How Did Snowden Do It?

Experts piece together clues to paint possible scenarios for how the NSA contractor accessed, downloaded, and leaked secret agency documents on its spying operations
Venafi, meanwhile, outlined in its report what we know about Snowden's work responsibilities and role: As a contractor, he would have a CAC card with its own crypto keys and digital certificates that authenticated him and provided him access to information he was allowed to reach. And as a systems admin, he would use SSH keys to authenticate to and manage systems he oversaw.

"Prior to working for the NSA, Snowden is known to have tested the limits of his administrator privileges to gain unauthorized access to classified information while at his CIA post in Geneva, Switzerland," Venafi said in its report. And Snowden was known to have thin-client, not full client, access to NSA's network.

Snowden likely used his own access to see what was out there and got into areas he wasn't authorized via other admin SSH keys, Venafi believes. "Using usernames and passwords from colleagues could afford him more opportunities to take keys or insert his own as trusted. Having 'root' or equivalent administrative status gave Snowden total access to all data," the report says. He downloaded the files via encrypted sessions that were authenticated with self-signed certificates, Venafi surmises.

"We know he had privileges because he was able to hide his tracks and edit the activity logs," Hudson says.

[The NSA leaks by a systems administrator have forced enterprises to rethink their risks of an insider leak and their privileged users' access. See 5 Steps To Stop A Snowden Scenario.]

"As a leading organization responsible for contributing to U.S. national and global cyberdefense, the NSA has a responsibility to disclose the truth behind the breach," Hudson says.

But it's unlikely the NSA will ever pony up publicly with the details on how Snowden was able to execute the embarrassing and massive insider attack.

"I don't think we'll ever get the truth out of the NSA, or an accurate portrayal from Snowden, either," DLP Experts' Thorkelson says. "I have to believe he has publishers just pounding on his door ... He's going to [eventually] have a financial motive."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.