NSA: Others Implicated in Making Snowden Data Leaks Possible 118
NBC News reports that "A civilian NSA employee recently resigned after being stripped of his security clearance for allowing former agency contractor Edward Snowden to use his personal log-in credentials to access classified information, according to an agency memo obtained by NBC News. In addition, an active duty member of the U.S. military and a contractor have been barred from accessing National Security Agency facilities after they were 'implicated' in actions that may have aided Snowden, the memo states. Their status is now being reviewed by their employers, the memo says." You can read the memo for yourself.
Keylogger, not sharing (Score:5, Informative)
“At Snowden’s request,” the civilian NSA employee, who is not identified by name, entered his password onto Snowden’s computer terminal, the memo states.
“Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information,” the memo states.
Snowden lied to the other employee in order to steal classified information.
Re:I wonder - was it social engineering? (Score:5, Informative)
It has already been revealed he did stuff like that.
But at an agency which is supposed to be secretive and paranoid -- if you have people falling for that, they're really not qualified to be working in that kind of environment.
Every few months my company sends out test emails to check for phishing, people's likelihood to click on spam, or chance of falling for social engineering. If you fail, you get sent to remedial data security training. If you repeatedly fail, they might decide you can't really be trusted around computers.
If the NSA has people who are not aware enough of these things to not do it, then they're doing a piss-poor job of training their people. There really is no excuse for people who have access to Top Secret information falling for this kind of thing -- there should never be a situation in which it makes sense to give your password to IT as far as I'm concerned.
Re:D'oh! (Score:5, Informative)
Apart from the fact that I'm glad the leaks happened, it betrays an extraordinary amount of stupidity on the part of those who gave Snowden their credentials and indicates, at least to me, a considerable lack of training.
The company I run has some government contracts dealing with a considerable amount of very personal and detailed information of unemployed and disabled persons. I can tell you right now that we regularly drum into everyone's heads the level of confidentiality we require, that under no circumstances are you to give someone your IDs and passwords, or let them use your workstation while you're logged in. Every access to client information is logged, and information is strictly limited to what is needed by each employee to do their job.
Re:Snowden did not act alone (Score:4, Informative)
It means justice is in bed with corrupt institutions.
No. It means that justice is dead and the corrupt institutions have a penchant for necrophilia and buggery.
Re:No hardware access tokens? (Score:5, Informative)
HSPD-12 says that since 2006, they are REQUIRED (**SHALL**) to use them.
Doesn't mean they do. Just sayin'.
Re:D'oh! (Score:5, Informative)
Yes it is. The people looking up their girlfriends info and obviously violating FISA warrants don't get fired. The ones sending information to the FBI with "don't tell anybody we are doing this and make sure to claim your "investigation" started with some other evidence don't get fired.
Re:Keylogger, not sharing (Score:2, Informative)