Recommended Reading – Cyber Edition II

June 26th, 2013 by zen

Lawfare Blog– Philip Bobbitt on the Snowden Affair and The Miminization and Targeting Procedures: An Analysis

Volokh Conspiracy –What is The “Real Story” About Edward Snowden and His Disclosure of NSA Activities?

Abu Muqawama – Through a Murky PRISM

Sic Semper Tyrannis – The Snowden Ruckus By Richard Sale and Clerks often have a lot of access

Pundita – Out with Obama’s China Pivot; in with the Snowden Pivot, and Obama’s Insider Threat program: Are you having a bad hair day? I might have to report you as a potential traitor to the United States.

That’s It!

Page 2 of 2 | Previous page

Posted in recommended reading | 12 comments

Previous post: Heavy breathing on the line: The words of the prophets are written in the circuit switching
Next post: Taylor Swift, Sara Mingardo, JS Bach and a quiet WTF

12 comments on this post.

Lynn Wheeler:

June 26th, 2013 at 10:00 pm

How Edward Snowden Snuck Through
http://nation.time.com/2013/06/26/how-edward-snowden-snuck-through/

a lot of this seems to misdirect from the mechanics of being able to obtain all the information at all. 20yrs ago, open security literature had gov. agency state-of-the-art was not only strict access controls but also behavior based monitoring that would catch employee atypical activity. all of that appears to have gone by the wayside as part of privatising the intelligence community and transition to for-profit operation. It appears that they not only aren’t doing monitoring but don’t appear to even have any idea what may have been taken. References to super administrative privileges imply that provisions requiring multiple individuals have also gone by the wayside.

If the surveillance stories are to be believed … if the extraction of the information had occurred over the open internet, they would at least be able to determine what has been taken.
Mr. X:

June 26th, 2013 at 10:48 pm

Why should we discuss surveillance when we can discuss endless chicken$&*t about Edward Snowden? And worship the three letter agencies as our gods while ignoring every other whistleblower besides Snowden, especially Tice? Seriously, after all the relentless trolling Joshua Foust has received from State Dept./Demintern groupies suddenly he’s they’re favorite tweep?

http://arstechnica.com/tech-policy/2013/06/exclusive-in-2009-ed-snowden-said-leakers-should-be-shot-then-he-became-one/

News flash Mr. Foust: people change. I was a ‘bomb em’ into the stone age’ flag waver too after 9/11 like much of my Generation Y. Then I grew up and realized my government had lied to me and Eisenhower was right about the military industrial complex.
Isaac:

June 26th, 2013 at 11:36 pm

(couldn’t comment at Tanji’s site)
Add ‘Insider Threat’ fall-out and the pendulum will defy gravity completely as it swings away.
Bob Morris:

June 27th, 2013 at 6:58 pm

I know for a fact that some federal agencies have extremely strict rules about data access, monitor everything, and if you accidentally (or otherwise) access data you should not, you better fill out a report quickly and explain what happened because they will know and contact you. And if you don’t have a good explanation you may get walked out of the building.

Yet Snowden, a contractor, grabbed everything he could and NSA didn’t know. What a Mickey Mouse operation.
Mr. X:

June 27th, 2013 at 8:35 pm

“Yet Snowden, a contractor, grabbed everything he could and NSA didn’t know. What a Mickey Mouse operation.” Or they’re simply used to low level contractors <ahem> working for the White House accessing everything including Gen. Petraeus phone calls.

And the useful idiots on Twitter keep fanatically defending these clowns as our glorious defenders from Vlad the Bad’s Eternal Evil Empire and the ChiComs. Ha! They’ve riddled the place with plants who’ve grabbed stuff Snowden didn’t even touch including SIGINT secure comm methods.
Lynn Wheeler:

June 28th, 2013 at 1:49 am

x-over from previous
https://zenpundit.com/?p=23942

reference to growing “Success of Failure” culture
http://www.govexec.com/excellence/management-matters/2007/04/the-success-of-failure/24107/

Booz Allen, the World’s Most Profitable Spy Organization
http://www.businessweek.com/articles/2013-06-20/booz-allen-the-worlds-most-profitable-spy-organization
Spies Like Us
http://www.investingdaily.com/17693/spies-like-us/

Private contractors like Booz Allen now reportedly garner 70 percent of the annual $80 billion intelligence budget and supply more than half of the available manpower.

… snip …

the whistleblower in the “Success of Failure” case was treated very badly. The scenario is for-profit operations have discovered that a series of failures is a lot more revenue than an immediate success (sort of natural evolution of the beltway bandits “leave no money on the table” paradigm). The congressional investigation put the agency on probation for five years (but did little for the whistleblower) and not able to manage its own projects. However, that may have been just a ploy … further privatizing the gov. (solution to the problem of for-profit companies in projects is to have more for-profit involvement … of course, some quarters claim that there is guaranteed 5% kickback to congress on appropriated funds to for-profit companies … which doesn’t happen if it is straight gov. agency)
Lynn Wheeler:

June 28th, 2013 at 1:12 pm

would appear to be regression from 20yrs ago … possibly associated with transition to for-profit operation

NSA Networks Might Have Been Missing Anti-Leak Technology
http://www.nextgov.com/cybersecurity/2013/06/nsa-networks-might-have-been-missing-anti-leak-technology/65708/

Also possibly more technology deployed against external forces than against internal. In the financial industry in the past, open security literature claims that 70-80% of breaches have involved insiders … although it might be more … in the financial services presidential critical infrastructure meetings, a major concern was making sure that the exploit information sharing ISAC not be subject to FOIA.
Lynn Wheeler:

June 28th, 2013 at 1:48 pm

… also not exactly unexpected given the stories about classified details of major weapons systems leaking out over the internet for years.
Lynn Wheeler:

June 28th, 2013 at 4:43 pm

financial industry was using multi-party operations to deal with high-value insider threats … crooks were countering with collusion … 30yrs ago financial industry state-of-the-art was anti-collusion procedures.

i’ve contended that one of the original motivations for RBAC was making it easier to define multi-party operations … formal association of permissions with roles would allow definitions where no single role had sufficient permissions to perform operation alone.

what has happened in the last 20yrs????
Mr. X:

June 28th, 2013 at 9:42 pm

Congratulations to McCain, Rubio, Graham and all the other ‘conservatives’ who claim we need the NSA to defend us from nasty threats like ex-KGB Commies, a real live ex-Stasi man approves:

http://www.mcclatchydc.com/2013/06/26/195045/memories-of-stasi-color-germans.html#%2EUc3_LPnFXTp

Reagan is rolling over in his grave wondering how we went from defeating the Evil Empire to resembling it.
zen:

June 29th, 2013 at 2:04 am

Markus Wolf would have made a fine Senator
Lynn Wheeler:

June 29th, 2013 at 5:13 pm

The Criminal N.S.A.
http://www.nytimes.com/2013/06/28/opinion/the-criminal-nsa.html

The equivalent metadata in financial statements is account holder, to whom it was paid, and how much was paid. I was co-author of X9.99 financial industry privacy standard. One of the things we had to take into account was HIPAA regulations where listing the name of a testing laboratory in financial statement would leak privacy information covered by HIPAA (aka an enormous amount of privacy information can leak out just using metadata)