Hacker News new | past | comments | ask | show | jobs | submit login
Britain pulls out spies as Russia, China crack Snowden files – report (reuters.com)
47 points by cm2187 on June 14, 2015 | hide | past | favorite | 59 comments



[deleted]


It's rather convenient that they put the blame on Snowden's 2-5 year old documents (and they had plenty of time since the documents came out to deal with the spies issues, if it was indeed a problem related to his documents) right after this happened:

"How much info did hackers steal on US spies? Try all of it":

http://www.theregister.co.uk/2015/06/13/standard_form_86_dat...

They're trying to hit two birds with one stone:

1) not look completely incompetent in the OPM hack (even though probably about half the executive needs to be fired over it, but in typical Obama fashion all the actual criminals will get protected)

2) make people hate Snowden so he "goes away" and stops making "freedom speeches" and such


s/in typical Obama fashion/in typical presidential fashion/

I don't think you could accuse any recent president of prosecuting actual criminals.


Since these agents cover has been blown, surely they can release the names and even make them available for an interview, right?

Oops, I guess their identity is still secret. Hmmm....


Probably not a good idea to give feedback to the Russian and Chinese intelligence. But then they shouldn't have publicly admitted they were withdrawing spies, but kept the Russians and Chinese authorities guessing. Which makes it smell all the more of lies and propaganda.


If the US couldn't protect data from a patriotic contractor who went public immediately (Snowden), how can the US pretend the data is safe from other leaks through badly intentionned secret ennemies?


He wasn't a contractor at all points in his career, and he moved jobs in-part to gain access to more material; he was often operating with a high level of access. He had several years of planning for his leak. He isn't that great of an example case.


So succinctly put. This comment is beautiful...


This story is very dubious. Timing very suspect. No official willing to say any of this on record yet they do a simultaneous briefing to the BBC and Sunday Times?

China and Russia both decrypting the cache? Notice how none of the actual quotes say that China/Russia decrypted anything or have access to info not in the public domain.

“It is the case that Russians and Chinese have information. It has meant agents have had to be moved and that knowledge of how we operate has stopped us getting vital information. There is no evidence of anyone being harmed.”

The Sunday Times article can't even get some basic facts right:

"David Miranda, the boyfriend of the Guardian journalist Glenn Greenwald, was seized at Heathrow in 2013 in possession of 58,000 “highly classified” intelligence documents after visiting Snowden in Moscow."

Not true. He was visiting Poitras in Berlin.

I'm gonna need more evidence than 'anonymous government sources' for this.


I don't understand how this could be orchestrated (NSA letters?) and yet no orchestration be done against comments like yours and HN in general? Too quick to be censored?


The BBC article has a few more details: http://www.bbc.co.uk/news/uk-33125068

I'm British, and it seems to me that if British Intelligence need to move spies as a result of what an unprivileged contractor like Snowden could find out, they've done a really poor job of ensuring that critical information was only available to people who needed to know. Maybe Snowden has done them a favour by revealing how poor their internal security is, without (as the BBC article says) harming anyone. Now the real question the media should be asking is who at MI6 should take responsibility for their poor internal security?


Also note the absence of even a single concrete example where actual harm for the security and safety of a western countrie's citizens was caused.

One would assume, given all the propaganda, that it should be easy to document a dozen impressive cases (of the hundreds allegedly existing) in a convincing way...


> Also note the absence of even a single concrete example where actual harm for the security and safety of a western countrie's citizens was caused.

I'm no expert on geopolitics (none of us are), but I'm fairly certain that kind of thing cannot be quantified. It's like trying to quantify how much love you have for someone. The harm isn't direct and measurable, any harm would be almost entirely indirect.

Before the leaks, maybe Russia wouldn't have invaded Crimea because they were unsure what the U.S/NATO plans are or were and didn't have enough information to move. After the leaks, they had all the information they needed and moved forward with their plan. Or maybe they invaded precisely because they had the evidence which showed the U.S would be unlikely to act.

Those kinds of things aren't inherently measurable so quantifying them is a futile endeavor. I'm no fan of the government but to pretend there are zero negative consequences for us as a country is ignorant and naive. Like it or not, there is a bigger picture and ignoring it doesn't mean it goes away or ceases to exist.


I don't think that the NSA really deals with plans about military operations. And also the original article mainly concerns itself with agents that had to leave hostile countries once their cover has been blown.

But yes, certainly some of the information in the Snowden revelations might have been valuable, but one would have to compare their impact with the constant stream of information obtained by reciprocal spying which is going on all of the time and (I'm convinced) is highly targeted...


The NSA is under the Department of Defense and, by their charter, provides information to the USG about military operations. You are also confusing the issue of what NSA produces vs. what information they have access to.

I'm also not sure that I follow this second argument. Snowden's revelations are clearly supplemental to any espionage that might have been going on against the U.S.


Of course, this information, if it existed, would be classified highly.

Greenwald's rhetoric has had a declension from "nobody can prove that harm came from any leaks" down to "there was no harm that came from leaks." If known harm did come from leaks, that would (obviously) be valuable information for the people doing the harming. Disseminating it would be highly irresponsible.


In general surely that will be valuable information.

But we currently have a high lack of confidence in the truthfulness of what secret agencies claim, and the only thing being constantly spread out to the media is fear mongering about how terrible we all suffer, may it be because of Snowden's revelations or slight restriction on bulk data collections.

In the end it should be the voting public that gives authority to these dubious agencies, and all over the place it seems that the classification/secrecy preserving methods of control of spies have utterly failed (the U.S. FISA court, or the parlamentary control commission we have in Germany[1] to supervise our secret services).

So, in my oppinion it should become common practice to "sacrifice" one or a few operations (which anyhow are said to have failed and had to be abandoned because of Snowden leaks) to perform an as-public-as-feasible post-mortem analysis on how efficient, corresponding to regulations and laws, intrusive to constitutional rights... they have been pursued.

[1] http://de.wikipedia.org/wiki/Parlamentarisches_Kontrollgremi...


I'm not sure that I follow. I was providing a reason why this information might be classified, and therefore never eligible for publication. You seem to be arguing a separate point: that, if it was published, it could not be taken seriously.

The way that the present system is supposed to work is that there is oversight from Congress over the agencies, oftentimes in public, and that the President disseminates authority to all elements of the federal government. Last I checked, the President and Congress were supposed to be elected by the U.S. voting public. Are you arguing that government should be disintermediated entirely in this case? Aside from various interesting constitutional implications, this also would seem to be an argument against the existence of classified information at all.

As for the question of "sacrificing" operations, who gets to make the decision of what to sacrifice?


[foxhedgehog, I seem not to be allowed to reply to your last comment (too deeply nested?) so I'll put it here]

You said "Disseminating [information about actual harm] would be highly irresponsible."

And my claim is that disseminating of this information is necessary to reinstate trust on control of secret agencies, even if some harm is done by this additional disseminating.


Ok. My guess is that the institutions that be have made a cost-benefit decision on this and decided otherwise. In the case of WikiLeaks, specifically, I can't blame them: not giving material information to the Taliban is probably more important than any short-term PR boost that is going to be diluted with skepticism.


And what kind of crappy security were they encoding those files with that the foreigners could crack? Maybe it was encryption that the NSA put a back door into, which means they are now getting their just desserts. It sucks to be back doored, NSA, doesn't it?


They could be encrypting everything with one-time passwords but it still wouldn't matter if the journalists decide to send emails containing open text passwords...


Given enough cpu time, and knowing you'll find the identity of spies, I think China and Russia would be more than capable to crack quite a bit of encryption even with brute force.


Yeah... That's not how encryption works. If I use AES-256 to encrypt "I'll be late for dinner" padded with a paragraph of Lorem Ipsum, even the US/Russia/China are incapable of breaking that even in a hundred years of supercomputer crunching. Unless they have a backdoor of course.


[deleted]


Well if you start out by assuming you know the secret message already, then there is exactly 1 possibility and "cracking it" takes exactly 0 seconds.


That's just not how it works.

To confirm you have the right message, you will need to guess the key and confirm it results in the same encrypted message. Note that he said (and I misread this too) to pad the message with lorem ipsum, not to use lorem ipsum as the key.

If you want to go the other way, and guess the plaintext and then confirm it, you've now made what was an "impossible" problem massively more difficult.


> unprivileged contractor like Snowden could find out

It was my understanding that he was employed as a system administrator and had nearly unlimited access to NSA files.

This is according to an unnamed NSA source in this piece: http://www.forbes.com/sites/andygreenberg/2013/12/16/an-nsa-...


The really scary thing is: they only knew about what Snowden had done because he told the press. How many more in the NSA are also stockpiling secrets, not moved by high ideals but by other motivations?


The ones with functioning brains?


Snowden wasn't "unprivileged", I think he had relatively high clearance. Also, I'd say they did a pretty good job if the government protected their spies' identities for a couple years after the documents were released. I'd think that would be plenty of time to close up shop and gtfo.


The timing of this seems a little convenient, coming as it does after a week in which a huge data breach has occurred. Also, it seems that when Greenwalds partner was detained the UK could not decrypt what he was carrying, so the suggestion seems to be that Russia and China can crack what the UK and US cannot. Finally, the Snowden data is now pretty old, so odd that this should come up now.

Of course, as suggested below, Snowden data may have leaked via a media organisation with lesser OpSec, but if so then perhaps best to say so.

For my own part, I think that Snowden did us a service on balance, but he can expect to be the scapegoat in every data breach of this sort for years to come.


Or, Russia/China cracking the NSA Snowden files were responsible for both OPM breaches and this.

Maybe those countries gained access to OPM data via the Snowden data?


The mismanagement of security at OPM predates Snowden's disclosures. However, it's pretty much target #1 for any foreign intelligence agency.

The OPM data contains enough details that would allow a good intelligence agency to track down damn near every agent under non-official cover, and blackmail damn near every official under official cover. It should never have been on any network, ever.

If any element of this story is true - and I'm entirely unconvinced about it - then it's not Snowden's data that's caused this, but the OPM breach.

Don't insult our intelligence, JTRIG. This is some oldschool Правда shite. You've gotten sloppy. I'm very disappointed in you all. You don't have to wag your tail every time Theresa May barks.


> Maybe those countries gained access to OPM data via the Snowden data?

How? What on earth in the Snowden data could have fuelled the OPM breach? Aside from anything else, given the reportedly atrocious state of IT and security at OPM, it would hardly seem necessary, even if possible.


Listening to BBC news on the radio this morning, the presenter said something along the lines of "we have in on the highest authority from Downing Street and Security Services insiders."

No proof, no named sources, just a parroting of the government line. Something sounds a bit fishy to me.

Edit: spelling, grammar, give me a break it's Sunday morning!


From the same people who gave us Saddam's WMDs.

If The Sunday Times had shown hard proof that Snowden's files have been decrypted, I would have sat up and noticed. But at this point in time, western governments have lost all credibility. Would it have mattered if the sources were named? Colin Powell gave "evidence" at the UN of possible reasons to invade Iraq. All of it was bullshit.

Hard proof, or GTFO.


> Hard proof, or GTFO.

So the Bush administration's failure to prevent 911 was completely reasonable and couldn't be criticised, right?


Not sure what you're implying. I never mentioned 9/11


>> citing unnamed officials at the office of British Prime Minister David Cameron, the Home Office (interior ministry) and security services.

--------

So the sources of these claims are the exact same people who are a significant part of the mass surveillance which Snowden exposed. There is some substantially flawed journalism going on here.

Also, in other news, apparently China and Russia are allies now. Or did they just happen to simultaneously crack these files on the exact same day?


My guess it has more to do with the recent hacking of the U.S. Personnel files that contain lists of those with top secret clearance but it is politically advantageous to blame snowden instead of lax government security.


Yes, the scattergun "Russia and China" line seems to be over-egging it a bit.


Soon we'll be hearing about how North Korea and the Galactic Empire have also gained access.


What I always found curious is how did Snowden (or anyone) could think that the newspapers could keep all the intelligence agencies of the world away from these files. Journalists are usually the type who switch off the monitor to turn off a PC.


Glenn Greenwald's reaction to the article:

"That Sun Times article is filled with so many factual errors- demonstrable ones- along w/the worst journalism. Will be fun writing about it."

https://mobile.twitter.com/ggreenwald/status/609912455419011...

Followed by a retweet of the following response:

"unsourced, unverifiable nonsense smears by a group that knows it's losing, the spying fascists"


Where is the hard evidence? The media has to stop being so gullible and do some actually journalism. The wild accusations can start wars!


Actual journalism costs more money because you actually have to invest the time to dig, and comes with the added cost of getting reduced access to senior government officials, which makes it even more expensive to keep up with the competition.

When the public appears to not care whether their news consists of parroted lines or actual journalism, there's little incentive for most of the press to dig, and many incentives not to.

My favourite recent example was when a Norwegian newspaper published documents from the Snowden files that appears to show extensive surveillance in Norway. This was underlined by the fact that others have admitted to surveillance based on the exact same documents.

What followed was surreal: Norway has two main security agencies, the Police Security Service, responsible for internal intelligence, and the Security Service (Etteretningstjenesten), which is external intelligence. The latter used to pretty much never talk to the press.

But after that article, they suddenly got chatty, and all of their own accord they invited to a press conference to "admit" that yes, they were responsible for the surveillance in question. Never mind that for all other countries that have made admissions the documents in question have indicated internal surveillance, and that the Security Service "admitted" that this was surveillance in Afghanistan, where Norway according to this admission are intercepting metadata for pretty much every call. But nowhere else.

At this point you'd think the press would have some questions, such as "why are you revealing to the press - and thus implicitly to Taliban etc. - that Norway is intercepting all calls in Afghanistan?" or "why would the numbers for Norway refer to interception in Afghanistan when there's a separate entry for Afghanistan in the same numbers?" and "why would the NSA depend on Norway for surveillance in Afghanistan?" and "how much money does this surveillance in Afghanistan cost us?" and "if we have the capability to conduct surveillance in Afghanistan on this scale, why is that the only place, we're conducting this kind of surveillance?"

Not least "why, when the article talked about internal Norwegian surveillance did you feel compelled to host a press conference to reveal details about your notoriously secretive operations instead of letting the Police Security Service deny the allegations". Heck, if it really was the Security Service that this document referred to, the Police Security Service could just state that they invite the parliamentary oversight committee to audit, and that they will naturally find no such surveillance.

You'd also expect they'd go back to the Police Security Service and ask them "why should we believe you're not doing this, when your predecessor in name, operated by most of the same people, were caught having conducted illegal political surveillance for several decades not that many years ago?"

Nothing. No follow up at all. Instead the single press conference was enough to make the paper that broke the story backtrack and apologise.

A few months later it became clear that the NSA were in fact recording most calls in Afghanistan, which makes the idea that the NSA would explicitly call out vast amounts of metadata collection by our Security Service as valuable even more silly.

Still no follow up from Norwegian press.

Basically they don't want to rock the boat. When they don't rock the boat, they get to get spoon fed information they'd otherwise have to work for and/or read about in the competitors papers. When they don't rock the boat they get exclusive interviews and photo ops.

It's a fantastic lesson in "soft" censorship: Don't outlaw publishing material you want to suppress. Instead make it economical and professional suicide. Make journalists that dig sacrifice their career by making sure everyone know they will never get any kind of inside access. Make papers or tv channels that publish too hard hitting stories know they'll lose any chance at access, interviews and photo ops. Soon enough, large parts of the press will self-regulate.

This is part of why we used to have a politically affiliated press, where political parties would fund papers that would be paid explicitly to provide viewpoints that weren't popular even if that viewpoint was unprofitable. Sure that have flaws too, but those flaws were counteracted by having a wide range of them publishing alternative viewpoints. That more and more media outlets have gone "independent" means more and more of them are no implicitly beholden to play to government interests, or at least staying not straying too far from the script, to be profitable.

(sorry for the long rant - the above story still makes me angry)


This is infuriating and sadly turning into the norm. :(


This looks like Snowden smear campaign. There were never reports of anyone besides the journalists of getting their hands on the documents.


If this is true, surely the bigger story is that AES-256 isn't safe anymore.


So how do they know Russia and China cracked the files in the first place? Seems like a smear.


Lets see... recently USG had all files from federal employees stolen, including background check information which as I heard included spies [1]. Germany's Prime Minister had a Trojan on her computer [2]. Government networks are falling like flies and all the sudden some 5 eyes countries are pulling their spies out, and blaming it on snowden?

1. http://www.wsj.com/articles/security-clearance-information-l... 2. http://rt.com/news/267070-trojan-bundestag-merkel-computer/


This is all rather short on context. What encrypted files are these exactly? Are these something Snowden took with him? How did they get them from him? If they took a copy by force, why didn't they ask for an encryption key by force? How exactly would they go about cracking it? Is there something we don't know (and Snowden didn't know) about the state of the art of cryptography?


Garbage story, the Intercept addresses it well: https://firstlook.org/theintercept/2015/06/14/sunday-times-r...


I don't understand the story. From what I can tell, Snowden had information taken from the US which could compromise its apparently closest ally's spy networks. But didn't tell the UK that? More over, the UK had no idea that the US has such info? I would like to believe that as soon as the Snowden breach happened, the US told the UK, and the UK took measures to mitigate it. I would also like to think that the UK assumed it anyway. Or did the UK leave its networks vulnerable for all this time? Or did the US assure the UK that its encryption couldn't be broken?

Perhaps, the UK moved its spies some time ago, and decided to keep it quiet until the Russians and Chinese broke the encryption.

I have great difficulty taking this story at face value.



Just assume for one second this is a genuine revelation and not recycled propaganda from mid 2013. Couldn't someone entrusted with the Snowden cache just dump it online now? If the trove is already circulating between hostile intelligence agencies, that seriously skews the risk/reward calculation regarding mass dissemination.


Full text of the original Sunday Times article (primary source is paywalled):

https://archive.is/BkuMM

http://pastebin.com/UJpJxDnj

Statements from the article that seem questionable:

> Russia and China have cracked the top-secret cache of files stolen by the fugitive US whistleblower Edward Snowden

Both? Seems a little strange that they would independently do this simultaneously, unless they had been working together on it (though this is plausible).

> Moscow gained access to more than 1m classified files held by the former American security contractor

The only reason Snowden is in Russia is because the US state department cancelled his passport on his route to Ecuador. Russia was not his intended destination, but his presence there has been extremely helpful for his opponents to paint him as being in collaboration with them. And if it is indeed true that they have gained access to the info (either through his co-operation or otherwise), then perhaps cancelling his passport while in transit and forcing him into exile there wasn't such a great idea.

> One senior Home Office official accused Snowden of having “blood on his hands”, although Downing Street said there was “no evidence of anyone being harmed”.

So which is it?

> David Cameron’s aides confirmed the material was now in the hands of spy chiefs in Moscow and Beijing

Where's the evidence? The only sources of the article are from the US/British government, who have given only unsubstantiated claims.

> people are being pulled back and operations where people are exposed are having to be shut down

Perhaps this might be due to the US Office of Personnel management (OPM) being unable to keep the data of millions of federal employees protected? The Chinese hack got this information directly from the agency that held it: http://www.usatoday.com/story/tech/2015/06/12/office-of-pers...

> David Miranda, the boyfriend of the Guardian journalist Glenn Greenwald, was seized at Heathrow in 2013 in possession of 58,000 “highly classified” intelligence documents after visiting Snowden in Moscow.

They can't even get basic facts straight. He had been in Berlin visiting Laura Poitras, not in Moscow visiting Snowden: http://www.theguardian.com/commentisfree/2013/aug/18/david-m...


Imagine if the NSA had spent more of its grey matter and money on IT security rather than shameless spying of western citizens.


> shameless spying of western citizens

should be

> shameless spying on innocent people all around the world


Right on. The way I always saw it was that the NSA were the thieves, collecting data they did not own. Snowden, while accused of stealing secrets, actually set them free.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: