Given all the fuss over the ridiculous article this past weekend — which has since been confirmed as government stenography rather than actual reporting — security maven Bruce Schneier has written up an article making a key point. It’s quite likely that the underlying point in the article — that Russian and Chinese intelligence agencies have access to the documents that Snowden originally handed over to reporters — is absolutely true. But, much more importantly, he argues, the reason likely has almost nothing to do with Snowden.
First, he notes, it’s quite likely that Snowden — as he has said — no longer has access to the documents. But other people do. And they’re not as knowledgeable about encryption and spycraft as Snowden is.
First, the journalists working with the documents. I’ve handled some of the Snowden documents myself, and even though I’m a paranoid cryptographer, I know how difficult it is to maintain perfect security. It’s been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it’s almost certainly not enough to keep out the world’s intelligence services.
There is a lot of evidence for this belief. We know from other top-secret NSA documents that as far back as 2008, the agency’s Tailored Access Operations group has extraordinary capabilities to hack into and “exfiltrate” data from specific computers, even if those computers are highly secured and not connected to the Internet.
These NSA capabilities are not unique, and it’s reasonable to assume both that other countries had similar capabilities in 2008 and that everyone has improved their attack techniques in the seven years since then.
But, the second point is an even bigger one, which is that it’s highly likely that Russian and Chinese intelligence got these documents long before Snowden gave them to the press, because that’s what spies do.
Which brings me to the second potential source of these documents to foreign intelligence agencies: the US and UK governments themselves. I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they’ve penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades.
Those government hacking examples above were against unclassified networks, but the nation-state techniques we’re seeing work against classified and unconnected networks as well. In general, it’s far easier to attack a network than it is to defend the same network. This isn’t a statement about willpower or budget; it’s how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game. In other words, it’s all offense and no defense.
In this kind of environment, we simply have to assume that even our classified networks have been penetrated. Remember that Snowden was able to wander through the NSA’s networks with impunity, and that the agency had so few controls in place that the only way they can guess what has been taken is to extrapolate based on what has been published. Does anyone believe that Snowden was the first to take advantage of that lax security? I don’t.
Remember, this is the same government that’s now reeling from the Chinese hacking of OPM getting all the secrets of government employees, including those with security clearances. It was a hack so impressive that even Michael Hayden — former CIA and NSA boss — can’t hide his appreciation of the work that was done. Hayden called it “honorable espionage work” by the Chinese and further notes that he “would not have thought twice” if he had the ability to get the same info from the Chinese.
These are the games that intelligence agencies play all the time. Schneier’s piece has a lot more in it, but the idea that the Russians and Chinese learned anything particularly new or useful from the Snowden documents — or that they even got them from Snowden’s document dump — seems quite dubious.