., The Guardian via AP
NSA leaker Edward Snowden touted training as hacker
- Article by: CHRISTOPHER DREW and SCOTT SHANE
- New York Times
- July 4, 2013 - 10:24 PM
In 2010, while working for a National Security Agency contractor, Edward J. Snowden learned to be a hacker.
He took a course that trains security professionals to think like hackers and understand their techniques, all with the intent of turning out “certified ethical hackers” who can better defend their employers’ networks.
But the certification, listed on a résumé Snowden later prepared, would also have given him some of the skills he needed to rummage undetected through NSA computer systems and gather the highly classified surveillance documents that he leaked last month, security experts say.
Snowden’s résumé, which has not been made public and was described by people who have seen it, provides a new picture of how his skills and responsibilities expanded while he worked as an intelligence contractor. Although federal officials offered only a vague description of him as a “systems administrator,” the résumé suggests that he had transformed himself into the kind of cybersecurity expert the NSA is desperate to recruit, making his decision to release the documents even more embarrassing to the agency.
“If he’s looking inside U.S. government networks for foreign intrusions, he might have very broad access,” said James A. Lewis, a computer security expert at the Center for Strategic and International Studies. “The hacker got into the storeroom.”
Snowden, marooned at an airport in Moscow waiting to see if another country will grant him asylum, has said he took a job as an “infrastructure analyst” with Booz Allen Hamilton in April at an NSA facility in Hawaii to gain access to lists of computers that the agency had hacked around the world.
He prepared the résumé while working in Hawaii for the NSA with Dell, the computer maker, which has intelligence contracts. Little has been reported about his four years with Dell, but his résumé says he rose from supervising computer system upgrades for the NSA in Tokyo to working as a “cyberstrategist” and an “expert in cyber counterintelligence.”
Whatever his role, Snowden had the ability to comb through the networks and walk out with the documents on thumb drives, showing shortfalls in the agency’s internal security system, former officials say.
“If Visa can call me and say, ‘Are you in Dakar, Senegal?’ when they see a purchase that doesn’t fit my history, then we ought to be able to detect something like this,” said Michael Hayden, who led the NSA and CIA. “That continuous monitoring does not seem to have been in place.”
But software developer Michael Maloof said that with the training, Snowden “would have known to keep his probes low and slow, a little bit here, a little bit there, so there was nothing to detect.”
© 2013 Star Tribune