The name Edward Snowden is one that dominated world news in 2013 and will continue to do so in 2014. Even though, perhaps not surprisingly, he failed to make the Google Trends Top 10 of 2013, he was voted Person Of The Year 2013 by The Guardian, and his leaked documents from the US National Security Agency have caused global outrage, political panic, diplomatic incidents and a huge debate about where national security starts and personal privacy ends.
His leaks have revealed the full extent of government-endorsed surveillance on personal emails and telephone and mobile communications, as well as divulging how global corporations have co-operated in this mass surveillance. The controversy around Snowden’s leaks continues to rumble on, with the NSA website being the victim of a DDoS attack from hacktivist organisation Anonymous in October. Hackers used DDoS tactics to bring down the entire NSA website in protest against the treatment of Snowden, showing that the NSA is not DDoS Assured. Indeed, defending against DDoS attacks should be high on its priority list right now as it looks to tighten up security in light of the Snowden revelations. So how did Edward Snowden manage to leak such explosive information?
“A genius among geniuses”
Snowden is undoubtedly an expert in his field, and although he only worked as a contractor for the NSA at the time of the leaks, they had approached him with an offer of a position on their elite team of hackers, a group known as Tailored Access Operations. This team’s task was to work on DDoS protection and simulate possible attacks. Former colleagues have described Snowden as a“genius among geniuses”, yet it appears it wasn’t his expertise in DDoS protection that helped his acquisition of the leaked documents.
Simple security lapses
Indeed, although his knowledge of defending against DDoS attacks was what enabled him to be given a highly trusted position, particularly for a contractor, it was the NSA’s simple security lapses which seem to have allowed him to access highly sensitive information. As a contractor responsible for fixing issues with the NSA’s infrastructure, it appears he was granted system administrator rights for huge swathes of the NSA’s computer systems. He was able to login as if an NSA employee, access documentation and even copy files to external drives, all by virtue of being a ‘system administrator’. The fact that there seems to have been no consideration of restricting access to certain sensitive areas of the system, even for administrators, is a major oversight on the part of the NSA and hugely embarrassing for them.
Even though Edward Snowden was a hugely competent web security analyst, who had the knowledge of DDoS protection and hacking techniques, it appears that it was a far more fundamental oversight of access rights which helped him shock the world with explosive leaks. We can be certain that the NSA will be spending huge amounts of time and money ensuring that such a simple leak cannot happen again.