It's Easier to Steal State Secrets if You Take Your Co-Worker's High-Access Password

Future Tense
The Citizen's Guide to the Future
Feb. 13 2014 1:38 PM

It's Easier to Steal State Secrets if You Take Your Co-Worker's High-Access Password

184211606-frame-grab-made-from-afptv-footage-reportedly-taken-on
Some of the information Edward Snowden aquired came from classified documents he accessed using stolen login credentials from a co-worker.

Photo by AFPTV/AFP/Getty Images

We've all been there. Your security clearance isn't high enough to get all the information you want to steal for your high-profile whistle-blowing campaign. What to do? Trick a co-worker with higher clearance into typing his or her credentials on your computer. Then you capture the keystrokes and exploit that password until you have everything you want. Petty office politcs, amirite?

This is apparently how Edward Snowden filled in some of the gaps during his data dump days at the NSA. A memo filed earlier this week by Ethan Bauman, the NSA’s director of legislative affairs, shows that a civilian employee Snowden duped has resigned following the revocation of his or her security clearance. The memo, an unclassified document “for official use only” that was obtained by NBC, says, “Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information.” Similar evidence emerged in Novemeber that Snowden had tricked 20-25 employees into giving him their passwords. The NSA questioned a number of them, and they lost their assignments.

Advertisement

This most recent memo describes the employee typing his or her “public key infrastructure” certificate into Snowden's computer, thus giving Snowden access to a broader swath of the NSA's internal network. And though the employee didn't know  Snowden's intent, he or she  “failed to comply with security obligations,” according to the memo.

An active duty military member and a contractor have apparently also been “implicated” and have lost their security clearances. So far the NSA's action plan for responding to the security breach hasn't been clear, but this memo is one of the first major, public signs of movement on that front. The takeaway here for NSA employees and just everyone is don't give your passwords out. Just don't. Come on, people.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.

TODAY IN SLATE

Culturebox

The Ebola Story

How our minds build narratives out of disaster.

The Budget Disaster That Completely Sabotaged the WHO’s Response to Ebola

PowerPoint Is the Worst, and Now It’s the Latest Way to Hack Into Your Computer

The Shooting Tragedies That Forged Canada’s Gun Politics

A Highly Unscientific Ranking of Crazy-Old German Beers

Education

Welcome to 13th Grade!

Some high schools are offering a fifth year. That’s a great idea.

Culturebox

The Actual World

“Mount Thoreau” and the naming of things in the wilderness.

Want Kids to Delay Sex? Let Planned Parenthood Teach Them Sex Ed.

Would You Trust Walmart to Provide Your Health Care? (You Should.)

  News & Politics
Politics
Oct. 22 2014 9:42 PM Landslide Landrieu Can the Louisiana Democrat use the powers of incumbency to save herself one more time?
  Business
Continuously Operating
Oct. 22 2014 2:38 PM Crack Open an Old One A highly unscientific evaluation of Germany’s oldest breweries.
  Life
Gentleman Scholar
Oct. 22 2014 5:54 PM May I Offer to Sharpen My Friends’ Knives? Or would that be rude?
  Double X
The XX Factor
Oct. 22 2014 4:27 PM Three Ways Your Text Messages Change After You Get Married
  Slate Plus
Tv Club
Oct. 22 2014 5:27 PM The Slate Walking Dead Podcast A spoiler-filled discussion of Episodes 1 and 2.
  Arts
Culturebox
Oct. 22 2014 11:54 PM The Actual World “Mount Thoreau” and the naming of things in the wilderness.
  Technology
Future Tense
Oct. 22 2014 5:33 PM One More Reason Not to Use PowerPoint: It’s The Gateway for a Serious Windows Vulnerability
  Health & Science
Wild Things
Oct. 22 2014 2:42 PM Orcas, Via Drone, for the First Time Ever
  Sports
Sports Nut
Oct. 20 2014 5:09 PM Keepaway, on Three. Ready—Break! On his record-breaking touchdown pass, Peyton Manning couldn’t even leave the celebration to chance.