The NSA Offers Up Three Possible Contributors To Snowden's Leaks To Its Congressional Oversight
from the please-stop-asking-what-we're-doing-about-it-because-we-really-have-no-idea dept
The question has often been asked, but without a satisfactory answer: how did Snowden end up with so many sensitive documents? Further, how did he manage to do this undetected? There has been a lot of speculation, but the recent Official Leak (as compared to Snowden's "unofficial" work) confirmed what nearly everyone already suspected: Snowden used readily available tools to harvest a ton of documents while escaping detection by the NSA.
The supposedly shocking "leak" about Snowden's "web crawler" only served to make the agency look worse. How did it fail to detect this sort of activity? Once again, the question has not received a direct answer. Instead, the agency has offered up three people who may have been indirectly involved in Snowden's document scraping: a civilian NSA employee (who conveniently resigned), an active duty military member and a contractor. (The agency actually uses the word "may" in its official letter to the House judiciary and intelligence committees, suggesting it's still uncomfortable with confirming or denying anything.)
This seemingly confirms an answer given by Keith Alexander at a hearing late last year.
“Has anybody been disciplined at NSA for dropping the ball so badly?” Senate Judiciary Committee Chairman Sen. Patrick Leahy, D-Vt., demanded of NSA Director Gen. Keith Alexander at a Dec. 11 hearing. Alexander at the time replied that the agency had three “cases” that “we’re currently reviewing.”(NBC sought further comment on this, but again met with a refusal from an NSA spokesperson to confirm or deny whether these cases were the same cases Alexander was referring to.)
Here's the details on the civilian employee's assistance of Snowden's scraping efforts.
On 18 June 2013, the NSA civilian admitted to FBI Special Agents that he allowed Mr. Snowden to use his (the NSA civilian's) Public Key Infrastructure (PKI) certificate to access classified information on access that he knew had been denied to Mr. Snowden. Further, at Mr. Snowden's request, the civilian entered his PKI password at Mr. Snowden's computer terminal. Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information. The civilian was not aware that Mr. Snowden intended to unlawfully disclose classified information. However, by sharing his PKI certificate, he failed to comply with security obligations.The other two will face whatever the military and the unnamed corporation choose to dispense as discipline. All well and good, if a little too late. And yet, what's being detailed here feels a lot like sacrificial lambs with a small side of Snowden smearing.
Snowden has denied tricking other analysts into giving him their credentials. Whether or not you find his claim believable, there's no denying the agency's overriding concern. It has stated repeatedly that it has no idea how much Snowden took and it has no real idea how he managed to get so much in the first place.
The overseers are demanding answers and they're not getting anything concrete in response. Instead, they get a lot of murmuring about the "damage" the leaks have done and a token effort to root out additional culprits. Using this one to portray Snowden as a malevolent social engineer helps the NSA's PR efforts but still doesn't address the core issue.
The NSA still hasn't figured out how to prevent the "next Snowden," something that should be at least as horrifying (to the agency) as the current Snowden. This is perhaps the world's largest and most well-funded national security agency, but a single systems administrator managed to outwit its internal protections and walk away with 10-50,000 documents, and the most substantial "answers" the agency has provided to the "how" question is three supposed leak enablers (only one of which was a direct NSA employee) and the troubling admission that its system can easily be subverted by common software tools.
Maybe more evidence will come forth in the next few months to prove this impression wrong, but right now it looks like more an attempt to stave off a little criticism rather than an indication that the NSA has its own systems under control.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: edward snowden, leak, nsa
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Cripes
How in the world did Snowden manage to retain the PKI certificate(s)? Those are supposed to be on a physical medium (think key/chip card, USB stick, etc).
And there are so many more layers of improbability there, two examples:
[ link to this | view in thread ]
Keystone Kops
[ link to this | view in thread ]
Fail to detect
Simple, booz allen gives the Carlyle group open access to the NSA database, along with it's phone tapping abilities (Snowden said he could tap anyone at anytime) through Hawaii (because Hawaii didn't have the bandwidth for the updated software). No one caught it because everyone probably just assume it was someone from Carlyle getting insider information on their competitors.
The level of corruption going on here is on a scale never before seen in the world.
[ link to this | view in thread ]
Re: Cripes
[ link to this | view in thread ]
Snowden started his leaks beginning June 5, 2013. It is now Feb. 2014, 8 months later and they still are trying to puzzle through how he did it. There have been two or three different claimed scenarios saying he did it this way or that way and we are still hearing the same thing; another guess.
This is the same outfit that wants you to trust it is not violating the laws of the land and it is not abusing the data it receives. Yet it is very apparent despite all of its claims, it doesn't know itself what it's representatives are doing and given all the constant lies, couldn't be believed if it were telling the truth.
Instead it looks at first glance to be offering up some scapegoats in hopes the bait will be taken.
[ link to this | view in thread ]
Rock vs. Hard Place
Also, why would they release ANY information about how Snowden accomplished anything? He's already admitted stealing data, he's been tried and convicted in the court of public opinion (you know that when douchebags are demanding his death).
This whole situation has been badly handled from the beginning. Doesn't the NSA have anyone who knows how to handle damage control?
They appear to be a bunch of idiots.
I gotta go...
[ link to this | view in thread ]
sharing is caring
Please seed.
[ link to this | view in thread ]
Re: Cripes
The password by itself should be useless without the token, and the key never leaves the token. It's two factor auth: something you have (the token) and something you know (the password).
...that is, if it really was a token. I've seen online banking systems which use a certificate stored on a common USB stick. Copy the file off the stick, and all you need is the password.
[ link to this | view in thread ]
CanadianByChoice
Ok - on the one hand, we have Snowden, presenting embaressing but not-critical evidance of government over-reach and abuse, most of which has been verified and the rest of which, there is not really any reason to doubt. On the other hand, we have the NSA who has been caught lying over and over, and even caught lying about lying. Who is more credible?
The NSA doesn't want to admit that they are so awful at what they do that a single person could compromise their entire setup so they have to make it a conspiracy in the hopes that it will make them look less like the bunglers they are.
[ link to this | view in thread ]
[ link to this | view in thread ]
while commiting high crimes in secret do not allow 2.5 million people to have top security clearance to evidence of my crimes. It might not work.
[ link to this | view in thread ]
The Truth
Recent 'revelations' of the NSA are nothing new to me, I knew the government had a policy coup in 2001 and that it would be abused. It has escalated since. These agencies do what they want - the NSA, CIA, and FBI usually go after whom the government considers their enemy - all of those agencies were spying on Martin Luther King simply because the Pentagon didn't like that he was rallying the people into a anti-war effort. Colluding politicians, corrupt parties, fascist agencies, corporate control, propaganda media - they should all be ashamed - but what they have done in the past and what they do in the present, they believe they are 'righteous' when people on the outside with common sense know otherwise. Western "Democracy" is like watching Rome fall, with striking similarities that befell ancient civilizations.
And people in this country still quibble over who "gets" their President in the White House and bicker with each other. Its a classic divide and conquer policy to keep Citizens distracted while the government does as it pleases, regardless of whom a Citizen thinks is representing their interests.
Peace.
[ link to this | view in thread ]
No perfect crime
If you believe that then consider if we are the fool. Not they.
Airing one's own dirty laundry does not a good spy agency make.
Is not post hoc IT forensics greatly simplified in this case since the person-of-interest has announced their identity? We do we imagine this particular whistleblower throughout 2013 was even bothering to attempt a Perfect Crime.
[ link to this | view in thread ]
[ link to this | view in thread ]
Too much conspiracy taking over the government representatives for political gain, the entire government should be investigated and perhaps tried.
[ link to this | view in thread ]