How did Snowden steal the NSA documents and cover his tracks?
Posted on 27 August 2013.
Many things have been unveiled by the documents leaked by NSA whistleblower Edward Snowden, but the question of how he managed to extract them from the agency's internal network without triggering any alarms is still unanswered.


NBC News' Richard Esposito and Matthew Cole have a plausible explanation following consultations with a number of unnamed intelligence community sources.

One: when it comes to technology, the NSA is still stuck in 2003. Two: Snowden had both a top secret security clearance and, as a system administrator, elevated privileges that allowed him to access any file he wanted without leaving a trace, or to delete these traces himself by modifying log files so that they don't show up in audits.

According to an agency official that has been briefed about the conclusions of the internal investigation in the matter, Snowden was a ghost user in the agency's internal network, even though he was able to pass himself off as any other authorized user.

Third: his position as a sysadmin allowed him to use external storage drives and to copy documents onto them. So, even if someone at his workplace would notice him doing such a thing, it wouldn't be at all suspicious. And fourth: working at some 5,000 miles and six time zones from NSA headquarters at Fort Meade, Maryland, his workday overlapped very little with that of employees stationed there, and the possibility of someone noticing his use of thumb drives was minimal.

One of the fallouts of the Snowden incident is NSA's announced move to drastically scale down the number of its systems administrators. It currently employs around 1,000 - and a lot of them are contractors - and aims to reduce that number by 90 percent.

A two-person system that will require two employees to sign off on copying any classified data from a secure network onto a portable storage device has also been made public.

AP reporters also talked to agency officials that said that the government's forensic investigation is still trying to determine how Snowden managed to defeat safeguards put in place to monitor and deter people like him.

"The disclosure undermines the Obama administration's assurances to Congress and the public that the NSA surveillance programs can't be abused because its spying systems are so aggressively monitored and audited for oversight purposes: If Snowden could defeat the NSA's own tripwires and internal burglar alarms, how many other employees or contractors could do the same?" they wonder.

Also, if Snowden managed to execute this feat without anyone noticing, and the NSA surely employs a number of people that have the knowledge and the privileges to do the same, there's always the possibility that it has happened before, but that the person in question decided to sell the information to the highest bidder instead of going to the press.

All in all, it also seems that the investigators still haven't discovered what documents Snowden managed to download and take with him, which would explain, in part, why the the British police recently detained the partner of Guardian reporter Glenn Greenwald and why it seized the laptop and portable storage drives he was carrying back to Brazil.









Spotlight

The context-aware security lifecycle and the cloud

Posted on 25 November 2014.  |  Ofer Wolf, CEO at Sentrix, explains the role of the context-aware security lifecycle and illustrates how the cloud is shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Nov 26th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //