NSA Employees Gave Edward Snowden Login Credentials, Passwords
November 8, 2013 10:37 AM
comment(s) - last by
Snowden then accessed and downloaded secret NSA documents with that information
A new detail about the
U.S. National Security Agency
(NSA) leaks has emerged: agency employees gave former NSA contractor Edward Snowden their login credentials.
According to a new report from
, Snowden conned between 20 to 25 NSA employees to give him their login credentials and passwords. Snowden did this while
working as a computer systems administrator
at the NSA regional operations center for a month in Hawaii last spring.
Snowden reportedly told the NSA employees that he needed their passwords in order to do his job.
However, Snowden used their information to access classified documents that he wasn't supposed to see. He downloaded tens of thousands of secret NSA documents (as well as documents from its British counterpart, Government Communication Headquarters) as a result, and leaked them to the media.
The report added that a "handful" of NSA employees who gave their passwords to Snowden were identified and removed from their assignments. It wasn't clear whether they were put on other assignments or fired.
This new information regarding Snowden's use of NSA passwords was revealed when the U.S. Senate Intelligence Committee approved a bill that will strengthen security over U.S. intelligence data. The bill will push for the installation of new software that can identify and track attempts to access or download secret materials without authorization.
In addition, the bill will require intelligence contractors to immediately report to spy agencies on incidents in which data networks have been accessed by unauthorized personnel.
Last month, it was reported that the NSA didn't install the most up-to-date, anti-leak software at the Hawaii operations center before Snowden arrived there for work.
In August, reports said that the NSA admitted to
touching 1.6 percent of total globe Web traffic
. Its technique was to filter data after harvesting it, which led to over-collection on a major scale.
Google Executive Chairman
recently called the NSA's spying on data centers "outrageous" and that its strategies of pulling hundreds of millions of records to find a few hundred is "bad public policy" and even "illegal."
This article is over a month old, voting and posting comments is disabled
RE: NSA security practices... hah!
11/8/2013 12:21:45 PM
it's not uncommon for system admins to ask or get passwords
I can't speak to how common asking for passwords is industry wide, but I can say that's a very bad practice on top of being unnecessary and inconvenient. There are tools (i.e. su, runas) that allow a sysadmin to work as another user, if needed. I would never ask for a password, and will do what I can to make sure I don't ever have a users password in an unencrypted format (i.e. if I manually change a password, I set it to require a password change immediately).
"Superadmins"/root users will often have access to the encrypted password database, and with time a knowledgeable admin might be able to decrypt these passwords, but that's extremely different from having access to plaintext passwords.
The NSA should be segmenting and compartmentalizing their sysadmins, encrypting more stuff, and the employees with access to sensitive material apparently need a refresher course on basic security. All the monitoring tools and temporary access in the world won't help much while you've got admins with to much access and users who are willing to give away their login credentials.
RE: NSA security practices... hah!
11/8/2013 4:32:41 PM
All the years I have been a Sys Admin I have never asked someone for their password - not once. I started in 1995.
“Then they pop up and say ‘Hello, surprise! Give us your money or we will shut you down!' Screw them. Seriously, screw them. You can quote me on that.” -- Newegg Chief Legal Officer Lee Cheng referencing patent trolls
Google's Eric Schmidt Says NSA Spying on Data Centers is "Not OK"
November 4, 2013, 11:38 AM
"Major Russian Website" Hires Edward Snowden as Tech Support
October 31, 2013, 3:44 PM
NSA Admits to "Touching" 1.6 Percent of Total Global Web Traffic
August 13, 2013, 5:27 PM
Twitter Senior VP: "Diversity is Important, But We Can’t Lower the Bar"
November 9, 2015, 9:59 AM
CNN Resorts to Internet Censorship to Promote Clinton Over Senator Sanders
October 15, 2015, 2:47 PM
Breaking Bad: How to Crash Google's Chrome Browser With Just 8 Characters
September 23, 2015, 11:08 AM
Quick Note: Amazon UK Offers £10 Back on Any Order £50 or Over
August 3, 2015, 12:05 PM
Editorial: Reddit Allows Itself to be Hijacked as a Hate Platform For Racist Bigots
July 21, 2015, 6:32 PM
Mozilla and Facebook to Adobe: It's Time to Kill Flash
July 20, 2015, 6:30 PM
Most Popular Articles
DHS and TSA: Whoops, We Missed That 73 Airport Employees May be Terrorists
November 19, 2015, 2:16 PM
iPhone 7 May Pack 3-4 GB Memory, More Storage; 4-Inch Comeback is Rumored
November 20, 2015, 10:12 PM
Creationists are Mad About Google Doodle Depicting Evolution
November 24, 2015, 8:48 PM
Glenn Beck's Attempt at Anti-Refugee Meme Proves He's Really, Really Dumb
November 18, 2015, 4:17 PM
Jumbo Joust: iPad Pro vs. Surface Pro 3 vs. Surface Pro 4
November 11, 2015, 1:00 AM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2015 DailyTech LLC. -
Terms, Conditions & Privacy Information