Schneier: China and Russia probably did get the Snowden leaks -- by hacking the NSA

Bruce Schneier weighs in on last week's ridiculous UK government talking points memo that Murdoch's Sunday Times dutifully published as front-page news.

Schneier argues that China and Russia's spy agencies are full of infowar ninjas who've been hacking away at the NSA's repositories for years, and that there is likely a steady flow of secrets that are exfiltrated by the agencies. He says that he thinks successful hack-attacks against the NSA are much more likely than Chinese and Russian spooks coming up with some kind of magic crypto-cracking ability (especially as Snowden didn't even bring the docs with him to Russia).

There is a lot of evidence for this belief. We know from other top-secret NSA documents that as far back as 2008, the agency’s Tailored Access Operations group has extraordinary capabilities to hack into and “exfiltrate” data from specific computers, even if those computers are highly secured and not connected to the Internet.

These NSA capabilities are not unique, and it’s reasonable to assume both that other countries had similar capabilities in 2008 and that everyone has improved their attack techniques in the seven years since then. Last week, we learned that Israel had successfully hacked a wide variety of networks, including that of a major computer antivirus company. We also learned that China successfully hacked US government personnel databases. And earlier this year, Russia successfully hacked the White House’s network. These sorts of stories are now routine.

Which brings me to the second potential source of these documents to foreign intelligence agencies: the US and UK governments themselves. I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they’ve penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades.

Those government hacking examples above were against unclassified networks, but the nation-state techniques we’re seeing work against classified and unconnected networks as well. In general, it’s far easier to attack a network than it is to defend the same network. This isn’t a statement about willpower or budget; it’s how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game. In other words, it’s all offense and no defense.

China and Russia Almost Definitely Have the Snowden Docs [Schneier/Wired]

(Image: Tongyang - downtown - internet cafe , CC-BY-SA)