Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.
 

NSA Failed To Secure Its Network From Insider Attack

By - Source: Toms IT Pro

Edward Snowden used unsophisticated techniques to access and copy an estimated 1.7 million NSA files during his time as a contractor in Hawaii. According to a New York Times article, investigators determined that Snowden gained access to NSA files by using widely available and inexpensive software tools on unencrypted files.

The main tool Snowden was credited with using was an automated web crawler application similar to Google's Googlebot. Googlebot moves from one URL to the next and as it discovers new pages, it adds them to an index. In the tool Snowden used, the web crawler app copied data from NSA shared internal wiki databases. The New York Times story did not mention the specific web crawler application used by Snowden and it was not clear how much customization or programming of the application, if any, Snowden performed.

In his role as a technology contractor for the NSA, Snowden had administrative access to files because one of his duties could include "backing up the computer systems and moving information to local servers" according to the report. This alone provided Snowden with significant access to data on whatever shared network systems he had been given administrative rights to. The simple rule of least privilege could have been applied, but unfortunately, the NSA is not the only guilty party. According to Vormetric's Insider Threat Report, in a survey of 700 IT decision-makers, only 27% of the respondents said they block privileged user access to sensitive data.

"Once you are inside the assumption is that you are supposed to be there, like in most organizations. But that doesn't explain why they weren't more vigilant about excessive activity in the system," said Richard Bejtlich, the chief security strategist for FireEye, a Silicon Valley computer security firm, and a senior fellow at the Brookings Institution.

However, having administrative access is meaningless if you cannot read the data. Where the NSA made it incredibly easy for Snowden was that, according to New York Times, the files were unencrypted. Of all the security mistakes identified, leaving sensitive data unprotected is the one that stands out as being the most glaringly significant. Especially considering the NSA is almost synonymous with encryption.

Backup and network administrators can still do their job if data is encrypted. Web crawlers cannot read encrypted data without passwords or keys. How much different would the story have been if the NSA had taken the simple precaution of encrypting sensitive data. Maybe there would never have been a Snowden story at all.

The article pointed out multiple points of security and procedural failures of a government agency that has a reputation for being one of the most technologically sophisticated in the world. Some of the explanations and answers given by investigators and experts about how it was done circumvented an important point: No matter how technologically advanced the company and no matter how secure the perimeter and intrusion detection might be, there is still a need to pay attention to security fundamentals and common sense.

If data is sensitive and should not be read by anyone outside the organization, then invest in decent encryption software -- and use it.

RELATED:

Comments