This is funny !!!! NSA wants to say
they are protecting our safety and then you read this. Evidently, THE NSA IS
NOT ALL IT IS CRACKED UP TO BE.. ILLEGAL SPYING ON INNOCENT PEOPLE HAS NOTHING
TO DO WITH THE TERRORISTS IN THE CORPORATION !!!
How Snowden did it
The Guardian via AFP-Getty Images file
A still frame grab recorded on June 6 and released to AFP on June 10 shows
Edward Snowden speaking during an interview with The Guardian newspaper at an
undisclosed location in Hong Kong.
By
Richard Esposito and Matthew Cole
NBC News
NBC News
When Edward Snowden stole the crown jewels of the National
Security Agency, he didn’t need to use any sophisticated devices or software or
go around any computer firewall.
All he needed, said multiple intelligence community sources,
was a few thumb drives and the willingness to exploit a gaping hole in an
antiquated security system to rummage at will through the NSA’s servers and
take 20,000 documents without leaving a trace.
“It’s 2013 and the NSA is stuck in 2003 technology,” said an
intelligence official.
Jason Healey, a former cyber-security official in the Bush
Administration, said the Defense Department and the NSA have “frittered away
years” trying to catch up to the security technology and practices used in
private industry. “The DoD and especially NSA are known for awesome cyber
security, but this seems somewhat misplaced,” said Healey, now a cyber expert at the
Atlantic Council. “They are great at some sophisticated tasks but oddly bad
at many of the simplest.”
As a Honolulu-based employee of Booz Allen Hamilton doing
contract work for the NSA, Snowden had access to the NSA servers via "thin client" computer.
The outdated set-up meant that he had direct access to the NSA servers at
headquarters in Ft. Meade, Md., 5,000 miles away.
In a “thin client” system, each remote computer is essentially
a glorified monitor, with most of the computing power in the central server.
The individual computers tend to be assigned to specific individuals, and
access for most users can be limited to specific types of files based on a user
profile.
But Snowden was not most users. A typical NSA worker has a “top
secret” security clearance, which gives access to most, but not all, classified
information. Snowden also had the enhanced privileges of a “system
administrator.” The NSA, which has as many as 40,000 employees, has 1,000
system administrators, most of them contractors.
As a system administrator, Snowden was allowed to look at any
file he wanted, and his actions were largely unaudited. “At certain levels, you
are the audit,” said an intelligence official.
He was also able to access NSAnet, the agency’s intranet,
without leaving any signature, said a person briefed on the postmortem of
Snowden’s theft. He was essentially a “ghost user,” said the source, making it
difficult to trace when he signed on or what files he accessed.
If he wanted, he would even have been able to pose as any other
user with access to NSAnet, said the source.
The “thin client” system and system administrator job
description also provided Snowden with a possible cover for using thumb drives.
The system is intentionally closed off from the outside world,
and most users are not allowed to remove information from the server and copy
it onto any kind of storage device. This physical isolation – which creates a
so-called “air
gap" between the NSA intranet and the public internet -- is supposed
to ensure that classified information is not taken off premises.
But a system administrator has the right to copy, to take
information from one computer and move it to another. If his supervisor had
caught him downloading files, Snowden could, for example, have claimed he was
using a thumb drive to move information to correct a corrupted user profile.
“He was an authorized air gap,” said an intelligence official.
Finally, Snowden’s physical location worked to his advantage.
In a contractor’s office 5,000 miles and six time zones from headquarters, he
was free from prying eyes. Much of his workday occurred after the masses at Ft.
Meade had already gone home for dinner. Had he been in Maryland, someone who
couldn’t audit his activities electronically still might have noticed his use
of thumb drives.
It’s not yet certain when Snowden began exploiting the gaps in
NSA security. Snowden worked for Booz Allen Hamilton for less than three
months, and says he took the job in order to have access to documents. But he
may have begun taking documents many months before that, while working with the
NSA via a different firm. According to Reuters, U.S. officials said he
downloaded documents in April 2012, while working for Dell.
Snowden is thought to have made his initial attempt to offer
documents to the media in late 2012, while at Dell. According to
published accounts, he tried to contact Guardian journalist Glenn Greenwald in
December and started talking to filmmaker Laura Poitras in January.
He began working for Booz Allen in March. In May, he told his
supervisor he needed to take time off to deal with a health issue, and then
flew to Hong Kong, where he met with Poitras and Greenwald, on May 20. He later
told the Guardian that he was downloading documents on his last day at work.
The revelations based on his documents started appearing in the Guardian and the
Washington Post within weeks.
Snowden is currently living in Russia, where he’s been granted
temporary asylum. The U.S. government has charged him with theft and violations
of the Espionage Act.
U.S. intelligence officials said recently that they plan to
significantly reduce the number of individuals with system administrator
privileges.
“U.S. intelligence has invited so many people into the secret
realm,” said an intelligence official. “There are potentially tons of Edward
Snowdens. But most people aren’t willing to vacuum everything up and break the
law.”
The NSA did not immediately respond to a request for comment.
Richard Esposito is the Senior Executive Producer for
Investigations at NBC News. Matthew Cole is an investigative reporter at NBC
News. He can be reached at matthew.cole@nbcuni.com.
More from NBC News Investigations:
- US
doesn't know what Snowden took, sources say
- Glenn
Greenwald's partner detained by British security
- Lavabit.com
owner: 'I could be arrested' for resisting surveillance order
No comments:
Post a Comment