How Snowden did it

[InfoSec News <alerts () infosecnews org>]

http://investigations.nbcnews.com/_news/2013/08/26/20197183-how-snowden-did-it

By Richard Esposito and Matthew Cole
NBC News
August 26, 2013

When Edward Snowden stole the crown jewels of the National Security 
Agency, he didn't need to use any sophisticated devices or software or go 
around any computer firewall.

All he needed, said multiple intelligence community sources, was a few 
thumb drives and the willingness to exploit a gaping hole in an antiquated 
security system to rummage at will through the NSA's servers and take 
20,000 documents without leaving a trace.

"It's 2013 and the NSA is stuck in 2003 technology," said an intelligence 
official.

Jason Healey, a former cyber-security official in the Bush Administration, 
said the Defense Department and the NSA have "frittered away years" trying 
to catch up to the security technology and practices used in private 
industry.  "The DoD and especially NSA are known for awesome cyber 
security, but this seems somewhat misplaced," said Healey, now a cyber 
expert at the Atlantic Council. "They are great at some sophisticated 
tasks but oddly bad at many of the simplest."

As a Honolulu-based employee of Booz Allen Hamilton doing contract work 
for the NSA, Snowden had access to the NSA servers via "thin client" 
computer. The outdated set-up meant that he had direct access to the NSA 
servers at headquarters in Ft. Meade, Md., 5,000 miles away.

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/