Risk
6/11/2013
11:31 AM
50%
50%

9 Facts About NSA Prism Whistleblower

Here's what we know about Edward J. Snowden, the NSA contractor last seen in Hong Kong -- and why the Bradley Manning case could affect Snowden's fate.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Who is Edward Joseph Snowden?

Snowden, 29, has come forward to say that he's responsible for leaking information about the NSA's online communications surveillance program, known as Prism, to the Guardian, as well as leaking details of the NSA's access to U.S. phone call metadata to The Washington Post.

By some estimations, they are the most important leaks in U.S. history, surpassing even Daniel Ellsberg's release of the secret history of the Vietnam War known as the Pentagon Papers, as well as the leak of classified State Department cables and information relating to the wars in Afghanistan and Iraq to WikiLeaks, for which Pfc. Bradley Manning has been charged and is only now standing trial. Furthermore, according to The Guardian, Snowden has leaked "thousands" of documents, of which "dozens" are newsworthy and not all have yet been published.

[ What happens when leak controversies spill over into other areas of business? Read DataCell Wins WikiLeaks Donation Case. ]

In the midst of these leaks, here's what we know about Snowden, as well as what might be in store for him:

1. From Army Veteran To CIA Employee.

Snowden is a 29-year-old former technical assistant for the Central Intelligence Agency who's been working at the National Security Agency for the past four years as a contractor employed by various firms, including Dell and most recently Booz Allen. He told The Guardian that he earned about $200,000 a year, which commentators said would be a commensurate salary for a contract NSA IT administrator who holds a valuable top-secret clearance.

Sunday, Booz Allen issued a statement confirming that Snowden "has been an employee of our firm for less than three months, assigned to a team in Hawaii."

How did Snowden come to work in IT? Long interested in computers, he enlisted in the Army Reserve in 2003 in a Special Forces training program, but was discharged four months later after breaking both of his legs in a training accident. According to news reports, he then began a job as a security guard at a covert CIA facility in Maryland, then moved to an information security job with the CIA.

2. Snowden Requests No Anonymity.

Snowden purposefully requested that after publishing the leaked data, both The Guardian and Post identify him by name. "I have no intention of hiding who I am because I know I have done nothing wrong," Snowden told The Guardian, emphasizing that he's not seeking media attention.

"I don't want public attention because I don't want the story to be about me. I want it to be about what the U.S. government is doing," he said. "The government has granted itself power it is not entitled to. There is no public oversight. The result is people like myself have the latitude to go further than they are allowed to."

3. Reason For Leak: Dismantle "Architecture Of Oppression."

In a video interview, Snowden said the rationale for the leak was to highlight the extent to which the U.S. government was spying on its own citizens, and that he was no longer able to countenance working a job that involved building an "architecture of oppression."

"The NSA has built an infrastructure that allows it to intercept almost everything. With this capability, the vast majority of human communications are automatically ingested without targeting," he told The Guardian. "If I wanted to see your emails or your wife's phone, all I have to do is use intercepts. I can get your emails, passwords, phone records, credit cards."

"I do not want to live in a world where everything I do and say is recorded," he said. "That is not something I am willing to support or live under."

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Five Things Every Business Executive Should Know About Cybersecurity
Don't get lost in security's technical minutiae - a clearer picture of what's at stake can help align business imperatives with technology execution.
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.