Comment by bhousel
12 years ago
Why would NSA agents go through all the trouble of tapping cables when they could probably just gain employment at Google and do whatever they want. I don't think encryption would make a difference here.
12 years ago
Why would NSA agents go through all the trouble of tapping cables when they could probably just gain employment at Google and do whatever they want. I don't think encryption would make a difference here.
There's greater risk of facing problems of all sorts when you have rogue agents on the inside (what if they get found out? how will that be met by news journals? people who find out about it? the trust dynamics between CEOs and government agencies that request access in a legal way, when needed?).
The risk of things going wrong when you're tapping cables is much less pronounced as far as I can see.
Anyone care to comment on FBs Max Kelly, head of security flip-flop employment between FB and NSA?
How can that guy be trusted with anything?
http://www.dailymail.co.uk/news/article-2347047/Former-Faceb...
I'm not sure why you think that's so easy to do. You need a person who:
1. Has the technical credentials and interviewing skills to get hired at Google (not easy). 2. Has a security clearance. 3. Wants to be a spy. 4. Can get themselves assigned to the team working on datacenter interconnects. 5. Can set up a tap on the interconnect without getting caught.
That sounds both hard and expensive to me.
Consider Sally Smith, our hypothetical employee. She worked for several government and military agencies for years with a concentration in data center security. She has top-secret clearance.
Before the Snowden revelations came out, I'd have strongly considered Sally Smith to be a good fit for a position dealing with data center security. Who wouldn't have?! Years of experience at high levels securing data centers? Letters from generals and senior government officials attesting to her qualifications? Sign me up right away!
Post-Snowden, I'd start believing that Sally Smith is far more likely to be Sally Spook, an active NSA employee experienced in data center infiltration and with an impeccable cover story.
The only thing that keeps Sally Spook away from our data centers is Google's hiring processes & internal security, and is that really enough to stop a determined adversary with all the advantages of the NSA? I doubt it.
The Google hiring process seems to be very focused on discerning a candidate's practical knowledge not their on paper experience or recommendations. It would be silly to think that a general or senior government official would even have the technical knowledge to make a well informed recommendation of someone for a technical position.
2 replies →
Finding such a person would be difficult (but not impossible) for you or for me, but conditional probabilities work heavily in the NSA's favor. They have thousands of in-house people already satisfying 1, 2, and 3. 5 can be perfected by a team and taught to any of those thousands of people and 4 can be achieved with resume tweaking and, at most, a few repeat trials.
It's the same reason why security through obscurity doesn't work: if you chain together 5 obfuscation layers that each keep out 80% of competent hackers, in total they probably keep out 85% or 90% of competent hackers if you're lucky, but certainly not 99.99%, because everyone who bypasses the first layer has a much higher probability of having the skills to bypass the other layers as well.
Take those requirements in reverse and apply them to an already employed NSA person -- then send them out to apply for jobs as an asset.
there is also very easy other way around - "ask for help" [to fight terror and defend Motherland, err... USSR wording, today in the US it is "Homeland"] an existing Google employee.
From their perspective, why not tackle the additional attack vectors?
As for the internal mole, I'd imagine that any such individual's role would be highly focused. They'd be used to tackle specific target information rather than the wholesale siphoning tapped cables would provide. Aside from the simple logistic issues with the sheer amount of data they're tapping, I can't imagine how anyone could be in a physical position to do so across the entire Google network without tripping at least <i>one</i> internal safeguard?
For bulk collection, the taps enable surveillance without the possibility of detection unless the NSA screws the proverbial pooch. And if there's one thing history can tell us, it's that surveillance agencies will spend obscene amounts of money in pursuit of that undetectability. From the Project Azorian with the Glomar Explorer to the Berlin tunnels in Operation Gold, the Cold War alone proves the point.
Apparently unconstrained by resources, they decided to attack from multiple angles.