It's Easier to Steal State Secrets if You Take Your Co-Worker's High-Access Password

Future Tense
The Citizen's Guide to the Future
Feb. 13 2014 1:38 PM

It's Easier to Steal State Secrets if You Take Your Co-Worker's High-Access Password

184211606-frame-grab-made-from-afptv-footage-reportedly-taken-on
Some of the information Edward Snowden aquired came from classified documents he accessed using stolen login credentials from a co-worker.

Photo by AFPTV/AFP/Getty Images

We've all been there. Your security clearance isn't high enough to get all the information you want to steal for your high-profile whistle-blowing campaign. What to do? Trick a co-worker with higher clearance into typing his or her credentials on your computer. Then you capture the keystrokes and exploit that password until you have everything you want. Petty office politcs, amirite?

This is apparently how Edward Snowden filled in some of the gaps during his data dump days at the NSA. A memo filed earlier this week by Ethan Bauman, the NSA’s director of legislative affairs, shows that a civilian employee Snowden duped has resigned following the revocation of his or her security clearance. The memo, an unclassified document “for official use only” that was obtained by NBC, says, “Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information.” Similar evidence emerged in Novemeber that Snowden had tricked 20-25 employees into giving him their passwords. The NSA questioned a number of them, and they lost their assignments.

Advertisement

This most recent memo describes the employee typing his or her “public key infrastructure” certificate into Snowden's computer, thus giving Snowden access to a broader swath of the NSA's internal network. And though the employee didn't know  Snowden's intent, he or she  “failed to comply with security obligations,” according to the memo.

An active duty military member and a contractor have apparently also been “implicated” and have lost their security clearances. So far the NSA's action plan for responding to the security breach hasn't been clear, but this memo is one of the first major, public signs of movement on that front. The takeaway here for NSA employees and just everyone is don't give your passwords out. Just don't. Come on, people.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.

TODAY IN SLATE

The World

The Budget Disaster that Sabotaged the WHO’s Response to Ebola

Are the Attacks in Canada a Sign of ISIS on the Rise in the West?

PowerPoint Is the Worst, and Now It’s the Latest Way to Hack Into Your Computer

Watch Little Girls Swear for Feminism

Fascinating Maps Based on Reddit, Craigslist, and OkCupid Data

Education

Welcome to 13th Grade!

Some high schools are offering a fifth year. That’s a great idea.

Culturebox

The Actual World

“Mount Thoreau” and the naming of things in the wilderness.

Want Kids to Delay Sex? Let Planned Parenthood Teach Them Sex Ed.

Can Democratic Sen. Mary Landrieu Pull Off One More Louisiana Miracle?

  News & Politics
The World
Oct. 23 2014 1:51 PM Is This the ISIS Backlash We've Been Waiting For?
  Business
Business Insider
Oct. 23 2014 2:36 PM Take a Rare Peek Inside the Massive Data Centers That Power Google
  Life
Atlas Obscura
Oct. 23 2014 1:34 PM Leave Me Be Beneath a Tree: Trunyan Cemetery in Bali
  Double X
The XX Factor
Oct. 23 2014 11:33 AM Watch Little Princesses Curse for the Feminist Cause
  Slate Plus
Working
Oct. 23 2014 11:28 AM Slate’s Working Podcast: Episode 2 Transcript Read what David Plotz asked Dr. Meri Kolbrener about her workday.
  Arts
Culturebox
Oct. 23 2014 1:46 PM The Real Secret of Serial Has Sarah Koenig made up her mind yet? 
  Technology
Technology
Oct. 23 2014 11:45 AM The United States of Reddit  How social media is redrawing our borders. 
  Health & Science
Bad Astronomy
Oct. 23 2014 7:30 AM Our Solar System and Galaxy … Seen by an Astronaut
  Sports
Sports Nut
Oct. 20 2014 5:09 PM Keepaway, on Three. Ready—Break! On his record-breaking touchdown pass, Peyton Manning couldn’t even leave the celebration to chance.