The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
Ukrainian Documents Leak
Quid
Definitely not a bananaRegistered User regular
Definitely not a bananaRegistered User regular
Talk about the document leak here. It's more of an American domestic issue than a Ukrainian one.
Also straight up stealing @Dongs Galore's post that does a good job of breaking down how clearances and accesses work.
Thank you, Dongs Galore. Dongs Galore makes this thread possible. Everyone should set aside a little time to appreciate Dongs Galore.
Dangly bits.
Also straight up stealing @Dongs Galore's post that does a good job of breaking down how clearances and accesses work.
Dongs Galore wrote:I'm only gonna talk about this in vague terms, but I can shed some light on how these leaks were possible. Everything I'm about to say is unclassified.
First of all, to be clear: this guy absolutely had legitimate access to those files. Anyone with a SIPR/JWICS* token can look them up on their classified workstation. Yes, that access is logged, but dozens or hundreds of different user accounts from all over the world need to access each file on a daily basis, so it isn't practical to audit the logs like that (I think).
He didn't do anything to evade the logging system or cover his tracks - according to the affidavit, they logged him searching for "leak" on the classified system the day the news broke.
Basically a lot of files on the secret/ts intranet are accessible to anyone on the network. This is intentional, to facilitate collaboration and info sharing across the myriad different agencies and components. There's even a classified wiki to help facilitate this. Not all classified files are on the intranet, and there are sub-classifications restricting access to certain users (for example, some files are not accessible to private contractors). The owner of a file can, I think, require users to request access, but I don't know what the rules about it are. Remember, military personnel might be assigned to a duty station for as little as six months, and nobody wants their product delayed because the new guy was waiting for the project manager to approve his access to a file which he supposedly was already cleared for.
SCI-level documents are compartmented by codeword so that only a subset of people specifically read onto that codeword can access the files. At lower levels, users are told to only look at what they "need to know" and basically allowed to interpret that for themselves (I honestly don't recall anyone explaining to me what exactly it means).
The current system has a lot of advantages in cutting through bureaucracy and maintaining awareness, which was a big deal post-9/11. But the obvious downside is some rando could do this.
IMO the main point of failure here is that none of his coworkers wondered why he was printing so much material off the classified printer. Nobody prints that much hardcopy anymore in general, and classified hardcopy is even less common because it needs to be secured physically when you aren't using it.
e: another reason for such permissive access is that a lot of classified shit probably doesn't really need to be classified in the first place. This is a known problem
*There are three main intranets: NIPR (unclassified), SIPR (Secret), and JWICS (Top Secret). Each of these requires a separate PC to use. The latter two can't connect to the public internet.
Thank you, Dongs Galore. Dongs Galore makes this thread possible. Everyone should set aside a little time to appreciate Dongs Galore.
Dangly bits.
+65
Posts
Or at least that's what the BBC here in the UK are reporting. This whole sorry episode (it was a CS:GO focused discord channel?) has such a ring of 21st century dumbness to it.
The culprit is no Chelsea Manning for sure.
And was it also necessary to arrest him at gun-point? Seems a little bit excessive, IMO.
Apparently his persona on the discord was to act like a very pro-gun tough guy who wanted everyone on there to become gun loving super soldiers.
I think the cops overuse their right to roll up with guns. This time, with what the chucklefuck was saying online? I empathize with the cops here, sadly.
Let's play Mario Kart or something...
The big issue is that the more shit you have classified that people need to access on a daily basis. Is also going to be a scenario where you need more people with security clearances. This creates a few problems.
If you want to keep things running smoothly, it can easily lead to the entities in charge of doing background checks to give people security clearances, to do a shit job. A good example of this would be how Snowden really shouldn't have gotten clearance if someone had scrutinized his background better because there were all sorts of red flags. When someone claims to have a degree from an education institution that they actually don't have and also claims military service when they washed out of boot camp, then you really shouldn't give them any sort of clearance. It's shit they shouldn't be lying about and if they lie about that, well what else are they lying about and how trustworthy are they?
Not to mention, the more people you need with security clearances, the more likely you can also end up in a situation where you have to lower standards to ensure that personal shortages don't impede progress or risk having delays that cause problems if you keep the same standards. In fact, cutting all the shit that really shouldn't be classified would allow for the option to have a bit more strictness with your standards, if there isn't a risk of not having enough personnel.
Finally, less shit that you need to keep secure. Also makes it easier to keep tabs on who has the information and what they are doing with it. The ironic part as Dongs Galore mentioned, the current setup has the advantage of reducing bureaucracy, but all the unnecessarily classified shit is eating away at that advantage. After all, each piece of information that gets classified is information that needs to be kept secured, is information that people have to get cleared for either directly or via being granting a security clearance and probably some other shit I'm missing.
Only other fix I can really think of, is re-evaluating exactly how much access actually needs to be granted. I get wanting to avoid delays but it does seem like there are cases where if someone isn't working a position that really needs to have immediate access to the information right now or within a reasonable time frame. Do they really need access to that information? If not, cutting that unneeded access lowers the risks of leaks. It's not just one less people you have to worry about doing stupid shit. It's one less set of log entries that have to be checked. It's also one less people that you have to worry about being compromised. The big one is that the threat isn't necessarily them doing stupid shit like the recent dumbass or selling out. It could be as simple as them not realizing that someone has gotten ahold of their log in information and is now using that to access shit. As secure as the intranet is, it isn't foolproof.
Granted, the most infuriating thing about this other than the dipshis on the right defending this dipshit leaker. It's the issue where our elected officials are fucking terrible at handling classified documents and that is probably going to get ignored because of this story. Plenty of assholes in elected government will try to bury the need to ensure they do a better job with classified materials because they find it inconvenient or annoying.
The discord in question got started as a fan community for an at-times-sketchy milsim Youtuber as well, and the guy posting the documents was actively trying to radicalize the membership of the place.
I can absolutely see some assumptions being made about what he'd do when they showed up.
WaPo had a good article on it a couple days ago. (Also a kinda heartbreaking article at points; it was run in a kind of cult-like manner and the discord's collapse seems to have left a bunch of lonely kids adrift.)
Of course, in recent years DOD has done a better job of compartmentalizing access rights based on job position (which is a manpower thing), and trying to limit single point of failures (being "The Guy" whose knowledge and skill that everyone relies on but shit goes to hell when he goes on leave, giving one guy too many and/or all the possible admin roles/rights available, etc.). Throw in TFA (two factor authentication) and better logging tools too.
Gone are the days when local comm units were the gods of the network (I remember them fondly but it's scary how much power we wielded as young stupid airmen).These days, regional commands like NOSCs have domain admin rights over the whole enterprise, while local comm units are given just enough rights to do their jobs and get the mission done. It's the principle of least privilege (my A+ certification training pays off).
That said, it's too impractical for front line supervisors to have to shoulder surf their troops to see what they're up to 24/7. People have better things to do. We joke about it all the time due to the memes of death by CBT/PowerPoint, but the military gives us this annual training with the explicit agreement that you're expected to act like an adult and not an immature dingus like the leaker who got caught.
Administrators have the ability to give themselves rights to a file share folder they have no (official) permissions to get into, and peak inside the files therein if they really want. But I'm not going to do that because there's the expectation and trust that I won't do something this stupid. Whether it's class or unclass, it's outlined in our AUPs (Acceptable Use Policy) that everyone signs before being given a basic user account.
Back to all that logging I mentioned. Everything users do (to include administrators) gets logged (principle of accountability). Again, we consent to constant monitoring whenever we log into any government systems. Said dingus can't claim ignorance because the logs are the literal receipts, from time stamped user logins to when he printed out all those documents to the classified printers, to when he searched for "leak" on his government computer.
Agreed that the failure seemed to be when no one seemed to question why this guy was printing so many documents to the classified printer and then walking out of the SCIF with them. SCIFs are busy places and the junior enlisted ranks are expected to do things like put together basic reports and presentations for meetings and higher ups, so that was his likely excuse. Still, all that hardcopy has to be properly filed, protected and/or shredded, so someone dropped the ball on the followup after the presentations and meetings were over and done with.
Also, wouldn't surprise me if that Air Force dingus was a Putin/KGB plant as well.
Apparently, the dingus was overtly racist, a pro-gun firearms fetishist (which explains the heavy-handed armed response by the police when he was arrested), and it wouldn't surprise me if he was a pro-Russia Putin stan on top of it all.
But I don't think he did what he did out of any political idealogy so much as he did it for fifteen minutes of fame and stupid online clout just to impress his little circle of teenaged gamers. He had to up the ante when they were getting bored of his antics, so he went big with leaked classified documents to really wow his homies.
I worked on a bunch of military shooters, so nothing as important as this, but holy shit I’m not going to jeopardize my livelihood spilling secrets about the games I’m working on just because people are wrong on the internet.
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Stuff about Ukraine and preparedness and attrition.
A lot of random intel around the war. There's a list of most of it here.
https://www.bbc.com/news/world-us-canada-65238951
eg Specific time/place China tested an experimental missile. Egypt had plans to supply weapons to Russia. Ukranian materiel supply situations. Opinions on UN stance on war. Etc.
This seems like the inevitable result of enough people having access to this stuff. There's enough dumbasses like this that over a large enough group, you'll have some of them in the group with access to highly classified material.
Also some of it got immediately and poorly edited to make things seem much worse for Ukraine and better for Russia
-Indiana Solo, runner of blades
As noted in the other thread, he was also only 21. Barring more detail, I'm hard pressed to say that his entire unit shouldn't have some degree of review and possibly examination of just what they were doing to maintain security.
Really can’t get over how many people must have access to these and similar files. If it really is that easy to read and copy material it seems tough if you’re in a situation where your life depends on it, to consider anything the US knows a secret.
What if he hadn’t put them in CS GO chat and instead just sold them to someone who kept a low profile. Would you have known for a couple more years? When it was very much to late to do anything about it wrt war strategies etc?
Yeah I work every day with HIPAA / FERPA data of all sorts and could easily access all kinds of information that if I wanted to disseminate could easily be halfway around the world before anyone caught on. So do all the people I work with, and IT people at every medical or academic institution.
We have bona fide job needs, but almost everyone could easily access more if they just did so, and most likely would slip through any oversight or auditing unless they are really dumb about it or there is a leak and investigation. It's the open secret of IT just how much trust is put in IT people, because the alternative is we can't really do our jobs.
Most of us do training and attestations and aren't going to fuck around even when the worst consequence is getting fired. Torching your career is bad enough to stop most people and spending a few decades in Leavenworth or even a few months in Club Fed isn't really even a possibility.
There is a reason the Snowden / Manning / this fucker leaks are the exception not the rule, and it's because nobody wants to have to flee to Russia or spend years in solitary confinement or whatever ends up happening to this guy. At least Snowden and Manning had ideological reasons for doing what they did, as misguided or careless I think it was. This guy it's just sad he ruined his life for nothing even if he sounds like a real asshole.
One, a boss told a friend of mine "Hey, can you make it so you can't access this folder? It is supposed to be confidential." The friend, the absolute highest level of domain admin in our environment said "Sure... until I need to access it." The boss didn't get what he meant by that at first.
People bring up his age and rank, but it's really not about that (although there should be some consideration for it even if I've met some very mature acting young folks and some very immature acting oldheads in my time in). It's about vetting and training. They hand out M4s to 18 year olds in the military, and expect them to be trained and ready to use them, after all.
OPM did his background investigation and gave him top secret clearance, and with how young he was, A1C Teixeira most likely didn't have much to investigate or too many contacts to go through (his father is apparently retired Air Force, to boot). So that's the vetting part, and that goes hand in hand with the job position part. As an IT administrator, having access is baked into the job.
The training part is the crucial step. With all the user agreement forms he had to sign, the test(s) he had to pass (Security+ certification is the absolute bare bones minimum and is part of the technical school training Comm troops are expected to complete), the CBTs and videos and PowerPoint presentations he had to go through to work at a SCIF, it should have sunk in and drilled into his head that leaking classified documents will land you in a world of hurt.
Like I said before, every action you take on a government system gets logged so there's no use trying to weasel out of that when there are receipts aka logs with time stamps. He should have known better but still did it anyway, which speaks to the human element (aka insider threat) still being the greatest weakness and critical vulnerability in any (theoretically) hardened system.
The mission is the mission, and Uncle Sam treats intelligence systems the same way they treat any other weapons system, or loaded gun; that is to say, with care (ideally in principle and in practice). It's why ISRGs (Intelligence, Surveillance, Reconnaissance Group) now fall under ACC (Air Combat Command) MAJCOMs. It wasn't always this way but this change came around the early-mid 2010's.
I expect the Cyber Awareness Challenge CBT to soon include a section explicitly warning folks not to leak classified shit for stupid Internet clout or to win equally dumb online arguments about military themed video games. It's sad that this has to be spelled out so obviously but it is what it is.
All I can really add at this point is that A1C Teixeira's chain of command (immediate supervisors, First Sergeant, and Commander) must be shitting bricks right now, as his Security Manager office.
Least privilege, zero trust. Gotta do it, folks.
Congrats. I got my A+ last month too (I had Net+ and Sec+ for a while already). Go principle of least privilege. But the amount of trust that we put in IT folks is enormous (both mil and non-mill) and not something to be abused.
I can literally count on one hand the number of people who have access to all the networking infrastructure at an unfettered level. Joe Blow in the install team who can build out tunnels/circuits/routing in customer domains can't even login to our the networking infrastructure for our voice core. Heck, they aren't even allowed to do proper packet captures on the equipment they live on. We also have tools setup to watch for suspicious activity internally to help alleviate "audits only happen sometimes".
This is mostly where I was going with this. You mention 18 year olds with M4's, but they aren't just randomly allowed to walk around unsupervised with them, at least not when not deployed. I'm not even saying he should be shown leniency, but people also talk about him as if he was a fully mature person not capable of making just moronic decisions because he's still functionally developing.
Back when I was essentially the admin/SME for one of our reporting systems one of our hospitals had a COVID related report created but they wanted it only available to a select few high level people. And it took some work to explain to them that there were limits to how much we could hide it.
1. None of the content was very special. It was pretty much just information that was readily available in other census reports with a couple specific filters on it, many of those based on information that was also readily available in other reports. Like, someone could, and if they so desired, access all the same info.
2. While I could hide the report from most people in the actual reporting menu, there was no way to hide it from people with my level of access. There were a couple ways I theorized it might maybe be doable but they might still be undone and if not came with potential side effects of having a whole class of problems that if they ever happened would be unfixable by anyone with access.
3. It was ultimately just a program in the EHR , so anybody with access to directly query the database and execute programs could just find the name of the program from the table that stored the menu info and run it directly from the dev program.
Yeah, I'm not a DBA, but I'm in a similar position. Sometimes chasing bugs mean I need to go poke the most sensitive DBs directly. Sometimes I need full and unfettered access to do my job.
I am, of course, utterly uninterested in the actual data, but I need access to fix shit.
Anyway, having just read this thread, I laughed.
Doc: That's right, twenty five years into the future. I've always dreamed on seeing the future, looking beyond my years, seeing the progress of mankind. I'll also be able to see who wins the next twenty-five world series.
They don't pay nearly as much, so you either have to care passionately, or not be able to get through interviews
Doc: That's right, twenty five years into the future. I've always dreamed on seeing the future, looking beyond my years, seeing the progress of mankind. I'll also be able to see who wins the next twenty-five world series.
Newer items are done better.
Like between this and the whole Warthunder thing that's part and parcel of a security clearance check now right?
Come Overwatch with meeeee
now now, the War Thunder guy wasn't doing it for clout, devs just fucked his branch and the turret on the Chally 2 needed to slew 2* faster
No. We aren't required to share any social media information unless it's tied directly to hostile groups. The government does in fact respect people's privacy to a degree.
This is really easy though. You deny access implicitly with group membership access requests that have timed expiration and audit logs. You need access, you can assign it to yourself and any other admin can approve, but then you needed someone else to approve it (which is fast), it expires, and it's logged. If you just couldn't handle two person approval you could dispense with that and still have most of the benefits. What every organization is failing at is having automated notification of anomalous access.
I feel like it was confirmed that wasn't actually a real part of the screening.