Snowden Claims That NSA Collaborated With Israel To Write Stuxnet Virus 491
andrewa writes "In an interview with Der Spiegel Snowden claims that the NSA, amongst other things, collaborated with Israel to write the Stuxnet virus. Not that this is news, as it has been suspected that it was a collaborative effort for some time. When asked about active major programs and how international partners help, Snowden says: 'The partners in the "Five Eyes" (behind which are hidden the secret services of the Americans, the British, the Australians, New Zealanders and Canadians -- ed.) sometimes go even further than the NSA people themselves. Take the Tempora program of the British intelligence GCHQ for instance. Tempora is the first "I save everything" approach ("Full take") in the intelligence world. It sucks in all data, no matter what it is, and which rights are violated by it. This buffered storage allows for subsequent monitoring; not a single bit escapes. Right now, the system is capable of saving three days’ worth of traffic, but that will be optimized. Three days may perhaps not sound like a lot, but it's not just about connection metadata. "Full take" means that the system saves everything. If you send a data packet and if makes its way through the UK, we will get it. If you download anything, and the server is in the UK, then we get it. And if the data about your sick daughter is processed through a London call center, then ... Oh, I think you have understood.'"
Doesn't that violate copyright law, DCMA, etc? (Score:5, Interesting)
Same with if an author sends a draft of a book to a publisher.
Seems to me those programs could be charged with piracy, no?
Re:Old News (Score:5, Interesting)
You would be surprised how many would go to great lengths to deny U.S. and/or Mossad involvement, even on /. Some even went as far as claiming that Iran had done it to *themselves* to elicit sympathy. When you're truly deluded, you can convince yourself of anything, no matter how illogical.
I wonder... (Score:5, Interesting)
... if someone emails someone else a compressed (.zip etc.) file, do the computers automatically decompress it to examine it, or do they store only the compressed version?
I recall people using specially designed .zip archives which decompress to many times their original size (a 10KB file turning into a 100GB file, for instance) as a form of DoS attack. If the spooks have been lazy the same thing might catch their computers out...
Re:For a field that is compartmentalized... (Score:5, Interesting)
Just before Edward Snowden became a world famous whistleblower he answered an extensive catalog of questions.
That includes the question about stuxnet. Doesn't address how he knows it, but " lying in a desperate attempt to stay in the news" doesn't fit since this came out before he was in the news.
Re:For a field that is compartmentalized... (Score:4, Interesting)
Re:For a field that is compartmentalized... (Score:5, Interesting)
You realise that some of the people carrying out extraordinary rendition to black sites, something that's established fact, not spy fiction were also contract employees right?
The US has been using ever greater numbers of contractors since 9/11 for a combination of the fact that many politicians have shares in said companies so it profits them directly and also because it provides a layer of deniability should it come back to bite them - "Oh we had no idea the contractors were doing that!". The third and final reason was simply that private sector could scale faster than existing public sector organisations after the massive influx of security spending post 9/11. None of which means that they have any less access to secretive material, in fact, given the sort of risky operations they're using contractors for it's often the contractors that are engaged in the really dirty stuff the government doesn't want to get directly implicated in.
That and the fact that Snowden wasn't always just an external contractor of course, he did actually work at the NSA for some time.
It's not about me reading spy novels (I've never read a single one, don't interest me), it's about your naivety and lack of understanding of the structure of modern military and security operations by government. Or to cut a long story short, you've obviously just not been paying attention this last 10 years.
None of it matters...at all. (Score:5, Interesting)
I find it comical that people are still arguing over the validity of Snowden's claims, as he continues to be hunted down by the very government who is attempting to dismiss him as a mere nothing.
Perhaps the governments stance to dismiss this as nothing (at least on the surface) has merit, for the government knows that no matter how alarming, no matter how bad the breaches of privacy are or has been, citizens simply don't give a shit enough to care.
And the government knows this. So do many major companies, which is why they continue to operate the way they do (yes, AT&T I'm speaking to you and your recent surcharges that generated hundreds of millions...yes, I'm speaking to you Facebook, and your gall to start charging to put an email where it belongs).
Why do governments and corporations act in this arrogant way? Because they know that no one gives a shit anymore.
Apathy will be the demise of all privacy and Rights as we know them today. I promise you that.
And regardless of Snowden's claims, proof, facts, or evidence, not a damn thing will change for the better. Not a damn thing.
Now, go ahead. I dare you to prove me wrong.
Re:For a field that is compartmentalized... (Score:4, Interesting)
Also keep in mind that when working in government or other institutions in various support roles, there are jobs where you can have access to all kinds of things. Serving in the military I had a job like this, with nearly full access and permission to enter whatever spaces. (Some still required attendance by a person of higher or different clearances though, it wasn't all open-door. But I could pull papers, state reasons, and be backed up by superiors in my department.) However despite all the things I had physical access to, doing stuff like equipment validation while using fairly complete manuals, I wasn't too terribly nosy about things. (Of course being purposely not-nosy helps to stay out of trouble along with not having the greatest long-term memory when it comes to various details. Agreeing to confidentiality works in more than one level that way.)
I'm sure the same would also apply to IT, communications specialists (like Manning), or people like yeomen or secretarial staff. Very easy to have access to more than what your own clearance calls for, but most people stay out of trouble by keeping to one task and tuning out all the other stuff. (Keep in mind how bureaucratic systems work. Like recent news that has gone public in relation to leaks military people aren't allowed to see it for classification reasons. It's typically better to avoid the hassle.)
Of course then you have people like Snowden who take advantage of the situation. There's only so much manpower, and by trusting people to stay on task, they don't really watch everybody and what they may pick up on the side. Whether that's for better or worse, who knows? (But some of the CYA stuff really is in violation of the public trust for those in authority to do the right thing. Doing stupid shit and covering it up only serves to eliminate any moral or ethical higher ground you may have been considered to have stood upon. How about staying clean and not doing it in the first place? That really would have been the easiest way to prevent leaks that harm reputation. But nope, people still get caught doing shady crap, and the first response is to go and shoot the messenger.)
Re:For a field that is compartmentalized... (Score:5, Interesting)
It isn't magic, but it *is* supposed to be compartmentalized. That's the whole "need to know" situation. There shouldn't be a bunch of files for various classified programs sitting together in the same place or even on the same segment of the network for him to just grab.
Perhaps, as an admin, he did have access to multiple systems, or perhaps the compartmentalization was lax or failed, but even a TS/SCI clearance and admin access to hosts for one program isn't supposed to grant you access to all NSA programs. Government security, even government contractor security, is supposed to be very careful about specific requirements about networks, data access, and even facility security.
That's why some people are incredulous that Snowden is suddenly able to spout off about all sorts of programs as if he had all that data. Even with his elevated access, he should not have been able to comment authoritatively on anything but what he was working on directly.
I am not going to be incredulous by default. It may be possible he does know these things, but the assumption that just because he have "privileges" with some NSA programs does not make him an expert by default on all of them. He should have only been able to see what he was working on. So, if there is one thing that I do want to know from all of this, it might be whether their security was lax where Snowden was working.
Re:For a field that is compartmentalized... (Score:5, Interesting)
Bradley Manning is another good example, he was working at a field base in Iraq yet not only did he have access to military cables for Iraq and Afghanistan as well as the Apache video, he also had access to diplomatic cables from embassies across the globe. All this despite being a low ranking bottom of the pile private on a pretty basic wage.
This alone shows what an utter farce the GP's claim is, there's been plenty of evidence that compartmentalisation in the US security services is far better in theory than it actually is in practice.
Re:For a field that is compartmentalized... (Score:5, Interesting)
So, how did bugging the EU office in DC ward of terrorists? Do you flip open the "good citizen manual" and invoke the next boogeyman on the list to explain that one away?
Re:Well, duh. (Score:5, Interesting)
The really impressive part of the attack to me was the physical intelligence involved. Whoever did this knew the entire architecture of the Iranian nuclear facility; not just what was connected to what, but down to the model numbers of all the equipement used.
Re:No shit (Score:5, Interesting)
Yes, I remember how the US reacted as if stung by a wasp to Europe's idea of making a special independant court in The Hague for war criminals. War criminals could be caught in every country on Earth and then brought to The Hague to be tried. George Shrub was so shocked that he even made a law that allowed them to take American war criminals from The Hague with force. A few months later smelly pictures began to appear from the Ghraib prison.
Re:Stuxnet claim reduces credibility (Score:4, Interesting)
In truth, extraordinary claims without an explanation of how such information was obtained is a warning sign. How would a low level employee dealing with email surveillance know anything about stuxnet?
I think that falls into the same category as: How would a low-level employee bring on a world-wide hunt on himself? How did he get the president of Bolivia forcefully grounded and searched on a mere suspicion (which turned out to be incorrect) that Snowden may be hiding aboard?
Re: Really? (Score:5, Interesting)
Latin American Presidents would have just "had an accident" during the Cold War for a stunt like this.
I believe at least one African head of state met his demise this way, so yeah.
Because he WILLINGLY SIGNED UP WITH A SPY AGENCY ...
He signed up with Booz Allen to work at the NSA. When I signed up as a contractor to work at ExxonMobil, it was to fix broken tech., not to accept responsibility for the Exxon Valdes, et al. Snowden is a civilian, not a spook. This why he couldn't use whistleblower laws for protection (as if they're any protection [wikipedia.org]).
Re:For a field that is compartmentalized... (Score:5, Interesting)
When Chinese hackers stole a load of information about the F-35 it wasn't because they pulled off some righteous hack that required skill, perseverance and a high degree of technical knowledge, but precisely because protection of such sensitive data is sloppier than the good practice guidelines claim it should be.
I worked for the US military many years ago as a civilian programmer and I'd agree with this based on what I saw. I don't want to embarrass the particular branch of the service by naming them, but I used to say that their motto ought to be "Using yesterday's technology today" based on how many antiquated computer systems we had to work on and support. We actually had a system that still used punch cards and when I was in college the course books were already beginning to mock punch cards as being ancient technology. I can say that the government really doesn't want to be incompetent and have bad security, but the powers that be have too much blind faith in civilian contractors and Snowden burned them very badly as a result. The lesson that should be learned from this is exactly what Congress has been saying for years - "We need fewer non-government employees with access to these sensitive programs and their data" - but you'll be able to knock me over with a feather if there's a decrease in contractors as much as 10% as a result of this.