[Cryptography] Opening Discussion: Speculation on "BULLRUN"

[Jerry Leichter]

On Sep 5, 2013, at 7:14 PM, John Kelsey wrote:
> My broader question is, how the hell did a sysadmin in Hawaii get hold of something that had to be super secret?  He must have been stealing files from some very high ranking people.  
This has bothered me from the beginning.  Even the first leaks involved material that you would expect to only be available to highly trusted people *well up in the organization* - they were slides selling capabilities to managers and unlikely to be shown to typical employees, cleared or not.  My immediate impression was that we were looking at some disgruntled higher-up.

The fact that these are coming from a sysadmin - who would never have reason to get legitimate access to pretty much *any* of the material leaked so far - is a confirmation of a complete breakdown of NSA's internal controls.  They seem to know how to do cryptography and cryptanalysis and all that stuff - but basic security and separation of privileges and internal monitoring ... that seems to be something they are just missing.

Manning got to see all kinds of material that wasn't directly related to his job because the operational stuff was *deliberately* opened up in an attempt to get better analysis.  While he obviously wasn't supposed to leak the stuff, he was authorized to look at it.  I doubt the same could be said of Snowden.  Hell, when I had a data center manager working for me, we all understood that just because root access *let* you look at everyone's files, you were not *authorized* to do so without permission.

One of the things that must be keeping the NSA guys up night after night is:  If Snowden could get away with this much without detection, who's to say what the Chinese or the Russians or who knows who else have managed to get?  Have they "spiked the spikers", grabbing the best stuff the NSA manages to find?

                                                        -- Jerry