Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Ask Slashdot: Preventing Snowden-Style Security Breaches? 381

Nerval's Lobster writes "The topic of dealing with insider threats has entered the spotlight in a big way recently thanks to Edward Snowden. A former contractor who worked as an IT administrator for the National Security Agency via Booz Allen Hamilton, Snowden rocked the public with his controversial (and unauthorized) disclosure of top secret documents describing the NSA's telecommunications and Internet surveillance programs to The Guardian. Achieving a layer of solid protection from insiders is a complex issue; when it comes to protecting a business's data, organizations more often focus on threats from the outside. But when a trusted employee or contractor uses privileged access to take company data, the aftermath can be as catastrophic to the business or organization as an outside attack. An administrator can block removal of sensitive data via removable media (Snowden apparently lifted sensitive NSA data using a USB device) by disabling USB slots or controlling them via access or profile, or relying on DLP (which has its own issues). They can install software that monitors systems and does its best to detect unusual employee behavior, but many offerings in this category don't go quite far enough. They can track data as it moves through the network. But all of these security practices come with vulnerabilities. What do you think the best way is to lock down a system against malicious insiders?"
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Preventing Snowden-Style Security Breaches?

Comments Filter:
  • simple (Score:5, Insightful)

    by greenfruitsalad ( 2008354 ) on Monday July 08, 2013 @05:25PM (#44219419)

    Simple. Do good, make people working for you feel they're doing something good for the world.

    • Re:simple (Score:4, Insightful)

      by MightyMartian ( 840721 ) on Monday July 08, 2013 @05:27PM (#44219445) Journal

      Yes, well, perhaps in La-la Land. Here, in reality, no matter how good your organization may be (for whatever definition of "good" you choose to use), you may still end up with bad employees. The question of securing your data shouldn't be about good or evil, or any particular moral judgment, but simply about how to make sure you're critical and confidential data doesn't end up being ripped off.

      • Re:simple (Score:4, Insightful)

        by kthreadd ( 1558445 ) on Monday July 08, 2013 @05:36PM (#44219599)

        Let's say that the PRISM program managed to stop X number of terrorist attacks. As an NSA employee you might very well consider your work to be of good. Otherwise you would probably not work there. And this is probably true for many types of jobs. Good is a relative term, it depends on the viewer.

        • Re:simple (Score:5, Insightful)

          by CanHasDIY ( 1672858 ) on Monday July 08, 2013 @05:57PM (#44219841) Homepage Journal

          Let's say that the PRISM program managed to stop X number of terrorist attacks. As an NSA employee you might very well consider your work to be of good. Otherwise you would probably not work there. And this is probably true for many types of jobs. Good is a relative term, it depends on the viewer.

          You seem to be under the impression that most people have the job they have because they want to "do good."

          That is incorrect; the actual reason most people have a job at all is because it's damn-near-if-not impossible to survive today without some form of monetary income.

          I'm guessing the dicks at the NSA (yea, that's right, I called you all dicks. Prove me wrong.) do what they do because the paycheck is quite fat; on the other hand, I guess some people would sell their own mother to the slavers for a pack of smokes and a lighter...

          • Re:simple (Score:5, Funny)

            by Beardo the Bearded ( 321478 ) on Monday July 08, 2013 @06:54PM (#44220417)

            I'm guessing the dicks at the NSA (yea, that's right, I called you all dicks. Prove me wrong.)

            Come on man, I've gone through your email, we have a lot of the same hobbies, we could be friends.

            You could invite me, or I can just show up and we can go shooting. I already know the time and place. I'll pick up some subs at Blimpie's on the way over, that cool?

            • by xQx ( 5744 ) on Tuesday July 09, 2013 @01:11AM (#44222403)

              I've given this a lot of thought, and compiled a solid rant on the subject.

              My thesis about privacy in 2013 - 2020:

              Lets start with some facts:
              1. The Spy agencies in NZ, UK, USA, Australia and Canada spy on everyone, even their own citizens. 2. The UK copies literally everything that traverses the Internet and keeps it for 3 days for analysis (EVERYTHING!) 3. The USA shares this information (including commercial secrets) with its private enterprises to help them win international business. 4. So many people work for these agencies that from time to time this information is made public. 5. Nobody really cares. 6. The chances of any of these organisations giving up such a valuable source of power are about the same as global nuclear disarmament 7. It’s only a matter of time until the local police have access to all this information. 8 . In 2001, as sysadmin of BSSC I could read the email of every teacher and every student at that school, without leaving a trace of evidence, nor with any fear of punishment for wrongdoing.

              So, I assert: You have no privacy online. You never really did. It was only by unspoken rule of sysadmins that we let you have the illusion of privacy. Ed Snowden betrayed sysadmins.

              Strangely, Google poise to release the most important advancement toward our goal of total access to information - a video camera strapped to every second person’s head (Google Glass), and people are up in arms (9) and so are the governments best poised to take advantage! (10).
              I think we’ve got it all wrong. Let’s stop bitching about this rampant surveillance and embrace it.

              Let’s get our spy agencies to make everything they’ve got available to everyone! Let’s mandate that every Google glass camera must be on all the time, every phone must have its microphone on all the time, every GPS recording its location and all this content uploading to the cloud!

              Information WANTS to be free! EVERYONE should have access to EVERYTHING!

              Then it will hardly be accessed, because if Facebook status updates have proven anything it’s that it’s no fun spying on all your friends if all they do all day is play Farmville.

              Finally, these civil libertarians realise that nobody really cares about them, or their “right to privacy”, and we will be able to make the most out of google glass (11).

              1. http://www.spiegel.de/international/world/interview-with-whistleblower-edward-snowden-on-global-spying-a-910006.html [spiegel.de]
              2. http://mashable.com/2013/06/21/gchq-spy-agency-taps-global-internet/ [mashable.com]
              3. http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html [bloomberg.com]
              4. Bradley Manning, Edward Snowden
              5. http://www.news.com.au/ [news.com.au]
              6. http://io9.com/5969204/could-nuclear-disarmament-actually-increase-our-chance-of-an-apocalypse [io9.com]
              7. “if the information is there, it’s already collected, why not use it to prosecute the crime? Why are you protecting the guilty? If you’re innocent you will want us to use this information to exonerate you.”
              8. I read your email. Get over it.
              9. http://www.policymic.com/articles/29585/3-new-ways-google-glass-invades-your-privacy [policymic.com]
              10. http://news.cnet.com/8301-1023_3-57591975-93/google-glass-privacy-concerns-persist-in-congress/ [cnet.com]

          • Re: (Score:2, Insightful)

            by Anonymous Coward

            nope -- most people who work for the NSA would probably make more money as web developers or whatever the current make-money-fast job role is. Most of them honestly believe that they are doing something worth doing beyond just money.

            hard for you to believe, I guess. maybe you should thank them?

            my problem with this is that they may think they are doing good, but are they really?

        • Re:simple (Score:5, Insightful)

          by peragrin ( 659227 ) on Monday July 08, 2013 @05:58PM (#44219843)

          The trick with that is what was the ratio of attacks stopped versus the number of people "looked" at?

          In the UK their is a current debate on random stop and search used by police. The noticeable point is that it is 9% effective in finding someone doing something wrong.

          So if the police stop and search 100 cars they find 9 people who are breaking the law.

          Prism is spying on tens of millions, to find a couple dozen.

          that is why it should be stopped. They should turn that kind of data mining loose not on the outside world but their own internal agencies. If the NSA data mines, searches emails, databases, etc they could get far better results.

          It would single handily merge the agencies that don't want to cooperate and produce far better results.

          • But, but, Magna Carta says that the police CAN NOT stop you without a reason!!!
            • Re:simple (Score:5, Interesting)

              by sg_oneill ( 159032 ) on Monday July 08, 2013 @09:01PM (#44221185)

              The magna carta is a wonderful document. More important perhaps in the history of laws than even the US constitution as a statement of rights, simply because the magna carta was the *first*.

              But the rights it outlays are fairly simple, and rather indicitive of its times.


                              1. FIRST, We have granted to God, and by this our present Charter have confirmed, for Us and our Heirs for ever, that the Church of England shall be free, and shall have all her whole Rights and Liberties inviolable. We have granted also, and given to all the Freemen of our Realm, for Us and our Heirs for ever, these Liberties under-written, to have and to hold to them and their Heirs, of Us and our Heirs for ever.
                              9. THE City of London shall have all the old Liberties and Customs which it hath been used to have. Moreover We will and grant, that all other Cities, Boroughs, Towns, and the Barons of the Five Ports, as with all other Ports, shall have all their Liberties and free Customs.
                              29. NO Freeman shall be taken or imprisoned, or be disseised of his Freehold, or Liberties, or free Customs, or be outlawed, or exiled, or any other wise destroyed; nor will We not pass upon him, nor condemn him, but by lawful judgment of his Peers, or by the Law of the land. We will sell to no man, we will not deny or defer to any man either Justice or Right.[45]

              Then theres a bunch of other ones like the king has to stop taking hostages ( a surprisingly common event in medieval europe ) , mercenaries have to gtfo of england, "all evil customs connected with forests were to be abolished" and other assorted medieval jurist things.

              But in terms of stop and search, AFAIK your rights are preserved only as far as a right to a fair trial, I'm afraid.

              Its an old document, more or less a first attempt at codifying limits on executive power.

              • by jrumney ( 197329 )

                Note also that all these rights apply only to "Freemen". Common serfs were granted no rights by the Magna Carta.

          • Re:simple (Score:5, Interesting)

            by davydagger ( 2566757 ) on Monday July 08, 2013 @08:19PM (#44220947)
            and heaven knows what else they are looking for besides terrorists.


            Read this, Subversives: the FBI's war on student radicals

            Based on de-classified FBI memos, it describes how th FBI kept security and reserve lists of political enemies, that could be detained at a moments notice.

            Its a clear example on how we got damn close to having our own "night of long knives".

        • by rwa2 ( 4391 ) *

          Heh, I sort of posed a similar question to my kids...

          Say you've collected a group of N=10 people out of a population of P=100, and you know X=1 of them is a serial killer. How many of those people should you execute (or otherwise remove from society) to keep the rest of the population safe? Or should you let them all go to protect the innocent ones, knowing that the serial killer will go on unpunished to cause 10x more murders? How many can you execute before you're worse than the serial killer?

          Now just

        • employees of buerocracy don't measure success in how well the buerocracy performs its job relative to society.

          They measure personal success in how well the buerocracy does relivant to itself, and how well they do invidually inside the buerocracy.

          I'd gander most people get into that work, because they see it as "recession proof", with retirement, good pay, and stability. They also probably recruit a good deal of ex-military who have a hard time finding work elsewhere. Given the fact the army is downsizing, i
      • Re:simple (Score:5, Insightful)

        by rtfa-troll ( 1340807 ) on Monday July 08, 2013 @05:40PM (#44219661)

        The question of securing your data shouldn't be about good or evil, or any particular moral judgment, but simply about how to make sure you're critical and confidential data doesn't end up being ripped off.

        There's a certain level that you can go that way. However, in the end, to be useful data has to be loaded into people's heads. People can then unload part of it elsewhere. A very important part of securing the data is making sure that those people who could do that choose not to because they see the value of your mission. Those people who surround them also see the value and put social pressure not to reveal secrets. When the US loses it's moral authority by doing things identical to acts it has previously criticised this is obviously going to increase the risk of a leak.

      • Re: (Score:3, Insightful)

        by TheCarp ( 96830 )

        > you may still end up with bad employees. The question of securing your data shouldn't be about
        > good or evil, or any particular moral judgment, but simply about how to make sure you're critical and
        > confidential data doesn't end up being ripped off.

        Don't let your employees access any data that you don't want them to release. Period.

        If you are really that worried, then you can't give them access. If someone has access to the data, and feels it should be released, they will release it, they will fi

        • Re:simple (Score:4, Insightful)

          by MightyMartian ( 840721 ) on Monday July 08, 2013 @06:24PM (#44220125) Journal

          Can you tell me how reduced? What percentage of data theft by insiders is by whistle blowers, and what percentage is by employees out to screw employers or profit by selling sensitive information?

          My gut tells me the latter far outweighs the former, but clearly you must have some notion as you say that being a good organization will seriously reduce your risk.

          • Re:simple (Score:4, Interesting)

            by TheCarp ( 96830 ) <sjc@carpane3.14t.net minus pi> on Monday July 08, 2013 @08:31PM (#44221009) Homepage

            Sure my gut tells me the same; but that doesn't mean I think much can be done about it in most situations. The simple fact is you need your employees to do their job, if your information is so valuable to your business, then its even more likely that impeding them getting it is impeding your business.

            Security measures are best seen as insurance since they can never pay off in the positive, they can only cost, and hopefully, less than the alternative....and that cost isn't just the cost of doing them once, but the cost of keeping them up every single day and the entire effect of that.

            I seriously think a person trying to solve this problem is, most likely, trying to solve the wrong problem, unless perhaps, he is a criminal, or actually has data that is worth more to a criminal than the HR database of names, SSN, addresses, salaries etc.... which is unlikely for anyone asking slashdot.

      • I can't quite sort out why I have been modded troll. The issue of data leaks is a big issue, even for organizations that do good (again, however you define that. I agree that Snowden was morally right to do what he did, but try to imagine a situation in which an employee nicking your data is doing it to blackmail you or sell to a competitor?

        Not every person stealing your data is some glorious warrior of freedom. Most are, well, to put it bluntly, just plain criminals, and as with any kind of theft, frequent

    • by dgatwood ( 11270 )

      Exactly. If an employer is doing nothing wrong, then at least long-term, it has nothing to hide. :-D

      • Re:simple (Score:5, Insightful)

        by fuzzyfuzzyfungus ( 1223518 ) on Monday July 08, 2013 @05:33PM (#44219547) Journal

        Exactly. If an employer is doing nothing wrong, then at least long-term, it has nothing to hide. :-D

        There are still merely-self-interested insiders: It's practically a tradition for Mr. Sleazy McSales to abscond with all the customer data when he accepts a position with the competition, and his engineering counterparts to lift design docs and the like for the same purpose.

        Doing good does have the advantage of reducing disillusionment among your otherwise-least-corruptable people, and helps prevent economically-irrational leaking; but you still have to worry about the merely mercenary.

        • by dgatwood ( 11270 )

          There are still merely-self-interested insiders: It's practically a tradition for Mr. Sleazy McSales to abscond with all the customer data when he accepts a position with the competition, and his engineering counterparts to lift design docs and the like for the same purpose.

          IMO, lifting contact info is just not a big deal, in much the same way that bringing your Rolodex with you has been the norm for decades. If your business has such poor customer loyalty that the mere knowledge of your customer list puts

      • Someone could be selling insider information about farm subsidies, which is not illegal but can affect markets.

        'Leakers' are only one category of people who disclose information. It doesn't have to be illegal to be private and worth protecting.

    • Re:simple (Score:5, Insightful)

      by Jeremiah Cornelius ( 137 ) on Monday July 08, 2013 @05:31PM (#44219517) Homepage Journal

      Hark! Do I hear the approach of the Freedom Drone?

      Stop launching Hellfires on babies, and stop treating the Citizens of your Republic like suspects in your dragnet.

    • by jovius ( 974690 )

      Ultimately free individuals can never be contained.

      Therefore complete transparency should be applied. The nationalist paradigms and constructs are futile. Ideals and methods can be implanted, but they are not what you are.

    • Re:simple (Score:5, Insightful)

      by gweihir ( 88907 ) on Monday July 08, 2013 @05:47PM (#44219717)

      Indeed. Loyalty is the only thing that works. DLP is basically a scam to make tons of money, but cannot prevent leakage. As long as people work with data, they can steal that data. Get used to it.

      You can to a bit of personality screening. For example if you are the NSA, you want to screen out anybody with a shred of personal ethics or honor. Then make sure you bribe these people in staying loyal too you and keep the bribes up. Sure, you only get psychos that way, but nothing else is going to work.

      If, on the other hand, your organization is actually contributing something positive, then make sure your employees have ethics and honor, believe in the cause and address grievances before they become a problem.

      Loyalty is the key, and how to get it depends on what your organization does. Nothing besides loyalty will help against anybody determined.

    • I would have said it differently. "Stop breaking the fucking law!!"

    • Simple. Do good, make people working for you feel they're doing something good for the world.

      There have been many different conceptions of what constitute "good."

      Many people thought that fascism was "good" for Weimar Germany, and some believe it today, and not just for Germany.
      Many people thought that Soviet Communism was "good" for the people of the Soviet Union and the world. Some still think that today.
      Many people think that living under the strict rules of Sharia is "good," democracy is a decadent evil, and imposing Sharia on others is their obligation.
      Many people think that Snowden is doing g

    • You mean, DO NOT DO EVIL?
  • by Anonymous Coward on Monday July 08, 2013 @05:25PM (#44219429)

    We won't help you cover your asses for the future. It's time to clean house.

  • Nice try NSA (Score:5, Insightful)

    by stewsters ( 1406737 ) on Monday July 08, 2013 @05:26PM (#44219435)
    How about try not to do anything you would be embarrassed by if it leaked? Not ignoring the 4th Amendment is a good start.
    • Re:Nice try NSA (Score:5, Insightful)

      by intermodal ( 534361 ) on Monday July 08, 2013 @05:40PM (#44219653) Homepage Journal

      That was certainly an issue. If we're talking Snowden-style, the best deterrent is to actually conduct your operations within the law and within the boundaries of ethical behaviour. Snowden wouldn't have had anything to leak if the government were operating within the legitimate bounds of the constitution.

    • Re:Nice try NSA (Score:5, Informative)

      by MozeeToby ( 1163751 ) on Monday July 08, 2013 @06:08PM (#44219957)

      The NSA doesn't need help, all they would have had to do is follow their own procedures and the leak would have been greatly reduced. There's no excuse for having active USB ports on a machine that is handling top secret documents. Nor is there any excuse for giving someone access to more classified documents than they need to do their jobs, a system admin needs approximately zero access to the actual contents of the actual documents.

  • by attemptedgoalie ( 634133 ) on Monday July 08, 2013 @05:27PM (#44219449)

    That always ensures quality.

  • by segedunum ( 883035 ) on Monday July 08, 2013 @05:28PM (#44219465)
    Don't piss off the sys admin.
  • by Anonymous Coward on Monday July 08, 2013 @05:29PM (#44219475)

    Obeying your country's constitution and not operating for the sole benefit of oligarchs and barons of commerce would go a long way towards limiting whistleblowing activity.

    If you want to go the opposite direction, I guess you could lock up your employees in a bunker and hold their families hostage.

  • Access to secret data and documents should be on a need-to-know basis, or a practical approximation of it. It's clear that he had access far beyond what he needed to know. If he can't get at the sensitive documents in the first place he can't copy them to USB or use his cellphone to take pictures of them or upload them to his Wikileaks partners.

  • .... do you really want to?

  • Nice Try (Score:5, Funny)

    by Anonymous Coward on Monday July 08, 2013 @05:30PM (#44219491)

    Nice try, NSA.

  • Limit access (Score:5, Insightful)

    by Xargle ( 165143 ) on Monday July 08, 2013 @05:30PM (#44219493)

    Have separation between levels of security and have fewer & fewer admins working on them as you go up the chain. Use the old established and trusted guys at the top. Don't have thousands of people (particularly contractors) crawling all over the most sensitive data. Seems obvious really. Look at the amount of data *Private* Bradley Manning got his hands on. It's like NSA & Govt just leave the barn doors open and hope the fear of prosecution will prevent the bad thing from happening.

  • by Sperbels ( 1008585 ) on Monday July 08, 2013 @05:31PM (#44219521)
    Explosive collars.
  • Stay legal? (Score:5, Insightful)

    by mike449 ( 238450 ) on Monday July 08, 2013 @05:32PM (#44219545)

    How about not doing illegal things in the first place?
    A lot of motivation for insiders to disclose the "sensitive" information would go away.

  • That's not an "ask Slashdot", that's internal advertising for your article.

    The meat of which is advertorial for people paying you to mention them.

    Fucking grow a spine.

  • The trouble with protecting yourself against insiders is that you are trying to protect yourself against people who need access to do whatever it is you pay them to do. Protecting yourself against external attackers is a massive matter of practical difficulty; but at least it's a coherent objective: keep people who shouldn't have access away from access. Against insiders, virtually everything you do either reduces productivity(so you disabled USB, good thing that there are never any legitimate applications

  • Man can make it, man can break it, it's that simple.

  • by mlts ( 1038732 ) * on Monday July 08, 2013 @05:43PM (#44219687)

    This is an age old problem. It partially requires people skills, and it requires technology. A couple ideas:

    1: First thing is compartmentalize. One person shouldn't have access to all the goodies.

    2: USB devices are easy to control. I can push a GPO on Windows that blocks writing to any USB flash drive, or just locks out access completely so someone can't hook up their iPod Touch, run iTunes and copy files that way. Third party programs can offer this functionality as well. Of course, there are always BIOS locks. If one doesn't care about reselling machines, snipping wires and epoxy blobs in the USB ports will finish the job.

    There are other devices and ports too. Firewire, Thunderbolt, and even PCIe cards can be hazardous. Don't forget the humble old CD-ROM burner in most machines.

    3: Watch data and its access. If a Windows admin suddenly is slurping down everything in the accounting directory, and it isn't a backup utility doing this, then someone should be notified.

    4: I normally dislike DRM, but I have used an IRM/RMS server in house for protecting files. That way, if someone slurps off a Word document, it works fine if running on my machine, but unless they saved it to another format, it will be encrypted on their end. I've used Microsoft's RMS for about ten years now for personal items, and it does a decent job as a secondary layer, especially when coupled with some other encryption.

    5: Get a solution that can make heads/tails over audit logs. Splunk is nice (though expensive.)

    6: Add documents that are normally not accessed, but if they are, they immediately trigger an alert from the solution mentioned in #5. That way, if someone is doing a mass copy of files, someone knows. Most likely it is part of the job, but it is wise to have a couple tripwires.

    7: Spend your time and do background checks that work. Checking for felonies, yes. Demanding usernames/passwords to Facebook for ongoing monitoring 24/7, no.

    8: Finally, morale. A company that always threatens its developers with offshoring, and has low morale will have far more security issues than one that at least knows how to treat people with some modicum of respect.

    • Wow, you missed a big #1: Hiring. IT needs to take control of the hiring process AND someone in IT needs to be trained to recognize personality types. IT, more than just about any other department I can think of, is a well of liability. Both in the data they have access to, and in the proper execution of their job responsibilities. If your hiring process doesn't reflect this reality, then nothing else you do will mean squat in minimizing your liability.

      • by AHuxley ( 892839 )
        Yes hiring has always been the key to past quality at the GCHQ and NSA.
        The person has their life story looked at:
        The parents get interviewed, the primary school teachers, high school teachers, college friends, close family, extended family. Dusty small towns, hours driving until the person passes or an interview gets interesting. You do the same for the family of the person.
        What happened in the USA over the past ~10 years? They seem to have caught the 1930's English problem - too fast, a system (educatio
    • by tftp ( 111690 )

      3: Watch data and its access. If a Windows admin suddenly is slurping down everything in the accounting directory, and it isn't a backup utility doing this, then someone should be notified.

      What is there to stop the admin from restoring the backup onto a separate, local drive and then doing his thing with the databases? Admins are supposed to restore backups now and then, just to test if they work.

      7: Spend your time and do background checks that work. Checking for felonies, yes. Demanding usernames/pass

  • by CanHasDIY ( 1672858 ) on Monday July 08, 2013 @05:49PM (#44219743) Homepage Journal

    Thus, you'll have nothing to hide.

    Otherwise, it's a moot point; to paraphrase Mr. Universe, you can't stop the signal, bitch.

  • by Natales ( 182136 ) on Monday July 08, 2013 @05:50PM (#44219763)
    I'm with most of the posts so far regarding the despicable acts of the NSA, but taking the question more down to the technical realm, it seems obvious to me that security breaches coming from the inside of any organization can be mitigated by a more robust defense in depth methodology like this:

    1. Access to information in a need-to-know basis only using strong enforcement via MAC. Nobody has ALL the information on a specific subject.

    2. All applications are used via virtual desktops accessed from secured, fully managed devices. No access is allowed from unmanaged endpoints of any kind.

    3. If some information is as sensitive as described, then physical security enforcement need to be in place (isolated terminal room for example).

    4. No printing, no emailing, no networking outside the proper security perimeter.

    5. Regular audits and interviews to personnel with access to specific pieces of data.

    You'll have to sacrifice convenience for security in environments that require that.

  • by Jah-Wren Ryel ( 80510 ) on Monday July 08, 2013 @05:53PM (#44219797)

    While all the "don't be evil" responses are cathartic and fun, the real issue here is that you can't simultaneously give someone access to data and prevent them from having access to the data. You can make it more difficult to access the data but the price is that it is more difficult to access the data. You can't read minds so intent is not something you can reliably build into the system.

  • Its simple really. (Score:4, Insightful)

    by Nadaka ( 224565 ) on Monday July 08, 2013 @05:54PM (#44219801)

    Don't have morally repugnant and illegal secrets.

  • by swillden ( 191260 ) <shawn-ds@willden.org> on Monday July 08, 2013 @05:55PM (#44219811) Homepage Journal

    Not really an answer to the question, but good security design should focus on identifying all of the relevant threats (aka a "threat model") and mitigating all of them to the degree that makes sense -- and any good threat model will inevitably identify insider threats as the highest risks most at need of mitigation, because, by definition, insiders have greater opportunities to conduct attacks, and they have roughly the same motives as external attackers.

    If you find that your organization doesn't spend 95+% of its security time, money and effort on foiling insider attacks, it's almost certainly not doing a good job. If it is adequately hardened against insiders it'll be darned near impossible for outsiders.

    My impression of the NSA has always been one of an extremely high degree of competence, so the Snowden leaks surprised me. You can't stop insiders from gaining access to the data they need to do their jobs, of course (though you can often segment job responsibilities to minimize it), but you can and should make it a lot harder for them to get access to other sensitive data, and Snowden was apparently able to get a lot of stuff that wasn't relevant to his responsibilities.

  • Simple: (Score:4, Interesting)

    by gerardrj ( 207690 ) on Monday July 08, 2013 @06:02PM (#44219897) Journal

    Stop doing things that seem illegal or immoral to your employees. Stop lying. Stop cheating. Stop cowering behind secret courts.

    As people say about the data collected by the NSA: if you haven't done anything wrong then you have nothing to hide. The NSA was hiding this program because they knew it was wrong.

  • I'm curious, has anyone in government intel circles ever heard of compartmentalization before? I'm pretty sure based on the TS/SCI clearances they issue to those working with (what should have been) compartmentalized data would know of this rather obvious concept.

    Bottom line is they know the importance of data compartmentalization. This has been a standard practice for decades now, even keeping those at the highest levels in the dark with the additional "need to know" addendum.

    I can't help it if utter stu

  • by mendax ( 114116 ) on Monday July 08, 2013 @06:09PM (#44219973)

    No matter how deep a background check goes, no matter how thorough the inquiry is into a person's character, no matter how many interviews are made of friends and family, and no matter how many polygraph tests are performed, if a person is given a position that requires some trust there is always going to be a chance that this person is going to abuse the trust. Psychopaths and sociopaths the the scariest of these people because they have no problem with lying, are good at it because they are usually good at being manipulative, are often very well liked by family and friends, and can lie without end like a baby-kissing politician running for re-election and still pass a polygraph test.

    Perhaps the problem is in the kind of people being sought for these jobs that require great trust. While a person needs to be squeaky clean to get security clearance, perhaps the squeaky clean requirement is causing the government to choose some from the wrong pool of candidates. My experience has been that you will have a better chance of finding an honest man (or woman) by looking at those who have messed up in his or her life, is genuinely repentent, and has demonstrated through years of clean and honest living that he or she is worthy of such great trust. The gratitude that comes from being given this second chance is an incredible motivator in steering a straight and narrow course through life.

  • by davydagger ( 2566757 ) on Monday July 08, 2013 @06:12PM (#44219999)
    Its as simple as halting creepy anti-social, anti-democratic, and anti-freedom police state activities, lying about them, and justifying it with how much you hate/think lowly of the general population, and how you'll easily get away with it.

    Then mabey the people who work for you won't question your blatant lack of morals.
  • and having data in a vault with armed guards on the out side 24/7.

  • Assassinate Snowden.

    (Probably not the answer anyone wants to face, but ask your inner Machiavellian.)

  • There's no sure way to protect the data, but this comes close:

    1. Unplug the server/storage array/whatever
    2. Put it in a safe. Lock the safe, lose the combo.
    3. Dig a large hole.
    4. Insert safe into hole.
    5. Fill hole with concrete.

    Of course, even this plan has its flaws: What if the safe is discovered? Your only hope is that it's discovered by a Redditor; it will never be opened then.

  • If you're worried about USB or any other device access you've already lost. Anyone who can SEE the screen can snap a pic of the screen. Or a few hundred screen pics. And even if you strip everyone naked as they enter the building, and you scan them for hidden devices hidden inside body orifices, the fundamental issue is that information can be carried out in someone's memory, and that person is capable of talking.

    Compartmentalizing who can access what may limit the range of what any particular insider can r

    • by ImdatS ( 958642 )

      The thing is that if they can *only* carry what they have in their mind and have no other evidence, nobody would believe them...

  • A more appropriate question is what should you do when you have information that the organization is engaged in illegal activity, especially when that organization is the government ..
  • Do it like the GDR? (Score:5, Interesting)

    by ImdatS ( 958642 ) on Monday July 08, 2013 @06:43PM (#44220345) Homepage

    Basically, the GDR (former Eastern Germany) had similar problems with their border guards: guards would usually patrol the border in pairs (two guards at any given time). And this is obviously a necessary thing in border patrol.

    But since the government couldn't trust their guards and since there indeed was a possibility that the guards would just jump across the border to Western Germany, they had a brilliant plan: (1) they made sure that each of the guards came from a completely different area of the country, and (2) that they didn't spend too much time with together in order to build trust between them. So, for the case (2), the government decided to create new pairs every week or so... it worked quite successfully.

    Now, the question, obviously, is whether you *want* to be something like the former Eastern German Government.

    I believe there are a lot of ways of protecting data against malicious employees - one being the way the Eastern German Government did (this might be a good solution actually for the NSA). Other ways are making sure that the employees in question can never copy any data by any means, whether it is by blocking USB-ports, not having any drives, not allowing *any* personal devices at all, including no cameras, smartphones, etc. You might even force the people to use a company-provided mobile phone even for their private calls (without snooping into their calls) without cameras, data connection, etc (just calls+sms).

    Lastly, you could consider using a TrustedOS with levels such as B1-B3 or even A1 or Beyond-A1. http://en.wikipedia.org/wiki/TCSEC [wikipedia.org]

    I knew TISX http://en.wikipedia.org/wiki/Trusted_Information_Systems [wikipedia.org], which had (afaik) the only B2-TOS at that time. It was quite ingenious how it worked...

    • by Fuzzums ( 250400 ) on Monday July 08, 2013 @07:11PM (#44220559) Homepage

      In addition to what you wrote: http://en.wikipedia.org/wiki/Border_guards_of_the_inner_German_border [wikipedia.org]

      As a further measure to prevent escapes, the patrol patterns of the Grenztruppen were carefully arranged to reduce any chance of a border guard defecting. Patrols, watchtowers and observation posts were always manned by two or three soldiers at a time. They were not allowed to go out of each other's sight in any circumstances. When changing the guard in watchtowers, they were under orders to enter and exit the buildings in such a way that there were never fewer than two people on the ground. Duty rosters were organised to prevent friends and roommates being assigned to the same patrols. The pairings were switched (though not randomly) to ensure that the same people did not repeatedly carry out duty together. Individual border guards did not know until the start of their shift with whom they would be working that day. If a guard attempted to escape, his colleagues were under instructions to shoot him without hesitation or prior warning.

  • by RoknrolZombie ( 2504888 ) on Monday July 08, 2013 @06:43PM (#44220347) Homepage
    I think what bugs me the most about these most recent leaks is that the ONLY people surprised by it are the members of the public. The various governments know that they're being watched...mainly because they're doing watching on their own (that they're not supposed to do), that they talk about (which is monitored by other nations), rinse, repeat. Of course, it behooves all of the various countries involved to deny it...they don't want to look like douchbags, after all. But then again, how many of them look "squeaky clean" after the last round of releases that established that they were spying too. Everyone knows they do it, everyone has known that they've been doing it...so why in the fuck is anyone pretending to be surprised?

    On topic, I have two answers for you depending on how your question was intended.

    A1: You don't. You will never stop "leaks" of any sort, because you will inevitably be fooled into trusting the wrong person at some point. Leaks will always happen, even if there's been no wrongdoing (leaks can take the form of corporate secrets, for example).

    A2: If you mean how do we stop leaks like this, as in, leaks about Governments infringing on public rights and acting like utter jagoffs the solution is far far simpler: Stop being jagoffs, stop breaking the law. Hell, that's the answer that WE get, isn't it? "You don't have anything to worry about if you're not breaking the law"...well, if they don't want people to blab about the Gubmint breaking the law, the Gubmint should stop breaking the law and they won't have anything to worry about. Right?
  • If you hire smart people they will always be able to get the data they want. A surveillance state does more harm than good.
  • by Fuzzums ( 250400 ) on Monday July 08, 2013 @07:06PM (#44220511) Homepage

    "According to the report, which scrutinized the approval of security clearances, more than 483,000 government contractors had "top secret" clearance as of last October. On top of that, another 582,000 have "confidential" or "secret" clearance."

    That is... WELL OVER ONE MILLION PEOPLE with access to sensitive information. More or less 1 in every 300 citizens of 'murica.
    If you don't see a potential data breach here, I really don't know what you're looking for.

    Snowden made the information public, but who knows how many others sent information to foreign agencies? With one million people with access I bet data breaches happen quite more often than this one case.

    • The gross numbers for people with varying security clearances is a bit of a red herring. For instance unless there is something weird in an enlistees background they automatically are granted a Secret clearance when they finish Basic Training. When I went through there were entire career fields that were tagged for getting Top Secret clearances, even though it might not ever be needed.

      So you end up with tons of people who are in theory certified as being trust worthy but never actually are given any kind of

  • by 0111 1110 ( 518466 ) on Monday July 08, 2013 @08:22PM (#44220959)

    Here are a few ideas:
    1. Video cameras with 100% coverage of any room with computers with sensitive data. Live monitoring of said cameras.

    2. Securely locked computer cases. Since I haven't seen any computer cases that allow for truly secure padlocks this may require making your own computer cases out of say 1/4" steel and with thick case hardened hasps designed with large padlocks in mind.

    Or alternatively you could design a case by permanently welding the case closed. If something goes wrong inside you simply melt the whole thing down. A custom designed case will also allow you to bury any of the absolutely necessary external connections like for a keyboard and mouse inside the locked or welded case. Any data would need to be backed up through the internet or other network connection, which again is buried inside the secure case.

    3. Checkpoints with metal detectors set to their highest sensitivity for all personnel entering or leaving, but this will only work if it is sensitive enough to detect a single microSD card. Strip searches and cavity searches for all departing personnel with access to sensitive data.

    4. You could lock your employees into a secure facility and never allow them to leave. If they try to quit you kill them and melt their body in a large dedicated acid bath.

    Of course this would have to be combined with severing all contact with the outside world. Internet connections or any kind of telephone would be forbidden. Also make certain that no computer has wifi capability and/or make the rooms with the computers with sensitive data into Faraday cages to prevent any wireless data transfer.

    5. A water lock. In order to exit your facility your employees must swim through a tube filled with water. The problem with this is that a microSD card could be protected by wrapping it in plastic or something. You could also use salt water and run a nonlethal current through it.

    6. Do not allow employees anywhere to put a data storage device. Do not allow any clothes or bags of any kind inside. They would store all of their belongings including their clothes in a locker before they entered the facility proper. Combined with cavity searches this could be quite effective even without any of the other measures. To help with employee retention make sure that the searchers are very, very attractive and that sexual preferences are observed at all times.

  • by evilviper ( 135110 ) on Tuesday July 09, 2013 @02:43AM (#44222727) Journal

    What do you think the best way is to lock down a system against malicious insiders?

    Ripley: I say we take off and nuke the entire site from orbit. It's the only way to be sure.

    http://nukeitfromorbit.com/ [nukeitfromorbit.com]

  • by Tom ( 822 ) on Tuesday July 09, 2013 @03:46AM (#44222981) Homepage Journal

    As someone else already said: You can not give someone access to data while not giving them access to data.

    What you can make a hell of a lot more difficult is the ability to get the data out in any other way than inside someone's head.

    At the extreme range, allow people to enter and exit the building only naked, changing into work-clothes on the inside that never leave the building. Don't forget cavity searches.

    Oh, wait - you were planning to run an office, not a prison? That's gonna make things a little more tricky as human beings tend to be picky about archaic things like dignity.

    The non-bullshit answer is basically this: The freaking NSA fucked this one up. If you really think a random collection of hints on /. is going to give you a better shot, you need to be fired.

    Update your security policy regularily and monitor compliance. Do a good job. Stop worrying about the Snowdens of this world, because there's like one every decade. But users looking for shortcuts, managers wanting a dial-in connection from home, admins leaving the firewall wide open after a change, developers using test-configurations in live, all these things are happening every day. Worry about them.

Someone is unenthusiastic about your work.