Image 01 Image 03

Snowden reportedly assumed digital identities of other NSA employees to access files

Snowden reportedly assumed digital identities of other NSA employees to access files

Former NSA contractor Edward Snowden was able to access some of the 20,000 documents he reportedly downloaded from the agency’s systems by assuming the digital identities of NSA officials with higher levels of clearance, according to intelligence sources with knowledge of the case.

From NBC News:

The NSA has as many as 40,000 employees. According to one intelligence official, the NSA is restricting its research to a much smaller group of individuals with access to sensitive documents. Investigators are looking for discrepancies between the real world actions of an NSA employee and the online activities linked to that person’s computer user profile. For example, if an employee was on vacation while the on-line version of the employee was downloading a classified document, it might indicate that someone assumed the employee’s identity.

The NSA has already identified several instances where Snowden borrowed someone else’s user profile to access documents, said the official.

Each user profile on NSAnet includes a level of security clearance that determines what files the user can access. Like most NSA employees and contractors, Snowden had a “top secret” security clearance, meaning that under his own user profile he could access many classified documents. But some higher level NSA officials have higher levels of clearance that give them access to the most sensitive documents.

As a system administrator, according to intelligence officials, Snowden had the ability to create and modify user profiles for employees and contractors. He also had the ability to access NSAnet using those user profiles, meaning he could impersonate other users in order to access files. He borrowed the identities of users with higher level security clearances to grab sensitive documents.

In another report earlier this week titled How Snowden did it, NBC News explained that the internal system at the NSA is largely shut off from the outside world as a protective measure.  Many employees work off a centralized server and access to files is strictly controlled based on user profiles.  As a system administrator, Snowden had the authority to copy information from one computer and move it to another when needed.  And in Hawaii, far from NSA headquarters and hours apart in time difference, there was likely less chance that his use of thumb drives would have been noticed.

Snowden’s efforts to cover his digital tracks before taking his thumb drives off to Hong Kong and then traveling to Russia have so far stumped the US government.  Even with the system safeguards in place, the NSA leaker is said to have been able to employ these tactics to work around the system and make it more difficult for others to determine which log entries may have been him and exactly which documents he accessed.  An NSA spokeswoman has said that agency head General Keith Alexander “had a sense of what documents and information had been taken,” according to CBS News.  It likely wouldn’t be too difficult to guess at such a thing, based on the type of reporting that has been done to date on the information contained in Snowden’s cache.  But what has yet to be reported in the news of course wouldn’t help the NSA in determining what documents he took.

A former US official with knowledge of the case said of Snowden’s intelligence, “Every day, they are learning how brilliant [Snowden] was…This is why you don’t hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.”


Donations tax deductible
to the full extent allowed by law.


So, he’s a Communist spy.

    Not really a spy. Whistler blower more accurately describes Snowden.

      Aridog in reply to Vince. | August 29, 2013 at 3:38 pm

      “Whistleblower” is NOT what Snowden was, in any way what-so-ever. Whistle blowers seek to effect change, to stop some perhaps illegal activity, whatever…you go to the people who can effect change. You do NOT go to a newspaper…when you do then it is all about YOU, and not about effecting change. You punk yourself is so doing. You lose ownership in your materials the moment you yap to a news outlet…you are diddly squat then, and no substantive change occurs.

      I am speaking from experience. The best “whistleblowers” are those you never hear about, read about, or see a movie about. They just get change done and go on about their business.

      It. Is. Not. About. YOU.

        Vince in reply to Aridog. | August 29, 2013 at 8:30 pm

        You do NOT go to a newspaper…when you do then it is all about YOU

        Snowden has made it clear this is not about HIM and doesn’t want it to be about it. Although it’s become obvious that some people in the media and government do want to make it about HIM through character assassination and fabrications of who is working for.

        You lose ownership in your materials the moment you yap to a news outlet…you are diddly squat then, and no substantive change occurs.

        There were previous NSA whistle blowers before the Snowden incident. They went through the proper channels and nothing changed. Nothing.. quite the opposite in fact. The law breaking intensified!

        The Snowden incident has changed the debate and the public consciousness far more than any other whistleblowing before this.. I would say it’s been partly successful and it’s not over yet.

        Sanddog in reply to Aridog. | August 29, 2013 at 8:39 pm

        “The people who could effect change” ARE the American people.

        What do you honestly think a supervisor at the NSA would have done? Said… Thank You!!! … seriously? Snowden would be able to get a minimum wage job flipping burgers after they were done with him.

        Snowden could have gone to his congressman who wouldn’t hold the clearance necessary to do a real investigation, an investigation which would have been immediately shut down by the NSA citing security rules.

        The only way you can blow the whistle on an organization that has zero oversight and zero transparency is by taking your information outside the regular channels.

          Aridog in reply to Sanddog. | August 29, 2013 at 10:20 pm

          The only way you can blow the whistle on an organization that has zero oversight and zero transparency is by taking your information outside the regular channels.

          Like to a UK newspaper guy, then to China and the Russian Republic.

          Got it.

          punfundit in reply to Sanddog. | August 31, 2013 at 8:30 am

          Zero oversight and zero transparency?

          Have you heard of the Senate Intelligence Oversight Committee?
          Have you heard of the Church Committee (of which Barry Goldwater was a member)?
          Have you heard of the Foreign Intelligence Surveillance Court?

          Or do you suppose that every request by an intelligence agency to pursue a foreign intelligence target should be asked in public?

        Aridog in reply to Aridog. | August 29, 2013 at 10:00 pm

        None of you have been whistleblowers, of that I’m sure, based upon the comment string above. I have. I did NOT say you go to some one in management, I said you go to someone who can effect change. I did not specify where that might be. If you think that the revelations from 2002 onward did not effect change, you’ve not paid attention and definitely have not worked in the field. All of that is you privilege. Enjoy your comfort zone on this. Snowden is a nobody who tried to be somebody. He got bent over the barrel and driven home.

          Sanddog in reply to Aridog. | August 30, 2013 at 11:26 pm

          Were you a whistleblower that uncovered a secret program to illegally collect data on every American? No.. didn’t think so. You were never in Snowden’s position so you have no idea what you would have done.

          punfundit in reply to Aridog. | August 31, 2013 at 8:22 am

          Sanddog, who is illegally collecting whose information? Have you read the 702 and 215 laws? Do you remember the gigantic arguments over the FISA Amendment Act a few years ago? What is it you suppose is being collected and used?

          I am of the opinion that lot of people have been hoodwinked over this issue. Unfortunately they are people on my side of the bigger argument. This is not helpful.

      how many files does he have to give away to foreign countries before you’ll begin to suspect his motive was not as altruistic as initially stated?
      now we have data released that he says he did not give to anyone, so he has possibly lost control of the data.
      and if he’s lost control how much do you think his life is worth?
      I’ll bet he’s damned scared now and scared of the countries he hoped to emigrate to.

      punfundit in reply to Vince. | August 30, 2013 at 1:58 pm

      He is not a whistleblower.

      There is a mass of misinformation in the public eye right now. It is largely propagated by people which various agendas. Their efforts are successful because the people who can objectively and irrefutably correct the record are legitimately prohibited by law from doing so.

“A former US official with knowledge of the case said of Snowden’s intelligence, “Every day, they are learning how brilliant [Snowden] was…This is why you don’t hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.”

Regardless of what one thinks of Snowden, Commie Spy or not, he did dig deeply into the Obama,(A summa cum laude graduate of the Alinsky/Gramsci school of Neo-Marxism)administration.

Not to shabby from was indicated by many as just a GED person..

    TMLutas in reply to JP. | August 29, 2013 at 5:26 pm

    Just smart people can’t catch the Russians and the Chinese doing daily romps through your networks, idiot. It takes a bit more than just smart to do that. Downgrading the intelligence of the front line people protecting your electronic assets is just a dumb idea.

      being a rude asshole and missing the point of what the OP said isn’t too smart either.

        TMLutas in reply to dmacleo. | August 30, 2013 at 8:52 am

        The idiot comment, which *is* extremely rude, was intended and aimed at the guy advocating downgrading the quality/capability of sysadmins.

        I’m more of a recovering asshole than an active one but we all have our backsliding moments. I regret making it less than clear my target as well as my lack of inventiveness and art in my response.

Lesson for the NSA (and, for that matter, everyone):

If one of your sysadmins decides to go evil and turn against you, and you’re wondering which embarrassing/harmful documents he stole on his way out, the best move is probably to assume “everything”. If that’s not practical, go with “whatever would hurt the very most”.

So…NSA is so incompetent that a low rate employee can easily steal the identities of higher ups to access classified secrets. And we have 40,000 of these potential leakers. Good to know. Is this true of all government agencies? I fear it is.

    TMLutas in reply to BarbaraS. | August 29, 2013 at 5:23 pm

    The incompetence stems from identifying a system admin as a low rung employee. System admins have to be trusted with everything because we can impersonate everyone. Part of the job is to ensure that people do not choose bad passwords. Legitimately, you can download the password file and run a cracker on it, then send out a notice to change your passwords for everything that got cracked within 5 minutes (said notice is usually promptly ignored by most of the higher ups). That’s all within the normal rules of sysadmin behavior. He might even have been paid to do it.

    At that point, you’ve got the passwords to a lot of higher ups and can impersonate at will any of those who . Some people keep the list to impersonate for troubleshooting purposes. Some people toss the list. And then there’s Snowden…

    There’s no guarantee that this is the method used. There are a good number of variations he might have run, or he might have just looked under mousepads and collected passwords that way (you would be shocked how often that works). It can be that simple.

      Aridog in reply to TMLutas. | August 29, 2013 at 10:09 pm

      I’m curious. You suggest that you are a “sysadmin” …e.g., your words “…because we….” so can you say whether you are a contractor, sub-contractor, or one of the rare actual civil servants or military cadre?

      Where I was in DOD as soon as OMB Circular A-76 Commercial Activities studies determined that about 90% of all IT and ITE work had to be “contracted” to private enterprise…it was promptly handed off to crony corporations with virtually no administrative experience, however technically competent otherwise (weapons makers) and the process went to Hades in a hand basket.

      I am NOT saying this is true of all private contractors, but it certainly applies to some of them in important slots. I am sure there really are good contract “sysadmins” out there.

        TMLutas in reply to Aridog. | August 30, 2013 at 8:48 am

        The process is the same no matter where you work. Everybody does stupid stuff. The human condition doesn’t change and people overwhelmingly resent and resist good password discipline. I’ve done some government work but it’s been awhile. I’m currently doing a single founder startup,

        Sorry to hear that whoever was doing purchasing in your observable corner of the government fouled up the outsourcing so badly. Any ideas how to publicize the problem in an inexpensive and sustainable way?

          Aridog in reply to TMLutas. | August 30, 2013 at 10:08 am

          Epistle warning….

          Thanks. The only way to point out problems of awarding contracts to basically unqualified (for the specific task, not per se) vendors would be to take on both the entirety of DOD and one of the largest defense contractors on the planet. As I have previously, you do not effect real change by the light of publicity anyway…the roaches just scurry from the light and set up the same shop anew. These days, in retirement, I have no way to protect myself or contact actual players who could & would make the changes necessary, without blowing any cover I might have otherwise. I want no attention, positive or negative. I would never go to a news outlet of any kind under any circumstance anyway. They have power to make noise, not to fix anything. What is revealed is merely reformatted. Think Pentagon Papers and what was going on in Benghazi, with John Brennan playing Robert Komer’s role. Same crap, new package.

          One giant impediment to any significant change in this Information Technology world where weapons today are now ITE would require major revisions to OMB Circ A-76 definitions of what is “governmental” and “non-governmental”..e.g. a “commercial activity.” Multi-starred Generals do not have that power….and their actions vis a vis IT & ITE are limited by that fact.

          Someone else mentioned that NSA had failed to segement its databases. I don’t know if that is true…in my experience I dealt with four different segmented global databases. The problems we had related to “Roles & Permissions” being overseen and applied appropriately. When the less knowledgeable (in IT admin experience, not technical potential) contractors came in they looked for short cuts…e.g., give no one permissions or give everyone everything. They leaned heavily to the former, forcing anyone doing analysis to go to them for an individual script, that wasn’t saved, and essentially reduced IT efficiency for the workers and analysts by about 50% plus.

          I mentioned earlier that I’d been a whistle blower. Three times actually. And in each a power player was found to force positive change without publicity. Last time around it was to stop a subordinate command department from breaking the law and, after vetting my concern with two other trust worthy persons in the chain of command, I found a general who would order that it cease and desist. It did cease and desist. Immediately. The last time around I wasn’t able to keep my identity completely quiet…the sequence of events clearly pointed to me and I was not forgiven, but remained in place…because to hang me out to dry they’d have to admit to law-breaking themselves. I knew too much in other words….and I had NOT gone the publicity route…they were just stopped. Period. The internal bureaucratic extortion racket is alive and well I assure you.

          In every instance my efforts were boring and mundane, but effective. And that is all that mattered. I do have faith that there will always be qualified individuals with good character who will be in positions to effect changes that are necessary and legally required. Even in the Contractor ranks. I have a promise to my successor that says I will not under any circumstances intervene again in my area of expertise without first vetting it with her, and getting her consent. Some things just aren’t worth the grief of doing….and you always need learned opinions other than your own.

          Now, for my critics on this thread, I invite them to list for me the changes that have actually taken place due to Snowden’s motor mouth. With the list include the method used to verify what you think you know….that real change has occurred. I will listen. I don’t know everything.

          Aridog in reply to TMLutas. | August 30, 2013 at 10:24 am

          The “start up” looks interesting. Along the lines of “OpentheBooks” but appears to cover more material. Good luck with it, it sounds like it can be a real way for real participation. You may see me inquiring more at the website.

casualobserver | August 29, 2013 at 2:32 pm

Whistle blower. Spy. Traitor. Whatever. The real question is how many laws did he break in order to accomplish his goals? At some point, that answer plus his choice of confidants paints a picture that isn’t as simple as one label, whatever you want to call him.

Henry Hawkins | August 29, 2013 at 2:36 pm

There are no ‘official’ definitions, but it seems to me that someone spying for another government, or group of communist governments say, doesn’t publish the stolen data. That sounds like a whistle-blower.

On the other hand, one could be both, I suppose. I’m thinking that the term ‘whistle-spyer’ is preferable to ‘spy-blower’.

“This is why you don’t hire brilliant people for jobs like this.”

more like “If you’re breaking all sorts of laws and routinely wiping your butt with the constitution then don’t hire brilliant people.”

I thought this guy had only a GED. Now, he’s brilliant? Never believe a word that comes out this administration’s mouth. If this cr*p was true why did he have a job that was high enough to access all these identies? This administration is undoubtedly the most incompetent we have ever had. Governemnt started falling apart when we eliminated the civil service tests and dumbed down the requirements for federal employment.

    Henry Hawkins in reply to BarbaraS. | August 29, 2013 at 4:41 pm

    Never equate education with smarts. I’ve known more brilliant people with a high school diploma/GED than with grad degrees. The degradation of American education did not stop at the 12th grade.

Mandy’s ongoing posts about Snowden have been outstanding.

assemblerhead | August 29, 2013 at 4:12 pm

The NSA did no internal security.

They did not segment their network. There are no gateway controllers or loggers. They had / have no internal access controls.

A ‘root’ access user could have made a beginners typo and WIPED CLEAN every single machine in the server farm.

( Don’t do this on Unix or Linux as ‘root’ : rm -Rf / )

The NSA / Administration is lying. Its easy to be smarter than the NSA’s drooling idiots.

Assumptions aren’t facts.

A long time ago, before we had the atomic bomb, men were working at Los Alamos. On the Manhattan project.

Dr. Richard Feynman would go around and lean an elbow on a filing cabinet. The “numbers” were key to his understanding on how safes worked. And, he’d do this to PROVE to the “brass” that they weren’t storing the secrets, correctly.

In one particular instance, a giant safe was delivered to the head honcho. You know the rest. He NEVER reset the tumblers. You could open the safe just turning to zero in one direction … and, then turning back.


And, on 9/11 we lost our US Constitutional protections!

You think we caught terrorists? (In England, the courts are freeing Bin Laden’s driver. I kid you not. He was just a driver. He wasn’t a terrorist.)

I give Snowden credit. He wanted Americans to see what has happened to our precious US Constitution. (John Roberts is WORSE than Taney!) I wish there was a way to blow up the secret courts this stinking judge put into place!

How do you like that it’s called “the patriot act” when there’s nothing patriotic about it?

Good grief. This is the quality of intelligence agency that we have?

That they allowed a lower class clearance employee to be able to access high class clearance employees accounts?

Geez Louise, that’s basic stuff there. Also compartmentalization. He should never have had such an extensive field to choose from.

And just for comparison, Snowden’s Top Secret clearance doesn’t mean he normally handled Top Secret classified documents. (well maybe they do it that way now)

When I had a Top Secret clearance, it was understood that I could only work/see/handle confidential classified stuff.

They usually (used to) would vet you for a clearance one step above what you would be actually working with.

This case also highlights the major known cause of security breaches; personnel. Oh there’s some external hacking but the majority of the root of most breaches is a disgruntled or paid off employee.

So let that be a lesson to anyone who shares a computer or hires IT techs. If you want to keep things secure, vet your employees and compartmentalize your security so that no one person can breach the entire system.

[…] Snowden reportedly assumed digital identities of other NSA employees to access files ( […]

Just a thought, but why would the government necessarily know if and when he was creating and accessing other user accounts for information when we’ve seen in this administration that the creation of “dummy accounts” (such as “Richard Windsor”) seems to be common practice? Would investigating account ‘hacking’ make it more apparent how many of these dummy accounts have been created for one purpose or another? I mean, it’s pretty hard to talk to “Richard Windsor” about his logon activity, isn’t it?

A system administrator’s duties include (among other things) creating user profiles and configuring them (set the initial password, reset if requested and validated) and managing the access control lists.

Thus he has the inherent power to impersonate anyone and access anything. You can think of him as the locksmith.