Prism internet surveillance whistleblower Edward Snowden accessed the secret documents in a file-sharing location, US National Security Agency (NSA) officials have revealed.
The file-sharing location had been set up on the NSA’s intranet to enable NSA analysts and officials to read and discuss them, government officials told NPR news.
Such file-sharing locations were set up after it was revealed that intelligence agencies failed to "connect the dots" before the 9/11 attacks in 2001 because they were unaware of what other agencies knew.
Snowden’s top secret clearance required to do his job as an IT systems administrator enabled him to access memoranda, presentations, reports, court orders and opinions related to Prism.
As part of his job, Snowden was required to move especially sensitive documents to a more secure location, which the officials said was the perfect cover.
The officials would not reveal how Snowden was able to take the copies he made of the documents out of his workplace, saying this was part of the ongoing investigation in the case.
However, the officials revealed that some NSA computers had been equipped with USB ports where memory sticks could be used, but since the leaks, the NSA has limited the options employees have for storing data on their own, including memory sticks.
The NSA plans to introduce a “two-man” rule to remove anonymity from its network by ensuring no one with privileged access to its network is ever unsupervised.
The NSA also plans to mark sensitive documents and data with identifiers that will limit access to those who need to see the documents and who are authorised by NSA leadership to view them. The tagging will also allow supervisors to see what individuals do with the data they see and handle.
“The Snowden leak is a wake-up call that the most serious breaches involve insider threats and privileged users, or even advanced threats that use internal privileges to escalate attacks,” said Eric Chiu, president and co-founder of cloud infrastructure control firm HyTrust.
“Snowden’s privileged access allowed him to single-handedly access and copy confidential information without being detected,” he said.
According to Chiu, companies need to shift their thinking from an "outside-in" model of security to an "inside out" approach.
“Only by implementing strong access controls, including the recent NSA-required 'two-man' rule, as well as role-based monitoring, can you secure critical systems and data against these threats and prevent breaches as well as datacentre failures,” he said.
19 Sep 2013