http://investigations.nbcnews.com/_news/2013/08/29/20234171-snowden-impersonated-nsa-officials-sources-say

One of the best lines in the article that speaks volumes about our government...

“Every day, they are learning how brilliant [Snowden] was,” said a former U.S. official with knowledge of the case. “This is why you don’t hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.”

“Every day, they are learning how brilliant [Snowden] was,” said a former U.S. official with knowledge of the case. “This is why you don’t hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.”

Keep 'em dumb, or dumb enough to do your bidding... Just like Officer Friendly... Too smart and they start asking questions...

This is great too:


Each user profile on NSAnet includes a level of security clearance that determines what files the user can access. Like most NSA employees and contractors, Snowden had a “top secret” security clearance, meaning that under his own user profile he could access many classified documents. But some higher level NSA officials have higher levels of clearance that give them access to the most sensitive documents.

As a system administrator, according to intelligence officials, Snowden had the ability to create and modify user profiles for employees and contractors. He also had the ability to access NSAnet using those user profiles, meaning he could impersonate other users in order to access files. He borrowed the identities of users with higher level security clearances to grab sensitive documents.

Once Snowden had collected documents, his job description also gave him a right forbidden to other NSA employees– the right to download files from his computer to an external storage device. Snowden downloaded a reported 20,000 documents onto thumb drives before leaving Hawaii for Hong Kong on May 20.

So, let me get this straight, you give a person with medium level clearance the ability to create and modify other user profiles, including those with much higher clearance levels than their own.... What could possibly go wrong?

Thank God Snowden exposed this crap, but really? Who in their right mind gives the ability to administer higher level clearance rights to someone with a lower level of access rights and not expect any mischief?

"Yo, guard this box. Don't look inside as you are not authorized to do so. I am gonna leave and nobody will know if you look inside the box. But don't look. Ok? Got it? And if you take something from the box, nobody will know either, but don't take nuttin...."

I declare every May 20th from here on out "Snowden Appreciation Day"

I declare every May 20th from here on out "Snowden Appreciation Day"

Here, Here! It is now on my calendar!

One of the best lines in the article that speaks volumes about our government...


“Every day, they are learning how brilliant [Snowden] was,” said a former U.S. official with knowledge of the case. “This is why you don’t hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.”this former U.S. official with knowledge of the case didn't leak this did he?

being a former U.S. official with knowledge of the case, is it any surprise he did not surmise that the real litmus test for employees if they want to avoid this is to determine whether or not they have a conscience.

How do they not realize what root access is? Oh yeah, it's the government.

“The damage, on a scale of 1 to 10, is a 12,” said a former intelligence official.

^Really?

So, let me get this straight, you give a person with medium level clearance the ability to create and modify other user profiles, including those with much higher clearance levels than their own.... What could possibly go wrong?


The good news is that totalitarian security states are often not terribly good at it.

The good news is that totalitarian security states are often not terribly good at it.

http://www.motherjones.com/files/imagecache/master-image/legacy/washington_dispatch/2008/07/mccain-internet-250x200.jpg

curiouser and curiouser

will anyone here let us know what name my hero posted under on RPF?

i'm guessing General Alexander or Clapper

“The damage, on a scale of 1 to 10, is a 12,” said a former intelligence official.

^Really?

Damaged to their credibility. Uncovering their tyranny.

http://www.motherjones.com/files/imagecache/master-image/legacy/washington_dispatch/2008/07/mccain-internet-250x200.jpg

LOL!

Keep 'em dumb, or dumb enough to do your bidding... Just like Officer Friendly... Too smart and they start asking questions...

This is great too:



So, let me get this straight, you give a person with medium level clearance the ability to create and modify other user profiles, including those with much higher clearance levels than their own.... What could possibly go wrong?

Thank God Snowden exposed this crap, but really? Who in their right mind gives the ability to administer higher level clearance rights to someone with a lower level of access rights and not expect any mischief?

"Yo, guard this box. Don't look inside as you are not authorized to do so. I am gonna leave and nobody will know if you look inside the box. But don't look. Ok? Got it? And if you take something from the box, nobody will know either, but don't take nuttin...."

I declare every May 20th from here on out "Snowden Appreciation Day"

The problem has to do with technical illiteracy.

The NSA is essentially hiring illiterate people to be the top dogs.

These guys have no idea how to set and create user privilieges. They've probably never seen a terminal or command prompt in their lives. Yet they are the ones who are supposed to be all knowing and all protective when it comes to securing us. It shows you what a sham the entire hierarchical security operation is.

The guys who get the biggest payoffs for selling out the American people are on the top. They are the elite's men on the inside. They thought they could just outsource the technical details to a few contractors while they pull the strings at the top and nothing out of the ordinary would happen.

Obviously they were wrong, and their ineptitude and obliviousness is readily apparent. They should all be fired for their inadequacies. They just don't make the cut for the work that is demanded of them. They are obsolete for their job description. They shouldn't be collecting a paycheck whatsoever let alone a $300k+ one.

LoL

Can't have brilliant people on the defense...
...but expect to somehow stop brilliant people from the offense of the other side...\

...oh, and our private information is safe in their hands.

"Yo, guard this box. Don't look inside as you are not authorized to do so. I am gonna leave and nobody will know if you look inside the box. But don't look. Ok? Got it? And if you take something from the box, nobody will know either, but don't take nuttin...."

Meanwhile, at NSA station codename "Swamp Castle" ...

https://www.youtube.com/watch?v=OdKa9bXVinE


https://www.youtube.com/watch?v=OdKa9bXVinE

The Government impersonates people all the time with the end goal of entrapment.

Par for the course.

The Government impersonates people all the time with the end goal of entrapment.

Par for the course.Ain't That Dah Truth...

Sounds like the NSa doesn't want anyone knowing all the illegal, oppressive, totalitarian control over the people and their governments. How Liberty minding of a statement. :rolleyes: Now will see "LIFELOCK" type of commercial for your data. I can see it now, learn when somone accesses your data. See who touches your files, reads them, writes to them, copies them. "With LIFELOCK LIBERTY, you know when your oppressors & totalitarian regimes are accessing and looking at you!"
NSA is restricting its research to a much smaller group of individuals with access to sensitive documents.

On one hand, that was probably an inappropriate, perhaps unethical, thing for Snowden to do; on the other hand, if they didn't want him to be able to access that information, then it's their fault for failing to lock it down to prevent him from being able to access it.

the catch-22 of nsa personnel requirements-
most high level networking guys are libertarian (at least lean that way)
the drone mind isn't complex enough to understand such abstract concepts.
thus they are now looking for that fine line between smart drone and brilliant libertarian.

This is the only good article on the topic I've seen. It doesn't dummy it down and adds a lot of info not being reported elsewhere:

Sysadmin security fail: NSA finds Snowden hijacked officials’ logins
Snowden reportedly used high-ranking official's profiles to troll NSA's intranet.
http://arstechnica.com/information-technology/2013/08/sysadmin-security-fail-nsa-finds-snowden-hijacked-officials-logins/

-t

On one hand, that was probably an inappropriate, perhaps unethical, thing for Snowden to do; on the other hand, if they didn't want him to be able to access that information, then it's their fault for failing to lock it down to prevent him from being able to access it.

I don't see anything inappropriate or unethical about it... If he did in fact impersonate other users to get the data, did it break their "rules"? Sure. But is that unethical or inappropriate? Not just no, but hell no....

"Yo, I killed this Goombah over here cause he didn't pay his extortion fee. Don't tell nobody what I did, got it?" So if you do tell about it, then you broke the "rules", but was it unethical to tell?

Surprised I have to explain that....

The NSA is like the mafia here.... got it?

I don't see anything inappropriate or unethical about it... If he did in fact impersonate other users to get the data, did it break their "rules"? Sure. But is that unethical or inappropriate? Not just no, but hell no....

"Yo, I killed this Goombah over here cause he didn't pay his extortion fee. Don't tell nobody what I did, got it?" So if you do tell about it, then you broke the "rules", but was it unethical to tell?

Surprised I have to explain that....

The NSA is like the mafia here.... got it?
No, I don't get it.

This is the only good article on the topic I've seen. It doesn't dummy it down and adds a lot of info not being reported elsewhere:

Sysadmin security fail: NSA finds Snowden hijacked officials’ logins
Snowden reportedly used high-ranking official's profiles to troll NSA's intranet.
http://arstechnica.com/information-technology/2013/08/sysadmin-security-fail-nsa-finds-snowden-hijacked-officials-logins/

-t

Good article. So Snowden alerted them to their mistakes so they can make sure no errors like this occur in the future as they continue to track everyone...

Good article. So Snowden alerted them to their mistakes so they can make sure no errors like this occur in the future as they continue to track everyone...

there is more than one way to skin this tyrant.

the nsa is so inept, some of its own sonic walls have default logins still intact.
door wide open. want to send all of the NSA traffic through your own DNS logger first?