Comment by throwaway32144
8 years ago
As an aside, how else would one sneak top-secret stuff out of the NSA ? I assume all IO ports have been cut, and the input devices soldered onto the motherboard ?
Send some xor-ed file out using a non-secure connection and sneak the key out somehow ?
Take photographs/video using the phone, cold-war style ?
Without having visited the site in question, the underlying theme is that you, as the security people, have to choose your battles because employees start to get very upset when you make their jobs difficult in order to show them how little you trust them.
> Send some xor-ed file out using a non-secure connection and sneak the key out somehow ?
Stray thought: You don't have to sneak a OTP out, you only need to sneak it in. Then you do your XORing, transmit the mangled data, and erase that copy of the key.
Taking photographs on an (offline) phone is probably the safest and easiest way to go about it. Obviously no flash, if you can't do it in non-monitored environments make it look like you're just looking at your phone. Go home, take pics out of device, delete them and destroy the phone.
This said, it's been reported some contractors and employees routinely took home loads of external drives, so your expectation that IO ports are completely disabled might be unrealistic; the NSA is good but it's just another large org, just a bit more paranoid than average.
Phones aren't allowed in SCIFs (the facility she worked in).
Hard drives labeled unclassified can be removed from those facilities with special permission but I think hard drives are under more scrutiny nowadays.
There are much easier ways to exfil data from a scif than photos. Esp. If you are a contractor.
1 reply →
You can't just "look at your phone" while processing classified information. Its highly forbidden to even have a phone in your possession while processing classified information.