Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9 Facts About NSA Prism Whistleblower

Here's what we know about Edward J. Snowden, the NSA contractor last seen in Hong Kong -- and why the Bradley Manning case could affect Snowden's fate.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Who is Edward Joseph Snowden?

Snowden, 29, has come forward to say that he's responsible for leaking information about the NSA's online communications surveillance program, known as Prism, to the Guardian, as well as leaking details of the NSA's access to U.S. phone call metadata to The Washington Post.

By some estimations, they are the most important leaks in U.S. history, surpassing even Daniel Ellsberg's release of the secret history of the Vietnam War known as the Pentagon Papers, as well as the leak of classified State Department cables and information relating to the wars in Afghanistan and Iraq to WikiLeaks, for which Pfc. Bradley Manning has been charged and is only now standing trial. Furthermore, according to The Guardian, Snowden has leaked "thousands" of documents, of which "dozens" are newsworthy and not all have yet been published.

[ What happens when leak controversies spill over into other areas of business? Read DataCell Wins WikiLeaks Donation Case. ]

In the midst of these leaks, here's what we know about Snowden, as well as what might be in store for him:

1. From Army Veteran To CIA Employee.

Snowden is a 29-year-old former technical assistant for the Central Intelligence Agency who's been working at the National Security Agency for the past four years as a contractor employed by various firms, including Dell and most recently Booz Allen. He told The Guardian that he earned about $200,000 a year, which commentators said would be a commensurate salary for a contract NSA IT administrator who holds a valuable top-secret clearance.

Sunday, Booz Allen issued a statement confirming that Snowden "has been an employee of our firm for less than three months, assigned to a team in Hawaii."

How did Snowden come to work in IT? Long interested in computers, he enlisted in the Army Reserve in 2003 in a Special Forces training program, but was discharged four months later after breaking both of his legs in a training accident. According to news reports, he then began a job as a security guard at a covert CIA facility in Maryland, then moved to an information security job with the CIA.

2. Snowden Requests No Anonymity.

Snowden purposefully requested that after publishing the leaked data, both The Guardian and Post identify him by name. "I have no intention of hiding who I am because I know I have done nothing wrong," Snowden told The Guardian, emphasizing that he's not seeking media attention.

"I don't want public attention because I don't want the story to be about me. I want it to be about what the U.S. government is doing," he said. "The government has granted itself power it is not entitled to. There is no public oversight. The result is people like myself have the latitude to go further than they are allowed to."

3. Reason For Leak: Dismantle "Architecture Of Oppression."

In a video interview, Snowden said the rationale for the leak was to highlight the extent to which the U.S. government was spying on its own citizens, and that he was no longer able to countenance working a job that involved building an "architecture of oppression."

"The NSA has built an infrastructure that allows it to intercept almost everything. With this capability, the vast majority of human communications are automatically ingested without targeting," he told The Guardian. "If I wanted to see your emails or your wife's phone, all I have to do is use intercepts. I can get your emails, passwords, phone records, credit cards."

"I do not want to live in a world where everything I do and say is recorded," he said. "That is not something I am willing to support or live under."

 

Recommended Reading:

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16271
PUBLISHED: 2020-08-03
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection.
CVE-2020-16272
PUBLISHED: 2020-08-03
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection.
CVE-2020-8574
PUBLISHED: 2020-08-03
Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.
CVE-2020-8575
PUBLISHED: 2020-08-03
Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS).
CVE-2020-12739
PUBLISHED: 2020-08-03
A vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices. The vulnerability is due to improper design or implementation of the Ethernet communication modules of the CNC. An attack...