Security expert Bruce Schneier believes the NSA and GCHQ should look in the mirror and not at Edward Snowden when looking to blame someone for countries like China and Russia having access to its top secret documents.
In the wake of a Sunday Times report on 14 June alleging that China and Russia had cracked a cache of documents handed to them by Edward Snowden, there was widespread and angry criticism of the article described as "the opposite of journalism".
Schneier, writing for Wired, calls the article "terrible" which is "filled with factual inaccuracies and unsubstantiated claims" before stating that while he doesn't believe Snowden handed over the documents he has no doubt that governments like China and Russia do have access to the documents in question.
The cryptographer, who analysed some of the cache of Snowden documents, poses two possible routes by which these documents got into the hands of foreign regimes.
The first is that these countries targeted the journalists known to be handling the documents. The Snowden leaks have shown that agencies like the NSA and the UK's GCHQ have the technology to target specific computers no matter how well secured they are.
"It's been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it's almost certainly not enough to keep out the world's intelligence services."
The second route posited by Schneier is the direct approach. Referencing recent high profile attacks including Duqu 2 (Israel), the massive security at the Office of Personnel Management (China) and the crippling attack against the White House email system (Russia), Schneier says that all these countries have the capabilities to directly compromise the NSA's systems.
"I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades."
"A sick, tired, old industry"
In the world of state-sponsored cyberespionage, it is widely assumed that everyone is attacking everyone else, and that defending your secrets is getting increasingly difficult.
John McAfee, the self-described "father of the antivirus" believes that it is government's inherent inability to quickly adapt to emerging technologies that leaves them open to these type of attacks:
"These corporations and government agencies, in turn, with few exceptions, are using intranets and security systems that were not designed to handle the massive holes that mobile computing creates.
"Technology exists to fix all of these problems, but our governments and corporations are so entrenched in the old guards of security service providers – a sick, tired, old industry, too massive and slow to swerve and dodge in this new world of rapidly changing technology.
Jarno Limnell, professor of cybersecurity at Aalto University in Finland believe it is impossible to know who is attacking who:
"In even the most technologically advanced countries there are almost certainly a large number of attacks taking place against different networks, systems and devices – and we have no idea they are happening."
Schneier recalls speaking with a source within the US intelligence network about just this aspect of cyberespionage and the source told him:
"I know how deep we are in our enemies' networks without them having any idea that we're there. I'm worried that our networks are penetrated just as deeply."