Feeds

Snowden journo's boyfriend 'had crypto key for thumb-drive files written down' - cops

Greenwald, Guardian roasted over 'very poor' security

Top three mobile application threats

Journalists and their associates involved in the Edward Snowden NSA leaks affair followed almost unbelievably poor security practices while handling top-secret government files, according to a statement made in court by a British official today.

The hearing was looking into the case of David Miranda, the partner of journalist Glenn Greenwald, to whom fugitive NSA sysadmin Snowden is believed to have leaked large amounts of highly classified data. Miranda was stopped and held at London's Heathrow airport on 18 August while en route from Germany to his and Greenwald's home in Brazil: police seized thumb drives and other items capable of holding data from him, and interrogated him for 9 hours - the maximum time he could be held without being arrested under UK anti-terror laws - before letting him go on his way.

The Guardian subsequently admitted that it had paid for Miranda's flights. It appeared he had been carrying sensitive information from Greenwald's collaborator Laura Poitras in Germany, with whom he had been staying, to his partner in Brazil. Guardian editor Alan Rusbridger subsequently said that journalists and their associates were making many such flights in working on the Snowden leaks, apparently due to concerns over their electronic communications being eavesdropped upon by the NSA and allied organisations such as Britain's GCHQ.

It had been widely reported that Miranda disclosed some passwords to the police at Heathrow under threat of jail, but many analysts had concluded that these were merely those to his social-networking accounts and such like, which it would be implausible to claim he did not know. Naturally it was considered unlikely that he would even know the keys to any top-secret encrypted data he might be carrying - this was the view taken by security guru Bruce Schneier, for instance.

But now, in a court statement made this morning and tweeted live by Telegraph correspondent David Barrett, the government says that Miranda was actually carrying a piece of paper with a decryption password written on it. This allowed the police to read at least some of the files he was carrying. These included some 58,000 "highly classified UK intelligence documents".

In the government's view this demonstrated "very poor information security practice" on the part of Greenwald and the Guardian.

According to the Cabinet Office official making the statement, it was concern over this apparently amazingly lax security posture by the Guardian that had previously led the government to insist on destruction of any Snowden files it held, on UK territory at least.

“The Guardian appeared to accept our assessment that their continued possession of the information was untenable,” the court was told today. This led to the smashing up of some computers under GCHQ supervision at the paper's London offices, which Graun apparently agreed to keep confidential - but then it "unilaterally published" the story of the episode earlier this month.

In the government's judgement the huge amounts of data harvested by Snowden must be assumed to be in the hands of foreign governments at the very least (for instance that of Russia, where Snowden is now staying) and possibly that it has also reached "other, non-State actors". It was also stated that the information that Miranda was carrying would allow the identities of UK intelligence personnel, some of them serving abroad, to be unmasked. The government contended that it was not possible for Greenwald or any other journalist to determine what information could be released without damaging British national security.

Today's hearing came about because Mr Miranda's British lawyers had sought to prevent the police examining data they had seized from him. As of this morning this attempt appears to have been abandoned, with the judge congratulating the parties on reaching an agreement.

The Metropolitan police, whose officers detained Miranda at Heathrow, issued a statement today saying:

We are pleased that the Claimant has withdrawn his attempt to restrict our continued access to, and use of, material that was seized from him at Heathrow airport on Sunday 18 Aug 2013 under Schedule 7.

The examination of this material is necessary for the purposes of an ongoing criminal investigation and to protect public safety.

An initial examination of the seized material has identified highly sensitive material within thousands of classified intelligence documents. As previously stated the Metropolitan Police Service Counter Terrorism Command is now carrying out a criminal investigation, which is at an early stage.

The Counter Terrorism Command nowadays has as part of its portfolio the functions of the former Met police Special Branch, which was tasked to work with the intelligence and security services on espionage cases among other things.

It will not escape Reg readers' consideration that while the Guardian's security may have been poor, it was the US and UK governments' security regimes which allowed the information to escape in the first place. ®

SANS - Survey on application security programs

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
Reprieve for Weev: Court disowns AT&T hacker's conviction
Appeals court strikes down landmark sentence
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.