Feeds

REVEALED: The gizmo leaker Snowden used to smuggle out NSA files

You probably have one in your pocket

Build a business case: developing custom apps

Whistleblower Edward Snowden apparently used a USB thumb-drive to smuggle out hundreds of top-secret documents before he blew the lid off the NSA's web-spying project PRISM. This is despite the Pentagon's clampdown on the gadgets.

Unnamed officials told the Los Angeles Times that they were well on the way to figuring out which sensitive files the ex-CIA technician obtained, and which servers he swiped them from. Snowden left Hawaii, where he was working for a defence contractor, with four laptops that “enabled him to gain access to some of the US government’s most highly-classified secrets”, The Guardian added.

Only a small proportion of this confidential information has made its way into the public domain: the tiny cache includes four slides of a 41-page top-secret presentation about PRISM, and the low down on another classified programme called Boundless Informant, which produces a worldwide "heat map" of data gathered by the NSA.

Computer usage at the National Security Agency is tightly controlled. But Snowden was a systems administrator employed by contractor Booz Allan Hamilton to maintain the spooks' network, and thus had sufficient privileges to use flash drives as part of his job.

The chairman of the US House of Representative's select intelligence committee Mike Rogers (R-Michigan) said Snowden “attempted to go places that he was not authorised to go” on the NSA’s network and that a damage assessment was underway to determine whether any other data was lifted, The New York Times reported.

The Pentagon banned thumb drives after one was infected by the SillyFDC worm and plugged into a Windows-powered military computer, allowing the malware to spread across sensitive government networks in 2008. The ban was later rescinded.

However, the rules were once again tightened in December 2010 after American army intelligence analyst Bradley Manning used removable media to smuggle out confidential diplomatic and military reports: it is alleged he copied hundreds of thousands of files from SIPRNet, the US Department of Defense’s classified intranet, onto a writeable CD disguised as a disc of Lady Gaga music. Manning is on trial after denying his subsequent leaking of the data "aided the enemy", but pleaded guilty to ten charges of misusing and transmitting the information.

Restrictions were placed on portable storage technology across all the arms of the US military and intelligence community: Major General Richard Webber, commander of the US Air Force Network Operations, put out a memo ordering personnel to “immediately cease use of removable media on all systems, servers, and standalone machines residing on SIPRNET”.

But such blanket bans have been hard to maintain in practice. The NSA uses auditing software that records every keystroke and other computer activities, but Snowden evidently found a way around these watchdogs.

Staff wandering off with critical data is not just a problem for US military chiefs and spymasters: just a few months ago another sysadmin, this time working for a Swiss intelligence service, was implicated in a similar though far less high-profile database breach.

Chief exec of security tools firm Cyber-Ark Udi Mokady commented: “There is an important lesson to be learnt here on the vast power entrusted to employees and the potential damage that can ensue if these internal privileges are misused. Regardless of whether or not you agree with Snowden’s actions and his political motivations, organisations should not lose sight of the fundamental truth that he was exposed to this highly sensitive information via the internal privileged credentials that he was privy to.

"There’s almost an unfortunate sense of déjà vu here as well, as just six months previously, intelligence agencies in the US and UK were warned that secret information on counter-terrorism shared by foreign governments may have been compromised and stolen by a senior IT technician for Switzerland's intelligence service."

Eric Chiu, president of cloud control firm HyTrust, added: “Systems administrators in particular, although low level, typically have the highest access to systems and data, given they manage those systems. Without implementing adequate role-based access controls based on least-privileged access, companies and organisations are granting god-like access to their systems administrators. And cloud and virtual infrastructure make the insider problem worse since administrators can access any virtual machine to potentially copy and steal sensitive data or potentially destroy the virtual data centre in the push of a button.” ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
This'll end well: US govt says car-to-car jibber-jabber will SAVE lives
Department of Transportation starts cogs turning for another wireless comms standard
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?