haven't
been sold directly the the Chinese or North Koreans? We only found out about
the Snowden leaks because he made them public.

~~~
saraid216
It's worth noting that there was a _lot_ of noise about too much siloing in
the intelligence community resulting in allowing 9/11\. Arguably, this kind of
openness is a consequence of that.

------
rquantz
_Agency officials insist that if Mr. Snowden had been working from N.S.A.
headquarters at Fort Meade, Md., which was equipped with monitors designed to
detect when a huge volume of data was being accessed and downloaded, he almost
certainly would have been caught._

This, to me, is the most laughable and amazing part of the article. How did
they think they had any security at all if this was the case?

"He would have been caught, if he had done it right in front of us!"

~~~
sp332
They just want to point out that the majority of NSA employees and contractors
can't leak documents the same way Snowden did.

~~~
lesterbuck
Actually, he is _claiming_ they cannot do this. How, exactly, would we verify
this claim? I'm sure he would have made the _claim_ that Snowden could not
have done something like this before Snowden did it.

------
zimbatm
The title is wrong. FTA, Bradley Manning used "wget" and Snowden a site
scraper (maybe httrack?).

What's striking is how easy it was for him to get access to all these
documents. It probably means that most of things we hear in the news is
already old news for other big government / criminal organizations.

------
vezzy-fnord
The media appears to be fascinated with wget for some reason. Perhaps it's the
allure of command-line utilities in a society where such interfaces are seen
by the vast majority of people as arcane, or stigmatized as ones used by
computer criminals.

The Post did an article on Manning and wget back in July 2013:
[http://www.washingtonpost.com/blogs/worldviews/wp/2013/07/30...](http://www.washingtonpost.com/blogs/worldviews/wp/2013/07/30/the-
free-web-program-that-got-bradley-manning-convicted-of-computer-fraud/)

------
coin
What an annoying website. I can't pinchzoom. When I double tab, it (after a
pause) changes font size. JavaScript is becoming the new Flash, an enabler of
annoying user experience.

~~~
username223
An amazing new level of awful. Double-tap cycles between three font sizes. The
useless hovering nav-bar won't go away. There's some JavaScript trying to make
page down do the right thing despite said nav-bar.

Look, NYT: I want to read some text, you want to put some ads next to it.
There has to be some solution that is less bad for both of us.

------
ddggdd
Everytime media got wrong understanding of technical details, I always wonder
aren't they supposed to check the fact and ask someone? it's like hearing my
mom talk about tech.

~~~
crazy1van
Most technical articles that I have some background understanding of are so
wrong. It makes me wonder why I should trust all the articles on subjects that
I don't know anything about.

~~~
hudibras
That's called the Murray Gell-Mann Amnesia effect.

[http://www.patheos.com/blogs/geneveith/2011/08/the-murray-
ge...](http://www.patheos.com/blogs/geneveith/2011/08/the-murray-gell-mann-
amnesia-effect/)

------
pessimizer
Seems like the NYT is trying to create a dangerous, terrorist aura around
tools that access the internet through any means but an 'standard' browser.

And by referring to whatever it is as a "low-cost tool", they're probably just
making up facts. It's far more likely that Snowden used one of the many _no-
cost_ tools that are used every day by people who work with and on computers.

This article is pretty much a no-op other than creating a dangerous mystique
around people who access the internet through obscure tools that don't have an
icon on the Mac or Windows stock desktop.

~~~
jrochkind1
It's not the NYT trying to do that, it's the government. (The nyt may be
enabling though, yeah, welcome to US journalism).

In Pvt. Manning's trial, the governments' case was that Manning's wget use was
a CFAA violation. Manning was convicted of a CFAA violation.

And yeah, at the Manning trial, the government lawyers repeatedly explicitly
brought up the fact that wget was an unusual tool that doesn't have an icon on
the desktop, trying to make it seem sinister.

And yeah, it is frightening.

(I sat in on several days of the trial as an observer).

------
coldcode
Manning used wget, Snowdon used a basic web crawler, headline is wrong.

------
fredgrott
I have an obvious question if NS cannot secure systems from an outside
contractor what indicates that it can full fill its duty to secure US computer
systems outside its own offices?

Seems to me we be better at hiring Google for such an office rather than NSA,
we might even get better ethics as a side benefit

------
jrochkind1
At Manning's trial, the government alleged that used of wget for scraping was
a CFAA violation. Manning was convicted of the CFAA violation.

[https://www.eff.org/deeplinks/2013/07/manning-verdict-and-
ha...](https://www.eff.org/deeplinks/2013/07/manning-verdict-and-hacker-
madness-prosecution-strategy)

------
EGreg
"Once you are inside the assumption is that you are supposed to be there"

Almost the exact same words used by Al Pacino in the movie The Recruit, where
Colin Farrel plays an agent who steals information from the CIA.

------
jmnicolas
Keep a copy of this article so next time your website gets defaced you can
serve it as an excuse : "but even the NSA can't protect its stuff" :o

------
Johnie
Pretty good article detailing the leak.

Goes to show that many corporate security is so focused on keeping outsiders
out and leave a wide gaping hole for insiders.

------
pagekicker
maybe nutch?

