Snowden tricked NSA - and they don't know how he did it

24 Aug, 2013 17:48 / Updated 11 years ago

While collecting data Edward Snowden was able to evade all safeguards at the NSA, leaving the agency puzzled at how he did it, according to new report. Officials worry that the ease with which he covered his tracks means another breach could happen.

Information logs exist to tell the government who tried to view or copy classified information without the proper clearance, but Snowden appears to have bypassed or deleted them, while working as a system administrator with contractor Booz Allen Hamilton in Hawaii. The revelations come from government officials speaking to The Associated Press on condition of anonymity, as they were prevented from publicly disclosing new information about the Snowden case.

This is a worrying development for the Obama administration, which has been at pains to prove to the American public that the NSA’s computer system cannot be taken advantage of so easily. Therefore, if Snowden could single-handedly circumvent its cyber defenses, the question stands as to who else can gain instant access to the vast stream of data the clandestine organization intercepts every day.

NSA Director Keith Alexander could not tell the press in July what exactly Snowden might have had access to, downloaded or taken with him, citing an ongoing investigation. This was nearly two months after the leaks took place.

When Snowden had the job of system administrator, he possessed enough security privileges to access data remotely, browse it freely, as well as take it off its home servers and copy it onto portable drives. According to Alexander, this is how the information was leaked.

NSA spokeswoman Vanee Vines then told the AP that Alexander "had a sense of what documents and information had been taken," but "he did not say the comprehensive investigation had been completed." She did not say if Snowden was capable of viewing or downloading the documents without the organization’s knowledge.

A key reason behind Snowden’s success may have been that the data was not very clearly compartmentalized, meaning that specialists in one area could easily browse information they would never plausibly need, provided they had the right security clearance.

It is not even clear whether Snowden had to use any 'hacking' skills to collect that data, or if he simply misapplied the powers legally allocated to him.

Deputy Attorney General James Cole defended the government’s spying activities in Congress in July, saying that employees who have access to NSA’s programs are effectively monitored by the government.

"Everything that is done under [the program] is documented and reviewed before the decision is made and reviewed again after these decisions are made to make sure that nobody has done the things that you're concerned about happening."


One of his most crucial leaks was the truth about the US government’s use of a program that hoarded metadata of communications between American citizens and intercepted all incoming and outgoing internet traffic in the country, before redirecting it straight to the NSA servers.

Officials say that despite leaking information for months without getting caught, it may be possible that Snowden did not know how exactly the surveillance programs themselves functioned.

Snowden has since traversed the globe in pursuit of political asylum, and succeeded with Russia. Washington has been highly critical of Moscow’s actions and as a gesture of disapproval, even gone as far as cancel an unrelated meeting between President Barack Obama and Russian President Vladimir Putin in Moscow.

The NSA is now reportedly “overwhelmed” with trying to figure out what data and how much of it Snowden managed to steal, said NBC News on Thursday.

This news, together with the case of Bradley Manning, who between 2009 and 2010 leaked hundreds of thousands of highly classified documents, has forced the US government to consider the issue of internal threats to its national security. The 2013 Intelligence Authorization Act now includes a proposal by Congress to create an automated computer program for the detection of such insider threats.