In November 2008, the NSA experienced a major network security breach at the hands of a miscreant with a thumbdrive. The deputy secretary of defense at the time, William Lynn III, responded by having all the computers on NSA bases collected and their ports sealed with rubber cement. That’s according to the New Yorker, which goes on to say:
Lynn termed it a “wakeup call” and a “turning point in U.S. cyber defense strategy.” He compared the present moment to the day in 1939 when President Franklin D. Roosevelt got a letter from Albert Einstein about the possibility of atomic warfare.
First of all, rubber cement? Are you guys serious? There are ways to disable USB ports that are simpler and more scaleable. Two seconds of Googling and: Here’s a help doc about how to prevent users from connecting a USB storage device using Microsoft Windows Group policy. Let's hope they're at least using stronger rubber cement than the stuff that brought down a $4.6 million dollar drone in February this year, when a tacked-on chip came unglued.
Further, this "atomic age" analogy is too binary to capture the actual risk here. The atom bomb marked a major paradigm shift in defense. But advances in computing spur paradigm shifts in government and business practically every year. This week Intel showed off a new Thunderbolt thumb drive that can transfer data at speeds of around 10 Gbps, or about double that of USB 3.0. Let's assume that NSA computers are of an earlier vintage than most consumer machines and run USB 2.0--and the latest version of USB is about 10x faster than 2.0.
That means this new thumb drive can, most likely, move data about 20 times as fast as the one that Edward Snowden used in Hawaii, and probably with much greater capacity. (Then again, Snowden apparently "studied computing" in college, so perhaps he was toting a newer high-capacity drive for geek cred; then again, he is said to have never completed the coursework.)
Today, most cheap thumb drives hold around 16GB, or about one-eighth the capacity of Intel's new drive. And Intel just announced Thunderbolt 2, which will double the speed of today's Thunderbolt ports.
In another six to nine months, the sheer data capacity available to a leaker will increase hugely--but the speed at which they can steal stuff will go up by a factor of about 40. That means that stealing large files--map tiles, video, high-res imagery, audio recordings, and massive document dumps--will be even easier.
If the NSA plans to keep its operation airtight in that kind of consumer technology environment, it will need a lot more rubber cement.
[Image: Flickr user Robootb]