I need clarification from the #cososec community on this.
Even if Texiera had access to SIPR with the appropriate clearances for that work, docs like these wouldn't be sent in the clear no matter how secure the network is, because any network can be compromised. They would be sent in encrypted containers, with decryption keys only the intended recipients would have, right?
Too many explanations I'm seeing online don't add up.
@corlin
Not at all.
I keep my sensitive personal docs such as tax returns and associated info in veracrypt containers. The US intelligence services have to be using procedures way beyond that.
@corlin
Maybe I'm giving these organizations too much credit?
Nope.
I think they have solid best practices.
The flaw is always human.
Someone, or someone's, dropped the ball, and circumvented best practices.
@corlin @voltronic So it's been said a lot if the people in the discord were foreign nationals and many from Eastern Europe. 🤔 What if he had "help" ? Some sort of encryption key? Admin passwords? Idk...
@Klaatu_Veratta_Nectarine @voltronic
I don't think this is likely.
As any state sponsored help would go to other more important information.
I think this kid just has a very good memory, and recreated the docs, form memory.
i'm guessing you didn't see the article i posted earlier. here's the link again:
according to that article, this kid [whom they called 'OG' in his online group] laboriously TRANSCRIBED the documents for distribution to the group.
that's part of the enormity of his crime. he specifically took steps to get around the elaborate security measures the government had taken to protect the documents.
@grapho @voltronic Saw that but then they said he took photos. Which either means he had access to paper copies or printed them out himself. 🤷♀️
@grapho @voltronic But didn't he get tired of doing that and somehow start making copies? So many questions. 🤔
@grapho
I hadn't seen it, but it still doesn't answer my question which is how was able to get eyes on this info in order to transcribe it, and later get printouts to photograph.
@voltronic I am not an expert. But SCIF documents could be printed. Then the asshole could have snuck it outside the SCIF room and took a picture of it in the bathroom and returned it without anyone knowing. Took the picture home and printed it out from the phone
regardless, it shows a lack of attention to security that you would even allow a non-secure smart phone anywhere near a SCIF
I was under the impression that was the point of SCIF — to a) prevent prying eyes and b) to assure folks don’t make copies.
The idea that a printer exists in SCIF doesn’t sound at all like best practices.
@voltronic
I have these questions also.
The distribution chain, has not been adequately described.