How Snowden exploited NSA IT security gaps
- By Adam Mazmanian
- Aug 27, 2013
Media reports detail the access that allowed Edward Snowden to gather and leak National Security Agency documents. (Photo by The Guardian newspaper.)
Edward Snowden, the former National Security Agency contractor who leaked a trove of documents on secret U.S. spy programs, relied on his broad access as a system administrator and a leaky security structure around agency computers, according to a report by NBC News.
Snowden did not have to resort to sophisticated measures to cover his tracks as he pulled classified information from the NSA network, according to an intelligence official sourced in the report. Because of its highly classified nature, NSA's intranet, called NSANet, is disconnected from the wider Internet to prevent outside attacks. The use of such an "air gap" between the internal system and the Internet provides an access point for a system administrator. Snowden could have claimed to be copying and moving files among computers for a variety of plausible reasons. Snowden was authorized to move information across the gap, the intelligence official told NBC. Air gaps are a common security precaution for highly classified networks, and certain kinds of industrial command and control networks, including those used in the operation of nuclear power plants.
The existence of the air gap loophole on the NSA intranet dovetails with the kinds of documents Snowden obtained. Press reports based on documents leaked by Snowden offer a window into classified programs through the vantage of training slide shows that detail the sources of information available to NSA analysts – the kind of internal documents typically stored on an intranet.
Snowden's post in Honolulu also played to his advantage, because he was able to access the main NSA network in Fort Meade, Md., from a terminal after most agency employees were done for the day. Similarly, the isolated nature of the NSA intranet would have given him built-in cover for using a portable storage device such as a thumb drive. Snowden had access to the entire network. Any traces his activities left on the network would have been unaudited. The intelligence official said, "At certain levels, you are the audit."
Earlier this month, NSA Director Gen. Keith Alexander disclosed plans to reduce the number of system administrators on NSA networks by 90 percent. Alexander said, "what we've done is we've put people in the loop of transferring data, securing networks and doing things that machines are probably better at doing." For data access and transfer that requires human intervention, Alexander suggested the NSA would move to a two-key system, requiring two system administrators to be present for the handling of especially sensitive information.
Adam Mazmanian is FCW's senior staff writer, and covers Congress, health IT and governmentwide IT policy. Connect with him on Twitter: @thisismaz.