
Snowden suspected of bypassing electronic logs - gyepi
http://hosted.ap.org/dynamic/stories/U/US_NSA_SURVEILLANCE_SNOWDEN?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT
======
UVB-76
> The disclosure undermines the Obama administration's assurances to Congress
> and the public that the NSA surveillance programs can't be abused because
> its spying systems are so aggressively monitored and audited for oversight
> purposes: If Snowden could defeat the NSA's own tripwires and internal
> burglar alarms, how many other employees or contractors could do the same?

This is the take-home message.

The steady stream of security breaches and information leaks in recent years
has taught us that the only way to guarantee information does not fall into
the wrong hands is not to record the information in the first instance.

~~~
gyepi
Exactly! In fact, given the revelations of NSA employees spying on their "love
interests" and that most of the breaches are self-reported, it really appears
that the assurances of security are misleading.

------
RyanZAG
This hopefully puts everything into perspective for people who are all-in on
NSA spying. Even if you believe it's a good thing that the government can view
everyone's communications, surely this makes it clear that if the information
exists somewhere, someone besides the government you trust will eventually get
their hands on it?

You'd think politicians would realize this the most. In 20 years time when the
people running the NSA have changed and a different party or group is at the
top of the pyramid, are they not going to use communications you used 10 years
ago for their own ends? I'm hoping pure survivalist instinct will win out
eventually and some politicians will vote the right way.

------
klt0825
"Snowden's hacking prowess"

So we're back to this. First the "Snowden had a Hacker Certification" nonsense
(ignoring that CEHs are required by DoD for OPS jobs and aren't exactly high-
quality to begin with) and now deleting log files equaling "hacking". I guess
it is easier to make him seem like some super skilled hacker than admit that
oversight and access controls were probably non existent.

Selfishly, I really don't even care about Snowden at this point but I do fear
that the trend developing is to paint him as a "Hacker" putting security
researchers as the next major "threat".

~~~
anaphor
Completely agree. This is extremely basic stuff you should be doing on
supposedly secure systems. It _should_ be difficult to disable logging, and
logs obviously shouldn't be stored on the same machine with write access to
anyone who might be doing something nefarious. This paints the NSA in an
extremely bad light from a security perspective and contradicts all of the
bogus claims of impenetrable security by politicians.

------
revelation
This is a calculated smearing, by "[government] officials, who spoke on
condition of anonymity". It's blatant PSYOP. Obviously, audit trail systems
are worthless if they allow deletions at will (and without, hah, a trail).

~~~
AimHere
If it's a 'blatant' smear, what would be it's agenda? The main thing anyone
could take from this is that the NSA's systems are broken or that they're
incompetent and can't be trusted to know who's stealing their data. Also that
Edward Snowden isn't stupid.

I mean, it could be a smear from an agency who are hostile to the NSA for some
reason (that stuff happens; like Valerie Plame, or the notion that Watergate
was the result of the FBI leaking against the CIA and the White House). It's
hardly likely to be from the NSA or the Whitehouse, who are currently in
damage limitation mode; contrasting their own incompetence with that of the
guy they're up against doesn't seem like a smart move...

~~~
revelation
That might be the message to us, but the way this news article (press release,
rather) is written, the majority of the population will think Snowden is a
hacker that circumvented the movie-level-sophistication systems of the NSA.
Also see the friendly reminder at the end, that Snowden just took all kinds of
material without first-hand experience of the systems described therein.

------
anaphor
Really? They didn't consider the notion that someone might delete logs (or
disable logging)? Maybe they should be using a better logging daemon...

------
hannibal5
It looks like NSA is the real security threat. So much data readily
accessible.

