Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

How Edward Snowden stole his cache of NSA secrets
The Week ^ | 6/14/13 | Peter Weber

Posted on 06/14/2013 11:49:16 AM PDT by null and void

The NSA leaker reportedly just walked out of work with some of America's big secrets on a thumb drive in his pocket


Snowden didn't seem to have to work very hard to grab top secret classified government info.

A week after Edward Snowden's leaks about National Security Agency surveillance and data-gathering were first reported, and four days after he revealed himself as the leaker, the news media is figuring out how the 29-year-old IT systems administrator managed his potentially huge data heist.

If you're concerned about national security, the new revelations will probably dismay you; if you appreciate leaking of government secrets, Snowden's technique is likely encouraging: Theft by thumb drive.

The NSA and other spy and military agencies have long known the dangers of the innocent-seeming portable USB flash drive. In October 2008, the NSA discovered that a thumb drive loaded with malware had infected the military's secure internal network. The Pentagon then (at least temporarily) banned the use of thumb drives — NSA commanders even reportedly ordered USB ports filled in with liquid cement.

But "of course, there are always exceptions," especially for system administrators, a former NSA official tells the Los Angeles Times. "There are people who need to use a thumb drive and they have special permission. But when you use one, people always look at you funny."

That doesn't appear to have fazed Snowden. Not only do investigators know he pilfered the top secret files on a thumb drive, they "know how many documents he downloaded and what server he took them from," a U.S. official tells the Los Angeles Times. They don't know how he accessed those files, but as a system administrator, Snowden had broad access to key parts of the NSA network — and, says Ken Dilanian at the Los Angeles Times, "presumably a keen understanding of how those networks are monitored for unauthorized downloads."

In any case, Dilanian says, "confirmation of a thumb drive solved one of the central mysteries in the case: How Snowden, who worked for contracting giant Booz Allen Hamilton, physically removed classified material from a spy agency famous for strict security and ultra-secrecy."

Didn't Snowden's behavior, or his decision to take unpaid leave just a month after starting his job in Hawaii, arouse any suspicions? Sort of, says Mark Hosenball at Reuters. According to Hosenball's sources, Snowden's prolonged absence "prompted a hunt for the contractor, first by his employer Booz Allen Hamilton and then by the U.S. government." Hosenball continues:

[Snowden] was only on the job for around four weeks when he told his employers he was ill and requested leave without pay, the sources said. When Booz Allen checked in with him, Snowden said he was suffering from epilepsy and needed more time off. When he failed to return after a longer period, and the company could not find him, it notified intelligence officials because of Snowden's high-level security clearance, one of the sources said.

Government agents spent several days in the field trying to find Snowden, according to the source, but they were unable to do so before the first news story based on Snowden's revelations appeared in The Guardian and then in The Washington Post. The government did not know Snowden was the source for the stories until he admitted it on Sunday, the sources said. [Reuters]

Some people believe Snowden is exaggerating his skill level and knowledge, as he apparently inflated his salary and spying capabilities, but in interviews with colleagues, Snowden comes out looking pretty smart. He had a reputation as a very gifted "geek," a source tells Reuters. "This guy's really good with his fingers on the keyboard. He's really good."

His prowess with computer networks isn't a surprise, says John Herrman at BuzzFeed, now that we've discovered he's "a member of a growing and increasingly powerful alumni group: The internet people." For a few years, and more than 800 posts, Snowden was a frequent contributor to Ars Technica forums — the successor to Usenet and precursor of Reddit — making him "a part of the internet's relatively small but powerful creative nucleus."

Once he opened his mouth, Snowden outed himself not just as the leaker but as an internet person, says Herman, and his forum persona "is instantly recognizable to anyone who spent time in a major forum in the early to mid-2000s."

He's a bit of a know-it-all, a bit of a troll, opinionated about both subjects he knows well and ones he doesn't. He unsubtly references his sex life, his security clearance, and his mysterious work. He was not shy about giving advice, which is probably the defining trait of the forum power user....

Most of the people he used to interact with are long gone — like Snowden, they grew up, and receded back into the real world. But he took with him the set of values he either learned or became comfortable expressing online: A keen interest in rights and speech, particularly where they concern the internet and privacy, suspicion of government and authority, a belief in both free markets and free-flowing information, and a set of cultural and aesthetic values that both set him apart from the mainstream and endear him to his people — the internet people. [BuzzFeed]

A whole group of people out there are just like Snowden, says BuzzFeed's Herman, and that should make the NSA, and any organization with secrets, a little nervous. Because when you move from how to why, the answer is a little unsettling, Herman says: "This isn't about 'hacktivism' or some kind of unified cause. This is about the children of the internet coming of age."


TOPICS: Crime/Corruption; Culture/Society
KEYWORDS: nsa; snowden; thumbdrive
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-79 next last
To: Buckeye McFrog
The tower unit of their computer was encased in a chicken wire cage that prevents you from inserting any type of removable media.

That computer is infrastructure. Somebody needed to load that computer with OS and applications and make sure it was connected to the network properly with proper privileges, etc. That somebody would have been an infrastructure specialist, like Ed Snowden.

21 posted on 06/14/2013 12:12:29 PM PDT by cynwoody
[ Post Reply | Private Reply | To 17 | View Replies]

To: Buckeye McFrog

The FBI and NSA agents looking for him should have noted him on a flight out of Hawaii real quick. If he flew direct to HK then it should have been even easier.
I’m surprised that NSA does not have a alert when any employee is traveling outside the US. I know people who have worked such jobs and they all had to notify their agency that they were planning a trip outside the US.


22 posted on 06/14/2013 12:12:31 PM PDT by Oldexpat
[ Post Reply | Private Reply | To 17 | View Replies]

To: DoughtyOne

Very, but I’m just a beanie. The IT Administrator types have special rules because THEY ARE SO TRUSTWORTHY.


23 posted on 06/14/2013 12:15:23 PM PDT by gov_bean_ counter (Romans 1:22 Professing themselves to be wise, they became fools,)
[ Post Reply | Private Reply | To 19 | View Replies]

To: Oldexpat
I’m surprised that NSA does not have a alert when any employee is traveling outside the US. I know people who have worked such jobs and they all had to notify their agency that they were planning a trip outside the US.

Snowden did not work directly for the NSA - he worked for a security contractor hired by the NSA.

24 posted on 06/14/2013 12:15:34 PM PDT by CA Conservative (Texan by birth, Californian by circumstance)
[ Post Reply | Private Reply | To 22 | View Replies]

To: trebb

IMHO, in this age of networked systems and the ease of file transfer and movement between PCs with a CAC there should be no need to use any external drive. Ever.


25 posted on 06/14/2013 12:17:51 PM PDT by gov_bean_ counter (Romans 1:22 Professing themselves to be wise, they became fools,)
[ Post Reply | Private Reply | To 18 | View Replies]

To: null and void

Quis custodiet ipsos custodes?


26 posted on 06/14/2013 12:20:09 PM PDT by Sherman Logan
[ Post Reply | Private Reply | To 1 | View Replies]

To: molson209
Hacking is a Myth ,it’s really the Thumb Drive

It doesn't have to be "either-or". The thumb drive is just the way he stored the data and removed it from the facility. How he accessed the data is another question - did he have that level of access as part of his job duties, or was he able to elevate his permissions to access data he should not have able to access? If so, that would rightly qualify as hacking.

27 posted on 06/14/2013 12:21:25 PM PDT by CA Conservative (Texan by birth, Californian by circumstance)
[ Post Reply | Private Reply | To 2 | View Replies]

To: CA Conservative
Now doesn't this just give you a warm fuzzy about the adequacy of the system controls???

Is the sarcasm tag really needed???

28 posted on 06/14/2013 12:23:06 PM PDT by gov_bean_ counter (Romans 1:22 Professing themselves to be wise, they became fools,)
[ Post Reply | Private Reply | To 27 | View Replies]

To: Oldexpat

Yep. My dad had a job like that for awhile. Had to notify them any time he was going to leave the country. Even Canada.


29 posted on 06/14/2013 12:24:31 PM PDT by Buckeye McFrog
[ Post Reply | Private Reply | To 22 | View Replies]

To: gov_bean_ counter

Do a search for ‘BOFH’. There is some truth to most of his tales.

I ran across one of my coworkers reading /var/spool/mail/execdoofus1’s mail. No remorse either. Just more upset I’d walked in just then.

I never read user mail. For the same reason I don’t watch reality TV.


30 posted on 06/14/2013 12:24:33 PM PDT by Black Agnes
[ Post Reply | Private Reply | To 23 | View Replies]

To: Gaffer
thumb drives are so five minutes ago...it’s 16GB SDHC cards and such (maybe 32 or 64 GB now)...

While SDHC cards are good for carrying data (you usually find them in digital cameras), not too many servers and workstations have ports for the cards built in - you usually need either a USB card reader, or have a laptop with the card reader built in.

On the other hand, every computer built in the last 10-15 years has USB ports for a thumb drive.

31 posted on 06/14/2013 12:25:14 PM PDT by CA Conservative (Texan by birth, Californian by circumstance)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Black Agnes

Cube chuckle. Thanks.


32 posted on 06/14/2013 12:26:43 PM PDT by gov_bean_ counter (Romans 1:22 Professing themselves to be wise, they became fools,)
[ Post Reply | Private Reply | To 30 | View Replies]

To: gov_bean_ counter

LOL


33 posted on 06/14/2013 12:28:24 PM PDT by DoughtyOne (Now playing... [ * * * Manchurian Candidate * * * ], limited engagement, 8 years...)
[ Post Reply | Private Reply | To 23 | View Replies]

To: null and void
A thumb drive is really simple and it's use would have ruined the movie Swordfish.
34 posted on 06/14/2013 12:33:57 PM PDT by Pan_Yan (I believe in God. All else is dubious.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: CA Conservative

You can order them w/o ports, or you can disable or monitor the ports. I worked for a private financial firm and our USB drives were disabled.


35 posted on 06/14/2013 12:38:24 PM PDT by FreeAtlanta (sue the DNC for the IRS abuse! Can RICO laws be used against the DNC?)
[ Post Reply | Private Reply | To 31 | View Replies]

To: gov_bean_ counter

What annoyed me most was he wasn’t even clever about it. I came back from lunch early and he nonchalently moved his monitor out of my view. Which wasn’t so suspicious I guess. what tipped me off was sitting down at the mail server (which was my responsibility) and doing a ‘w’.

And lo and behold:

Adminluser1 blah blah blah blah more /var/spool/mail/execdoofus1

Dude, if you’re going to be evil, at least be clever about it.

His excuse? He needed to find out if he was going to be fired.

I implemented change control on that machine that afternoon.


36 posted on 06/14/2013 12:38:54 PM PDT by Black Agnes
[ Post Reply | Private Reply | To 32 | View Replies]

To: Pan_Yan

ARRRGGGHHH! I improperly used “it’s” instead of “its” and now the grammar nazis are going to put me in time out.


37 posted on 06/14/2013 12:39:28 PM PDT by Pan_Yan (I believe in God. All else is dubious.)
[ Post Reply | Private Reply | To 34 | View Replies]

To: Black Agnes

Lesson: keep emails boring and relevant to work.


38 posted on 06/14/2013 12:41:16 PM PDT by FreeAtlanta (sue the DNC for the IRS abuse! Can RICO laws be used against the DNC?)
[ Post Reply | Private Reply | To 30 | View Replies]

To: FreeAtlanta
You can order them w/o ports, or you can disable or monitor the ports. I worked for a private financial firm and our USB drives were disabled.

I'm aware that you can disable the USB ports, etc - I have been a computer security professional for the past 7 years. I was just commenting on the fact that SDHC slots are relatively rare on business-class workstations, while USB ports are ubiquitous. So the suggestion made that Snowden should have used SDHC cards rather than thumb drives in nonsensical.

39 posted on 06/14/2013 12:42:37 PM PDT by CA Conservative (Texan by birth, Californian by circumstance)
[ Post Reply | Private Reply | To 35 | View Replies]

To: Gaffer
thumb drives are so five minutes ago...it’s 16GB SDHC cards and such (maybe 32 or 64 GB now)...

Most "enterprise" computers don't have card readers, while they all have USB ports.

Of course I guess you could just get a USB card reader, buy why bother when you've got 64GB or 128GB USB "thumb" drives?

Remember 5 1/4 inch floppies? The floppies at work I used were 8 inchers!

You trying to "start a war here" for the "oldest tech?" ;-)

Mark

40 posted on 06/14/2013 12:44:14 PM PDT by MarkL (Do I really look like a guy with a plan?)
[ Post Reply | Private Reply | To 6 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-79 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson