The NSA Offers Up Three Possible Contributors To Snowden's Leaks To Its Congressional Oversight

from the please-stop-asking-what-we're-doing-about-it-because-we-really-have-no-idea dept

The question has often been asked, but without a satisfactory answer: how did Snowden end up with so many sensitive documents? Further, how did he manage to do this undetected? There has been a lot of speculation, but the recent Official Leak (as compared to Snowden's "unofficial" work) confirmed what nearly everyone already suspected: Snowden used readily available tools to harvest a ton of documents while escaping detection by the NSA.

The supposedly shocking "leak" about Snowden's "web crawler" only served to make the agency look worse. How did it fail to detect this sort of activity? Once again, the question has not received a direct answer. Instead, the agency has offered up three people who may have been indirectly involved in Snowden's document scraping: a civilian NSA employee (who conveniently resigned), an active duty military member and a contractor. (The agency actually uses the word "may" in its official letter to the House judiciary and intelligence committees, suggesting it's still uncomfortable with confirming or denying anything.)

This seemingly confirms an answer given by Keith Alexander at a hearing late last year.

“Has anybody been disciplined at NSA for dropping the ball so badly?” Senate Judiciary Committee Chairman Sen. Patrick Leahy, D-Vt., demanded of NSA Director Gen. Keith Alexander at a Dec. 11 hearing. Alexander at the time replied that the agency had three “cases” that “we’re currently reviewing.”
(NBC sought further comment on this, but again met with a refusal from an NSA spokesperson to confirm or deny whether these cases were the same cases Alexander was referring to.)

Here's the details on the civilian employee's assistance of Snowden's scraping efforts.
On 18 June 2013, the NSA civilian admitted to FBI Special Agents that he allowed Mr. Snowden to use his (the NSA civilian's) Public Key Infrastructure (PKI) certificate to access classified information on access that he knew had been denied to Mr. Snowden. Further, at Mr. Snowden's request, the civilian entered his PKI password at Mr. Snowden's computer terminal. Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information. The civilian was not aware that Mr. Snowden intended to unlawfully disclose classified information. However, by sharing his PKI certificate, he failed to comply with security obligations.
The other two will face whatever the military and the unnamed corporation choose to dispense as discipline. All well and good, if a little too late. And yet, what's being detailed here feels a lot like sacrificial lambs with a small side of Snowden smearing.

Snowden has denied tricking other analysts into giving him their credentials. Whether or not you find his claim believable, there's no denying the agency's overriding concern. It has stated repeatedly that it has no idea how much Snowden took and it has no real idea how he managed to get so much in the first place.

The overseers are demanding answers and they're not getting anything concrete in response. Instead, they get a lot of murmuring about the "damage" the leaks have done and a token effort to root out additional culprits. Using this one to portray Snowden as a malevolent social engineer helps the NSA's PR efforts but still doesn't address the core issue.

The NSA still hasn't figured out how to prevent the "next Snowden," something that should be at least as horrifying (to the agency) as the current Snowden. This is perhaps the world's largest and most well-funded national security agency, but a single systems administrator managed to outwit its internal protections and walk away with 10-50,000 documents, and the most substantial "answers" the agency has provided to the "how" question is three supposed leak enablers (only one of which was a direct NSA employee) and the troubling admission that its system can easily be subverted by common software tools.

Maybe more evidence will come forth in the next few months to prove this impression wrong, but right now it looks like more an attempt to stave off a little criticism rather than an indication that the NSA has its own systems under control.



Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Zem, Feb 14th, 2014 @ 12:23pm

    So they get billions of dollars, spy on everyone, months to investigate, and the best they can come up with is 3 possibilities. Of course, Snowden never acted alone, because that would make them look even more incompetent. Gotta love a spy agency that so rampantly chases the secrets of what your neighbors dog ate for breakfast, but can't keep any of their own.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Feb 14th, 2014 @ 12:37pm

    I'm kind of glad nobody is being held accountable. That means leaks like this are sure to happen again.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Feb 14th, 2014 @ 12:38pm

    so far, thank the stars, Snowden has evaded being hung from the nearest yard arm, then drawn and quartered. the NSA are now doing what any self-preserving bunch of lying ass holes would do and trying to find someone to use as a fall guy! they dont care who it is, as long as it's someone credible to Congress and the people, not doing a particularly important job at or in a particularly high position at the NSA, and probably has no immediate family, as in no wife and kids! once that poor sap has been singled out, threatened, had evidence planted, conveniently incriminating him in everything going back as far as Kennedy (God rest him), even though he wasn't a glimmer in his dad's bag while he was in Baghdad at the time, let alone the latest leaks, the NSA will 'dispose of him' in the time honored way of the Witness Protection Program, giving him a new name, bank account, house and job, so he lives peacefully out his life in obscurity. the NSA can then carry on as usual. incident over!!

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    Who Cares (profile), Feb 14th, 2014 @ 12:51pm

    Cripes

    Just reading this the incompetence at the NSA is even worse then when they went public with the crawler.
    How in the world did Snowden manage to retain the PKI certificate(s)? Those are supposed to be on a physical medium (think key/chip card, USB stick, etc).
    And there are so many more layers of improbability there, two examples:
    • Never using the login credentials when their owners are using them.
    • If using the credentials from outside the building never running into callback problems to verify that the new IP is being used by the owner.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Androgynous Cowherd, Feb 14th, 2014 @ 12:59pm

    Keystone Kops

    Who else thinks that maybe it's a good thing that the guys charged with violating civil liberties and attempting to turn the US into a tyranny are a bunch of bumbling idiots? When the enemies of liberty are incompetent, freedom is likelier to win in the end.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    fortiori, Feb 14th, 2014 @ 1:06pm

    Fail to detect

    How did it fail to detect the activity?

    Simple, booz allen gives the Carlyle group open access to the NSA database, along with it's phone tapping abilities (Snowden said he could tap anyone at anytime) through Hawaii (because Hawaii didn't have the bandwidth for the updated software). No one caught it because everyone probably just assume it was someone from Carlyle getting insider information on their competitors.

    The level of corruption going on here is on a scale never before seen in the world.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Feb 14th, 2014 @ 1:25pm

    Re: Cripes

    Or the third option, it never happened and the NSA is once again caught out as full of shit, in another completely unworkable, fabricated story.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Feb 14th, 2014 @ 1:26pm

    What I get the picture of here is a poorly run government agency, concerned with secrecy, that can not actually do the job it is assigned. That and it still can not answer what documents Snowden took

    Snowden started his leaks beginning June 5, 2013. It is now Feb. 2014, 8 months later and they still are trying to puzzle through how he did it. There have been two or three different claimed scenarios saying he did it this way or that way and we are still hearing the same thing; another guess.

    This is the same outfit that wants you to trust it is not violating the laws of the land and it is not abusing the data it receives. Yet it is very apparent despite all of its claims, it doesn't know itself what it's representatives are doing and given all the constant lies, couldn't be believed if it were telling the truth.

    Instead it looks at first glance to be offering up some scapegoats in hopes the bait will be taken.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    albert, Feb 14th, 2014 @ 1:51pm

    Rock vs. Hard Place

    The NSA has made Snowden the bogeyman here. Now, they're finding 'accomplices', who should be at least as culpable as he. That dilutes his 'image'.

    Also, why would they release ANY information about how Snowden accomplished anything? He's already admitted stealing data, he's been tried and convicted in the court of public opinion (you know that when douchebags are demanding his death).

    This whole situation has been badly handled from the beginning. Doesn't the NSA have anyone who knows how to handle damage control?

    They appear to be a bunch of idiots.

    I gotta go...

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    alan turing, Feb 14th, 2014 @ 4:23pm

    sharing is caring

    Thank you Ed.

    Please seed.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Feb 14th, 2014 @ 4:31pm

    Re: Cripes

    This.

    The password by itself should be useless without the token, and the key never leaves the token. It's two factor auth: something you have (the token) and something you know (the password).

    ...that is, if it really was a token. I've seen online banking systems which use a certificate stored on a common USB stick. Copy the file off the stick, and all you need is the password.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Feb 14th, 2014 @ 4:51pm

    CanadianByChoice

    "May have help", huh?
    Ok - on the one hand, we have Snowden, presenting embaressing but not-critical evidance of government over-reach and abuse, most of which has been verified and the rest of which, there is not really any reason to doubt. On the other hand, we have the NSA who has been caught lying over and over, and even caught lying about lying. Who is more credible?
    The NSA doesn't want to admit that they are so awful at what they do that a single person could compromise their entire setup so they have to make it a conspiracy in the hopes that it will make them look less like the bunglers they are.

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    btrussell (profile), Feb 14th, 2014 @ 7:32pm

    Who gives a shit how we found out? Lets act on what we know.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Feb 15th, 2014 @ 10:43am

    Note to self:

    while commiting high crimes in secret do not allow 2.5 million people to have top security clearance to evidence of my crimes. It might not work.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    derp, Feb 16th, 2014 @ 9:28am

    The Truth

    When intelligence agencies have the ability to sway political processes, there is a definite problem. At this point, it is deep rooted and not going away - nor will any President be able to "reign them in." You do not tame people that have the power to tell a President what's good for them. Agencies like the NSA and CIA, especially the CIA, has committed mass crimes in other Nation states including assassination and illegal subversion of other Nation states political systems. These agencies also operate on "home turf" where even a Citizen can be a potential target to them. They have the power to sway politicians and presidents alike, while American taxpayer money is funneled into their "black budgets."

    Recent 'revelations' of the NSA are nothing new to me, I knew the government had a policy coup in 2001 and that it would be abused. It has escalated since. These agencies do what they want - the NSA, CIA, and FBI usually go after whom the government considers their enemy - all of those agencies were spying on Martin Luther King simply because the Pentagon didn't like that he was rallying the people into a anti-war effort. Colluding politicians, corrupt parties, fascist agencies, corporate control, propaganda media - they should all be ashamed - but what they have done in the past and what they do in the present, they believe they are 'righteous' when people on the outside with common sense know otherwise. Western "Democracy" is like watching Rome fall, with striking similarities that befell ancient civilizations.

    And people in this country still quibble over who "gets" their President in the White House and bicker with each other. Its a classic divide and conquer policy to keep Citizens distracted while the government does as it pleases, regardless of whom a Citizen thinks is representing their interests.

    Peace.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    @b, Feb 16th, 2014 @ 4:29pm

    No perfect crime

    8 months later and they still are trying to puzzle through how he did it

    If you believe that then consider if we are the fool. Not they.

    Airing one's own dirty laundry does not a good spy agency make.

    Is not post hoc IT forensics greatly simplified in this case since the person-of-interest has announced their identity? We do we imagine this particular whistleblower throughout 2013 was even bothering to attempt a Perfect Crime.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Feb 16th, 2014 @ 4:30pm

    *Why do we

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Angry as hell, Mar 24th, 2014 @ 3:23am

    It is extremely obvious that it probably has something to do with Alex Jones and perhaps Jesse Ventura. My greatest question is were the others involved visiting Infowars and any way connected to Alex Jones and where in the hell is the constitution and the treason laws of the country.
    Too much conspiracy taking over the government representatives for political gain, the entire government should be investigated and perhaps tried.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This