Seventeen years before Edward Snowden began releasing secret documents on U.S. electronic spying, an analyst with the National Security Agency foresaw just such a threat. <\/p>\n
In their quest to benefit from the great advantages of networked computer systems, the U.S. military and intelligence communities have put almost all of their classified information eggs into one very precarious basket: computer system administrators, the unidentified analyst wrote in a 1996 special edition of Cryptologic Quarterly, an NSA magazine. <\/p>\n
Despite the warning, the NSA remained vulnerable. When Snowdens first disclosures became public last year, some of the agencies computers were still equipped with USB ports where thumb drives could be used to copy files, according to a National Public Radio report in September. <\/p>\n
Snowden was a systems analyst working as a contractor with Booz Allen Hamilton Holding Corp. (BAH) at an NSA regional signals intelligence facility in Hawaii when he exploited his administrative access to copy thousands of top-secret documents before fleeing to Hong Kong and then Moscow. <\/p>\n
A relatively small number of system administrators are able to read, copy, move, alter, and destroy almost every piece of classified information handled by a given agency or organization, the analyst wrote in the 1996 article. An insider-gone-bad with enough hacking skills to gain root privileges might acquire similar capabilities. It seems amazing that so few are allowed to control so much -- apparently with little or no supervision or security audits. <\/p>\n
The authors name remains classified. It was redacted in a declassified version of the article that was released in 2012. <\/p>\n
One thing we have done post-media leaks is lock those down hard, so those are all in two-person control areas, Lonny Anderson, the head of the NSAs Technology Directorate, told NPR. <\/p>\n
In a speech at Fordham University in New York last year, General Keith Alexander, the NSAs director, said the agency also has taken steps to reduce the number of systems administrators and those with privileged access. <\/p>\n
Snowdens security breach wasnt unprecedented, according to the 1996 article, titled Out of Control. <\/p>\n
In 1994, for example, a contractor employed at a Regional SIGINT Operations Center (RSOC) was caught accessing restricted files on a classified system, according to the article. It also cited another incident at the same RSOC, the details of which were redacted when the article was declassified. <\/p>\n
<\/p>\n