Former National Security Agency (NSA) contractor and current fugitive/whistleblower Edward Snowden may have scammed a fellow civilian NSA employee in order to expand his access to top-secret documents, according to a secret Feb. 10 memo sent to Congress by NSA officials.
A civilian employee admitted under questioning by the FBI in June 2013 that he typed his secure password into Snowden’s computer to give Snowden access to classified documents the latter couldn’t have accessed on his own, according to the NSA memo, a copy of which was obtained by NBC News.
The employee, who was stripped of his security clearance and subsequently resigned, didn’t realize Snowden had captured his login information, allowing Snowden continuing access to documents above the level of his own security clearance, using the Public Key Infrastructure (PKI) certificate of the colleague he apparently tricked.
“The civilian was not aware that Mr. Snowden intended to unlawfully disclose classified information,” according to the memo (PDF). “However, by sharing his PKI certificate, he failed to comply with security obligations.” Two other workers (one a civilian contractor like Snowden, the other active-duty military) have been barred from NSA facilities after being “implicated in this matter,” though the memo didn’t say exactly what they’d done.
The borrowed or stolen credentials would plug at least one gap in the Snowden saga: How did a contractor with only mid-level (for the NSA) security clearance manage to steal documents that would have to have been secured at far higher a level than Snowden could access, without alerting NSA’s Information Systems Incident Response Team (NISIRT), the on-call security crew that responds instantly and in person to any hint of security breaches within NSA firewalls.
A June 10, 2013 assessment in TheWeek cast doubt on Snowden’s story, describing NSANet as a top-secret, highly trusted NSA-controlled network infrastructure that uses own fiber and satellite connections, and its own bridges, routers, systems and gateways completely independent of any other government or commercial network.
The intranet gives analysts “access [to] virtually everything the NSA’s extremely vast databanks contain,” though security is so high that screengrabs are prohibited, documents can only be printed in special facilities, and “every keystroke is logged and subject to random audits,” according to the story by veteran intelligence-beat reporter Marc Ambinder, co-author of Deep State: Inside the Governmetn Security Industry.
Snowden said during a public Google chat Jan. 23 that he never stole passwords or tricked co-workers into helping him, according to a Feb. 17 story on Naked Security from security-developer Sophos.
Reuters reported Nov. 20 that Snowden may have persuaded between 20 and 25 co-workers at the NSA operations center in Hawaii to give him their logins “by telling them [the logins] were needed for him to do his job as a computer systems administrator.” Snowden downloaded most of the tens of thousands of pages of secret documents while working in the NSA’s Hawaii office for about a month during Spring 2013, according to Reuters.
Snowden claimed during the chat that other NSA contractors and employees were just as uncomfortable as he was about the scope of the agency’s eavesdropping, which may have cast more suspicion on colleagues he claims not to have exploited. In reassuring one questioner about the security of email encryption, however, Snowden may also have pointed to a weakness the NSA memo claims he did exploit – the credentials of trusted employees who could compromise their own security, whether purposely or not: “As I’ve said before, properly implemented strong encryption works,” Snowden wrote. “What you have to worry about are the endpoints. If someone can steal your keys (or the pre-encryption plaintext), no amount of cryptography will protect you. ”
Image: Bocman1973 / Shutterstock.com