Rule No. 1 of online security: Don’t give your password to anyone. Ever. It appears as though 20 or so of Edward Snowden’s former coworkers at an NSA spy base in Hawaii learned the lesson they should have already known the hard way. Reuters with the scoop:
A handful of agency employees who gave their login details to Snowden were identified, questioned and removed from their assignments, said a source close to several U.S. government investigations into the damage caused by the leaks.
Snowden may have persuaded between 20 and 25 fellow workers at the NSA regional operations center in Hawaii to give him their logins and passwords by telling them they were needed for him to do his job as a computer systems administrator, a second source said. … The sources did not know if the NSA employees who were removed from their assignments were given other duties or fired.
This isn’t the first time that Reuters has detailed the rather lax security measures on display at the Hawaii base. The outlet reported last month that the NSA failed to install the most-up-to-date, anti-leak software before Snowden showed up and began downloading the top secret information that he later turned over to Glenn Greenwald and co. Still, the latest revelation will be that much more embarrassing for the base in specific and the NSA in general given you’d be hard-pressed to find a security FAQ that doesn’t make it clear that your password is for your eyes only. (Ex: “Don’t share your password with anyone, even family members,” warns Apple support. “Never send your password or any private account information over email.”)
Snowden only worked at the Hawaii base in question for about a month, but managed to make the most of his time there, stealing a seemingly infinite number of government secrets in what is widely considered to be the worst breach of classified data in NSA history. I’m going to assume that Snowden’s Russian coworkers have already been warned to be a little more careful with what they share with their new American colleague.
