Computer security expert Bruce Schneier says that the allegations that the Russians and Chinese have access to the documents that are in the trove that Snowden took may well be true but that is not because they got them from Snowden, as was the charge made by the smear article in the Sunday Times. Instead it is likely because the US, Russian, and Chinese governments have each penetrated each other’s networks because “while cryptography is strong, computer security is weak”.
I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they’ve penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades.
I am reminded of a comment made to me in confidence by a US intelligence official. I asked him what he was most worried about, and he replied: “I know how deep we are in our enemies’ networks without them having any idea that we’re there. I’m worried that our networks are penetrated just as deeply.”
Seems like a reasonable worry to me.
The open question is which countries have sophisticated enough cyberespionage operations to mount a successful attack against one of the journalists or against the intelligence agencies themselves. And while I have my own mental list, the truth is that I don’t know. But certainly Russia and China are on the list, and it’s just as certain they didn’t have to wait for Snowden to get access to the files.
So why the outrage by the US government about Snowden’s revelations? It comes back to the old fact that what governments really fear is not that their secrets will be revealed to their purported enemies since they already likely know them, but that they will be revealed to their own public.