What’s the Cost of Being Stupid About Security?

If you’re working in the area of national security, the cost can be high. Exclusive: Russia carried out a ‘stunning’ breach of FBI communications system, escalating the spy game on U.S. soil.

This is a long article. And some of the conclusions differ from other reports in the media. But the conclusion is clear. The average person in the FBI (or CIA) is clueless about technology, and security, and incapable of making decisions about either. And the people who should have known better were delusional, about the “reset option” that Barack Obama had Hilary Clinton undertake. (They were sure to love us, once Bush was out of office. Or something.)

“It caused a really big rift within the [National Security Council] on how seriously they took analysis from the agency,” said the former CIA official. Senior administration leaders “went along with” some of the more optimistic analysis on the future of U.S.-Russia relations “in the hopes that this would work out,” the official continued.

Those disagreements were part of a “reset hangover” that persisted, at least for some inside the administration, until the 2016 election meddling, according to a former senior national security official.

After the Obama Administration finally admitted to itself that Russia was still an adversary…

American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI surveillance teams. Officials also feared that the Russians may have devised other ways to monitor U.S. intelligence communications, including hacking into computers not connected to the internet.

As a result of all of this, we expelled a batch of Russians and seized two estates Russia owned.

The article is long, but if you are interested in the world of signals intelligence, you will find it interesting. (The NBC article – second link at the top – is much shorter.)

And it isn’t a new problem, that the FBI sucks when it comes to security.

We do know, from research Matt Blaze and others did almost ten years ago, that at least one FBI radio system was horribly insecure in practice — but not in a way that breaks the encryption. Its poor design just encourages users to turn off the encryption. [From Schneier on Security, who get’s the hat tip]

Because I don’t need security, or something and it’s inconvenient. And besides, I don’t understand it so the Russians can’t either, right?

Oh, and also consider…

It’s unclear whether the Russians were able to recover encrypted data or just perform traffic analysis. The Yahoo story implies the former; the NBC News story says otherwise. It’s hard to tell if the reporters truly understand the difference.

The FBI isn’t the only group ignorant of security.