
NSA ‘Systematically Moving’ All Its Data to the Cloud - vinnyglennon
https://www.defenseone.com/technology/2018/06/nsa-systematically-moving-all-its-data-cloud/149184/?oref=d-river
======
majestik
They aren’t moving to “the Cloud” as in AWS or Azure, they’re just moving to
bigger/faster/better Gov-owned data center(s). Business as usual.

~~~
blitmap
I would find it hilarious if they put these data centers on foreign soil so
information can't be legally retrieved in some circumstances.

~~~
Ice_cream_suit
Funny? I would describe it as tragic and scandalous.

It is also potentially subversive because of the consequent ability it gives
intelligence agencies to suborn their political masters. For an existence
proof, look at the troubles that the orange man is having with his
intelligence agencies.

Even worse, it is already happening.

"Five Eyes act as a "supra-national intelligence organisation that doesn't
answer to the known laws of its own countries". Documents leaked by in 2013
revealed that the Five Eyes have been spying on one another's citizens and
sharing the collected information with each other in order to circumvent
restrictive domestic regulations on surveillance of citizens."

~~~
jonhendry18
"For an existence proof, look at the troubles that the orange man is having
with his intelligence agencies."

Troubles for which I, for one, am eternally grateful.

------
robbiet480
To be clear, it appears they are moving to their own thing called "GovCloud"
not AWS GovCloud which doesn't allow for safe storage of secret information.
AWS C2S does though (thats the special region they built for CIA that launched
last year)

~~~
dev_dull
> _not AWS GovCloud which doesn 't allow for safe storage of secret
> informatio_

Sure it does. I think this has a lot more to do with federal data requirements
than technical security. E.g. data centers are all so many miles apart.

~~~
geofft
I think the comment was that GovCloud is not approved for storing information
whose classification level is "secret," not that AWS does not keep data in
GovCloud secret.

------
ryeguy_24
The word "cloud" is consistently overused. This article would get no points if
the title read "NSA Moving All Its Data to a Bigger Cooler Database" which is
really all they are doing, no?

------
ilyanep
I think to whatever extent it's possible to get buzzword poisoning, this
article would do it.

~~~
bartread
Indeed: I think I'd reached semantic satiety by about paragraph 3.

------
joewee
The interesting part of this article is that they are improving how data is
tagged and implementing a new architecture as part of the migration to allow
other agencies more access to what’s collected. The only thing that seems
significant about the term “cloud” is that it’s shared infrastructure with the
other agencies.

And based on all of the press releases, all the USA government “clouds” are
AWS.

------
therealtomsmith
Moving All OUR Data To The Cloud

------
free2chill
Great single point of failure. Hack this center and it's like the nsa is
collecting data for you.

~~~
mikec3010
It is if there is some central root user for the whole thing. I doubt they'd
be dumb enough to do that, however.

Just brainstorming, but at this scale, you could have a separate encryption
network built in to the hardware so that users request data only in gigabyte
blocks, then read it on hardware that asynchronously requests the key and does
JIT decryption via a secure network that IS locked down in the Pentagon
somewhere. Hell, it could even be airgapped and just hire a grunt to walk to a
file cabinet each time to unlock it. So that even if you exfiltrated their
whole datacenter, you'd have nothing without the keys (that's a given
regardless).

The keys could be hot-rotating so that if the key center was hacked (and they
detected it), they could shut off the cloud, re encrypt everything with new
backup keys, and keep running.

But that's sci-fi level shit. In all likelihood it's some crappy instance of
azure outsourced to Bozo Hamilton

~~~
ceejayoz
> It is if there is some central root user for the whole thing. I doubt they'd
> be dumb enough to do that, however.

I wouldn't be _certain_ of that...

"Launch code for US nukes was 00000000 for 20 years"
[https://arstechnica.com/tech-policy/2013/12/launch-code-
for-...](https://arstechnica.com/tech-policy/2013/12/launch-code-for-us-nukes-
was-00000000-for-20-years/)

------
patrickg_zill
In the context of the NSA, I don't think it is very important. They are
keeping everything inside a 100% fully-controlled-by-NSA datacenter, right?

The "JimsFamousKefir.com" domain isn't going to be hosted on some servers in
the next rack over...

~~~
qop
I had kefir for the first time the other day and I'm pissed that I've wasted
50 years of my life not drinking it.

It's delicious!

~~~
cwilkes
Just wait till you find frozen kefir

------
zyxwvu
So how long until this has a massive security breach or the servers privatized
and passwords.txt is just left open?

~~~
onetimemanytime
Not likely to happen, they changed the password to password123 :)

If it's online or in one easy-to-copy place and if 1000's of people have
access to it, it's just a matter of time. But then, I guess Russia's or
China's secrets have probably been hacked by NSA, so we're even. What a
nightmare must be for NSA...your deepest secrets out there, for everyone to
see.

~~~
908087
You mean the deepest secrets of everyone the NSA has been indiscriminately
spying on?

------
rurban
So there's now definite proof that there is no oversight. This will only stop
if sone politicians most private data will leak from some cloud
misconfiguration, as it usually does sooner or later.

------
philip1209
So, they're decoupling software from hardware?

------
JetSpiegel
Cloud-to-Butt browser extension never gets old...

------
jlgaddis
Did they run out of storage at Bluffdale already?

~~~
Theodores
No, Bluffdale is the cloud.

~~~
mirimir
So how's Bluffdale working, these days? As I recall, they were seeing some
glitches at startup ;)

------
AngryData
AKA, moving their data to a different server.

------
eaandkw
Vault 8 data breach in 3, 2, 1...

------
arisAlexis
siacoin would be a fully encrypted alternative but not ready yet

~~~
arisAlexis
the blockchain hate is strong..

------
gsich
What a "news". An organization moves data from computer A to computer B.

------
beenBoutIT
Idiots are going to stumble across this on Breitbart or wherever, and later
find themselves stuck in traffic in their truck thinking 'NSA's movin' to the
AWS cloud, maybe the time's right for me'. After bouncing that same simple
thought around their trusted-idiot circle at a bar, the concept will gain
steam and AWS is fast on its way to becoming a trusted name in the idiot
community.

~~~
jonhendry18
Breitbart readers hate Bezos because Trump hates Bezos, so their reaction
would probably be somewhat different. It would probably involve the terms
"Bezos", "Deep State", "Treason".

