It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Exclusive: Snowden Swiped Password From NSA Coworker

page: 1
4

log in

join
share:

posted on Feb, 13 2014 @ 03:44 PM
link   
best place I could think of for this.


The memo states that the civilian employee was unaware that Snowden “intended to unlawfully disclose classified information.” Nevertheless, by sharing with Snowden his personal “public key infrastructure” certificate -- a system of highly secure credentials that provided greater access to NSA’s internal computer system -- the employee “failed to comply with security obligations,” the memo states. As a result, the employee’s security clearance was revoked in November and the NSA has notified the Justice Department that he recently resigned. (A public key infrastructure certificate is a highly secure system of password and log-in exchanges designed to protect against unauthorized access to sensitive computer networks.)


www.nbcnews.com...


I am calling total bs on this one. I was an administrator for my FBI divisions PKI program for years. To access someones PKI requires two things... the password itself and the physical card used to logon. Capturing someones password wouldn't do you diddly as far as PKI goes.... you would have to have the card. You couldn't even move the certificate to a new card ( that would require two administrators ) without making the old card invalid in the system.... I am pretty sure someone would notice immediately that they were no longer able to use their card to logon and would ask questions.

There is no way a user could share their certificate with someone else... it just doesn't work that way.

Now if you allow someone to use your card and password to log on with, then you're an idiot and deserve to be canned immediately.

I almost forgot.. used to many buzzwords.....Hi NSA!!! whoever you are watching me LOL



edit on R492014-02-13T15:49:42-06:00k492Vpm by RickinVa because: (no reason given)

edit on R522014-02-13T15:52:23-06:00k522Vpm by RickinVa because: (no reason given)

edit on R552014-02-13T15:55:46-06:00k552Vpm by RickinVa because: (no reason given)

edit on R592014-02-13T15:59:10-06:00k592Vpm by RickinVa because: (no reason given)



posted on Feb, 13 2014 @ 03:57 PM
link   
I wouldn't be so quick to yell "BS".

Notice the words "allowed" and further down in the article about "persuaded".

Also, a software keylogger probably wouldn't work; but, a hardware one would. So, if he had a keylogger installed in his keyboard - he's got the password - then next, if he "persuaded" somebody to use his computer instead of their own, they swipe their card and ... the rest is history.

Also, "allowed" seems to imply accomplice to me.



posted on Feb, 13 2014 @ 04:04 PM
link   

Trexter Ziam
I wouldn't be so quick to yell "BS".

Notice the words "allowed" and further down in the article about "persuaded".

Also, a software keylogger probably wouldn't work; but, a hardware one would. So, if he had a keylogger installed in his keyboard - he's got the password - then next, if he "persuaded" somebody to use his computer instead of their own, they swipe their card and ... the rest is history.

Also, "allowed" seems to imply accomplice to me.



The system won't allow two cards with the same certificate.... it just does not work that way. There is no way that I am aware of to bypass the physical card reader to log on.... that's the whole purpose of it, to keep unauthorized people from gaining access to a system.


A more likely scenario would be that he somehow managed to talk someone into using his terminal to access an internal program that doesn't require PKI access and that password was the one he captured.... but it wasn't the PKI one.

PKI is normally used just for logging onto a system.... the card has to stay in the reader, you pull it out and it automatically logs you off the system.... the military was using this long before the FBI got on board. People hate it initially, the card is also what allows internal access through out secure areas in a building and people were always forgetting to take their card out of the reader and wind up locking themselves out. It takes a while to get used to the system.
edit on R092014-02-13T16:09:34-06:00k092Vpm by RickinVa because: (no reason given)



posted on Feb, 13 2014 @ 04:09 PM
link   
Good find!

For once I agree this is BS. I just can't see anyone from a security agency sharing their password, especially so if they hold more info than the other guy.

EDIT: Wait, this account is far to patchy to draw any conclusions from. If anything it muddies the waters.
edit on 13-2-2014 by bastion because: (no reason given)



posted on Feb, 13 2014 @ 04:20 PM
link   

bastion
Good find!

For once I agree this is BS. I just can't see anyone from a security agency sharing their password, especially so if they hold more info than the other guy.


Having a security clearance is the money maker. There are some very good paying jobs with the right clearance. I can't see anyone in their right mind who would jeopardize that by sharing their passwords.... I will go with the password he got was from an internal program that didn't require PKI access once he somehow got someone to use his terminal to logon.

I can't even fathom how he could have put a keylogger on his terminal without it being immediately flagged....my guess would be that he used the tried and true method.... he was looking over their shoulder when they entered their password and he was able to physically see them enter it and he remembered it.

All of this tells me that Mr. Snowden is no hero, he went to great lengths to bypass internal security measures for his own personal reason.
edit on R232014-02-13T16:23:32-06:00k232Vpm by RickinVa because: (no reason given)

edit on R252014-02-13T16:25:00-06:00k252Vpm by RickinVa because: (no reason given)

edit on R252014-02-13T16:25:44-06:00k252Vpm by RickinVa because: (no reason given)



posted on Feb, 13 2014 @ 04:49 PM
link   
If a card is cloned then the system wont know diddly squat unless they're both used at the same time. Cloning cards is simple, go watch a few vids on the defcon channel on youtube. Its frightening to see how easily they can do it!



posted on Feb, 13 2014 @ 05:00 PM
link   
LCDS, (lowest common denominator speak), and I agree with the OP, it is rubbish. The biggest difficulty the NSA has is nailing him as a thief. What he has or had since he now has no documents, could never be described as stolen official documents if they were obtained in the first place outside of the parameters that were allowed, ie; the FRC orders. Since they did the snooping on everybody in general using those orders, even those that might have been watchable for some reason or another, also became everybody in general.
It's quite simple really, the 'Foreign relations court' now has a duty to bring all those operators to book for excceeding their permit...it hasn't happened and it is not likely to happen, unless Snowden starts naming names, and that is not likely to happen either. So I guess a little bit of PR bull on the part of the NSA/NCTC/ GOV.org on damage limitation is to be expected..but who is going to believe it?
edit on 13-2-2014 by smurfy because: Text.



posted on Feb, 14 2014 @ 06:09 AM
link   


I almost forgot.. used to many buzzwords.....Hi NSA!!! whoever you are watching me LOL


Been there done that! If you want to get noticed use some of those buzzwords from the 60's and 70's like TENNPAR -CONCEAL B- GRAYFOIL that will get there attention.

All I remember was these one use cards and a code. For the vault you were snail mailed the code. All this was 20 years ago.

Crazy Ted, Ramzi and that idiot Rudolph have his concrete slab all ready to go at the Ritz super max in Colorado which is where he is headed if he ever leaves Russia-if he makes it back to the States alive-which is doubtful.







 
4

log in

join