MP3 Audio

NPR’s Morning Edition has a very interesting report on how Edward Snowden pulled off his document theft, and it turns out he did no “hacking” of any kind.

Snowden actually took advantage of a file-sharing system that was set up after the 9/11 attacks, to allow law enforcement and intelligence agencies to share top secret data more easily. As a system administrator, Snowden was assigned the job of moving especially sensitive documents off this file sharing system to a more secure location.

That was the perfect opportunity to make copies of his own, which Snowden obviously did. It didn’t require any super-spy encryption expertise; he simply copied a bunch of documents to which he was — unfortunately — given access.

And he probably got them out of the facility on USB thumb drives, because, in what seems like a serious security lapse, some of the computers where Snowden worked had operational USB ports:

Snowden’s supervisors, however, did not realize that he was making digital copies of the secret documents. The officials interviewed by NPR would not say how Snowden managed to take the files out of his workplace, citing the ongoing investigation.

As of June, when Snowden’s disclosures became public, some NSA computers were equipped with USB ports where thumb drives could be used. As the NSA’s chief technologist and information officer, Anderson is responsible for implementing security reforms to guard against future data leaks. NSA security officers have now limited the options employees have for storing data on their own, thumb drives included.

“One thing we have done post-media leaks,” Anderson says, “is lock those down hard, so those are [now] all in two-person control areas.”

Among the other seriously damaging aspects of Snowden’s espionage: the information sharing that was implemented after 9/11 to protect US citizens against attacks will now become much more restricted and much less useful.