The NSA claimed in a recent document that Edward Snowden pulled a fast one on at least one fellow NSA employee in order to gain access to the classified documents he went on to leak – or gush, as the case may be.
Three NSA workers have been implicated in helping Edward Snowden spring leaks: a civilian NSA employee, an active duty military member, and a contractor.
According to an internal NSA memo dated 10 February 2014 that was obtained by NBC News, the civilian, who recently quit, let Snowden use his public key infrastructure (PKI) certificate to access classified information on NSANet – the official NSA intranet.
The civilian gave him access even though he knew full well that such access had already been denied to Snowden, who was then an NSA contractor, the memo says.
According to TheWeek, NSANet, which has its own bridges, routers, systems and gateways, allows analysts deployed almost anywhere to access virtually everything contained on the NSA’s extremely vast data stores.
The memo is unclassified but labeled “for official use only.”
It was written by Ethan L. Bauman, the director of the NSA’s Legislative Affairs Office, and intended for the staff director and minority staff director of the House Committee on the Judiciary.
Bauman wrote that after Snowden asked, the civilian went on to type his PKI password in at Snowden’s computer terminal.
The civilian didn’t realize that Snowden was capable of capturing the password, Bauman says, and thereby getting even more access to classified documents.
The civilian also wasn’t aware that Snowden planned to divulge top secret information from the US’s spying agency, Bauman says.
Ignorance of Snowden’s intentions was no excuse for the civilian’s failure to follow security protocol, of course. Hence, the NSA revoked the civilian’s security clearance on 20 November 2013 and told him his termination was in the offing.
The civilian employee didn’t appeal the decision. He resigned on 10 January 2014.
Bauman didn’t offer any details on how Snowden was helped by the active military member or the contractor.
The NSA isn’t going to hold them accountable, at any rate: that’s up to their employer, Bauman said.
The two were banned from accessing NSA information or spaces in August 2013.
The question of how Snowden was able to access all the classified information he did while employed at a remote Hawaii location is, naturally, of great interest to the US intelligence community.
Reuters reported in November that Snowden “may have persuaded between 20 and 25 fellow workers” to give him their passwords, and Snowden himself said in a public Google chat on 23 January 2014 that he neither stole passwords nor tricked co-workers.
From the chat:
With all due respect to Mark Hosenball, the Reuters report that put this out there was simply wrong. I never stole any passwords, nor did I trick an army of co-workers.
NBC News reports that Jesselyn Radack, a legal adviser to Snowden in the US, said that Snowden stands by the 23 January denial and that the NSA “has a documented history of scapegoating innocent employees for its own failures … manufacturing evidence against them and misleading Congress.”Follow @NakedSecurity