[Cryptography] Equation Group Multiple Malware Program, NSA Implicated
Arnold Reinhold
agr at me.com
Fri Feb 20 06:02:04 EST 2015
On Wed, 18 Feb 2015 11:58 ianG wrote:
> The insider theft has always been a huge difficulty. But the NSA is
> more a victim of changing circumstances than any huge laxness. A
> scratch list:
>
> * They haven't had a major spy case in years.
…
The Bradley (Chelsea) Manning incident in 2010 should have been more than enough warning to the NSA. Manning siphoned off vast swaths of SIPRNET content with little effort, not that different from what Snowden did more than 3 years later. How much of a heads up does the world’s largest information security agency need?
The reliability equation is in play here. Say a system has N components any one of which failing will cause an overall system failure. It could be links in an anchor chain or in this case trusted employees. If each employee is 99% reliable how big does N have to be for a 50% probability of failure? Answer 69 employees. If the vetting process is 99.9% reliable, N goes up to 692 employees. With thousands of people having access to highly classified information and easy ability to copy it, a leak is inevitable. Maybe it was only sysadmins at NSA who had access and the tools to copy without being noticed, but how many of them did NSA have? Did NSA conduct a lessons learned security review after Pvt. Manning? If so, I’d love to know what what actions were recommended and which were carried out.
It’s great fun to read all the juicy details of NSAs activities, but the government's inability to keep anything secret should be troubling too. Think about nuclear weapon design software.
Arnold Reinhold
More information about the cryptography
mailing list