Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9 Facts About NSA Prism Whistleblower

Here's what we know about Edward J. Snowden, the NSA contractor last seen in Hong Kong -- and why the Bradley Manning case could affect Snowden's fate.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Who is Edward Joseph Snowden?

Snowden, 29, has come forward to say that he's responsible for leaking information about the NSA's online communications surveillance program, known as Prism, to the Guardian, as well as leaking details of the NSA's access to U.S. phone call metadata to The Washington Post.

By some estimations, they are the most important leaks in U.S. history, surpassing even Daniel Ellsberg's release of the secret history of the Vietnam War known as the Pentagon Papers, as well as the leak of classified State Department cables and information relating to the wars in Afghanistan and Iraq to WikiLeaks, for which Pfc. Bradley Manning has been charged and is only now standing trial. Furthermore, according to The Guardian, Snowden has leaked "thousands" of documents, of which "dozens" are newsworthy and not all have yet been published.

[ What happens when leak controversies spill over into other areas of business? Read DataCell Wins WikiLeaks Donation Case. ]

In the midst of these leaks, here's what we know about Snowden, as well as what might be in store for him:

1. From Army Veteran To CIA Employee.

Snowden is a 29-year-old former technical assistant for the Central Intelligence Agency who's been working at the National Security Agency for the past four years as a contractor employed by various firms, including Dell and most recently Booz Allen. He told The Guardian that he earned about $200,000 a year, which commentators said would be a commensurate salary for a contract NSA IT administrator who holds a valuable top-secret clearance.

Sunday, Booz Allen issued a statement confirming that Snowden "has been an employee of our firm for less than three months, assigned to a team in Hawaii."

How did Snowden come to work in IT? Long interested in computers, he enlisted in the Army Reserve in 2003 in a Special Forces training program, but was discharged four months later after breaking both of his legs in a training accident. According to news reports, he then began a job as a security guard at a covert CIA facility in Maryland, then moved to an information security job with the CIA.

2. Snowden Requests No Anonymity.

Snowden purposefully requested that after publishing the leaked data, both The Guardian and Post identify him by name. "I have no intention of hiding who I am because I know I have done nothing wrong," Snowden told The Guardian, emphasizing that he's not seeking media attention.

"I don't want public attention because I don't want the story to be about me. I want it to be about what the U.S. government is doing," he said. "The government has granted itself power it is not entitled to. There is no public oversight. The result is people like myself have the latitude to go further than they are allowed to."

3. Reason For Leak: Dismantle "Architecture Of Oppression."

In a video interview, Snowden said the rationale for the leak was to highlight the extent to which the U.S. government was spying on its own citizens, and that he was no longer able to countenance working a job that involved building an "architecture of oppression."

"The NSA has built an infrastructure that allows it to intercept almost everything. With this capability, the vast majority of human communications are automatically ingested without targeting," he told The Guardian. "If I wanted to see your emails or your wife's phone, all I have to do is use intercepts. I can get your emails, passwords, phone records, credit cards."

"I do not want to live in a world where everything I do and say is recorded," he said. "That is not something I am willing to support or live under."

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19729
PUBLISHED: 2019-12-11
An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects _bsontype==ObjectID in the user-inpu...
CVE-2019-19373
PUBLISHED: 2019-12-11
An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parame...
CVE-2019-19374
PUBLISHED: 2019-12-11
An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the se...
CVE-2014-7257
PUBLISHED: 2019-12-11
SQL injection vulnerability in DBD::PgPP 0.05 and earlier
CVE-2013-4303
PUBLISHED: 2019-12-11
includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-s...