admiral michael rogers – Techdirt (original) (raw)
Stories filed under: "admiral michael rogers"
NSA Leaked More Hacking Tools, Leading To Calls To Fire Its Director… Who Ran To Trump For Support
from the wait,-what? dept
Since Admiral Michael Rogers took over for previous NSA boss, General Keith Alexander, a couple of years ago, he’s mostly stayed out of the public eye. While Alexander became the face of excessive NSA surveillance exposed by Ed Snowden, Rogers seemed to want to present himself as the face of a cleaned up NSA. On Friday, it was even reported that Rogers was the “top candidate” to take over as Director of National Intelligence from retiring James Clapper. That is, he was in line for a big promotion (though, oddly, another report released at the same time noted that Trump was considering getting rid of the role of “Director of National Intelligence” and moving back to a pre-9/11 setup where the various intelligence agencies have no one coordinating their actions.
But, over the weekend, a bizarre story broke in the Washington Post, detailing how both Clapper and Defense Department boss Ash Carter had been strongly recommending that President Obama fire Rogers for a variety of problematic actions. The most shocking — though buried in the article — is that the NSA has had multiple breaches revealing its most powerful hacking tools. We already know about the whole Shadow Brokers thing, revealing some powerful hacking tools, and that an NSA contractor named Harold Martin was arrested a few months ago for apparently hoarding all sorts of classified info. As we noted at the time, the fact that Martin was doing so years after Snowden, raised serious questions about how well the NSA could really keep its secrets.
And the Washington Post revealed that it’s even worse:
But there was a second, previously undisclosed breach of cybertools, discovered in the summer of 2015, which was also carried out by a TAO employee, one official said. That individual also has been arrested, but his case has not been made public. The individual is not believed to have shared the material with another country, the official said.
Rogers was put on notice by his two bosses ? Clapper and Carter ? that he had to get control of internal security and improve his leadership style. There have been persistent complaints from NSA personnel that Rogers is aloof, frequently absent and does not listen to staff input. The NSA is an intelligence agency but part of the Defense Department, hence the two overseers.
FBI agents investigating the Martin breach were appalled at how lax security was at the TAO, officials said. ?[Rogers] is a guy who has been at the helm of the NSA at the time of some of the most egregious security breaches, most recently Hal Martin,? a senior administration official said. ?Clearly it?s a sprawling bureaucracy .?.?. but I think there?s a compelling case that can be made that some of the safeguards that should have been put in place were either not fully put in place or not implemented properly.?
The WaPo story also notes that there may be some turf battle issues going on here as well. We’ve long highlighted the serious problems of the NSA also running the US Cyber Command, noting that this creates a tremendous conflict of interest, since it makes the NSA more willing to not reveal vulnerabilities it discovers, since they may be more useful offensively as well. Apparently many in the administration agree, and the plan was to split the NSA and US Cyber Command, and get rid of Rogers at the same time. But, Senator John McCain apparently freaked out and insisted that the NSA and Cyber Command had to remain stuck together, or he would block any new nominees to head the NSA. At the same time, the reason Carter is upset with Rogers is that he feels he’s done a poor job in mounting cyberattacks against ISIS (for what it’s worth, in his own weird way, this was also a point that Trump would make during the campaign when asked about cybersecurity — meaning that it’s a bit odd he’d now consider promoting the guy who was responsible for what he’d been making fun of during the campaign…).
There’s another oddity in the story: Rogers meeting with Trump was done without telling his superiors — a massive breach of protocol for a military official:
In a move apparently unprecedented for a military officer, Rogers, without notifying superiors, traveled to New York to meet with Trump on Thursday at Trump Tower. That caused consternation at senior levels of the administration, according to the officials, who spoke on the condition of anonymity to discuss internal personnel matters
This made some wonder if Rogers did this as a last gasp effort to save his job. For what it’s worth, when asked about the story, Rogers said he’s “accountable” for his actions:
“I’m not going to go down that road,” Rogers said, interrupting a journalist who asked about The Washington Post story during a forum where the admiral was speaking.
He added, “I’m accountable for my actions.”
No matter what, at the very least, we’re left (once again!) wondering what the hell is going on with the NSA. This is yet another example of how the organization is a mess that can’t seem to keep track of its most powerful secrets and hacking tools. And they want us to “trust” them not to abuse those tools? They can’t even keep track of them. And, the guy who’s been in charge for the last two and a half years may now be getting a promotion (with a brief “being fired” thrown in between).
Filed Under: admiral michael rogers, ash carter, donald trump, ed snowden, james clapper, leaks, nsa, odni, surveillance, us cyber command
National Security Officials Offer Hedged Support For Strong Encryption
from the we-like-it,-but-just-for-us dept
As Dianne Feinstein and Richard Burr mount another attempt to legislate holes in encryption, national security officials are offering testimony suggesting this is no way to solve the perceived problem. Another encryption hearing, again hosted by a visibly irritated John McCain (this time the villain is Twitter), featured testimony from NSA Director Michael Rogers [PDF] and Undersecretary of Defense for Intelligence Marcel Lettre [PDF] — neither of whom offered support for mandated backdoors.
As nice as that sounds, the testimony wasn’t so much “We support strong encryption,” as it was “We support strong encryption*.”
Lettre’s testimony follows statements of support for encryption — and opposition to legislated backdoors or “golden keys” — with the veiled suggestion that the government will be leaning heavily on tech companies to solve this problem for it.
We need to strengthen our partnership with industry to find ways to protect against the national security threats to the United States. We will continue to work closely with our industry partners to find innovative ways to outmaneuver malicious actors’ adoption of strong encryption, while ensuring that individual privacy interests are protected.
The problem here is that encryption isn’t so much a privacy issue as it is a security issue. Approaching it from this incorrect angle suggests Lettre isn’t opposed to backdooring encryption as long as access isn’t abused by the government. But that limitation isn’t going to stop malicious actors from abusing backdoors or other security holes built at the government’s behest. It could be that Lettre misspoke, but that misreading of the real issue casts doubt on the sincerity of the rest of that paragraph.
I believe any steps we take as a government must be carefully considered to avoid introducing unintentional weaknesses in the protection of our commercial networks and national security systems. We should also be careful not to negatively affect our economic competitiveness as a world leader in technology, which could unintentionally drive technology innovation outside the United States.
This isn’t quite as supportive as it might look at first glance either. Lettre wants to protect “commercial networks” and “national security systems.” This wouldn’t appear to cover computers, cellphones, or other personal devices that utilize encryption to protect their contents. Nor does it appear Lettre wants to extend his “hands off” approach to communications platforms that offer end-to-end encryption.
The NSA director’s testimony is a bit better. There’s far less hedging in Roger’s statement than in Lettre’s. Then again, it’s far more vague in terms of the NSA’s intentions. His statement poses more questions than answers (both figuratively and literally — it ends with a “where do we go from here” question), but it does hint at being aligned with Lettre’s suggestion that partnering with tech companies is a better solution than legislative mandates.
However, in the NSA’s case, its “partnerships” with tech companies often don’t appear to include approaching them directly. If anything, the “way forward” is the way things have been done for years by the NSA’s Tailored Access Operations. Why ask for mandated backdoors when you can just intercept hardware shipments to install your own? Or reroute server traffic with man-in-middle attacks that grab content before encryption is applied?
While it is heartening to see natsec leaders refusing to back legislation pushed by Security Committee members, the fact is that there’s still a powerful law enforcement lobby that can’t be ignored — one that begins with James “My god, it’s full of darkness” Comey and runs all the way down to local-level district attorneys.
These entities may not offer much vocal support for mandated backdoors and do actually realize the harm they’ll cause, but as long as their own stuff stays relatively protected, they’re not necessarily opposed to anything that makes it easier to access communications and data.
Filed Under: admiral michael rogers, encryption, going dark, marcel lettre, privacy
NSA Chief Warns Of Pending Cyberattack… Which He Wants To Make Easier With Backdoors
from the ridiculous dept
NSA Director Admiral Mike Rogers has often seemed somewhat more reasonable than his predecessor, but he’s still not above spewing FUD. The latest is that, last week, he pulled out the favorite of surveillance state supporters everywhere: the pending cyberpocalypse, in which hackers take down the economy. Prepare for the “dramatic cyberattack” that is inevitably on the way:
The director of the National Security Agency issued a warning Thursday about cyberthreats emerging from other countries against networks running critical U.S. infrastructure systems.
Adm. Michael Rogers said he expects a major cyberattack against the U.S. in the next decade. ?It?s only a matter of the ?when,? not the ?if,? that we are going to see something dramatic,? he said.
Of course, as venture capitalist/entrepreneur Marc Andreessen pointed out in response, the best way to stop that from happening would be to not require that software have backdoors that can easily be hacked:
What would really help with this? Software without government-mandated backdoor security holes! http://t.co/ihRYvQbTIO
— Marc Andreessen (@pmarca) November 21, 2014
"You must build bulletproof software systems that foreign state hackers can never penetrate!" "But leave deliberate backdoors open for us!"
— Marc Andreessen (@pmarca) November 21, 2014
And, in some ways, it’s even worse than that. Even as law enforcement, intelligence officials and clueless commentators keep pushing for less encryption and more backdoors, those in the actual security world know that the best way to keep things secure is with more encryption, not less. It means fewer security holes and backdoors, not more. And yet the NSA seems to be working actively against that.
Filed Under: admiral michael rogers, backdoors, cyberattack, marc andreessen, nsa