January 18, 2018 at 7:46 am
jasona.work - Wednesday, January 17, 2018 12:02 PMEric M Russell - Wednesday, January 17, 2018 8:27 AM... A contractor just pleaded guilty to stealing classified information from the US National Security Agency, about 50GB worth of data. This isn't a case of spying or malicious intent. Instead, the report is that the employee was a hoarder, just keeping copies of data for some unknown reason. Hopefully that's true ...
If you follow the link the news stories cite 50 (TB) not 50GB.
With a dataset that large, it makes one wonder which NSA database he downloaded. Maybe this guy was wanting to spin up his own implementation of a domestic surveillance program in his basement using a make shift Hadoop cluster.
Whether this is considered theft should be based on how many security controls he had to bypass in order to download that much data. Did he login using a privileged account? Did he siphon off a little at a time in an effort to avoid detection? Does the NSA have so much spare network bandwidth that a 50 TB dump wasn't noticed while in process?(Note, I didn't read the source article)
If this is the guy I think it is, that I had heard about last year, it wasn't a database he took home, it was actual physical documents and disks in bankers boxes sitting on the back seat of his car...
Which also led to some people wondering how he managed to get these out to his car without being stopped, and out the gate without being stopped.
I'd like to think that those documents and backups were encrypted and this guy didn't have access to the keys. If not, then there is no hope. We need to start holding federal agencies accountable for this type of stupidity and incompetence. If someone running for political office really wanted to score points with the public, this should be their angle.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
January 18, 2018 at 10:14 am
Eric M Russell - Thursday, January 18, 2018 7:46 AMjasona.work - Wednesday, January 17, 2018 12:02 PMEric M Russell - Wednesday, January 17, 2018 8:27 AM... A contractor just pleaded guilty to stealing classified information from the US National Security Agency, about 50GB worth of data. This isn't a case of spying or malicious intent. Instead, the report is that the employee was a hoarder, just keeping copies of data for some unknown reason. Hopefully that's true ...
If you follow the link the news stories cite 50 (TB) not 50GB.
With a dataset that large, it makes one wonder which NSA database he downloaded. Maybe this guy was wanting to spin up his own implementation of a domestic surveillance program in his basement using a make shift Hadoop cluster.
Whether this is considered theft should be based on how many security controls he had to bypass in order to download that much data. Did he login using a privileged account? Did he siphon off a little at a time in an effort to avoid detection? Does the NSA have so much spare network bandwidth that a 50 TB dump wasn't noticed while in process?(Note, I didn't read the source article)
If this is the guy I think it is, that I had heard about last year, it wasn't a database he took home, it was actual physical documents and disks in bankers boxes sitting on the back seat of his car...
Which also led to some people wondering how he managed to get these out to his car without being stopped, and out the gate without being stopped.I'd like to think that those documents and backups were encrypted and this guy didn't have access to the keys. If not, then there is no hope. We need to start holding federal agencies accountable for this type of stupidity and incompetence. If someone running for political office really wanted to score points with the public, this should be their angle.
Heh. Paper documents are kind of hard to encrypt, at least if you want to read them again later...
Yes, the guy I'm thinking of was taking home classified PAPER documents in bankers boxes...
January 18, 2018 at 10:18 am
jasona.work - Thursday, January 18, 2018 10:14 AMEric M Russell - Thursday, January 18, 2018 7:46 AMjasona.work - Wednesday, January 17, 2018 12:02 PMEric M Russell - Wednesday, January 17, 2018 8:27 AM... A contractor just pleaded guilty to stealing classified information from the US National Security Agency, about 50GB worth of data. This isn't a case of spying or malicious intent. Instead, the report is that the employee was a hoarder, just keeping copies of data for some unknown reason. Hopefully that's true ...
If you follow the link the news stories cite 50 (TB) not 50GB.
With a dataset that large, it makes one wonder which NSA database he downloaded. Maybe this guy was wanting to spin up his own implementation of a domestic surveillance program in his basement using a make shift Hadoop cluster.
Whether this is considered theft should be based on how many security controls he had to bypass in order to download that much data. Did he login using a privileged account? Did he siphon off a little at a time in an effort to avoid detection? Does the NSA have so much spare network bandwidth that a 50 TB dump wasn't noticed while in process?(Note, I didn't read the source article)
If this is the guy I think it is, that I had heard about last year, it wasn't a database he took home, it was actual physical documents and disks in bankers boxes sitting on the back seat of his car...
Which also led to some people wondering how he managed to get these out to his car without being stopped, and out the gate without being stopped.I'd like to think that those documents and backups were encrypted and this guy didn't have access to the keys. If not, then there is no hope. We need to start holding federal agencies accountable for this type of stupidity and incompetence. If someone running for political office really wanted to score points with the public, this should be their angle.
Heh. Paper documents are kind of hard to encrypt, at least if you want to read them again later...
Yes, the guy I'm thinking of was taking home classified PAPER documents in bankers boxes...
Wow... like someone else noted, how in the world was he able to take bankers boxes of documents out of a facility that works with classified information? That's just incredible to me.
--Jeff Moden
Change is inevitable... Change for the better is not.
January 18, 2018 at 12:55 pm
jasona.work - Thursday, January 18, 2018 10:14 AMEric M Russell - Thursday, January 18, 2018 7:46 AMI'd like to think that those documents and backups were encrypted and this guy didn't have access to the keys. If not, then there is no hope. We need to start holding federal agencies accountable for this type of stupidity and incompetence. If someone running for political office really wanted to score points with the public, this should be their angle.Heh. Paper documents are kind of hard to encrypt, at least if you want to read them again later...
Yes, the guy I'm thinking of was taking home classified PAPER documents in bankers boxes...
Martin, who spent 20 years working for intelligence agencies with top-level security clearance, was indicated in February last year after authorities seized 50 terabytes of data from his home in October 2016.
The article mentioned that authorities seized 50 TB of data from his home. Paper documents are typically measured in pages not TB. Perhaps the digital data seized from his home was not directly related or from incidents separate from one in which he was initially caught. The article also mentioned that both Harold Martin and Edward Snowden were working for the government contractor Booz Allen. Also, in 2017 Booz Allen exposed passwords and 28 GB of unencrypted classified documents located on an Amazon server.
In addition to overhauling federal agencies, another issue is the need to address waste, incompetence, and corruption by big federal contracting firms. But that's not something you hear discussed by either of the two primary political parties here in the US. It's almost like there is an agreement in Washington DC that the topic is off limits and not in their best interests to address or politicize.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
May 25, 2022 at 3:09 am
Heh... ok... here's another thought. If you don't think you own the data (not like the guy in the story Steve related), let something happen to it and find out how many people think YOU own the data. 😀
--Jeff Moden
Change is inevitable... Change for the better is not.
May 25, 2022 at 10:24 am
That's evil Jeff.....but very true.
May 25, 2022 at 1:01 pm
Heh... ok... here's another thought. If you don't think you own the data (not like the guy in the story Steve related), let something happen to it and find out how many people think YOU own the data. 😀
Yeah, we take the blame when data is lost, not because we own the data, but because we are custodians of the data. It's sort of like the employee at a public storage facility who was busy watching Netflix while thieves were breaking into the lockers.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
May 25, 2022 at 3:31 pm
Jeff Moden - Wednesday, January 17, 2018 6:56 AMThe title of this article is "Its not yours". While I definitely agree with that, I'm the DBA for the company I work for. That means that I'm charged with both the safety of the data and making it available to the right people and only the right people. The data is actually mine because I have to guard it and only distribute it to the right people as if my job depends on it... and it does.Still not sure the data is yours. It's your responsibility and you have accountability for doing your job, but you implement someone else's rules for managing the data and authorizing users.
I agree, the data is not yours, but the responsibility is. What happens to it if you leave your position? Are you going to keep it, use it, sell it? I'm thinking this approach to who owns the data might expose you to large legal problems. What's the difference whether you hack into the system or 'walk out the door' with a copy.
As I recall, even when working remotely, I used a company laptop, not my own system, and the data didn't even hit my system at all, just went over my network connection.
In the reverse position, my data does not belong to the company just because I work for them. I wouldn't want them taking copies, viewing my personal items, and knowing my financial and social history.
I did, in fact often share bits of SQL code and ideas I created for the company to use, with the SQL community and at one point before monitoring software was common I shared some processes that collected OS and DB history and statistics into a centralized system from about 50 SQL instances.
Rick
Disaster Recovery = Backup ( Backup ( Your Backup ) )
May 25, 2022 at 11:07 pm
Oh, don't get me wrong... I quite agree that the data isn't "mine". It belongs to the company. And your point about responsibility is exactly what I'm getting at. I'm also trying to get across that if you see something wrong with the data, you need to fire a flare in the right direction. Too many people won't do that simply because "it's not their data". All they care about is correct availability and security. While those two notions are certainly the most important, that's not all there is to it.
--Jeff Moden
Change is inevitable... Change for the better is not.
May 26, 2022 at 1:05 pm
Oh, don't get me wrong... I quite agree that the data isn't "mine". It belongs to the company. And your point about responsibility is exactly what I'm getting at. I'm also trying to get across that if you see something wrong with the data, you need to fire a flare in the right direction. Too many people won't do that simply because "it's not their data". All they care about is correct availability and security. While those two notions are certainly the most important, that's not all there is to it.
I've related this to you folks before but it fits here also. Sometimes the data 'belongs' to the wrong people, for better or worse. I took a DBA position in 1999 with an international corporation doing a multimillion development of a package that was supposed to link servers for a network of about 300 dealers worldwide. There were about 7-8 VB developers, and a couple of us DBA's, a staff which grew during the project. One of the fairly experienced developers had created a series of ten SQL sprocs to support a set of reports used both internally and by the remote dealers. The bad part was that the set of sprocs all contained the same logic flaw in a join which invalidated the results. This was a pretty simple fix, so I did the work and released the code to the Quality Control group made up of folks who did the final testing of code before release.
That was 1999. When I retired in 2010, the code still had not been released, and since then I've heard the whole system has been retired. I don't think they ever actually got more than about 50-60 of the dealers connected to that project.
Rick
Disaster Recovery = Backup ( Backup ( Your Backup ) )
Viewing 10 posts - 16 through 24 (of 24 total)
You must be logged in to reply to this topic. Login to reply