15 May 2014
Snowden's No Place to Hide Operation Success
Cryptome's response to a commentator on the Snowden operation as described
by Greenwald's No Place to Hide and legions of newsies over a year.
No need to gloss this with comsec cosmetics.
As you know the most difficult problem of comsec is how to make first contact
to set up a secure means between parties not yet able to trust each other.
And it is when failure most often occurs. Even face to face suffers this
almost insurmountable challenge whether in comsec or more generally spy sec.
Fairly common attack is to appear inexperienced and clueless to get the other
party to drop guard and try to help the clueless. Snowden surely knows that
he could not trust anybody he was contacting, that he would be played and
drawn into disclosing himself, yet he did just that to several parties he
Also fairly common to resist overtures by expressing doubt and demanding
proof. Snowden knew that and had to accept the other parties conditions,
all the other parties whipsawed him into compliance. Such as GG's laughable
"pact" with Snowden to CYA the Guardian business interests, no different
than what WaPo and NYT required.
There are enormous gaps, prevarications, illusions and delusions in published
accounts of the unfolding Snowden operation, that too, is common comsec,
infosec and opsec which Snowden was highly skilled at and faced the dilemma
of advising other parties far less skilled technologically but legally and
This is the Achilles Heel of the operation far from being healed. And spy
agencies since day one have failed to avoid it.
For us buffs, and moreso for spy agency counterintel, forensic debris abounds
from the preparation and execution Greenwald (and others) describes of initial
efforts of Snowden outreach, back and forth among parties, exchanges among
diversely skilled communicants and their crowds of advisors and helpmates
(David Miranda a key advisor to GG, he claims). Greenwald with others exploiting
the affair, including all of us consumers and credulous spy buffs, have crafted
a satisfying story of this with sufficient slip-ups and fuck-ups to to
suspend disbelief to make it seem genuine, in particular by supplying us
with "accidental" clues and inadvertent disclosures which have always seduced
consumers of fiction, biblical, scientific and above all comsec comedy.
To your inquiry but with caution, all the JYA PKs are still valid and remain
in use. The JYA PK from 2007 is usable. However, as I previously wrote,
we use numerous PKs, most for one time use, even for the same party
-- a new key for each transaction. Persistent keys are vulnerable to tracking
and metadating profiles of users.
Few of our keys are on key servers which cannot be trusted beyond casual
purposes. But then comsec cannot be trusted, none of it, OTR, PGP, Tor,
Anonymizers, face to face. Lack of trust is expected in comsec, and guarding
against suspension of disbelief is obligatory.
The Hong Kong ploy for face to face assurance may be seen as a classic sting,
first resisted then swallowed whole, or given that appearance in published
accounts. The escape to Moscow another fabulosity from spy novel trade. For
the spy promotional trade the seduction and entrapment of the Snowden journalist
gangs is an amazing success generated the bowels of media-assistance teams
of TLA funding boosters.
A parallel seduction of Omidyar for lifetime comfort for poor journalists
is too, right up there with the fleecing Bezos. How the oligarchs do fall
for stings of their own financial and legal rigging of bookmaking.