Feeds

REVEALED: The gizmo leaker Snowden used to smuggle out NSA files

You probably have one in your pocket

Combat fraud and increase customer satisfaction

Whistleblower Edward Snowden apparently used a USB thumb-drive to smuggle out hundreds of top-secret documents before he blew the lid off the NSA's web-spying project PRISM. This is despite the Pentagon's clampdown on the gadgets.

Unnamed officials told the Los Angeles Times that they were well on the way to figuring out which sensitive files the ex-CIA technician obtained, and which servers he swiped them from. Snowden left Hawaii, where he was working for a defence contractor, with four laptops that “enabled him to gain access to some of the US government’s most highly-classified secrets”, The Guardian added.

Only a small proportion of this confidential information has made its way into the public domain: the tiny cache includes four slides of a 41-page top-secret presentation about PRISM, and the low down on another classified programme called Boundless Informant, which produces a worldwide "heat map" of data gathered by the NSA.

Computer usage at the National Security Agency is tightly controlled. But Snowden was a systems administrator employed by contractor Booz Allan Hamilton to maintain the spooks' network, and thus had sufficient privileges to use flash drives as part of his job.

The chairman of the US House of Representative's select intelligence committee Mike Rogers (R-Michigan) said Snowden “attempted to go places that he was not authorised to go” on the NSA’s network and that a damage assessment was underway to determine whether any other data was lifted, The New York Times reported.

The Pentagon banned thumb drives after one was infected by the SillyFDC worm and plugged into a Windows-powered military computer, allowing the malware to spread across sensitive government networks in 2008. The ban was later rescinded.

However, the rules were once again tightened in December 2010 after American army intelligence analyst Bradley Manning used removable media to smuggle out confidential diplomatic and military reports: it is alleged he copied hundreds of thousands of files from SIPRNet, the US Department of Defense’s classified intranet, onto a writeable CD disguised as a disc of Lady Gaga music. Manning is on trial after denying his subsequent leaking of the data "aided the enemy", but pleaded guilty to ten charges of misusing and transmitting the information.

Restrictions were placed on portable storage technology across all the arms of the US military and intelligence community: Major General Richard Webber, commander of the US Air Force Network Operations, put out a memo ordering personnel to “immediately cease use of removable media on all systems, servers, and standalone machines residing on SIPRNET”.

But such blanket bans have been hard to maintain in practice. The NSA uses auditing software that records every keystroke and other computer activities, but Snowden evidently found a way around these watchdogs.

Staff wandering off with critical data is not just a problem for US military chiefs and spymasters: just a few months ago another sysadmin, this time working for a Swiss intelligence service, was implicated in a similar though far less high-profile database breach.

Chief exec of security tools firm Cyber-Ark Udi Mokady commented: “There is an important lesson to be learnt here on the vast power entrusted to employees and the potential damage that can ensue if these internal privileges are misused. Regardless of whether or not you agree with Snowden’s actions and his political motivations, organisations should not lose sight of the fundamental truth that he was exposed to this highly sensitive information via the internal privileged credentials that he was privy to.

"There’s almost an unfortunate sense of déjà vu here as well, as just six months previously, intelligence agencies in the US and UK were warned that secret information on counter-terrorism shared by foreign governments may have been compromised and stolen by a senior IT technician for Switzerland's intelligence service."

Eric Chiu, president of cloud control firm HyTrust, added: “Systems administrators in particular, although low level, typically have the highest access to systems and data, given they manage those systems. Without implementing adequate role-based access controls based on least-privileged access, companies and organisations are granting god-like access to their systems administrators. And cloud and virtual infrastructure make the insider problem worse since administrators can access any virtual machine to potentially copy and steal sensitive data or potentially destroy the virtual data centre in the push of a button.” ®

Top three mobile application threats

More from The Register

next story
EU: Let's cost financial traders $400m a day, because EVIL BANKERS. Right?
Wait 'til this one hits your pension fund where it hurts
Systems meltdown plunges US immigration courts into pen-and-paper stone age
Massive outage could last four weeks, sources claim
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
UK.gov chucks £28m at F1 tech for buses and diggers plan
Well, not really F1 but who's heard of LMP and VLN*?
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.