No one working with computer security or research should take the allegations seriously. They have no substance, and are as believable as claims that NSA can break RSA, or that they have built some Quantum computer and can break all crypto in the world.
I would really like to hear tptacek take a scientific approach in a comment about this. Is it a likely scenario that Russia intelligence could recruit, contact and provide help to an NSA employee without NSA knowing about it? Without NSA having any trace what so ever (in contrast to Manning and his chat conversations)? If Snowden sold information, is it believable that such trade could happen without NSA finding any incriminating evidence after-the-fact?
Same goes for credibly shown any harm to persons or national security. Is NSA so incompetent that a half year later, they can't find a single documented case of a person dieing, U.S. informers having to flee, or facilities being broken in to? The number of documents is massive, so surely, if they were provided to Russia or china, some verifiable damages should have happened by now?
I ask, which side should a scientific and rational mind side with. I would pick what ever is the most probable chain of events, and leave conspiracy theories to be argued by people with political agendas.
Is it a likely scenario that Russia intelligence could recruit, contact and provide help to an NSA employee without NSA knowing about it?
Yes? Very yes? But stop assuming you know what I think about Snowden. I find the idea that Snowden was literally an FSB mole to be far-fetched. I think he did what he did because he thought it was the right thing to do (I think he was probably wrong about a lot of what he did, though).
Basically, my problem is with the narrative fallacy. I find that most people's thinking about stories like these latches immediately to whatever makes the most sense as a story. "Snowden is a hero who was driven to leak exactly the right information by a system that was utterly disinterested in abuse reports and who will now lead the charge to abolish the NSA". Fiction. "Snowden is an agent of the shadow Soviet government who was charged with infiltrating the US government so he could help sabotage the world's last remaining superpower." Fiction.
Reality is almost always messy and incomprehensible. The Snowden situation has all the hallmarks of not being a clean good-versus-evil narrative.
Its nice to see, that once you talk from the point of a Software security person, you see the fiction from what it is. Fiction.
I do not think you would answer different, but your recent comment at https://news.ycombinator.com/item?id=7094408 showed an identical speculative narration as in this article. Speculations that portraits a good-versus-evil narrative.
Reality is indeed messy and incomprehensible, which is why it do not need all that additional speculations. Talking about Russian intelligence, China agents stealing documents, and Snowden providing wholesale access to intelligence services is simply fiction until more details is reveled. Nothing more.
We should all shut up if there is no concrete information to talk about. I agree there.
Now, if some authentic documents are leaked, those can and should be discussed if they are related to the interest of HN readers. They are after all by by definition, authentic and thus no longer speculations.
Is it a likely scenario that Russia intelligence could recruit, contact and provide help to an NSA employee without NSA knowing about it? Without NSA having any trace what so ever (in contrast to Manning and his chat conversations)?
This seems like an ahistorical assumption. Are you aware that a senior FBI agent in the Soviet/Russian counterintelligence group was a spy for the USSR/Russia for nearly 16 years before being caught? http://en.wikipedia.org/wiki/Robert_Hanssen
Since 2001 (when he arrested) NSA and surveillance technology has gone through a radical change. Society has also changed radically for the time Robert Hanssen was recruited into intelligence service, and the time Snowden started to work for the NSA. The scrutiny that existed for new employees in 1976 is nowhere similar to 2006.
I'm baffled by how you can simultaneously hold these two thoughts in your head --- that NSA surveillance has improved so much that it's impossible for foreign governments to plant moles in the giant NSA org chat, but that it's so bad a random kid can download gigs of documents to ship off to Glenn Greenwald.
It is a very hard (and well known) security design problem to make system that the system builders and maintainers themselves can't access. Its possible, but few do it even today.
Russia intelligence is an external threat, and its threat model is well know. Whistleblowers are an internal one.
So to me, its not difficult at all to see why external well know threats are today less likely to happen, while new internal ones are missed. I have the same view of Windows security, in that Russian hacker has a hard time to break in, but a Microsoft employee would have a much easier time.
Different threat models. I assume you are well familiar with the concept so I am a bit baffled by your baffledness.
side note: After they identified Robert Hanssen as a rouge entity, were the NSA unable to provide evidence after the fact? This is after all the question I originally made.
Back in 76 there would have not been contractors (who had been let go by the CIA) employed by a third party working inside the NSA - which is where the vetting fell down
Sure, and the scrutiny in 1976 was vastly improved to 1956, or twenty years before that, etc. As the saying goes, espionnage is one of the world's oldest professions.
If there wasn't a real fear of long-term moles in government, counter-intelligence wouldn't be such a huge part of what the Intelligence Community does.
Presumably the fact that Snowden took what he did and yet they still have no idea what he did take is ample evidence that the emperor is wearing no clothes and anybody could have anything by now. The security crime here was to aggregate all that info because this was an entirely inevitable outcome.
From an agnostic point of view, there is something worth noting: the whole world heard about the story.
That really does not seem "spy-ish" to me: spying is a game, the goal is information. In that mindset, since the whole world got the information, the straightforward explanation is: Snowden is playing for all of us.
In my opinion[ * ], the only plausible scenario where Snowden is a Russian spy is: the Russians did not want the intel for themselves, they wanted it public. It probably does not make much sense that it was to undermine the USA's international image or to cleanse their own; the remaining possibility would be to play on their domestic image (saying "hey, we Russians are more libertarian than Americans"), but that seems like a bit of overkill (and a lot more subtle than what Putin used us to.
[ * ] The sole alternative is: Snowden gave more info to Russia than he gave the newspapers. That would make the whole story worth becoming the next James Bond screenplay (or would have made, in a universe without Daniel Craig), and would give it a nice antique Cold-War aura; however, I fail to imagine what kind of intel could justify such a twisted plan.
I would really like to hear tptacek take a scientific approach in a comment about this. Is it a likely scenario that Russia intelligence could recruit, contact and provide help to an NSA employee without NSA knowing about it? Without NSA having any trace what so ever (in contrast to Manning and his chat conversations)? If Snowden sold information, is it believable that such trade could happen without NSA finding any incriminating evidence after-the-fact?
Same goes for credibly shown any harm to persons or national security. Is NSA so incompetent that a half year later, they can't find a single documented case of a person dieing, U.S. informers having to flee, or facilities being broken in to? The number of documents is massive, so surely, if they were provided to Russia or china, some verifiable damages should have happened by now?
I ask, which side should a scientific and rational mind side with. I would pick what ever is the most probable chain of events, and leave conspiracy theories to be argued by people with political agendas.