HideTechdirt is off for the long weekend! We'll be back with our regular posts tomorrow.
HideTechdirt is off for the long weekend! We'll be back with our regular posts tomorrow.

The NSA Offers Up Three Possible Contributors To Snowden's Leaks To Its Congressional Oversight

from the please-stop-asking-what-we're-doing-about-it-because-we-really-have-no-idea dept

The question has often been asked, but without a satisfactory answer: how did Snowden end up with so many sensitive documents? Further, how did he manage to do this undetected? There has been a lot of speculation, but the recent Official Leak (as compared to Snowden's "unofficial" work) confirmed what nearly everyone already suspected: Snowden used readily available tools to harvest a ton of documents while escaping detection by the NSA.

The supposedly shocking "leak" about Snowden's "web crawler" only served to make the agency look worse. How did it fail to detect this sort of activity? Once again, the question has not received a direct answer. Instead, the agency has offered up three people who may have been indirectly involved in Snowden's document scraping: a civilian NSA employee (who conveniently resigned), an active duty military member and a contractor. (The agency actually uses the word "may" in its official letter to the House judiciary and intelligence committees, suggesting it's still uncomfortable with confirming or denying anything.)

This seemingly confirms an answer given by Keith Alexander at a hearing late last year.

“Has anybody been disciplined at NSA for dropping the ball so badly?” Senate Judiciary Committee Chairman Sen. Patrick Leahy, D-Vt., demanded of NSA Director Gen. Keith Alexander at a Dec. 11 hearing. Alexander at the time replied that the agency had three “cases” that “we’re currently reviewing.”
(NBC sought further comment on this, but again met with a refusal from an NSA spokesperson to confirm or deny whether these cases were the same cases Alexander was referring to.)

Here's the details on the civilian employee's assistance of Snowden's scraping efforts.
On 18 June 2013, the NSA civilian admitted to FBI Special Agents that he allowed Mr. Snowden to use his (the NSA civilian's) Public Key Infrastructure (PKI) certificate to access classified information on access that he knew had been denied to Mr. Snowden. Further, at Mr. Snowden's request, the civilian entered his PKI password at Mr. Snowden's computer terminal. Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information. The civilian was not aware that Mr. Snowden intended to unlawfully disclose classified information. However, by sharing his PKI certificate, he failed to comply with security obligations.
The other two will face whatever the military and the unnamed corporation choose to dispense as discipline. All well and good, if a little too late. And yet, what's being detailed here feels a lot like sacrificial lambs with a small side of Snowden smearing.

Snowden has denied tricking other analysts into giving him their credentials. Whether or not you find his claim believable, there's no denying the agency's overriding concern. It has stated repeatedly that it has no idea how much Snowden took and it has no real idea how he managed to get so much in the first place.

The overseers are demanding answers and they're not getting anything concrete in response. Instead, they get a lot of murmuring about the "damage" the leaks have done and a token effort to root out additional culprits. Using this one to portray Snowden as a malevolent social engineer helps the NSA's PR efforts but still doesn't address the core issue.

The NSA still hasn't figured out how to prevent the "next Snowden," something that should be at least as horrifying (to the agency) as the current Snowden. This is perhaps the world's largest and most well-funded national security agency, but a single systems administrator managed to outwit its internal protections and walk away with 10-50,000 documents, and the most substantial "answers" the agency has provided to the "how" question is three supposed leak enablers (only one of which was a direct NSA employee) and the troubling admission that its system can easily be subverted by common software tools.

Maybe more evidence will come forth in the next few months to prove this impression wrong, but right now it looks like more an attempt to stave off a little criticism rather than an indication that the NSA has its own systems under control.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: edward snowden, leak, nsa


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    alan turing, 14 Feb 2014 @ 4:23pm

    sharing is caring

    Thank you Ed.

    Please seed.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.