Questions were raised Friday about security procedures at the ultra-secret National Security Agency, after it emerged that Edward Snowden, the contract employee who leaked details of the agency’s broad-scale data gathering on Americans, exceeded his authorized access to computer systems and smuggled out Top Secret documents on a USB drive — a thumb-sized data storage device banned from use on secret military networks.
“He should not have been able to do either of those things” without setting off alarm bells, said one private sector IT security specialist who has worked on U.S. government classified networks. He spoke on condition of anonymity because of the sensitivities of his current employer.
The NSA, which is still trying to ascertain the full extent of the breach, did not respond to a request for comment.
The Los Angeles Times first reported that Mr. Snowden used a USB thumb drive to smuggle electronic copies of an unknown number of classified documents out of the NSA facility in Hawaii where he worked. A U.S. official confirmed to The Washington Times “that’s one avenue” investigators are following.
The use of thumb drives on classified military systems — including those at NSA — has been effectively banned since malicious software, thought to be of Russian origin, infected the secret computer networks of U.S. Central Command five years ago.
A number of commercially available programs can switch off the USB port of every computer on the network.
“There is easily available software to do that,” said the security specialist, noting that there were also low-tech, more permanent means available.
“I have seen places where they used a hot glue gun to block it,” he said of the USB port.
Lawmakers briefed by NSA Director Gen. Keith Alexander have not commented on the thumb-drive, but have said that Snowden was able to do something else he should not have been able to — exceed his authorized access to the NSA’s computer systems.
“It’s clear that he attempted to go places that he was not authorized to go, which should raise questions for everyone,” said House Permanent Select Committee on Intelligence Chairman Michael Rogers, Michigan Republican, on Thursday.
He said investigators were trying to “determine exactly what information [Mr. Snowden] may have gotten” from the NSA, following claims by Glen Greenwald, the Guardian journalist who first broke the story, that he had “dozens” more documents from the self-proclaimed whistleblower.
“Candidly, nobody really knows” how much he might have gotten away with, added Mr. Rogers. “I think we will know the answer to that shortly.”
The specialist said Mr. Snowden’s ability to access highly classified documents he should not have been able to was unsurprising, depending on his clearance level.
He noted that admitted Wikileaks leaker Pfc. Bradley Manning, even though a low level intelligence analyst had “very broad access,” to the Secret-level classified US network called SIPRNet.