NSA chief says they watched the Russians hack the French Elections.
Were they doing their job and watching the Russians hack the US Elections, too? Why didn’t they say anything? Did they just leave all the incompetencing in the excellent hands of the FBI and stand there with their arms crossed, watching? We all know that, if there is any good evidence of Russian meddling, that NSA’s got it.
“We had become aware of Russian activity. We had talked to our French counterparts and gave them a heads-up—‘Look, we’re watching the Russians. We’re seeing them penetrate some of your infrastructure. Here’s what we’ve seen. What can we do to try to assist?’” Rogers told the Senate Armed Services Committee. [daily]
Meanwhile the Macron campaign handled their breach semi-competently. [stderr] The NSA costs about $50billion/year and they were apparently unable or unwilling to do anything useful to help the US level its game up, but they warned the French.
News for you, NSA: the French probably already knew. How? They watched it on CNN.
The NSA’s job isn’t just to be the baddies that hack the entire planet. It also has an official defensive role, for government computer security. It is responsible for recommending and approving security techniques and strategies, and works (to various degrees, depending on the tail-wind) with National Institute of Standards and Technology (NIST) to help produce relevant recommendations and standards. The NSA and NIST, for example, collaborated on system hardening standards for operating systems, standards for data device destruction, encryption standards, etc.
Here’s a suggestion, NSA: do a standard for communications practices for political campaigns, NGOs, and other organizations that might be targets.
NSA Information Assurance Division’s guides for various applications are here: [IAD] They’re OK but they’re nothing ground-breaking. You can get better advice about securing systems from random people on the internet (and I have to put my tinfoil hat on before I click to open a PDF from the NSA)
The big problem NSA has on the defense side is that it can no longer be seen as an honest broker. It has fairly consistently recommended commercial solutions that were just within the reach of what they could break, but nobody else could. That’s bad. Really bad. They’ve also been unable to resist corrupting any security technology they touch, over and over. So anyone who gets a recommendation from the NSA has to raise an eyebrow at it. Which is too bad, there’d be a great opportunity for them to run an array of virtual email vault systems that political campaigns and NGOs could use, which would be protected and monitored. Except nobody’d trust those watchmen.
For the record, I assume the NSA does have all kinds of interesting telemetry from the hacks on the various political campaigns in the US 2016 debacle. They’re just publishing the information in selected dribbles through the FBI. But, they have a conundrum: if they admit the degree to which they were monitoring US political campaigns, they’d kind of have an embarrassing “Watergate” sort of issue. So instead they just let the FBI look stupid, warn the French and British, and otherwise be a waste of taxpayers’ dollars.
The NSA is crazy about not revealing systems and methods; they prefer to wait and let the Russians leak them. There have been multiple instances where the NSA (and the FBI) have dropped an issue rather than lead the public or lawmakers toward questions that might reveal how certain things are done or what data is collected. They tell everyone it’s security, to protect their sources and methods, but I think it’s bureaucratic empire-building – they want to hide when they are incompetent, and make themselves more important when they’re not. The spook’s inclination “I know something you don’t” drives the self-importance of the entire NSA.