MI6: Snowden Files Hacked to Find Western Spies

Uploaded on 2015-06-15 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

snowden-100355452-carousel.idge.jpg

Edward Snowden

The UK Governmnet believes that Russian and Chinese intelligence agencies have used documents from whistleblower Edward Snowden to identify British and US secret agents, and that agents have been put in peril, according to a report in the Sunday Times.

The newspaper says MI6, Britain’s Secret Intelligence Service, has withdrawn agents from overseas operations because Russian security services had broken into encrypted files held by American computer analyst Snowden.

Snowden provided the Guardian with top-secret documents from the US National Security Agency (NSA), which revealed that western intelligence agencies had been undertaking mass surveillance of phone and Internet use. He fled to Hong Kong, then to Moscow, and the Sunday Times claims that both Chinese and Russian security officials gained access to his files as a result.

The files held by Snowden were encrypted, but now British officials believe both countries have hacked into the files, according to the report.

The newspaper quotes a series of anonymous sources from Downing Street, the Home Office and British intelligence saying that the documents contained intelligence techniques and information that would enable foreign powers to identify British and American spies.

The newspaper quoted a “senior Downing Street source,” saying that “Russians and Chinese have information”.
The source said, “agents have had to be moved and that knowledge of how we operate has stopped us getting vital information”. The source said they had “no evidence” that anyone had been harmed.

A senior Home Office source was also quoted by the newspaper saying: “Putin didn’t give him asylum for nothing. His documents were encrypted but they weren’t completely secure and we have now seen our agents and assets being targeted.”

The Sunday Times also quoted a “British intelligence source” saying that Russian and Chinese officials would be examining Snowden’s material for “years to come”.
“Snowden has done incalculable damage,” the intelligence source reportedly said. “In some cases the agencies have been forced to intervene and lift their agents from operations to prevent them from being identified and killed.”
A Downing Street spokeswoman told the Observer on Saturday night: “We don’t comment on leaks.” 

Traitor or patriotic Whistleblower?

Anti-Snowden reporting has gradually increased and some senior current and past intelligence agency commanders have expressed the view that Snowden was a double agent working for the Russians.

Sir David Omand, former Director of GCHQ, said on Radio 4’s Today Program recently, that Snowden had stolen enormous of amounts of classified documents from NSA and that some of these had been used against Western agents and operations in Russia and elsewhere. 

Some Commanders say that Snowden traded documents for asylum, or that the documents were taken by the Russian’s and perhaps Chinese to get intelligence and spy on the West. 

Snowden says that this is not true and no documents were given to the either the Russians or the Chinese.

Almost dependent on which office and individuals one speaks to within different intelligence agencies and parts of governments the views on Snowden both in the US and UK and EU differ radically – some see him as a sensible and honorable Whistleblower who has given the American people and other Western citizens a clearer understanding of how much they are monitored by their own government which, many believe goes against the US Constitution.

Others within the intelligence departments and other parts of government see Snowden as a traitor who should be tried and jailed.   

Questions About The Sunday Times Snowden Story

Outside the intelligence world, specialist journalists, notably Glenn Greenwald and RJ Gallagher, critsicse The Sunday Times story. Gallagher writes that the UK newspaper's claim that the Chinese and Russian governments have somehow managed to obtain National Security Agency whistleblower Edward Snowden's trove of documents is poorly sourced from anonymous UK government officials, who make a series of significant allegations, backed up with little evidence.

It's worth going through some of the key points of the story to cast some critical scrutiny on the central claims and to raise a few questions about them:
    
1) "RUSSIA and China have cracked the top-secret cache of files stolen by the fugitive US whistleblower Edward Snowden...according to senior officials in Downing Street, the Home Office and the security services."   
Is the claim here that a full archive of encrypted files was "cracked" by some sort of brute-force decryption attack? If so, how did these "senior officials" establish that? How did the Russians and Chinese allegedly obtain the encrypted material in the first place? 
2) "forcing MI6 to pull agents out of live operations in hostile countries."
This was a surprise to me because I've reviewed the Snowden documents and I've never seen anything in there naming active MI6 agents. Were the agents pulled out as a precautionary measure? Keeping in mind that the UK government does not actually know what Snowden leaked, how do these officials know there were documents in there that implicated MI6 operatives and live operations in the first place? 
3) "Moscow gained access to more than 1m classified files held by the former American security contractor"
Snowden has said repeatedly that he did not carry any files with him when he left Hong Kong for Moscow. Is this article alleging that he is lying? If so, where's the evidence to support that? Moreover, I've seen nothing in the region of 1m documents in the Snowden archive, so I don't know where that number has come from. Oh, wait: 
4) "Snowden, a former contractor at the CIA and National Security Agency (NSA), downloaded 1.7m secret documents"
This 1.7m figure was invented by US officials and since then it has been regurgitated repeatedly and unquestioningly by various media outlets. I've seen the trove of documents; the claim or insinuation that he leaked 1.7m is not true. 
5) "A senior Downing Street source said: 'It is the case that Russians and Chinese have information'."
Of course they do: the same information that the rest of the world has access to -- in public news reports and documents published as part of those. If the claim here is that the Russians and Chinese have access to every single document in the entire archive (i.e. all the unpublished material), where is the evidence to support that? How do the officials know? Are they speculating? These are serious claims -- and serious claims demand serious evidence. Which is unfortunately not provided here. 
6) “Why do you think Snowden ended up in Russia?” said a senior Home Office source. “Putin didn’t give him asylum for nothing."
I thought this one had long since been debunked by now, but apparently not. The reality is that Snowden never intended to stay in Russia. He was trying to get to Latin America and only ended up in Russia because his passport was revoked by the US government while he was transiting through. 
7) Senior Home Office source: "His documents were encrypted but they weren’t completely secure and we have now seen our agents and assets being targeted.”
So the UK Home Office is alleging Snowden lied about taking documents to Moscow? How has it established that, exactly?
8) "A British intelligence source said: “We know Russia and China have access to Snowden’s material"
Again: they have access to documents published with public news reports, sure, that's obvious and true. But is the claim here that they have access to material beyond that? If so, where's the evidence? How does this source "know" and what does he "know," exactly? Why the vague statement? Let's hear what it is the source knows and how so we can properly assess and scrutinise the merit of the allegation. 
9) "It is not clear whether Russia and China stole Snowden’s data, or whether he voluntarily handed over his secret documents in order to remain at liberty in Hong Kong and Moscow."
If it's not clear then why does the top line of the story say the Chinese and Russians "cracked" the documents? If Snowden just handed them over, why would they need to "crack" them? And if the Russians and Chinese somehow stole the data, how did they a) manage to steal the documents in the first place (especially given he says he didn't carry the files with him into Russia), and then b) break the encryption? 
10) "David Miranda, the boyfriend of the Guardian journalist Glenn Greenwald, was seized at Heathrow in 2013 in possession of 58,000 'highly classified' intelligence documents after visiting Snowden in Moscow."
This is wrong. Miranda was detained at Heathrow after visiting Laura Poitras in Berlin. He wasn't visiting Snowden in Moscow and I think this is the first time I've ever seen this asserted. It's false.

Gallagher thinks The Sunday Times story raises more questions than it answers, and contains some dubious claims, contradictions, and inaccuracies. "The most astonishing thing about it is the total lack of skepticism about these grand government assertions, made behind a veil of anonymity. This sort of credulous regurgitation of government statements is antithetical to good journalism. The government has an obvious vested interest in portraying Snowden as a terrible person who's helped "the enemy" -- it has been badly stung by his surveillance revelations and the political fallout that has ensued as a result of them. For that reason alone its claims should be treated with caution and not repeated unchallenged. Evidence should be necessary for allegations of this magnitude, which have such big ramifications."

The Sunday Times has a long and commendable history of holding the government to account with great investigative journalism. But in this case, sadly, it has allowed itself to be used by faceless officials as a mouthpiece, Gallagher says.

Guardian: http://bit.ly/1dE3Dq5
RJ Gallagher: http://bit.ly/1KS05Or

 

« Second Hack of US Federal Records
Enforcing Magna Carta in the Age of Cyberwarfare »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ProfitBricks

ProfitBricks

ProfitBricks is a secure cloud computing infrastructure-as-a-service (IaaS) solution.

Zerto

Zerto

Zerto provides enterprise-class disaster recovery and business continuity software specifically for virtualized data centers and cloud environments.

ENVEIL

ENVEIL

ENVEIL’s technology is the first scalable commercial solution to cryptographically secure Data in Use.

CopSonic

CopSonic

Copsonic provide a technology solution based on ultrasonic waves to send secure and encrypted data between two devices in order to achieve authentication.

Stamus Networks

Stamus Networks

Stamus Networks offers Scirius Security Platform solutions that marry real-time network traffic data with enhanced Suricata intrusion detection (IDS) and an advanced analytics engine.

Vortiv

Vortiv

Vortiv Ltd (formerly known as Transaction Solutions International Ltd) is a technology based company focused on the cybersecurity and the cloud services sector.

SurePassID

SurePassID

SurePassID is a provider of highly secure, highly extensible multi-factor authentication (MFA) solutions.

Business Resilience International Management (BRIM)

Business Resilience International Management (BRIM)

Business Resilience International Management (BRIM) is engaged by law enforcement in the UK and overseas to advise on establishing and developing Cyber Resilience Centres (CRCs) for business.

Trava Security

Trava Security

Trava simplifies cyber risk management for business owners and IT professionals. Automated assessments, mitigation advising, and data-driven cyber insurance.

Northrop Grumman

Northrop Grumman

Northrop Grumman is a global provider and integrator of complex, advanced and rapidly adapting information technology, cybersecurity, mobility and optimized services and solutions.

Bitdefender

Bitdefender

Bitdefender is a cybersecurity leader delivering best-in-class threat prevention, detection, and response solutions worldwide.

Chainguard

Chainguard

Founded by the industry's leading experts on open source software, security and cloud native development, Chainguard are on a mission to make the software supply chain secure by default.

CAT Labs

CAT Labs

CAT Labs is building digital asset recovery and cybersecurity tools to enable governments to fight crypto crime and to protect investors from hacks, fraud and scams.

CardinalOps

CardinalOps

The CardinalOps platform continuously assesses your detection posture and eliminates coverage gaps in your existing detection stack so you can easily implement a threat-informed defense.

Security4Media

Security4Media

Security4Media is a non-profit association set up to reduce risks and support trust in media, in the face of increasing cybersecurity threat levels.

Freeze

Freeze

Freeze prevents attacks before they can start by finding, removing, and stopping the spread of information about your organization and employees.