NSA: Others Implicated in Making Snowden Data Leaks Possible

NBC News reports that "A civilian NSA employee recently resigned after being stripped of his security clearance for allowing former agency contractor Edward Snowden to use his personal log-in credentials to access classified information, according to an agency memo obtained by NBC News. In addition, an active duty member of the U.S. military and a contractor have been barred from accessing National Security Agency facilities after they were 'implicated' in actions that may have aided Snowden, the memo states. Their status is now being reviewed by their employers, the memo says." You can read the memo for yourself.

No hardware access tokens?

[hawguy]

The NSA, the "experts" in computer security, doesn't use hardware access tokens? Everyone knows that passwords can be compromised (and a PKI certificate adds little since an attacker could copy the cert).

Though I guess since the NSA already hacked RSA, they knew they couldn't trust RSA tokens.

Snowden did not act alone

[mbone]

It has been obvious to me for a while that Snowden did not act alone, and that he probably represents a surface manifestation of deep divisions within the intelligence community.

Re:Snowden did not act alone

[marcello_dl]

Given that a lot of people in intelligence communities believe they are working for the good side, I have no troubles believing your hypothesis.

Anyway, when a guy leaks about possibly corrupt institutions, and the reaction is on the guy and possible accomplices, don't we have a bigger problem? It means justice is in bed with corrupt institutions.

Re:Snowden did not act alone

[ZouPrime]

> Given that a lot of people in intelligence communities believe they are working for the good side, I have no troubles believing your hypothesis.

A truckload of people in the security and intelligence communities have issues with domestic surveillance and were against the Patriot Act from the very begining. It's far from a minority opinion.

Re:Snowden did not act alone

[s.petry]

The Feb. 10 memo was signed by Ethan Bauman, the NSA’s director of legislative affairs. It was sent to the congressional committees after repeated questions from senior members about whether the NSA intended to hold any of its employees accountable for the security lapses that enable Snowden to gain access to massive volumes of classified documents that he later leaked to the news media.
“Has anybody been disciplined at NSA for dropping the ball so badly?” Senate Judiciary Committee Chairman Sen. Patrick Leahy, D-Vt., demanded of NSA Director Gen. Keith Alexander at a Dec. 11 hearing. Alexander at the time replied that the agency had three “cases” that “we’re currently reviewing.” (An NSA spokeswoman Vanee Vines declined comment Wednesday night, writing in an email: “I don’t have anything for your story.”)

They don't want to stop spying and shitting on personal liberties, they want people held accountable for giving a whistle blower access to data. TFA is of course a piece of government run propaganda^W^W^Wshit, who never does real journalism. They simply repeat the "kill the messenger" message these hearings bring out from the people holding government offices. A real journalist asks real questions, and points out truth that should make people uncomfortable if they are doing something wrong.

Snowden denied claims of "tricking" people or "stealing" long ago. I think the more likely collaboration was people sympathetic to his cause who gave access and pointed at things. This means they are not jailed as being whistle blowers, because.. well there is a history of (especially this administration) punishing whistle blowers.

What does TFA and the message boil down to? Easy, more "kill the whistle blowers" message and more "fuck the citizens" messages. Not one lick of journalism of course, just more repeated propaganda.

I wonder - was it social engineering?

[blackwizard]

I can easily imagine a situation where he calls up someone with access to classified info, and says something like, "this is Snowden from IT; we're having problems restoring the backup of your encrypted data files on such-and-such server; can you loan me your login information so we can properly validate the checksums? You can change your password right afterward."

Re:D'oh!

[boristdog]

I guarantee you Snowden really did no "social hacking" at all.

If you have EVER been someone who solves people's computer problems (sysadmin, DT support, phone support, etc.) you know that LOTS of people will just flat out tell you their passwords when they contact you. They'll put their passwords on post-its, in e-mails, even in the trouble ticket itself. Or they'll just tell you on the phone or in person. No matter how you try to tell them "I don't want or need that information" they still do it. Upper management and C-levels are the worst about doing this, and their accounts can usually access anything in the organization.

Hell, I don't even do support any more, but people still leave me notes or tell me their passwords if they want me to help them with something IT won't do.

Re:D'oh!

The failing startup I was stuck at for a few years eventually hired some expensive ex-NSA security company to spy on us. I won't go into the reasons why, but it was purely political, and an empty gesture to satisfy some of our more vocal/deluded shareholders. You can imagine what it does to morale to have someone being paid at least twice your salary to monitor you, but I digress.

The point is, they went around one day, asked us each for our password(s), and then wrote them down on a legal pad. When it was my turn, they were impressed because I had the only password in the entire company that wasn't trivially crackable and, to prove it, showed me the legal pad with everyone's passwords on it.

I really hope that they were trying to set me up into using someone else's login (which of course I wouldn't), and that they weren't actually that stupid. I respect malice over incompetence, but I suspect that in reality they were just that incompetent.

Posting anonymously out of paranoia. I don't think the company even exists anymore, but whatever.

YANAL

[s.petry]

This is what is called speculation, and would be thrown out in court. Snowden claimed long ago he didn't, these people are claiming he did. I trust Snowden a bit more than I trust most of the shitheads we currently have in Government, and could easily find character witnesses who are unbiased to support Snowden.

Keep being distracted by all the hand waives though.

For what it's worth, IANAL either. I am not fooled by the distractions they keep playing against people.