Some of the classified documents leaked by Edward Snowden were acquired using the credentials of other NSA workers — including people who had higher security clearance than the former spy agency contractor, according to Reuters. As many as 25 people may have been duped, the news agency says, citing people close to the inquiry.
Snowden reportedly gained his National Security Agency colleagues' trust — and access to documents and data beyond his security clearance — by saying he needed to know their security information as part of his job as a computer systems administrator.
"A handful of agency employees who gave their login details to Snowden were identified, questioned and removed from their assignments," Reuters reports, citing "a source close to several U.S. government investigations into the damage caused by the leaks."
It isn't clear whether employees who provided the information to Snowden were fired or reassigned.
The security lapse was centered on the NSA's regional operations center in Hawaii, where Snowden had been working before he began an international flight from U.S. authorities that has now taken him to Russia.
Two factors may have aided Snowden's exploitation of the cracks in security at the NSA. The first is the agency's delay of installing the most current anti-leak software in its systems at the Hawaii station; the second is the sense of inclusion and security that can lead people to drop their guard when they believe their co-workers have been vetted.
"In the classified world, there is a sharp distinction between insiders and outsiders. If you've been cleared and especially if you've been polygraphed, you're an insider and you are presumed to be trustworthy," secrecy expert Steven Aftergood of the Federation of American Scientists tells Reuters.
"What agencies are having a hard time grappling with is the insider threat, the idea that the guy in the next cubicle may not be reliable," he says.
Another factor in Snowden's ability to use his status as a contractor for Booz Allen Hamilton to access sensitive information was that his job sometimes required such actions.
"His job was to do what he did. He wasn't a ghost. He wasn't that clever. He did his job. He was observed [moving documents], but it was his job," a government official told NPR's Tom Gjelten back in September.
As Tom reported, Snowden may also have been aided by the inclusion of USB ports on some NSA computers, which would allow a thumb drive to be inserted that could then store information.
Copyright 2020 NPR. To see more, visit https://www.npr.org.