General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsSnowden says that he had "the authorities" to wiretap anyone -- even the President.
Last edited Sun Jun 9, 2013, 08:40 PM - Edit history (1)
And that "any analyst" can target anyone.
(Although later he acknowledged they might not be able to target "everything."
Do you believe all that? Do you believe he himself could have shut down the whole US security system in an afternoon?
If you don't, does it affect his overall credibility or not?
http://www.sfgate.com/technology/businessinsider/article/29-Year-Old-NSA-Whistleblower-Makes-Mindblowing-4590125.php
At one point he says: "I had full access to the full rosters of everyone working at the NSA, the entire intelligence community, and undercover assets all around the world."
Earlier he claims: "Any analyst at any time can target anyone ... I, sitting at my desk, certainly have the authorities to wiretap anyone from you or your accountant, to a federal judge, to even the President."
And around the 10:30 mark, he makes the shocking claim: 'If I had just wanted to harm the U.S., you could shut down the surveillance system in an afternoon, but that's not my intention."
msanthrope
(37,549 posts)claims, and the lining of the hotel room with pillows and the red hood indicate someone who seems very stressed.
He is being treated for epilepsy, apparently.
NightWatcher
(39,343 posts)And he had the kind of access he is claiming???
No one can get that deep that fast NO ONE!
Recursion
(56,582 posts)He's saying he had that at some point in the past at the NSA.
giftedgirl77
(4,713 posts)Intell doesn't work like that. Especially when it comes to US citizens or even individuals suspected of being US citizens. That includes here & abroad.
You can't even shut down a basic network with the flip of a switch, do you really think a mid-level (if that) employee would have access to shut the whole thing down?
The more this guy talks the less credible he sounds. All he has given so far is a slide that they give to all new recruits & a warrant. Nothing of which supports his big claim of terrible wrong doing by the big bad man.
warrior1
(12,325 posts)Even an analyst would be monitored. They would know ever keystroke Edward made. He's full of shit.
OilemFirchen
(7,143 posts)The all-seeing all-knowing NSA can listen in on any conversation, anywhere, at any time.
Yet this freshman NSA computer analyst can steal a secret NSA doument and go undetected.
BlueStreak
(8,377 posts)If they are focused on monitoring everyone else, it is entirely plausible a certain hubris overtook the organization, making them sloppy internally.
okaawhatever
(9,462 posts)had access to so many different computers due to that. You can tell me if that seems right to you.
treestar
(82,383 posts)If they could do it, they could not use any evidence in a prosecution.
usGovOwesUs3Trillion
(2,022 posts)since EVERYTHING, apparently, is being recorded and warehoused.
As someone who makes their living in IT, I know this is true, especially for systems administrators... if you have root, you can access anything on the server.
pnwmom
(108,995 posts)usGovOwesUs3Trillion
(2,022 posts)randome
(34,845 posts)[hr]
[font color="blue"][center]Stop looking for heroes. BE one.[/center][/font]
[hr]
usGovOwesUs3Trillion
(2,022 posts)AnalystInParadise
(1,832 posts)the Army's foremost Analytical system DCGS-A, the one Manning used, was running on Windows.......Most intel work done today is with off the shelf software and hardware, the differences are in the interfaces, that is what has to be learned.
maxrandb
(15,355 posts)is that he was placed in a position of trust, and decided to download and dump a bunch of classified material "illegally".
I'm a career military person, and there are ways that he could have brought these documents to light through the proper channels, but instead, he decided to just violate the security of the nation. A security he was bound by law and oath to protect.
Why some want to make this guy into a hero is beyond me.
usGovOwesUs3Trillion
(2,022 posts)It does not matter what you think of the individuals who revealed the wrong doing of our government, what matters is how we are to deal with this information now that we have it.
Major Nikon
(36,827 posts)Where I work there is only one employee who knows the root password. A second employee knows the combination to the safe which houses a sealed envelope which contains the root password, to be used in the event the first employee isn't available and an emergency occurs.
I can't imagine the NSA having less security than the network where I work. Certainly there are networks out there where all sorts of people have root access, but they are not what I would call secure facilities.
usGovOwesUs3Trillion
(2,022 posts)sounds like you work for a very small outfit, especially when compared to the U.S. gov.
Major Nikon
(36,827 posts)Inside a very large outfit. I'm pretty sure the government is going to use the same, if not much more rigid procedures, especially NSA. The biggest threat to computer systems comes from within.
usGovOwesUs3Trillion
(2,022 posts)i can tell just by that that it is relatively small, I didn't say anything about it's security.
the other thing is, in order for information to flow to as many people as it does globally in the U.S. gov you need a lot of systems, which require a lot of people to manage them, which also requires a lot of people with root.
ever wonder how a private like manning had access to so much classified info?
Major Nikon
(36,827 posts)Manning was an intelligence analyst who worked in Iraq. He had access to exactly what he was supposed to have access which makes up for much of what he leaked. As far as the rest of it goes, that simply demonstrates how loose the military is with such things. I was in the military for 10 years. Anyone who thinks the military uses cutting edge equipment and techniques probably hasn't spent much time in the military. Most of what you see is outdated, and the same goes for their procedures.
Government agencies typically have multiple networks. They will have a less tightly controlled administrative network that ties all their employees together, and they will have smaller secure systems dedicated to specific tasks, tied together in varying degrees by secure networks. When you parcel secure systems out in the field, as the government often does, it becomes easier to narrow system admin access to very few, if not one person.
From the looks of what this guy revealed (a powerpoint presentation), my guess is that whatever he got, he obtained from their admin network and probably wouldn't have needed a very high clearance to get it.
usGovOwesUs3Trillion
(2,022 posts)HipChick
(25,485 posts)It's not as easy as all that..
Major Nikon
(36,827 posts)woo me with science
(32,139 posts)"Any analyst at any time can target anyone, any selector, anywhere. Where those communications will be picked up depends on the range of the sensor networks and the authorities that analyst is empowered with. Not all analysts have the ability to target everything. But I sitting at my desk certainly had the authorities to wiretap anyone from you or your accountant to a Federal judge to even the President if I had a personal e-mail."
http://www.policymic.com/articles/47355/edward-snowden-interview-transcript-full-text-read-the-guardian-s-entire-interview-with-the-man-who-leaked-prism
Always better to read the actual interview.
randome
(34,845 posts)[hr]
[font color="blue"][center]Stop looking for heroes. BE one.[/center][/font]
[hr]
woo me with science
(32,139 posts)I think he's clarifying.
Major Nikon
(36,827 posts)Then he's saying that all analysts can target anyone, but that they may not have access to everything. In other words, any analyst can target anyone, but they may be limited on what data they get. This is pretty much what the OP said.
pnwmom
(108,995 posts)woo me with science
(32,139 posts)but, frankly, I consider your question as much of a disingenuous distraction as your pathetic OP about a tiny campaign contribution.
The critical issue here, which you and others are desperately attempting to deflect, is the massive, unconscionable surveillance program targeted at American citizens by our own government.
randome
(34,845 posts)Where is the evidence that Americans are being spied upon?
[hr]
[font color="blue"][center]Stop looking for heroes. BE one.[/center][/font]
[hr]
Luminous Animal
(27,310 posts)We certainly saw that Americans were being targeted with the Verizon leak.
morningfog
(18,115 posts)Verizon included all their US customers.
randome
(34,845 posts)The way I see it is like this. And I have no knowledge of computer systems in use at the NSA but I'll put this in a PC frame of reference.
Say Verizon keeps all its data on a detachable hard drive. The NSA wants to search for calling patterns. Verizon can't very well only pull the numbers from the hard drive that might fit the pattern because no one has examined the data yet.
So Verizon hands over the hard drive, NSA analyzes it and pulls out only those numbers that match the pattern they are looking for.
Yes, technically, 'innocent' numbers are on the hard drive but that's just a byproduct of the Information Age -everything is stored in one place and is easily transportable.
I see much of this controversy as stemming from how we are still finding ways to cope with the fact that so much data can be stored on very miniature disks.
Big Data in Small Places.
[hr]
[font color="blue"][center]Stop looking for heroes. BE one.[/center][/font]
[hr]
morningfog
(18,115 posts)This seems like the tip of the iceberg, especially judging by Obama's and others reactions.
woo me with science
(32,139 posts)The Atlantic: A privacy scholar explains the recent news about PRISM and government surveillance
http://www.theatlantic.com/national/archive/2013/06/prisms-legal-basis-how-we-got-here-and-what-we-can-do-to-get-back/276667/?google_editors_picks=true
The US government is collecting the phone records of millions of US customers of Verizon under a secret court order
http://www.guardian.co.uk/world/interactive/2013/jun/06/verizon-telephone-data-court-order
randome
(34,845 posts)You cannot pull only the numbers you want because you don't know which numbers you want until you have run the matching program.
If what Verizon hands over is considered a 'black box', meaning only those numbers are pulled without anyone getting their hands on the data for any other purpose, then Americans are not targeted and 'spying' on Americans is not occurring.
Of course everyone could be lying to us. But you cannot search for call patterns without first having all the data available to run through the automated system.
[hr]
[font color="blue"][center]Stop looking for heroes. BE one.[/center][/font]
[hr]
woo me with science
(32,139 posts)How pathetic and disgraceful this drumbeat of propaganda is.
Luminous Animal
(27,310 posts)woo me with science
(32,139 posts)uponit7771
(90,364 posts)backscatter712
(26,355 posts)That shows desperation.
Response to backscatter712 (Reply #24)
woo me with science This message was self-deleted by its author.
Luminous Animal
(27,310 posts)Kind of like. Backscatter... "embellished"... "shows desperation."
malaise
(269,157 posts)Luminous Animal
(27,310 posts)The truth is buried in the ellipsis.
pnwmom
(108,995 posts)Luminous Animal
(27,310 posts)Your title and the article is dishonest.
pnwmom
(108,995 posts)Luminous Animal
(27,310 posts)AnalystInParadise
(1,832 posts)At Sun Jun 9, 2013, 08:48 PM an alert was sent on the following post:
I guess, in some quarters. Half-assed is like a glass half full.
http://www.democraticunderground.com/?com=view_post&forum=1002&pid=2980163
REASON FOR ALERT:
This post is disruptive, hurtful, rude, insensitive, over-the-top, or otherwise inappropriate. (See <a href="http://www.democraticunderground.com/?com=aboutus#communitystandards" target="_blank">Community Standards</a>.)
ALERTER'S COMMENTS:
Name calling.
You served on a randomly-selected Jury of DU members which reviewed this post. The review was completed at Sun Jun 9, 2013, 08:53 PM, and the Jury voted 0-6 to LEAVE IT.
Juror #1 voted to LEAVE IT ALONE and said: Close but not over the line. If I had to deal with a poster refusing to admit their mistakes and even in some instances doubling down on those mistakes, I might also become frustrated. In this case the person alerting might want to look at facts based argumentative styles.
Juror #2 voted to LEAVE IT ALONE and said: Name-calling? Are you serious?
Juror #3 voted to LEAVE IT ALONE and said: No explanation given
Juror #4 voted to LEAVE IT ALONE and said: That's not name-calling. The post was characterized as half-assed, not the poster. Stop the incessant whining.
Juror #5 voted to LEAVE IT ALONE and said: No explanation given
Juror #6 voted to LEAVE IT ALONE and said: Mild name-calling at best.
Thank you very much for participating in our Jury system, and we hope you will be able to participate again in the future.
Luminous Animal
(27,310 posts)gulliver
(13,195 posts)That would be beautiful. The guy gets a hold of something essentially meaningless but deeply sourced. 'My gosh! A real court order secret document and spy decoder ring from a real nerd!!" He hands it to Greenwald and Greenwald goes gaga. Then the guy tells Greenwald he wants to go public. Greenwald shits self. Guy proceeds to tell the world how he could have wiped out our pathetic attempts at self-defense with a stroke of his pinky, but he let us all keep living out of the goodness of his heart.
Would be so damned funny. Wonder how our DUer hero worshipers would climb down.
BeyondGeography
(39,379 posts)A libertarian determined to unmask our deteriorating freedoms seeks refuge in a Communist country. You can't make that shit up.
Yes, Hong Kong has a spirited democracy movement, but China runs the place and the region has yet to have an open election (that is supposed to happen in 2017).
As Josh Marshall put it, Iceland ain't happening and Snowden's best bet is that China will use him to stick it to the US:
But the decision to go to China inevitably colors his decision and sets up what could be a very uncomfortable diplomatic stand-off. Ive seen people linking to the current US-Hong Kong extradition treaty. Call me naive but I think this is going to come down to how Beijing wants to play this. If they dont want a fight over this, Snowdens toast. If they like the optics of it, I dont think it matters what that extradition treaty says. Chinas a big enough player and the US has enough other fish to fry with the Chinese, that the US is not going to put the bilateral relationship on the line over this guy. And the Chinese might relish granting asylum to an American running from the claws of US state repression.
http://talkingpointsmemo.com/archives/2013/06/whats_the_deal_with_hong_kong.php?ref=fpblg
randome
(34,845 posts)[hr]
[font color="blue"][center]Stop looking for heroes. BE one.[/center][/font]
[hr]
aquart
(69,014 posts)I'll believe it when they build the worker housing they need.
Cha
(297,655 posts)Iceland! Wow, that's naive.
flamingdem
(39,321 posts)Manic Depressive or something like that .. borderline
usGovOwesUs3Trillion
(2,022 posts)address, even the presidents.
That's how deep the rabbit hole goes... and anyone with the appropriate access (Like him being a sysadmin) could read their emails.
FYI
pnwmom
(108,995 posts)usGovOwesUs3Trillion
(2,022 posts)since that is what the spy system does by DEFAULT, it collects ALL digital communications, both foreign AND domestic.
And that is why this is a BIG DEAL.
Got it?
Luminous Animal
(27,310 posts)and IF he had the President's personal email account, why wouldn't he have the capability?
IF the President used a Gmail or Yahoo account, it would be no more secure than any other U.S. citizen's.
backscatter712
(26,355 posts)Let's translate from NSA-speak to English.
All he needs to point the Stasi-style surveillance machine at you is permission from his authorities. In other words, he just needs to email his boss, who clicks a checkbox on his computer to put his worker on an access-control-list giving him the ability to use particular surveillance tools, and voila.
Yep, that's a real check-and-balance that the Founding Fathers would see and beam with pride! Nothing says accountability like having to get permission from a supervisor!
pnwmom
(108,995 posts)deciding to wiretap him?
AnalystInParadise
(1,832 posts)Fucking Christ do you know anything about open source email programs?
Response to AnalystInParadise (Reply #52)
Recursion This message was self-deleted by its author.
backscatter712
(26,355 posts)...designed by the NSA.
Recursion
(56,582 posts)How, for starters, are the connection logs allegedly getting from wherever they are to Ft. Meade in real time? That's not an amount of traffic you can hide.
pnwmom
(108,995 posts)AnalystInParadise
(1,832 posts)n/t
usGovOwesUs3Trillion
(2,022 posts)and he, as a sysadmin, could access the data collected against that email address.
see video around 3:00...
http://www.guardian.co.uk/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance
His point is that EVERYONES communications are ceing recorded, and stored for EASY to access, at anytime, by anyone with the appropriate access/authority.
randome
(34,845 posts)If that was his only problem with the setup, then why does he 'report' it to the Guardian? He hasn't claimed he wasn't listened to, has he?
[hr]
[font color="blue"][center]Stop looking for heroes. BE one.[/center][/font]
[hr]
usGovOwesUs3Trillion
(2,022 posts)randome
(34,845 posts)I keep nodding off! Can you tell me at what he point he says something about going to his supervisors? I'll try to watch the entire thing.
On edit: I'm sorry but I don't hear anything about his going to supervisors or doing anything other than 'reporting' to Glenn Greenwald.
[hr]
[font color="blue"][center]Stop looking for heroes. BE one.[/center][/font]
[hr]
usGovOwesUs3Trillion
(2,022 posts)he mentions talking about it the problems internally (Starting at the 1:00 mark) and being dismissed.
Makes me question your judgment, and comprehension skills.
randome
(34,845 posts)I guess that means he raised objections but I don't consider him very direct on that point.
He says it in a very casual way, almost glossing over it.
[hr]
[font color="blue"][center]Stop looking for heroes. BE one.[/center][/font]
[hr]
usGovOwesUs3Trillion
(2,022 posts)Luminous Animal
(27,310 posts)into anyone's PERSONAL email account.
IF the President had a personal Gmail or Yahoo account, he'd be no more protected from data-collection than anyone of us.
randome
(34,845 posts)I haven't heard anything on the video yet that says he tried to talk with anyone other than with Greenwald.
[hr]
[font color="blue"][center]Stop looking for heroes. BE one.[/center][/font]
[hr]
Luminous Animal
(27,310 posts)randome
(34,845 posts)If he saw a problem, why wouldn't he talk to his supervisor? He hasn't even claimed to have tried that, from what I can see. Or use the whistleblower channels.
I can be convinced otherwise but right now he just doesn't sound authentic to me. I think he's misguided.
[hr]
[font color="blue"][center]Stop looking for heroes. BE one.[/center][/font]
[hr]
Luminous Animal
(27,310 posts)randome
(34,845 posts)Which is why I think he's overstating things and exaggerating his importance. So I don't think NSA planned for everyone at the agency to have access to everyone's private information.
Still waiting to hear specifics, though.
[hr]
[font color="blue"][center]Stop looking for heroes. BE one.[/center][/font]
[hr]
Luminous Animal
(27,310 posts)Recursion
(56,582 posts)And again, if he's the sysadmin, with the NSA's Linux contributions that doesn't give him access to data.
usGovOwesUs3Trillion
(2,022 posts)nor would the president
Recursion
(56,582 posts)Why are you so inclined to believe whatever he says?
AnalystInParadise
(1,832 posts)at a minimum he had a TS/SCI HCS clearance. Probably also had SI/TK caveats if he was working at the tunnel. If he had that, he had access to ALMOST everything in existence in the MI world. Not quite everything, but almost.
Recursion
(56,582 posts)Also, no, not even close to everybody at BAH has HCS.
AnalystInParadise
(1,832 posts)or Smith? Because I work at one of the two and it is required to work in our SCIF. We all had to sign our NDA's and watch the stupid video when we started work.
Recursion
(56,582 posts)Sorry, I thought you were just saying if he worked for BAH in general. I've never dealt with that end of things; just NAVSEA.
AnalystInParadise
(1,832 posts)I work in Hawaii, not the same field or company as Snowden, but here yeah most people have HCS to work where we work.
pnwmom
(108,995 posts)of his super powers.
AnalystInParadise
(1,832 posts)If he worked for Booz, he needed most of these caveats to do the job. Argue from fact please, the rest of us are doing that.
Or better yet: Use your vast intellect and knowledge of the Intelligence Community to tell me why he did not have access to this information.
pnwmom
(108,995 posts)You're arguing from the same mash-up of truth and fiction that's been appearing all over the internet ever since this story broke.
No one knows yet what the true facts are.
backscatter712
(26,355 posts)Twenty billion here, twenty billion there, before long, you're talking about real money.
They get dedicated buildings the size of stadiums designed to house computers, special secret rooms installed in the switching centers of Verizon, AT&T, etc.
I think they've got enough IT assets to cause any computer geek's jaw to drop.
Recursion
(56,582 posts)How do you hide about 20% of the Internet's traffic going to you?
I've deal with routers in very high-traffic datacenters, including ones used by Facebook and Google. How did they get the data out without my or any of my colleagues' seeing the traffic?
backscatter712
(26,355 posts)They get the data right off the backbone, where all the switching and routing equipment already lives to send everyone's packets around. At that point, it's just a matter of copying packets and sending the copies down the secret lines.
Recursion
(56,582 posts)641A was revealed precisely because you can't hide that level of data transfer from the techs.
backscatter712
(26,355 posts)The NSA certainly has the budget for them.
DisgustipatedinCA
(12,530 posts)Recursion
(56,582 posts)Now get it back to you without my noticing.
How do you propose doing that? I do actually watch what happens with my routers.
DisgustipatedinCA
(12,530 posts)Routers talk to other routers on the Internet with a protocol called BGPv4. Routes are exchanged between different autonomous systems (companies, more or less). This often happens at a "carrier hotel" where different companies keep big routers and WAN switches and connect to one another. All of your company's traffic goes through this point (and maybe one or two more, where the NSA also shares a room...however many BGP peers you have is the number of possible physical paths--not very many). The NSA sets up a SPAN port at the carrier facility and collects every packet going into and out of your ASN, without your awareness that its happening. That's it.
Recursion
(56,582 posts)I use BGP, so I know better. The frames have to get from point A to point B, and I can see what comes out of point A (I admined at a tier 1 for a few years). Are they teleporting?
DisgustipatedinCA
(12,530 posts)Do you know what a SPAN port is? When you've looked it up, think of one sitting at the carrier facility. It gets a copy of EVERYTHING. It doesn't give a shit about BGP and route selection and exchange. BGP just happens to be the routing protocol being exchanged. BGP knows or cares nothing about a SPAN port on a switch. But the SPAN port will get a copy of EVERYTHING, and you won't know ANYTHING. Any more teleporting questions I can help you answer?
Recursion
(56,582 posts)Whatever. OK, petabytes of information were going down some secret cable dug between Reston and Ft. Meade.
Two problems:
1. There's an invisible SPAN (NB: it's "SPAN", not "SPAN Port", nor is it "ATM Machine" or "PIN Number" on my router, which I built (some of them, at least).
2. There's an invisible cable coming out of my datacenter that I don't have accounting of
Sorry, it's a myth.
DisgustipatedinCA
(12,530 posts)I was nice the first post. I responded with a little snark to your. Teleporting comment, since it was born of ignorance. Now I'm telling you, you have no idea what you're talking about. Your regurgitation of what I said showed you lack a basic understanding of what I'm talking about. It could be you haven't worked in the industry in a number of years, or you never had occasion to peer with someone else or whatever, but you're lacking basic understanding. In simplest terms, the NSA would get the data AT ANOTHER FACILITY OVER WHICH YOU HAVE NO CONTROL. A SPAN port is a port on a switch that listens to EVERYTHING coming out of another port...like the port going to your business.
If you have a PRIVATE point to point connection from one location to another, sorry, that's not the Internet. But the same thing can be easily done in a carrier facility.
Don't tell me that all my years of network engineering are a myth when you're demonstrably clueless and people pay me good money on a continuing basis to have expertise in this exact area.
Any amount you want. Come to me. I'll set up the lab and let you SSH into it for a minimum wager of $500.
Recursion
(56,582 posts)My wager is you can't get data from my network to yours without
1) My being able to see it, or
2) A physical connection of your own
You're saying you can?
Consider also, from Snowden's claim, the quantity of data we're talking about. I leave that out of the wager, but mention it again as the truly improbable part here. A literal second Internet's worth of traffic.
DisgustipatedinCA
(12,530 posts)I'll own the switch between you, playing the part of the circuit provider. You'll send data from a network behind Router A to a destination in a network between Router B. I'll capture traffic that you send while you look for some sign in your network that I'm getting a copy of your traffic--every packet between A and B. You can have CDP Information on the switch. ill let you see the config if you want, whatever. You'll pay me $500 when I send you the capture file showing every packet sent and received.
Even non-technical people reading this will easily deduce that if I have the machine between your two routers, I can pretty obviously get at the data.
I suggest snooper2 adjudicate this. He and I don't see eye to eye very often in the political arena, but I trust his truthfulness, and I know he's also a seasoned network engineer.
This is a very foolish bet for you to take, but I'll be glad to take the bet. I know of what I speak, and the setup is trivial.
Recursion
(56,582 posts)If you're saying they have put a physical TAP (or, for that matter, even just a physical tap) between me and my peers, and handle all trafficking between those TAPs and their facilities, then yes, they could do that. Are you saying that's what the NSA has done? This is the sort of situation that you mostly just see in crypto textbooks as an absurd example (remember, they have to intercept TLS credentials to be able to read most of this stuff, too).
The PowerPoint slide the Guardian has talks about data coming from the servers themselves, remember.
Maybe I'm taking "anyone" and "anything" too literally here, but the amount of traffic that represents is mind-boggling, as well as the complexity, size, and power consumption of the private physical network NSA would have to have.
Recursion
(56,582 posts)these taps will have to be between me and all of my peers, and you have to have one hell of a stitcher program to reassemble everything when my weights change and I start routing through a different peer in the middle of a TLS-protected stream.
Remember, he's claiming he can do this for any "private email address", in real time.
DisgustipatedinCA
(12,530 posts)Fwiw, I think NSA can break SSL, but not in real-time. I'm assuming court orders come in handy in those cases.
What you're calling a tap takes the form of a switchport in today's infrastructure. No matter what kind of digital circuit you have, it's not at all difficult to logically associate another port with it, such that the second port can get a copy. This can be done on your point to point link, your MetroE link, serial links, frame relay, whatever. There do not exist any telco circuits that consist solely of a wire from one place to another. All circuits go through a variety of layer 2 and/or 3 devices, and where that happens, copies can be obtained, constrained only by the physical limitations of the router or switch. From that ointment, the NSA or whomever is vacuuming the data can just send it to storage, across the wire, locally, whatever. Presumably they also have advanced search, playback, and pattern matching software that makes the high volume of data more manageable.
As to the NSA's capacity, none of us knows. But we all do know about the mega data center in Utah. Someone will probably be able to extrapolate good guesses if they can figure out approximately how much power they're using. I do know that the NSA doesn't give a tinker's damn about how many 10GigE circuits they have to pay for on a monthly recurring basis. They've got tons of budget to work with. I don't know what capacity they're at now, but there's no real theoretical limit to how much capacity they can build.
Recursion
(56,582 posts)Ah, I thought as you did, once, until a line discipline failure it took us two weeks and three backhoes to find taught me a fundamental truth: There's always a physical layer, even when you're abstracting away from it. I mentioned teleporting because that's still the issue: you have to physically push photons and/or electrons down a wire at some point in this scheme, and that's where the idea becomes, at least to me, absurd. And, for that matter, there was just a big fat optical run between us and Cogent, now that I think of it.
and where that happens, copies can be obtained, constrained only by the physical limitations of the router or switch
OK, but over what actual physical media is the NSA getting a copy of everything being transmitted and received by everyone in the US from these compromised and/or clandestinely inserted intermediary devices?
DisgustipatedinCA
(12,530 posts)Else 2-7 would be useless. The fiber is immaterial too. Now, you may have some campus environment with a trench between buildings, and in that case, you can exercise full control over it, but any circuit going anywhere else can be compromised without your knowledge.
Recursion
(56,582 posts)I grant that in theory. I'm not buying the notion that there is a physical shadow Internet sending as much traffic as the actual Internet from every edge of the graph to ... somewhere, possibly Laurel, MD, possibly Hawaii, we don't know.
Recursion
(56,582 posts)Snowden is claiming that all traffic of the most popular protocols is actually being delivered, in real time, to Ft. Meade (or wherever the actual facilities are), with the full key management to decrypt it when necessary.
And this passes the smell test to you.
backscatter712
(26,355 posts)The telcos have people that know what happens on their routers, but the NSA has them sworn to secrecy.
Recursion
(56,582 posts)There's not an "upstream" of me, just peers. How did petabytes of data get out of my datacenter without me or any of the dozens of other techs like me noticing. Who fixes them when they break? How did they do that without our noticing?
AnalystInParadise
(1,832 posts)KoKo
(84,711 posts)The WHOLE DAMNED SYSTEM HAS GONE AFOUL!
All of US...of all Stripes of Dems and if there are any "Rational Repugs" need to JOIN TOGETHER and FIX THIS!
It's OUTTA CONTROL! We saw that under Bush/Cheney/Rumsfeld and it GROWS WORSE.
COME TOGETHER ...We've got to fix this OUTTA CONTROLS...Corporate/Media Industrial Complex" before it does Us ALL IN...
wandy
(3,539 posts)being turned loose in the NSA's data center with the knowledge and authorizations I had the last time someone was so foolish as to give me free rein in their IT shop.
And he learned all of the in and outs in 3 months.
3 months. I'm impressed!
Luminous Animal
(27,310 posts)Booz Allen was his latest gig for the NSA.
wandy
(3,539 posts)Some functions are 'plug and play', even important functions. If you know what you're doing, have experience, it's all good.
That is not always the case.
Maybe I'm a slow learner. With this latest scandal I still have more questions than answers.
So much new information all at once, and when I query that straw pile of a database in my head I find I've known about parts of it for quite some time.
I'm not even ready to question why even the timing of this scandal makes me smell a rat.
Or is it a Rove.
moondust
(20,006 posts)Like everybody else, he would have limited visibility due to compartmentalization. He wouldn't necessarily know what kind of visibility anybody else had. For anyone but a top security manager to say that "any analyst" could do this or that would seem to be presumptuous.
I suppose it's possible that HIS company did not adhere to prescribed security procedures or something, which is another story.
usGovOwesUs3Trillion
(2,022 posts)And he did NOT say everyone has access to everything, he said anyone who had the right authority had the capability to read a target's communications, even an American's communications, since ALL communications by default are recorded and stored.
moondust
(20,006 posts)At least as far as you know in your limited experience.
Was Snowden a sysadmin? I thought he was an analyst. ??
Have you ever worked in an organization built upon the concept of need-to-know compartmentalization of classified information?
usGovOwesUs3Trillion
(2,022 posts)he could not administer the box.
I have worked at large networking companies and finacial and insurance companies, so I know what I am talking about.
Yes, Snowden was a sysadmin.
I have worked in the military, and IT, so yes, I know a lot about compartmentalization, need to know, and access control.
Recursion
(56,582 posts)... that means the root account doesn't actually have access to everything on the server (or, as Theo would put it, "isn't actually root" .
HipChick
(25,485 posts)I doubt he is claiming what he had..period...except for the powerpoint slide..also DOD contracts for contractors don't pay that...so it will be interesting when this all falls out..
Booze Allen Hamilton will be losing a big contract here also..
Recursion
(56,582 posts)It's a way to keep root from having access to some subsystems. The NSA developed it and contributed it to the Linux kernel in 2003.
HipChick
(25,485 posts)moondust
(20,006 posts)in a high-level job on the NSA system in question, I don't think you can assume that you know how its security measures work based on some other experiences.
Rosa Luxemburg
(28,627 posts)Historic NY
(37,453 posts)and send him packing back to the US.
Marr
(20,317 posts)The last one I saw was the Fox News-worthy 'did he support Ron Paul?'. No answer-- or even an outright accusation, come to that. And certainly no explanation for why that would make the information he provided any less true.
No, just a question. Just a harmless question, and a not-so-subtle urging for everyone to just move on shut-up and dismiss all future information on the subject.
And now this.
Just stop.
uponit7771
(90,364 posts)...so .... yeah, gonna not take this guy at face value
Marr
(20,317 posts)Union Scribe
(7,099 posts)This isn't about this guy any more than the issues from Wikileaks are about Assange and whether or not he's a bad guy.
You care if he has an inflated ego, I care that people are talking about these gross overreaches.
pnwmom
(108,995 posts)appear to be false.
His credibility is very important here.