Snowden Clowned the NSA

At the NSA thumb drives are banned. Most systems have the USB ports disabled. And you especially would not expect a classified workstation to have a working USB drive. But Edward Snowden, the NSA leaker, found a system with a working USB drive. He used a thumb drive to swipe the classified data that he leaked to the press.

From Yahoo here:

The NSA leaker reportedly just walked out of work with some of America’s big secrets on a thumb drive in his pocket
A week after Edward Snowden’s leaks about National Security Agency surveillance and data-gathering were first reported, and four days after he revealed himself as the leaker, the news media is figuring out how the 29-year-old IT systems administrator managed his potentially huge data heist.

If you’re concerned about national security, the new revelations will probably dismay you; if you appreciate leaking of government secrets, Snowden’s technique is likely encouraging: Theft by thumb drive.

The NSA and other spy and military agencies have long known the dangers of the innocent-seeming portable USB flash drive. In October 2008, the NSA discovered that a thumb drive loaded with malware had infected the military’s secure internal network. The Pentagon then (at least temporarily) banned the use of thumb drives — NSA commanders even reportedly ordered USB ports filled in with liquid cement.

Snowden also proved that the NSA is lax in its efforts to compartmentalize information. People with a clearance are only supposed to be allowed to access data that they have a need to know about. Such policies are supposed to be enforced by rights and privileges on the network, but it is clear that Snowden, on the job for only a month, had access to data he shouldn’t have had.

To me it is startling that the NSA, who literally writes books and guidelines on computer security, has a soft and chewy interior like so many modern corporate environments. Snowden may have broken a law by leaking, but the NSA’s lax policies were his biggest enabler.