Snowden tricked NSA - and they don't know how he did it
While collecting data Edward Snowden was able to evade all safeguards at the NSA, leaving the agency puzzled at how he did it, according to new report. Officials worry that the ease with which he covered his tracks means another breach could happen.
Information logs exist to tell the government who tried to view or copy classified information without the proper clearance, but Snowden appears to have bypassed or deleted them, while working as a system administrator with contractor Booz Allen Hamilton in Hawaii. The revelations come from government officials speaking to The Associated Press on condition of anonymity, as they were prevented from publicly disclosing new information about the Snowden case.
This is a worrying development for the Obama administration, which has been at pains to prove to the American public that the NSA’s computer system cannot be taken advantage of so easily. Therefore, if Snowden could single-handedly circumvent its cyber defenses, the question stands as to who else can gain instant access to the vast stream of data the clandestine organization intercepts every day.
NSA Director Keith Alexander could not tell the press in July
what exactly Snowden might have had access to, downloaded or
taken with him, citing an ongoing investigation. This was nearly
two months after the leaks took place.
When Snowden had the job of system administrator, he possessed
enough security privileges to access data remotely, browse it
freely, as well as take it off its home servers and copy it onto
portable drives. According to Alexander, this is how the
information was leaked.
NSA spokeswoman Vanee Vines then told the AP that Alexander
"had a sense of what documents and information had been
taken," but "he did not say the comprehensive
investigation had been completed." She did not say if Snowden
was capable of viewing or downloading the documents without the
organization’s knowledge.
A key reason behind Snowden’s success may have been that the data was not very clearly compartmentalized, meaning that specialists in one area could easily browse information they would never plausibly need, provided they had the right security clearance.
It is not even clear whether Snowden had to use any 'hacking' skills to collect that data, or if he simply misapplied the powers legally allocated to him.
Deputy Attorney General James Cole defended the government’s
spying activities in Congress in July, saying that employees who
have access to NSA’s programs are effectively monitored by the
government.
"Everything that is done under [the program] is documented and reviewed before the decision is made and reviewed again after these decisions are made to make sure that nobody has done the things that you're concerned about happening."
One of his most crucial leaks was the truth about the US
government’s use of a program that hoarded metadata of
communications between American citizens and intercepted all
incoming and outgoing internet traffic in the country, before
redirecting it straight to the NSA servers.
Officials say that despite leaking information for months without
getting caught, it may be possible that Snowden did not know how
exactly the surveillance programs themselves functioned.
Snowden has since traversed the globe in pursuit of political asylum, and succeeded with Russia. Washington has been highly critical of Moscow’s actions and as a gesture of disapproval, even gone as far as cancel an unrelated meeting between President Barack Obama and Russian President Vladimir Putin in Moscow.
The NSA is now reportedly “overwhelmed” with trying to figure out what data and how much of it Snowden managed to steal, said NBC News on Thursday.
This news, together with the case of Bradley Manning, who between
2009 and 2010 leaked hundreds of thousands of highly classified
documents, has forced the US government to consider the issue of
internal threats to its national security. The 2013 Intelligence
Authorization Act now includes a proposal by Congress to create
an automated computer program for the detection of such insider
threats.