– Snowden Smuggled Documents From NSA on a Thumb Drive (Wired, June 13, 2013):
The dreaded thumb drive has struck the Defense Department again as word comes that NSA whistleblower Edward Snowden smuggled out thousands of classified documents on one of the portable devices, despite the military’s efforts to ban them.
Investigators also know how many documents Snowden downloaded from the NSA network and what server he took them from, according to The Los Angeles Times, quoting an unnamed official.
Officials have not indicated how many documents Snowden swiped, but the Guardian reported this week that Snowden left Hawaii with four laptops that “enabled him to gain access to some of the US government’s most highly-classified secrets.”
Snowden was a systems administrator, contracted out to the NSA by Booz Allan Hamilton. He worked at the NSA’s facility in Hawaii just four weeks before he asked for a leave of absence without pay, then absconded with the documents he’d siphoned from the NSA network on the thumb drive and flew to Hong Kong, where he’s been since May 20.
The Defense Department first banned thumb drives after its systems were infected with a virus in 2008 , which was introduced to its network on one of the devices. The malware was believed to have been picked up by a soldier who visited an internet cafe in Afghanistan. The ban was later lifted.
Then, two years later, former Army intelligence analyst Bradley Manning siphoned more than a million government documents from classified networks using a thumb drive and other removable media, including a CD-ROM that he labeled as a Lady Gaga music CD.
In December 2010 Maj. Gen. Richard Webber, commander of Air Force Network Operations, sent out a notice to airmen instructing them to “immediately cease use of removable media on all systems, servers, and stand alone machines residing on SIPRNET,” the Defense Department’s secret network.
“Unauthorized data transfers routinely occur on classified networks using removable media and are a method the insider threat uses to exploit classified information,” the note said. “To mitigate the activity, all Air Force organizations must immediately suspend all SIPRNET data transfer activities on removable media.” Similar notices went out to other branches of the military.
But such bans are not easy to enforce. A former official of the NSA, which is a branch of the Defense Department, told the Times, “Of course, there are always exceptions” to the thumb drive ban. “There are people who need to use a thumb drive and they have special permission. But when you use one, people always look at you funny.”
Some of those exceptions are people like system administrators, who need to be able to use thumb drives and other portable media to manage systems.
As a system administrator, Snowden would have had more freedom on the NSA’s networks and more access to parts of it than average workers. He also likely would have drawn little suspicion with a thumb drive.
So far little of what Snowden took has been leaked. A 41-slide PowerPoint presentation that he gave to the Guardian and the Washington Post has only been published in part — just four of the slides have been revealed so far — and a court order to Verizon seeking phone records of millions of American customers. Documents pertaining to a second NSA program called Boundless Informant were also reportedly leaked by him to the Guardian, as was a Presidential Directive.
Officials say they don’t know how Snowden would have had access to the Verizon court order. The Guardian has never stated directly that Snowden was the source for the document.
Republican chairman of the House Intelligence Committee Mike Rogers (R-Michigan) told reporters that Snowden “attempted to go places that he was not authorized to go” on the NSA’s network and that a damage assessment was still underway to determine what else he may have taken, according to The New York Times.
“Candidly,” Rogers said, “nobody really knows the answer to that today. I think we will know the answer to that shortly.”
Rep. Loretta Sanchez (D-California) said on Wednesday that the revelations that Snowden made about the NSA’s data collection and surveillance program were just the “tip of the iceberg.”
She said, following a briefing on the issue with intelligence officials, that lawmakers had “learned significantly more than what is out in the media.”
On Thursday, NSA Director Gen. Keith Alexander also announced that the NSA would be releasing statistics on its data collection program in an effort to respond to pressure for more transparency, according to the Times.
He did not elaborate on the kind of statistics the NSA would release, but Google sent a letter to the Justice Department on Tuesday seeking permission to provide the public with statistics on the number of data requests it receives each year under the Foreign Intelligence Surveillance Act.
The company wants to respond to public concerns that it may be providing bulk data to the government, and Google said it hoped that by releasing statistics about the number of requests it receives and the number of user accounts affected by the requests, it would show that only a small fraction of users have been swept up in the requests. Facebook and Microsoft made similar pleas to the government following Google’s lead.