Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA: Others Implicated in Making Snowden Data Leaks Possible

Posted by timothy on from the who's-leaking-on-what? dept.

NBC News reports that "A civilian NSA employee recently resigned after being stripped of his security clearance for allowing former agency contractor Edward Snowden to use his personal log-in credentials to access classified information, according to an agency memo obtained by NBC News. In addition, an active duty member of the U.S. military and a contractor have been barred from accessing National Security Agency facilities after they were 'implicated' in actions that may have aided Snowden, the memo states. Their status is now being reviewed by their employers, the memo says." You can read the memo for yourself.

19 of 118 comments (clear)

  1. No hardware access tokens? by hawguy · · Score: 4, Interesting

    The NSA, the "experts" in computer security, doesn't use hardware access tokens? Everyone knows that passwords can be compromised (and a PKI certificate adds little since an attacker could copy the cert).

    Though I guess since the NSA already hacked RSA, they knew they couldn't trust RSA tokens.

    1. Re:No hardware access tokens? by jafac · · Score: 5, Informative

      HSPD-12 says that since 2006, they are REQUIRED (**SHALL**) to use them.

      Doesn't mean they do. Just sayin'.

      --

      These are my friends, See how they glisten. See this one shine, how he smiles in the light.
  2. Snowden did not act alone by mbone · · Score: 5, Interesting

    It has been obvious to me for a while that Snowden did not act alone, and that he probably represents a surface manifestation of deep divisions within the intelligence community.

    1. Re:Snowden did not act alone by marcello_dl · · Score: 4, Interesting

      Given that a lot of people in intelligence communities believe they are working for the good side, I have no troubles believing your hypothesis.

      Anyway, when a guy leaks about possibly corrupt institutions, and the reaction is on the guy and possible accomplices, don't we have a bigger problem? It means justice is in bed with corrupt institutions.

      --
      ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
    2. Re:Snowden did not act alone by ZouPrime · · Score: 4, Interesting

      > Given that a lot of people in intelligence communities believe they are working for the good side, I have no troubles believing your hypothesis.

      A truckload of people in the security and intelligence communities have issues with domestic surveillance and were against the Patriot Act from the very begining. It's far from a minority opinion.

    3. Re:Snowden did not act alone by s.petry · · Score: 4, Interesting

      The Feb. 10 memo was signed by Ethan Bauman, the NSA’s director of legislative affairs. It was sent to the congressional committees after repeated questions from senior members about whether the NSA intended to hold any of its employees accountable for the security lapses that enable Snowden to gain access to massive volumes of classified documents that he later leaked to the news media.
      “Has anybody been disciplined at NSA for dropping the ball so badly?” Senate Judiciary Committee Chairman Sen. Patrick Leahy, D-Vt., demanded of NSA Director Gen. Keith Alexander at a Dec. 11 hearing. Alexander at the time replied that the agency had three “cases” that “we’re currently reviewing.” (An NSA spokeswoman Vanee Vines declined comment Wednesday night, writing in an email: “I don’t have anything for your story.”)

      They don't want to stop spying and shitting on personal liberties, they want people held accountable for giving a whistle blower access to data. TFA is of course a piece of government run propaganda^W^W^Wshit, who never does real journalism. They simply repeat the "kill the messenger" message these hearings bring out from the people holding government offices. A real journalist asks real questions, and points out truth that should make people uncomfortable if they are doing something wrong.

      Snowden denied claims of "tricking" people or "stealing" long ago. I think the more likely collaboration was people sympathetic to his cause who gave access and pointed at things. This means they are not jailed as being whistle blowers, because.. well there is a history of (especially this administration) punishing whistle blowers.

      What does TFA and the message boil down to? Easy, more "kill the whistle blowers" message and more "fuck the citizens" messages. Not one lick of journalism of course, just more repeated propaganda.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  3. I wonder - was it social engineering? by blackwizard · · Score: 5, Interesting

    I can easily imagine a situation where he calls up someone with access to classified info, and says something like, "this is Snowden from IT; we're having problems restoring the backup of your encrypted data files on such-and-such server; can you loan me your login information so we can properly validate the checksums? You can change your password right afterward."

    1. Re:I wonder - was it social engineering? by gstoddart · · Score: 5, Informative

      It has already been revealed he did stuff like that.

      But at an agency which is supposed to be secretive and paranoid -- if you have people falling for that, they're really not qualified to be working in that kind of environment.

      Every few months my company sends out test emails to check for phishing, people's likelihood to click on spam, or chance of falling for social engineering. If you fail, you get sent to remedial data security training. If you repeatedly fail, they might decide you can't really be trusted around computers.

      If the NSA has people who are not aware enough of these things to not do it, then they're doing a piss-poor job of training their people. There really is no excuse for people who have access to Top Secret information falling for this kind of thing -- there should never be a situation in which it makes sense to give your password to IT as far as I'm concerned.

      --
      Lost at C:>. Found at C.
  4. Keylogger, not sharing by tomhath · · Score: 5, Informative
    FTFA

    “At Snowden’s request,” the civilian NSA employee, who is not identified by name, entered his password onto Snowden’s computer terminal, the memo states.

    “Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information,” the memo states.

    Snowden lied to the other employee in order to steal classified information.

    1. Re:Keylogger, not sharing by ganjadude · · Score: 4, Insightful

      so, we have an unknown person making claims that his account was stolen with a keylogger. Call me skeptical but I need a little more than an un named employee. Lets hear it from the employee, not the group in the process of doing damage control.

      I am not sayign that this is not how snowden got the information, Im just saying I need more proof than the guys who are using unconstitutional secret courts word for it

      --
      have you seen my sig? there are many others like it but none that are the same
  5. Re:D'oh! by Anonymous Coward · · Score: 5, Insightful

    It's not vindictiveness -- it's procedure. Anyone with a TS-SCI clearance gets the "we'll ruin your life if you screw up" speech when they accept the status. And, given how often you're required to review training on how not to screw up, these people have zero room to complain about any proverbial ton of bricks.

  6. Re:D'oh! by MightyMartian · · Score: 4, Informative

    Apart from the fact that I'm glad the leaks happened, it betrays an extraordinary amount of stupidity on the part of those who gave Snowden their credentials and indicates, at least to me, a considerable lack of training.

    The company I run has some government contracts dealing with a considerable amount of very personal and detailed information of unemployed and disabled persons. I can tell you right now that we regularly drum into everyone's heads the level of confidentiality we require, that under no circumstances are you to give someone your IDs and passwords, or let them use your workstation while you're logged in. Every access to client information is logged, and information is strictly limited to what is needed by each employee to do their job.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  7. Re:D'oh! by boristdog · · Score: 5, Interesting

    I guarantee you Snowden really did no "social hacking" at all.

    If you have EVER been someone who solves people's computer problems (sysadmin, DT support, phone support, etc.) you know that LOTS of people will just flat out tell you their passwords when they contact you. They'll put their passwords on post-its, in e-mails, even in the trouble ticket itself. Or they'll just tell you on the phone or in person. No matter how you try to tell them "I don't want or need that information" they still do it. Upper management and C-levels are the worst about doing this, and their accounts can usually access anything in the organization.

    Hell, I don't even do support any more, but people still leave me notes or tell me their passwords if they want me to help them with something IT won't do.

  8. This just in! by tlambert · · Score: 4, Funny

    This just in!

    Officials are investigating the Washington Metropolitan Area Transit Authority, which is alleged to have aided Snowden in getting to and from secure facilities!

  9. Others? I'd start with Clapper by Subm · · Score: 4, Insightful

    > Others Implicated in Making Snowden Data Leaks Possible

    Since Snowden mentioned Clapper's lying to Congress got him to release the documents, I'd start by implicating Clapper.

    From there it's hard not to implicate the Presidents who didn't honor their pledge to uphold the Constitution. Congress. Decision-makers within the NSA.

    Without all of them, there would be nothing for Snowden to release.

  10. Re:AKA: We're gonna punish somebody by FriendlyLurker · · Score: 5, Insightful

    My immediate thought was: They fire, Investigate and prosecute everyone involved except those in power that systematically broke our laws on a massive scale and violated our constitution. If ever there was an example of how far we have sunk into a corporate fascist dictatorship hiding behind words like "freedom", "democracy", then this must be it.

  11. Re:D'oh! by davester666 · · Score: 5, Informative

    Yes it is. The people looking up their girlfriends info and obviously violating FISA warrants don't get fired. The ones sending information to the FBI with "don't tell anybody we are doing this and make sure to claim your "investigation" started with some other evidence don't get fired.

    --
    Sleep your way to a whiter smile...date a dentist!
  12. Re:D'oh! by davester666 · · Score: 4, Insightful

    then why the fuck hasn't the people in the NSA who have been targeting American's [namely " The people looking up their girlfriends info" and "obviously violating FISA warrants" and "the ones sending information to the FBI with "don't tell anybody we are doing this and make sure to claim your "investigation" started with some other evidence", which CLEARLY violates the law don't face similar punishments?

    Or is it just a pick and choose method of law enforcement.

    And don't get me started on the whole "it's an emergency, no need to follow procedure anymore".

    --
    Sleep your way to a whiter smile...date a dentist!
  13. Re:D'oh! by davester666 · · Score: 5, Insightful

    unless every single LOVEINT target was not a US citizen, the law was broken [as the NSA isn't permitted by law to spy on US citizens]

    and a FISA judge [he should know] said the NSA violated his warrant for YEARS.

    How more illegal do you need to get?

    --
    Sleep your way to a whiter smile...date a dentist!