A civilian NSA employee recently
resigned after being stripped of his security clearance for allowing
former agency contractor Edward Snowden to use his personal log-in
credentials to access classified information, according to an agency memo obtained by NBC News.
In
addition, an active duty member of the U.S. military and a contractor
have been barred from accessing National Security Agency facilities
after they were “implicated” in actions that may have aided Snowden, the
memo states. Their status is now being reviewed by their employers, the
memo says.
The Feb. 10 memo, sent to congressional intelligence and judiciary committees this week,
provides the first official account of a sweeping NSA internal inquiry
aimed at identifying intelligence officials and contractors who may been
responsible for one of the biggest security breaches in U.S. history.
The memo is unclassified but labeled “for official use only.”
"Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information.”
While
the memo’s account is sketchy, it suggests that, contrary to Snowden’s
statements, he used an element of trickery to retrieve his trove of tens
of thousands of classified documents: “At Snowden’s request,” the
civilian NSA employee, who is not identified by name, entered his
password onto Snowden’s computer terminal, the memo states.
“Unbeknownst
to the civilian, Mr. Snowden was able to capture the password, allowing
him even greater access to classified information,” the memo states.
The
memo states that the civilian employee was unaware that Snowden
“intended to unlawfully disclose classified information.” Nevertheless,
by sharing with Snowden his personal “public key infrastructure”
certificate -- a system of highly secure credentials that provided
greater access to NSA’s internal computer system -- the employee “failed
to comply with security obligations,” the memo states. As a result, the
employee’s security clearance was revoked in November and the NSA has
notified the Justice Department that he recently resigned. (A public key infrastructure certificate
is a highly secure system of password and log-in exchanges designed to
protect against unauthorized access to sensitive computer networks.)
The
memo does not explain what actions the U.S. military member and the
contractor took that caused them to lose their access to NSA facilities.
"Has anybody been disciplined at NSA for dropping the ball so badly?”
The Feb. 10 memo was
signed by Ethan Bauman, the NSA’s director of legislative affairs. It
was sent to the congressional committees after repeated questions from
senior members about whether the NSA intended to hold any of its
employees accountable for the security lapses that enable Snowden to
gain access to massive volumes of classified documents that he later
leaked to the news media
“Has
anybody been disciplined at NSA for dropping the ball so badly?” Senate
Judiciary Committee Chairman Sen. Patrick Leahy, D-Vt., demanded of NSA
Director Gen. Keith Alexander at a Dec. 11 hearing. Alexander at the
time replied that the agency had three “cases” that “we’re currently
reviewing.” (An NSA spokeswoman Vanee Vines declined comment Wednesday
night, writing in an email: “I don’t have anything for your story.”)
The
question of how Snowden was able to obtain as much classified material
as he did while working at a remote NSA station in Hawaii has been the
subject of intensive investigation by the U.S. intelligence community
for months.
Reuters reporters Mark Hosenball and Warren Strobel reported in November that Snowden used login credential and passwords provided “unwittingly” by colleagues
at the Hawaii spy base. The Reuters report said Snowden “may have
persuaded between 20 and 25 fellow workers” to give him their passwords.
But the NSA never publicly commented on that report and Snowden
appeared to deny it during a public Google chat on Jan. 23.
“Was
the privacy of your co-workers considered while you were stealing their
log-in and password information?” Snowden was asked during the chat.
“With
all due respect to Mark Hosenball, the Reuters report that put this out
there was simply wrong,” Snowden replied. “I never stole any passwords,
nor did I trick an army of co-workers.”
Ben Wizner, a lawyer for the ACLU who represents Snowden, did not immediately respond to phone and email requests for comment.
No hay comentarios:
Publicar un comentario