'Snowden risked lives' fearfest story prompts sceptical sneers
Anon murmurs fool few serious infosec watchers
Analysis A row has broken out over claims that Russian and Chinese have reportedly decrypted files of NSA leaker Edward Snowden, identifying British and US secret agents in the process.
The Sunday Times used unnamed UK government and intel agency officials1 to support a story that MI6 has withdrawn agents from overseas operations in hostile countries because their identities have been "blown" (i.e. revealed) as a result of the Edward Snowden leaks.
Team Snowden, in the person of chief collaborator Glenn Greenwald, has denounced the story as a smear based solely on the words of British officials hiding behind anonymity. The Sunday Times has uncritically laundered UK government accusations aimed at discrediting NSA whistleblower Snowden, according to Greenwald, who argues that no evidence is presented to support the claim that Russia and China “cracked the top-secret cache of files” obtained by Snowden.
Oi, Sunday Times. Get your facts straight
An early version of the story incorrectly stated that David Miranda, Greenwald's partner, was "seized at Heathrow in 2013 in possession of 58,000 'highly classified' intelligence documents after visiting Snowden in Moscow". In fact, Miranda was detained en route back to Brazil after visiting filmmaker and Snowden collaborator Laura Poitras in Berlin.
The Sunday Times excised this incorrect claim from the online version of its story. The paper's missteps in summarising the circumstances of Miranda's detention hardly inspires confidence in other assertions made in its story.
Team Snowden contends that the NSA leaker fled the US with four copies of a top secret cache of documents lifted from the NSA's intranet. Snowden himself has stated unambiguously that he took no files with him when he left Hong Kong, having handed over his archive to carefully selected journalists.
Snowden's detractors, such as former NSA intelligence analyst John Schindler, dispute this version of events, arguing that Snowden defected to Russia and took the files with him.
Even assuming that Snowden is telling the truth, that still leaves open the possibility that the encrypted documents were obtained from Snowden's journalist partners and not the whistleblower himself. One credible scenario is that journos handling the files have been hacked or had the data nicked in some way from them. These people, unlike Snowden himself, are comparative rookies in handling secrets and not well practised in operational security. They may have made mistakes in using PGP, TruCrypt and Tor, for example – none of which are known for their appeal to novice users – that left them vulnerable to hacking.
And there's little doubt that intel agencies would have put their best people on the case. That's not to say these teams succeeded for sure, but if they had, then Team Snowden would have been left none the wiser.
All parties agree that the Snowden leak is one of the biggest intelligence agency leaks in history. The Sunday Times contends that more then one million classified files were taken. Greenwald rubbishes this claim without providing an alternative figure; Team Snowden has always kept this figure secret.
How many spies died because of this? Er...
Leaving aside whether or not China and/or Russia somehow obtained the encrypted files, there's plenty of reasons to be suspicious of the Sunday Times' contention that the files contained the identities of MI6 and CIA overseas agents whose identities were disclosed, forcing Western intel agencies into "rescue operations".
When a US or UK intelligence officer (spy) operates under cover abroad, normally that cover is diplomatic; that is, the officer pretends to be a normal embassy diplomat. Even if he was unmasked before his bosses at home recalled him, he/she would still have diplomatic immunity. The worst that could happen is being declared persona non grata – sent home – by the foreign country.
There are such things as non-diplomatic-passport "natural cover" people, and there are agents (moles, sources) but that stuff is super ultra secret compartmentalised info: even people who are allowed to see the resulting intel aren't normally allowed to know who it came from. It's not the sort of thing likely to be held on the NSA intranet. It might be the case that some spies were moved within days or weeks of the first Snowden leak as a precaution before the extent of the leaks were accessed.
Claims that Snowden files "put UK spies in danger" were rubbished by diplomat Craig Murray, former British ambassador to Uzbekistan.
Murray told the Daily Mirror: “The argument that MI6 officers are at danger of being killed by the Russians or Chinese is a nonsense.
"Rule no.1 in both the CIA and MI6 is that identities are never, ever written down – neither their names or a description that would allow them to be identified,” he added.
Further criticism of the Sunday Times story by Murray can be found in a blog post here.
Left hand, try and remember what right hand's doing
The Sunday Times story seems to be full of holes even before considering that none of the issues it raises are novel or that, on some points, it seemingly contradicts itself.
The paper quotes a UK Home Office official saying that Snowden has "blood on his hands "before quoting a government source arguing that there was no sign that agents have been hurt as a result of the NSA whistleblower's actions."
The UK government is, of course, railing against end-to-end encryption, arguing that it limits their ability to monitor spies, terrorists and other ne'er do wells. From that perspective, the Sunday Times article could even backfire, as some security experts note.
Encryption expert Halvar Flake said on Twitter: "If that thing about Snowden cache crypto being cracked is true then at least all arguments for regulating crypto should be gone :)"
Dave Waterson, founder of data security company SentryBay, added: "So, if the Russians & Chinese cracked Snowden's encryption, our govts shouldn't need escrow on our crypto keys, right? #SnoopersCharter
The story came out days after a report by the UK's terrorism law reviewer and shortly after revelations that the US OPM mega-breach was far worse than feared because secret background check questionnaires filed by anyone seeking security clearance with the US government might have been exposed.
"Somehow Snowden is more responsible for agents getting disclosed than the OPM breach," said Rob Graham of Errata Security in a Twitter update.
Journalist Ryan Gallagher, who works alongside Greenwald on Pierre Omidyar-backed website The Intercept, has a good summary of the various questions raised by the story in a blog post here.
The contentious article is behind a paywall but a copy of the text of the piece has been uploaded here. ®
1 Unnamed with one important exception. Sir David Omand, the former director of GCHQ, told the Sunday Times that news that Russia and China had access to Snowden’s material was a "huge strategic setback" that was "harming" to Britain, America and their NATO allies.
Sponsored: Becoming a Pragmatic Security Leader