In a revelation today that has bounded amongst the tech news media the NY Times reported that Snowden was able to effectively use a spiderbot to crawl and mirror mass amounts of classified content. Embarrassing given a SME grade IDS would flag that activity.
What I want to know is did he even bother to forge his User-Agent string to match whatever browser they were using? Did he rate limit the requests to make it look remotely human?
I just can’t even understand why some rudimentary code at the web server side didn’t catch him. If I was serving out X number of pages to a single user and that is well over the assigned threshold then surely the user could be flagged.
If small to medium IT enterprise can work out the kinks in these issues and run reasonably secure businesses knowing that threats may come from within as well as from an external source then why can’t the government? We are talking about the fucking NSA. They should know that the number one rule of tradecraft is to trust nobody, and if you have to trust someone – divulge as little as you can to complete your operation. Hell, in IT we call it the principle of “least privilege”. A piece of software – or in this case a human asset – should have only the minimum level of privileges it requires to perform its task and no more.
Snowden continues to embarrass the government, even from afar. One must wonder about his motives and allegiances.
Sure, I am glad that he revealed to the world that the United States – a country that spews through its propaganda that it is a freedom loving place – actually has secret courts where you could be detained indefinitely for who the hell knows what. But we must ponder what drove him to such action, as he has already claimed the whole program was premeditated. Is Snowden himself an intelligence asset of another sovereign nation or just a whistleblower? We have heard that Assange allegedly was used as an asset by ASIO, the Australian foreign intelligence agency and therefore we must question Snowden and draw our own conclusions.