NSA computer security was beat with low-end software available at many department stores in America. Government officials with the National Security Agency tell reporters that they have determined that Edward Snowden used cheap, readily-available software to dig out information from the agency’s networks.
Software, known as a “web crawler,” was used by Snowden while he went about his work, according to a senior intelligence agency official. For weeks following the June bombshell that the NSA was spying on American citizens as well as foreign nationals, NSA officials repeatedly claimed there was no way a person with a high school diploma could do what Snowden claimed to have done.
Turns out they were wrong.
A web crawler is a software “bot” that automatically browses the Internet, mainly for the purpose of web indexing. Also called a web spider, an ant or automatic indexer, they are used by search engines to update content. Web crawlers can also copy the visited pages for later reading and can validate links.
Snowden used a simple, off-the-shelf web crawler for “web scraping.” Web scraping is the use of computer software for extracting information from websites or online files. Snowden set the parameters for the web crawler, telling it which subjects to search for and how far to follow links in documents and data on NSA’s network.
The files that Snowden downloaded include shared documents, or “wikis.” Wiki’s are databases which allow for a collaborative effort by members. In this case, the wikis were written and maintained by groups of intelligence analysts and operatives.
The results of the ongoing NSA investigation are noteworthy because the agency’s mission includes protecting some of the most sensitive military systems from cyberattack. While designed to thwart sophisticated attacks that come daily from Russia and China, Snowden’s software was hardly sophisticated and should have been easily detected according to sources. The low-end software that beat NSA security is available many places online as well as in brick-and-mortar stores.
Agency officials told lawmakers that if Snowden had been working from Fort Meade in Maryland, he certainly would have been caught. Because he worked at a remote agency outpost, his copying raised only a few red flags.
Investigators have found that at least one time Snowden was questioned about his activities. He was able to give what sounded like legitimate-sounding answers when he was interviewed. As a systems administrator, Snowden was responsible for conducting routine maintenance on the network which would include backing up computer systems and shifting information around on local servers.
Snowden discovered a loophole in NSA’s culture. While the agency put electronic barriers in place to keep out foreign hackers, they had overlooked simple protection against insiders. Snowden has not specifically answered the government’s questions about how he obtained the files.
A Better Alternative?
Most of the computer network systems in America are set up in a similar fashion to what NSA employs. “Fences” are built around computer networks to keep the bad guys out and the data safe. As shown in the case with Snowden, that may not be the best way.
GCHQ, Government Communications Headquarters, the British equivalent of America’s NSA, uses a different approach. Andy France, 50, cyber defense deputy director for GCHQ, recently spoke to reporters about the safeguards used in Britain’s intelligence agency.
According to France, GCHQ’s protective measures don’t aim to keep a computer or a computer network safe from threats by building the electronic fence. Instead, their software looks for unusual activity on a network. Being vigilant for data that doesn’t normally move and acting in unusual patterns, the software will alert human monitors to uncharacteristic activity on the network.
France says that GCHQ’s methods are different than NSA’s. Britian utilizes sophisticated algorithms which allow the network to “learn” the difference between normal and abnormal flow of data. The cybersecurity also includes a “honey pot,” containing top secret files. The network doesn’t keep hackers out of the honey pot, but rather allows them in and notifies network administrators of unusual activity by both insiders and outsiders.
France says, “If your IT guy comes in and claims to be running a secure network,” he needs to be fired. France says the claim of a “secure network” is false and misleading. France points out that it’s impossible to keep the bad guys out while letting the good guys in.
Pointing to cyber security software Darktrace as an example, France says that the solution is to let everybody in and then watch what they do.
As the investigation continues, it searches more to answer the question of how Snowden did what he did. It also searches for the information that he obtained. The head of the Defense Intelligence Agency, Lt. General Michael T. Flynn, told Congress that there was a great deal of uncertainty about what Snowden got and didn’t get.
“Everything that he touched, we assume that he took,” Flynn told the lawmakers. The word “assume” means the government still remains in the dark as to the exact content. Still, Flynn added, “We assume the worst case.”
Anyone with forty dollars and some time on their hand can purchase the same low-end software that was used to beat NSA security.
By Jerry Nelson