Government whistleblower Edward Snowden obtained his massive trove of top-secret documents about the National Security Agency’s surveillance programs by asking his colleagues for their credentials and passwords, according to a new Reuters report.
Those colleagues were subsequently removed from current assignments once the NSA realized that Snowden had used their credentials to gain access to various parts of its system. Reuters placed the number of compromised colleagues at between 20 and 25, all located at the agency’s regional operations center in Hawaii.
Snowden leveraged his job as a systems administrator to persuade coworkers to part with their information. “In the classified world, there is a sharp distinction between insiders and outsiders. If you’ve been cleared and especially if you’ve been polygraphed, you’re an insider and you are presumed to be trustworthy,” Steven Aftergood, a secrecy expert with the Federation of American Scientists, told the newswire.
In essence, Snowden practiced the age-old art of social engineering, in which a hacker or infiltrator plays on an employee’s trust in order to obtain sensitive information. Phishing scams are a common form of social engineering, as are virus hoaxes that trick a PC user into downloading malware.
Social engineering is a particularly insidious security problem, as it plays off cognitive biases—the “bugs” in human decision-making that can make people exercise poor judgment. The U.S. Army Research Laboratory has awarded $48 million to researchers trying to build computer-security systems that identify and respond to social-engineering attacks, but those efforts have yet to bear fruit; early ideas center on building models of human behavior that let security systems decide automatically whether actions by humans are part of a broader attack.
In June, Snowden—also a former CIA employee—began feeding his documents to The Guardian and other newspapers. Many of those documents suggested that the NSA, ordinarily tasked with intercepting communications from terrorists and foreign governments, collects massive amounts of information on ordinary Americans—which in turn ignited a firestorm of controversy.
Effectively exiled in Russia following those leaks, Snowden now works in tech support.
Image: Rena Schild/Shutterstock.com