Comment by polalavik
19 hours ago
Just, as an exercise, list out 3 good reasons someone might want untraceable admin accounts then list 3 really bad reasons they might want that. If you manage to find 3 good reasons does the outcome of those those outweigh the risks of the potential bad reasons?
I appreciate the question. The most obvious is that this is an “audit the auditors” exercise, and they do not want to leak information toward a likely adversarial counterpart. If they have the authority to so, then they do. An adjacent complaint about “not following Treasury policy is similar.” If these systems exist, there is a governing authority structure, and that does not begin at the level contemplated in this document.
Good: 1. The account-level below that doesn't have access to certain stuff and just happened to have untraceable stuff 2. They just said "give me the highest level of access" and didn't investigate what that meant 3. Can't think of a good third atm
Bad: 1. They want to do nefarious things untraceably 2, 3. I think 1. covers pretty much everything.
Personally, if I'm put in charge of overhauling a system I don't want to waste my time waiting on approvals for BS, I just want to be given the highest level of access I can be given to get on with work.
I'm not saying this is fine, but the information here is basically a random list of things that happened and it doesn't really tell a nefarious story to my eyes.
I honestly don't understand the defenses of these actions here. Forget about the nature of data we're talking about here. If I was an engineer working at say google, and I put in mechanisms to access a bunch of data and bypass both auth and audit, I'd get fired instantly.