"I'll have my girl send those punched cards right over in the afternoon mail, Mr. Security Guy."Funny story. True story.
Once upon a time many, many years ago, the IT shop I worked for did a brisk, unwitting business in stolen goods for a couple of weeks.
It was not an atypical IT setup for the time -- a talented, understaffed team embedded in a large and otherwise profoundly low-tech culture with almost everything from the network to the homemade security camera system was hand-built by my little crew of blackguards and pirates. We were always spinning out of one crisis and into another -- real or imagined, god-wrought or self-inflicted -- and rarely had the time or the budget to do what we wanted as we wanted it done (or the budget to pay people putting in 10-12 hour days to get the place out of the shambles we found it in more than peanuts, which is one big reason why I left) but it was a fun place to work.
A large part of my job was intermediate between my crew -- smart people, somewhat lunatic, with spotty social skills and political views ranging from anarchic to Limbaugh-loving -- and the genteel tenured academic Eloi
who ruled the place.
So back in these olden days when Newtons were still a (rapidly fading) thing and the ability to hack a talking Christmas Tree
and make it swear like a sailor was such an act of wizardry that it might actually get you laid, our networks, servers and administrative software were functional but crude affairs which is why it took us awhile to notice that one of our servers had been hacked and that some clever dog had buried cracked install copies of some of pricey software (Photoshop, Premier, Softimage, etc as I recall) way down deep in a sub-sub-sub folder.
Which was a bad thing, and could have been easily resolved by wiping and securing the server, securing every other server, and (because we were socially responsible pirates and blackguards) contacting the various software outfits and letting them know what had happened and what we were doing about it. But that is not what happened.
Instead, security got involved.
And so rather than just fixing the problem, security went on weeks-long bug-hunt for a nonexistent scoundrel who had (according to to their mad deductive skills) obviously come through two locked and alarmed doors, pulled a chair up to our humble, little server farm and had -- over the course of many, uninterrupted hours -- copied all of that ill-gotten booty onto the machine in question.
Security arrived at these conclusions because it was impossible to explain to them that "Direct Access" to a server doesn't mean sitting in front of it, and adding or taking thing off of a server was not like installing Tetris on your PC. In fact, our second-grade explanations of how a server works (See, it's like Santy Claus except this Santy Claus doesn't need to leave his Biiiig house at the North Pole in order to...oh just fuck it) only deepened their belief that we were all in on the terrible conspiracy and were spinning fairy tales to cover for a confederate. So the server was carefully wheeled away on a little cart along the keyboard and the chairs so that, presumably, they could be dusted for prints. Everyone with a key to any door or who had the code to any of the alarms was "interviewed". Some more than once
Many weeks later we got our server back, the incident was quietly downgraded from "Great Brinks Robbery" to "Let us not speak of this again" and we got back to
playing Quake and Unreal until midnight and talking smack about the Luddites who ran the place working tirelessly and cheerfully to bring the benefits of the information age to our users.
There is no larger point here other than, when you are operating somewhat out of your depth, small misunderstandings about how things work on a starship...
The Guardian quietly walks back their PRISM overreach without correcting previous reportingIn their most recent article on the fallout from their Edward Snowden reporting, the Guardian dials back their initial claims.
Here’s what they alleged in their first PRISM article, nearly a week ago:The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.The NSA access is part of a previously undisclosed program called Prism, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation - classified as top secret with no distribution to foreign allies - which was apparently used to train intelligence operatives on the capabilities of the program. The document claims “collection directly from the servers” of major US service providers....Now here’s how they described the program in their most recent write-up:The Guardian revealed last week that seven technology companies - Google, Facebook, Skype, PalTalk, Microsoft, Apple and Yahoo - were involved in the Prism surveillance scheme run by the NSA.The Guardian understands that the NSA approached those companies and asked them to enable a “dropbox” system whereby legally requested data could be copied from their own server out to an NSA-owned system....
...can sometimes create larger problems later on.
UPDATE: Now with 100% more Rick Perlstein --
...Fogel points out that a widely read post to this effect called “Cowards” from the blog Uncrunched—“What has these people, among the wealthiest on the planet, so scared that they find themselves engaging in these verbal gymnastics to avoid telling a simple truth?”—is “mostly wrong.” He says, “It looks like Greenwald and company simply misunderstood an NSA slide [see image at the top of this post for the slide] because they don’t have the technical background to know that ‘servers’ is a generic word and doesn’t necessarily mean the same thing as ‘the main servers on which a company’s customer-facing services run.’ The ‘servers’ mentioned in the slide are just lockboxes used for secure data transfer. They have nothing to do with the process of deciding which requests to comply with—they’re just means of securely and efficiently delivering information once a company has decided to do so.”In other words, this slide describes how to move data from once place to another without it getting intercepted in transit: “What the hell are the companies supposed to do?” Fogel jokes. “Put the data on a CD-ROM and mail it to Fort Meade?”...Greenwald has not yet made a public evaluation of whether or not he agrees that he made that mistake. He owes it to us to do so, with as much speed as practicably possible. It’s not too much to say that the fate of his broader NSA project might hinge on doing so effectively—because the powers that be will find it very easy to seize on this one error to discredit his every NSA revelation, even the ones he nailed dead to rights...
Which, the alert reader will note, is precisely the point I was making just a couple of days ago.