recommended reading

Snowden Had Help

J. Scott Applewhite/AP

We finally know how Edward Snowden pulled off one of the greatest thefts of classified documents in government history. And he had some help.

The former National Security Agency contractor was aided by three agency "affiliates" in accessing and downloading what have come to be known as the Snowden files, according to a Feb. 10 agency memo first reported on by NBC News' Michael Isikoff.

One of the affiliates, described as a civilian NSA employee, allowed Snowden to use his personal passwords to access classified information on a server called NSANet. This employee first told the FBI on June 18--just two weeks after the leaks began--that he let Snowden use his log-in information and that he knew those credentials had been denied to the fugitive, who is currently living in Russia after being granted asylum there last year.

Snowden was then able to capture the employee's password, which granted him "even greater access to classified information." But the employee "was not aware that Snowden intended to unlawfully disclose" any of the documents, which have been revealed in major publications around the world and have exposed sweeping phone and Internet data collection techniques employed by the NSA and other countries.

Last month, Snowden participated in an online chat and was asked whether he stole password information from any of his colleagues. Snowden shot back that "I never stole any passwords, nor did I trick an army of coworkers." He also refuted a November Reuters report that said he used the credentials "unwittingly" provided by his colleagues when he worked for contractor Booz Allen Hamilton in Hawaii.

Additionally, the other two "affiliates," described as a member of the military and another NSA contractor, were barred from accessing agency information beginning in August 2013, according to the memo written by Ethan Bauman, NSA's director of legislative affairs. But "further accountability will be determined by their individual employer, not the NSA."

Earlier this week, James Clapper, director of national intelligence, testified before the Senate Armed Services Committee that Snowden had taken advantage of a "perfect storm" of security vulnerabilities and that he "was pretty skilled at staying below the radar, so what he was doing wasn't visible."

"Our whole system is based on personal trust," an exasperated Clapper said, adding that there were no "mousetraps" in place to guarantee there wouldn't be another Edward Snowden.

The NSA has enacted tighter restrictions on when and how agents can access classified documents since Snowden's heist, including a "two-man rule" requiring two administrators to work jointly when dealing with certain files.

Threatwatch Alert

Network intrusion / Spear-phishing

Researchers: Bank-Targeting Malware Sales Rise in Dark Web Markets

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.