The NSA Offers Up Three Possible Contributors To Snowden's Leaks To Its Congressional Oversight
from the please-stop-asking-what-we're-doing-about-it-because-we-really-have-no-idea dept
The question has often been asked, but without a satisfactory answer: how did Snowden end up with so many sensitive documents? Further, how did he manage to do this undetected? There has been a lot of speculation, but the recent Official Leak (as compared to Snowden's "unofficial" work) confirmed what nearly everyone already suspected: Snowden used readily available tools to harvest a ton of documents while escaping detection by the NSA.
The supposedly shocking "leak" about Snowden's "web crawler" only served to make the agency look worse. How did it fail to detect this sort of activity? Once again, the question has not received a direct answer. Instead, the agency has offered up three people who may have been indirectly involved in Snowden's document scraping: a civilian NSA employee (who conveniently resigned), an active duty military member and a contractor. (The agency actually uses the word "may" in its official letter to the House judiciary and intelligence committees, suggesting it's still uncomfortable with confirming or denying anything.)
This seemingly confirms an answer given by Keith Alexander at a hearing late last year.
“Has anybody been disciplined at NSA for dropping the ball so badly?” Senate Judiciary Committee Chairman Sen. Patrick Leahy, D-Vt., demanded of NSA Director Gen. Keith Alexander at a Dec. 11 hearing. Alexander at the time replied that the agency had three “cases” that “we’re currently reviewing.”(NBC sought further comment on this, but again met with a refusal from an NSA spokesperson to confirm or deny whether these cases were the same cases Alexander was referring to.)
Here's the details on the civilian employee's assistance of Snowden's scraping efforts.
On 18 June 2013, the NSA civilian admitted to FBI Special Agents that he allowed Mr. Snowden to use his (the NSA civilian's) Public Key Infrastructure (PKI) certificate to access classified information on access that he knew had been denied to Mr. Snowden. Further, at Mr. Snowden's request, the civilian entered his PKI password at Mr. Snowden's computer terminal. Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information. The civilian was not aware that Mr. Snowden intended to unlawfully disclose classified information. However, by sharing his PKI certificate, he failed to comply with security obligations.The other two will face whatever the military and the unnamed corporation choose to dispense as discipline. All well and good, if a little too late. And yet, what's being detailed here feels a lot like sacrificial lambs with a small side of Snowden smearing.
Snowden has denied tricking other analysts into giving him their credentials. Whether or not you find his claim believable, there's no denying the agency's overriding concern. It has stated repeatedly that it has no idea how much Snowden took and it has no real idea how he managed to get so much in the first place.
The overseers are demanding answers and they're not getting anything concrete in response. Instead, they get a lot of murmuring about the "damage" the leaks have done and a token effort to root out additional culprits. Using this one to portray Snowden as a malevolent social engineer helps the NSA's PR efforts but still doesn't address the core issue.
The NSA still hasn't figured out how to prevent the "next Snowden," something that should be at least as horrifying (to the agency) as the current Snowden. This is perhaps the world's largest and most well-funded national security agency, but a single systems administrator managed to outwit its internal protections and walk away with 10-50,000 documents, and the most substantial "answers" the agency has provided to the "how" question is three supposed leak enablers (only one of which was a direct NSA employee) and the troubling admission that its system can easily be subverted by common software tools.
Maybe more evidence will come forth in the next few months to prove this impression wrong, but right now it looks like more an attempt to stave off a little criticism rather than an indication that the NSA has its own systems under control.