Former NSA contractor Edward Snowden was able to access some of the 20,000 documents he reportedly downloaded from the agency’s systems by assuming the digital identities of NSA officials with higher levels of clearance, according to intelligence sources with knowledge of the case.

From NBC News:

The NSA has as many as 40,000 employees. According to one intelligence official, the NSA is restricting its research to a much smaller group of individuals with access to sensitive documents. Investigators are looking for discrepancies between the real world actions of an NSA employee and the online activities linked to that person’s computer user profile. For example, if an employee was on vacation while the on-line version of the employee was downloading a classified document, it might indicate that someone assumed the employee’s identity.

The NSA has already identified several instances where Snowden borrowed someone else’s user profile to access documents, said the official.

Each user profile on NSAnet includes a level of security clearance that determines what files the user can access. Like most NSA employees and contractors, Snowden had a “top secret” security clearance, meaning that under his own user profile he could access many classified documents. But some higher level NSA officials have higher levels of clearance that give them access to the most sensitive documents.

As a system administrator, according to intelligence officials, Snowden had the ability to create and modify user profiles for employees and contractors. He also had the ability to access NSAnet using those user profiles, meaning he could impersonate other users in order to access files. He borrowed the identities of users with higher level security clearances to grab sensitive documents.

In another report earlier this week titled How Snowden did it, NBC News explained that the internal system at the NSA is largely shut off from the outside world as a protective measure.  Many employees work off a centralized server and access to files is strictly controlled based on user profiles.  As a system administrator, Snowden had the authority to copy information from one computer and move it to another when needed.  And in Hawaii, far from NSA headquarters and hours apart in time difference, there was likely less chance that his use of thumb drives would have been noticed.

Snowden’s efforts to cover his digital tracks before taking his thumb drives off to Hong Kong and then traveling to Russia have so far stumped the US government.  Even with the system safeguards in place, the NSA leaker is said to have been able to employ these tactics to work around the system and make it more difficult for others to determine which log entries may have been him and exactly which documents he accessed.  An NSA spokeswoman has said that agency head General Keith Alexander “had a sense of what documents and information had been taken,” according to CBS News.  It likely wouldn’t be too difficult to guess at such a thing, based on the type of reporting that has been done to date on the information contained in Snowden’s cache.  But what has yet to be reported in the news of course wouldn’t help the NSA in determining what documents he took.

A former US official with knowledge of the case said of Snowden’s intelligence, “Every day, they are learning how brilliant [Snowden] was…This is why you don’t hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.”