NSA chief says they watched the Russians hack the French Elections.
Were they doing their job and watching the Russians hack the US Elections, too? Why didn’t they say anything? Did they just leave all the incompetencing in the excellent hands of the FBI and stand there with their arms crossed, watching? We all know that, if there is any good evidence of Russian meddling, that NSA’s got it.
“We had become aware of Russian activity. We had talked to our French counterparts and gave them a heads-up—‘Look, we’re watching the Russians. We’re seeing them penetrate some of your infrastructure. Here’s what we’ve seen. What can we do to try to assist?’” Rogers told the Senate Armed Services Committee. [daily]
Meanwhile the Macron campaign handled their breach semi-competently. [stderr] The NSA costs about $50billion/year and they were apparently unable or unwilling to do anything useful to help the US level its game up, but they warned the French.
News for you, NSA: the French probably already knew. How? They watched it on CNN.
The NSA’s job isn’t just to be the baddies that hack the entire planet. It also has an official defensive role, for government computer security. It is responsible for recommending and approving security techniques and strategies, and works (to various degrees, depending on the tail-wind) with National Institute of Standards and Technology (NIST) to help produce relevant recommendations and standards. The NSA and NIST, for example, collaborated on system hardening standards for operating systems, standards for data device destruction, encryption standards, etc.
Here’s a suggestion, NSA: do a standard for communications practices for political campaigns, NGOs, and other organizations that might be targets.
NSA Information Assurance Division’s guides for various applications are here: [IAD] They’re OK but they’re nothing ground-breaking. You can get better advice about securing systems from random people on the internet (and I have to put my tinfoil hat on before I click to open a PDF from the NSA)
The big problem NSA has on the defense side is that it can no longer be seen as an honest broker. It has fairly consistently recommended commercial solutions that were just within the reach of what they could break, but nobody else could. That’s bad. Really bad. They’ve also been unable to resist corrupting any security technology they touch, over and over. So anyone who gets a recommendation from the NSA has to raise an eyebrow at it. Which is too bad, there’d be a great opportunity for them to run an array of virtual email vault systems that political campaigns and NGOs could use, which would be protected and monitored. Except nobody’d trust those watchmen.
For the record, I assume the NSA does have all kinds of interesting telemetry from the hacks on the various political campaigns in the US 2016 debacle. They’re just publishing the information in selected dribbles through the FBI. But, they have a conundrum: if they admit the degree to which they were monitoring US political campaigns, they’d kind of have an embarrassing “Watergate” sort of issue. So instead they just let the FBI look stupid, warn the French and British, and otherwise be a waste of taxpayers’ dollars.
The NSA is crazy about not revealing systems and methods; they prefer to wait and let the Russians leak them. There have been multiple instances where the NSA (and the FBI) have dropped an issue rather than lead the public or lawmakers toward questions that might reveal how certain things are done or what data is collected. They tell everyone it’s security, to protect their sources and methods, but I think it’s bureaucratic empire-building – they want to hide when they are incompetent, and make themselves more important when they’re not. The spook’s inclination “I know something you don’t” drives the self-importance of the entire NSA.
Laniakea Official says
I am very skeptical of accepting much of this, so far there are inconsistencies through contradiction. Say with Clapper and a few others denying the claims themselves. Then, a lot of the “facts” are shielded in security clearence. There is a chance as long as those running the game stay in, they will never reveal extensive logs. It’s also safe to say the NSA would never, or at least within a relative timeframe, share their logs.
Besides, the election being “hacked”(By Russia) and having Trump win is quite a stretch when it’s also clear Clinton won popular votes, and thanks to the electoral college system it was overrides. That being said, of course there are the Guccifer and DNC leaks. I think they were actual leaks rather than external hacks, but that’s just my claim based on what I see. Additionally, the material exposed showed a significant amount of ethics breaches and potentially criminal behavior(Hence, why the DNC class action lawsuit is able to hold sway still).
But you’re right, “wtf NSA”. If they have this, and do not properly show it to the public, than the validity of even the agencies chief should be called into question and of course the ethics of how they operate and handle data is highly questionable.
Marcus Ranum says
Laniakea Official@#1:
Besides, the election being “hacked”(By Russia) and having Trump win is quite a stretch when it’s also clear Clinton won popular votes, and thanks to the electoral college system it was overrides.
I agree with that. The US hacked its own elections; it does it all the time. The electoral college was put in place specifically to unbalance the vote – so it hardly makes sense to complain about Russia throwing a few jabs in.
The material that was disclosed was embarrassing and I believe that the reaction “waah! Russia hackers!” was largely a smokescreen to avoid having to take the blame for playing into the system and losing.
With what the NSA costs, they need to be doing more than just going on the offense. They should be helping to competently play defense, and their love of secrecy and compromising security systems contradict that mission.
Dunc says
[Dons tinfoil hat]
What if this is a misdirect? Perhaps it was really the NSA pretending to be the Russians?