The NSA Offers Up Three Possible Contributors To Snowden's Leaks To Its Congressional Oversight

from the please-stop-asking-what-we're-doing-about-it-because-we-really-have-no-idea dept

Fri, Feb 14th 2014 11:50am — Tim Cushing

The question has often been asked, but without a satisfactory answer: how did Snowden end up with so many sensitive documents? Further, how did he manage to do this undetected? There has been a lot of speculation, but the recent Official Leak (as compared to Snowden's "unofficial" work) confirmed what nearly everyone already suspected: Snowden used readily available tools to harvest a ton of documents while escaping detection by the NSA.

The supposedly shocking "leak" about Snowden's "web crawler" only served to make the agency look worse. How did it fail to detect this sort of activity? Once again, the question has not received a direct answer. Instead, the agency has offered up three people who may have been indirectly involved in Snowden's document scraping: a civilian NSA employee (who conveniently resigned), an active duty military member and a contractor. (The agency actually uses the word "may" in its official letter to the House judiciary and intelligence committees, suggesting it's still uncomfortable with confirming or denying anything.)

This seemingly confirms an answer given by Keith Alexander at a hearing late last year.

“Has anybody been disciplined at NSA for dropping the ball so badly?” Senate Judiciary Committee Chairman Sen. Patrick Leahy, D-Vt., demanded of NSA Director Gen. Keith Alexander at a Dec. 11 hearing. Alexander at the time replied that the agency had three “cases” that “we’re currently reviewing.”

(NBC sought further comment on this, but again met with a refusal from an NSA spokesperson to confirm or deny whether these cases were the same cases Alexander was referring to.)

Here's the details on the civilian employee's assistance of Snowden's scraping efforts.

On 18 June 2013, the NSA civilian admitted to FBI Special Agents that he allowed Mr. Snowden to use his (the NSA civilian's) Public Key Infrastructure (PKI) certificate to access classified information on access that he knew had been denied to Mr. Snowden. Further, at Mr. Snowden's request, the civilian entered his PKI password at Mr. Snowden's computer terminal. Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information. The civilian was not aware that Mr. Snowden intended to unlawfully disclose classified information. However, by sharing his PKI certificate, he failed to comply with security obligations.

The other two will face whatever the military and the unnamed corporation choose to dispense as discipline. All well and good, if a little too late. And yet, what's being detailed here feels a lot like sacrificial lambs with a small side of Snowden smearing.

Snowden has denied tricking other analysts into giving him their credentials. Whether or not you find his claim believable, there's no denying the agency's overriding concern. It has stated repeatedly that it has no idea how much Snowden took and it has no real idea how he managed to get so much in the first place.

The overseers are demanding answers and they're not getting anything concrete in response. Instead, they get a lot of murmuring about the "damage" the leaks have done and a token effort to root out additional culprits. Using this one to portray Snowden as a malevolent social engineer helps the NSA's PR efforts but still doesn't address the core issue.

The NSA still hasn't figured out how to prevent the "next Snowden," something that should be at least as horrifying (to the agency) as the current Snowden. This is perhaps the world's largest and most well-funded national security agency, but a single systems administrator managed to outwit its internal protections and walk away with 10-50,000 documents, and the most substantial "answers" the agency has provided to the "how" question is three supposed leak enablers (only one of which was a direct NSA employee) and the troubling admission that its system can easily be subverted by common software tools.

Maybe more evidence will come forth in the next few months to prove this impression wrong, but right now it looks like more an attempt to stave off a little criticism rather than an indication that the NSA has its own systems under control.

Nsa Snowden (PDF)Nsa Snowden (Text)

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: edward snowden, leak, nsa

18 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Zem, 14 Feb 2014 @ 12:23pm

So they get billions of dollars, spy on everyone, months to investigate, and the best they can come up with is 3 possibilities. Of course, Snowden never acted alone, because that would make them look even more incompetent. Gotta love a spy agency that so rampantly chases the secrets of what your neighbors dog ate for breakfast, but can't keep any of their own.
[ link to this | view in chronology ]
Anonymous Coward, 14 Feb 2014 @ 12:37pm

I'm kind of glad nobody is being held accountable. That means leaks like this are sure to happen again.
[ link to this | view in chronology ]
Anonymous Coward, 14 Feb 2014 @ 12:38pm

so far, thank the stars, Snowden has evaded being hung from the nearest yard arm, then drawn and quartered. the NSA are now doing what any self-preserving bunch of lying ass holes would do and trying to find someone to use as a fall guy! they dont care who it is, as long as it's someone credible to Congress and the people, not doing a particularly important job at or in a particularly high position at the NSA, and probably has no immediate family, as in no wife and kids! once that poor sap has been singled out, threatened, had evidence planted, conveniently incriminating him in everything going back as far as Kennedy (God rest him), even though he wasn't a glimmer in his dad's bag while he was in Baghdad at the time, let alone the latest leaks, the NSA will 'dispose of him' in the time honored way of the Witness Protection Program, giving him a new name, bank account, house and job, so he lives peacefully out his life in obscurity. the NSA can then carry on as usual. incident over!!
[ link to this | view in chronology ]
Who Cares (profile), 14 Feb 2014 @ 12:51pm

Cripes
Just reading this the incompetence at the NSA is even worse then when they went public with the crawler.
How in the world did Snowden manage to retain the PKI certificate(s)? Those are supposed to be on a physical medium (think key/chip card, USB stick, etc).
And there are so many more layers of improbability there, two examples:
- Never using the login credentials when their owners are using them.
- If using the credentials from outside the building never running into callback problems to verify that the new IP is being used by the owner.
[ link to this | view in chronology ]
- Anonymous Coward, 14 Feb 2014 @ 1:25pm
  
  Re: Cripes
  Or the third option, it never happened and the NSA is once again caught out as full of shit, in another completely unworkable, fabricated story.
  [ link to this | view in chronology ]
- Anonymous Coward, 14 Feb 2014 @ 4:31pm
  
  Re: Cripes
  This.
  
  The password by itself should be useless without the token, and the key never leaves the token. It's two factor auth: something you have (the token) and something you know (the password).
  
  ...that is, if it really was a token. I've seen online banking systems which use a certificate stored on a common USB stick. Copy the file off the stick, and all you need is the password.
  [ link to this | view in chronology ]
Androgynous Cowherd, 14 Feb 2014 @ 12:59pm

Keystone Kops
Who else thinks that maybe it's a good thing that the guys charged with violating civil liberties and attempting to turn the US into a tyranny are a bunch of bumbling idiots? When the enemies of liberty are incompetent, freedom is likelier to win in the end.
[ link to this | view in chronology ]
fortiori, 14 Feb 2014 @ 1:06pm

Fail to detect
How did it fail to detect the activity?

Simple, booz allen gives the Carlyle group open access to the NSA database, along with it's phone tapping abilities (Snowden said he could tap anyone at anytime) through Hawaii (because Hawaii didn't have the bandwidth for the updated software). No one caught it because everyone probably just assume it was someone from Carlyle getting insider information on their competitors.

The level of corruption going on here is on a scale never before seen in the world.
[ link to this | view in chronology ]
Anonymous Coward, 14 Feb 2014 @ 1:26pm

What I get the picture of here is a poorly run government agency, concerned with secrecy, that can not actually do the job it is assigned. That and it still can not answer what documents Snowden took

Snowden started his leaks beginning June 5, 2013. It is now Feb. 2014, 8 months later and they still are trying to puzzle through how he did it. There have been two or three different claimed scenarios saying he did it this way or that way and we are still hearing the same thing; another guess.

This is the same outfit that wants you to trust it is not violating the laws of the land and it is not abusing the data it receives. Yet it is very apparent despite all of its claims, it doesn't know itself what it's representatives are doing and given all the constant lies, couldn't be believed if it were telling the truth.

Instead it looks at first glance to be offering up some scapegoats in hopes the bait will be taken.
[ link to this | view in chronology ]
albert, 14 Feb 2014 @ 1:51pm

Rock vs. Hard Place
The NSA has made Snowden the bogeyman here. Now, they're finding 'accomplices', who should be at least as culpable as he. That dilutes his 'image'.

Also, why would they release ANY information about how Snowden accomplished anything? He's already admitted stealing data, he's been tried and convicted in the court of public opinion (you know that when douchebags are demanding his death).

This whole situation has been badly handled from the beginning. Doesn't the NSA have anyone who knows how to handle damage control?

They appear to be a bunch of idiots.

I gotta go...
[ link to this | view in chronology ]
alan turing, 14 Feb 2014 @ 4:23pm

sharing is caring
Thank you Ed.

Please seed.
[ link to this | view in chronology ]
Anonymous Coward, 14 Feb 2014 @ 4:51pm

CanadianByChoice
"May have help", huh?
Ok - on the one hand, we have Snowden, presenting embaressing but not-critical evidance of government over-reach and abuse, most of which has been verified and the rest of which, there is not really any reason to doubt. On the other hand, we have the NSA who has been caught lying over and over, and even caught lying about lying. Who is more credible?
The NSA doesn't want to admit that they are so awful at what they do that a single person could compromise their entire setup so they have to make it a conspiracy in the hopes that it will make them look less like the bunglers they are.
[ link to this | view in chronology ]
btrussell (profile), 14 Feb 2014 @ 7:32pm

Who gives a shit how we found out? Lets act on what we know.
[ link to this | view in chronology ]
Anonymous Coward, 15 Feb 2014 @ 10:43am

Note to self:

while commiting high crimes in secret do not allow 2.5 million people to have top security clearance to evidence of my crimes. It might not work.
[ link to this | view in chronology ]
derp, 16 Feb 2014 @ 9:28am

The Truth
When intelligence agencies have the ability to sway political processes, there is a definite problem. At this point, it is deep rooted and not going away - nor will any President be able to "reign them in." You do not tame people that have the power to tell a President what's good for them. Agencies like the NSA and CIA, especially the CIA, has committed mass crimes in other Nation states including assassination and illegal subversion of other Nation states political systems. These agencies also operate on "home turf" where even a Citizen can be a potential target to them. They have the power to sway politicians and presidents alike, while American taxpayer money is funneled into their "black budgets."

Recent 'revelations' of the NSA are nothing new to me, I knew the government had a policy coup in 2001 and that it would be abused. It has escalated since. These agencies do what they want - the NSA, CIA, and FBI usually go after whom the government considers their enemy - all of those agencies were spying on Martin Luther King simply because the Pentagon didn't like that he was rallying the people into a anti-war effort. Colluding politicians, corrupt parties, fascist agencies, corporate control, propaganda media - they should all be ashamed - but what they have done in the past and what they do in the present, they believe they are 'righteous' when people on the outside with common sense know otherwise. Western "Democracy" is like watching Rome fall, with striking similarities that befell ancient civilizations.

And people in this country still quibble over who "gets" their President in the White House and bicker with each other. Its a classic divide and conquer policy to keep Citizens distracted while the government does as it pleases, regardless of whom a Citizen thinks is representing their interests.

Peace.
[ link to this | view in chronology ]
@b, 16 Feb 2014 @ 4:29pm

No perfect crime
8 months later and they still are trying to puzzle through how he did it

If you believe that then consider if we are the fool. Not they.

Airing one's own dirty laundry does not a good spy agency make.

Is not post hoc IT forensics greatly simplified in this case since the person-of-interest has announced their identity? We do we imagine this particular whistleblower throughout 2013 was even bothering to attempt a Perfect Crime.
[ link to this | view in chronology ]
Anonymous Coward, 16 Feb 2014 @ 4:30pm

*Why do we
[ link to this | view in chronology ]
Angry as hell, 24 Mar 2014 @ 3:23am

It is extremely obvious that it probably has something to do with Alex Jones and perhaps Jesse Ventura. My greatest question is were the others involved visiting Infowars and any way connected to Alex Jones and where in the hell is the constitution and the treason laws of the country.
Too much conspiracy taking over the government representatives for political gain, the entire government should be investigated and perhaps tried.
[ link to this | view in chronology ]