NSA Warns of Rogue System Administrators 1996 / Irony?

EEV: Thank you to Cryptome for bringing attention to this. .. I decided to post the first page of the FOIA release, just to display the declassification date. A few out there will recognize the Irony 😉

Out of Control

4 January 2014

A sends:

I was just searching through a list of declassified articles from the NSA’s     Cryptologic Quarterly in-house journal and came across this extraordinary     and prescient gem from a 1996 issue about the unfettered power possessed     by intelligence agency IT system administrators.

In the very first paragraph, the unidentified author warns of the consequences     of the intel IT process should a system administrator turn rogue or be exploited:

“In their quest to benefit from the great advantages of networked computer     systems, the U.S, military and intelligence communities have put almost all     of their classified information “eggs” into one very precarious basket: computer     system administrators. A relatively small number of system administrators     are able to read, copy, move, alter, and destroy almost every piece of classified     information handled by a given agency or organization. An insider-gone-bad     with enough hacking skills to gain root privileges might acquire similar     capabilities. It seems amazing that so few are allowed to control so much     – apparently with little or no supervision or security audits. The system     administrators might audit users, but who audits them?”

This is fully 17 years before Edward Snowden purloined the NSA’s Crown Jewels     from the NSA’s Hawaii RSOC.

Remarkably, the article’s author also later describes a 1994 incident at     an NSA RSOC when a contractor employee was caught accessing restricted files     on a classified system!

The author states, “From an individual’s standpoint . . . access to electronic     versions of classified documents is out of control.” [original emphasis]

Hence the title of the journal article: “Out of Control.”

Although the author’s identity has been redacted, the article bio states     he joined NSA in 1986 and was an intelligence analyst in the ISSO’s Threat     Analysis Division (V52) where he was the primary editor of the National INFOSEC     Intelligence Review (NIIR) and the ISSO Global Threat Summary reference manual     – both published by NSA V52.

Reference: Author’s name redacted, “Out of Control,” Cryptologic Quarterly     15 (Special Edition, 1996), 263-269, Declassified from SECRET,      www.nsa.gov/public_info/_files/cryptologic_quarterly/Out_of_Control.pdf

Here’s a PDF of the entire article:



Categories: Cyber Security, Intelligence Gathering, M.I.C.E., Military Intelligence

Tags: , ,

%d bloggers like this: