NSA: Snowden stole co-worker’s password

It opened the door to classified data

Activists wearing masks of former NSA analyst Edward Snowden, right, Brazil's President Dilma Rousseff, center, and President Barack Obama perform with an oversized passport outside the foreign ministry to demand Snowden be granted asylum in Brasilia, Brazil, Thursday, Feb. 13, 2014.  Last year, Snowden revealed that the United States collected data on billions of telephone and email conversations in Latin America's biggest country, including Rousseff's communications with aides. (AP Photo/Eraldo Peres)
Activists wearing masks of former NSA analyst Edward Snowden, right, Brazil's President Dilma Rousseff, center, and President Barack Obama perform with an oversized passport outside the foreign ministry to demand Snowden be granted asylum in Brasilia, Brazil, Thursday, Feb. 13, 2014. Last year, Snowden revealed that the United States collected data on billions of telephone and email conversations in Latin America's biggest country, including Rousseff's communications with aides. (AP Photo/Eraldo Peres)

WASHINGTON - Former National Security Agency analyst Edward Snowden copied a password from a co-worker to gain access to at least some classified documents that he later disclosed to the world, the NSA reported to Congress. Snowden has previously said he did not steal any passwords.



RELATED ARTICLES

http://www.arkansas…">After Snowden leaks, Germans wary of Internethttp://www.arkansas…">Angered by spying, legislator takes aim at NSA warehouse

The unnamed civilian employee who worked with Snowden resigned last month after the government revoked his security clearance, according to a letter that NSA Legislative Director Ethan Bauman sent this week to the House Judiciary Committee. A military employee and a private contractor also lost their access to NSA data as part of the continuing investigation, Bauman said.

Bauman’s memorandum, dated Monday, provides some of the first details about what authorities said they have learned about how Snowden accessed so many classified documents before passing them to news organizations. Top U.S. national security officials have acknowledged that they do not know how many files Snowden took before he fled the U.S. to seek refuge in Russia.

Snowden, a former NSA contract systems analyst, has denied that he stole computer passwords or tricked some co-workers into giving him their passwords. The NSA letter suggested that Snowden tricked at least one co-worker and copied the employee’s password without the employee’s knowledge.

The civilian NSA worker told FBI investigators last June that he allowed Snowden to use an encrypted digital key known as a Public Key Infrastructure certificate to gain access to classified information on NSA Net, the agency’s computer network. The system connects into many of the NSA’s classified data banks. The memorandum said that previously Snowden had been denied access to the network.

After the co-worker entered his secure Public Key Infrastructure password, Snowden “was able to capture the password, allowing him even greater access to classified information,” Bauman told lawmakers. He said the civilian NSA employee was not aware that Snowden intended to reveal any classified information. It was not clear from the memorandum how much classified information Snowden had collected before using the co-worker’s password.

“I never stole any passwords, nor did I trick an army of co-workers,” Snowden said last month during a public question-and-answer session on the “Free Snowden” website.

The New York Times reported Sunday, and Director of National Intelligence James Clapper later confirmed to Congress, that Snowden released a “web crawler” inside the NSA’s computer systems once he had gained access. That crawler, which automatically indexes the NSA Net and could copy any documents in its path, would essentially use the passwords that Snowden held, legitimately or illegitimately. Snowden later copied files delivered by the crawler to an external storage device, like a thumb drive or hard disk drive, before leaving his NSA job in April and heading to Hong Kong.

After the NSA suspended the co-worker’s access to secure data and in November revoked his security clearance, it informed him that it planned to fire him, and he resigned in January, Bauman said.

A U.S. military employee and a private contractor also lost their access to classified data, but Bauman’s letter did not disclose what lapses they might have committed.

Clapper told senators this week that Snowden’s access to so many classified files has accelerated plans to tighten clearance procedures and monitoring on government computers.

Clapper told the Senate Armed Services Committee that the Snowden breach was a “perfect storm for him, since he was a systems administrator and a highly-skilled, technically skilled IT professional, and so he knew exactly what he was doing. And it was his job as assistant administrator to arrange across a lot of the databases. And he was pretty skilled at staying below the radar, so what he was doing wasn’t visible.”

Clapper acknowledged that the Hawaii NSA station where Snowden worked did not have the same level of security that exists at the agency’s Fort Meade, Md., headquarters. The agency is strengthening security levels throughout its network, Clapper said, tightening daily access to its data banks and laying plans to subject its employees to random clearance and security checks.

Since 2011, civilian U.S. intelligence agencies have provided unreliable and incomplete reports to Congress on the use of private contractors who perform core functions, according to a new congressional audit.

The limitations “hinder the ability to determine the extent” to which eight agencies, including the CIA, use such outside workers and how much they spend to do so, the Government Accountability Office said in an audit released Thursday.

Congress needs reliable information “so we know exactly who is managing our nation’s secrets and why,” Sen. Tom Carper, chairman of the Senate Homeland Security and Governmental Affairs Committee, said in an emailed statement.

Carper, D-Del., said the Office of the Director of National Intelligence “needs to review its policies and make the necessary changes to ensure it can account for its use of all contractors.”

Committee member Sen. Susan Collins, R-Maine, said in an emailed statement that “without reliable data on the number and type of contractors or the expenses associated with them, we cannot effectively determine the appropriate mix of government employees and contractors in the intelligence community.”

The civilian intelligence agencies covered in the report are the CIA, the FBI, the Office of the Director of National Intelligence, and sections within the departments of Treasury, Justice, Energy, State and Homeland Security.

The Government Accountability Off ice, the watchdog agency for Congress, said in the report to the Senate committee that intelligence agencies have taken “positive steps” to improve reliability of the annual reports on “core contractor personnel,” who provide services such as information technology and program management.

“Nevertheless, we identified several limitations,” including changing definitions of what constitutes a core contractor, inaccurate data, methodology flaws and poor documentation “that collectively undermines” the information, according to the report.

The Government Accountability Office said the agencies haven’t fully disclosed these limitations, lessening the “usefulness of the information.”

Core contractor personnel typically work alongside civilian or military employees, providing technical advice, intellectual expertise or administrative support. The contractors don’t make decisions on strategy or commitment of resources, and they don’t perform common commercial jobs, such as janitorial or food services.

The Senate Intelligence Committee said in its fiscal 2014 policy report that Snowden was a “core contractor” for the NSA, which “highlights the threat posed by insiders entrusted with access.”

The intelligence community “relies on a varied workforce” of civilians, uniformed military “and core contractors to perform its work,” the committee said.

Information for this article was contributed by Stephen Braun of The Associated Press, by David E. Sanger of The New York Times and by Tony Capaccio of Bloomberg News.

Front Section, Pages 1 on 02/14/2014

Upcoming Events