DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Snowden persuaded other NSA workers to give up passwords – sources

Posted on November 8, 2013 by Dissent

Mark Hosenball and Warren Strobel report that Edward Snowden successfully socially engineered employees at the NSA into giving him their login credentials:

Former U.S. National Security Agency contractor Edward Snowden used login credentials and passwords provided unwittingly by colleagues at a spy base in Hawaii to access some of the classified material he leaked to the media, sources said.

A handful of agency employees who gave their login details to Snowden were identified, questioned and removed from their assignments, said a source close to several U.S. government investigations into the damage caused by the leaks.

Snowden may have persuaded between 20 and 25 fellow workers at the NSA regional operations center in Hawaii to give him their logins and passwords by telling them they were needed for him to do his job as a computer systems administrator, a second source said.

Read more on Reuters.

Okay, this gets my vote for both the insider breach of the year and the social engineering breach of the year, if anyone’s polling.

Reuters reports that sources tell them although  the “government now believes it has a good idea of all the data to which Snowden could have accessed, investigators are not positive which and how much of that data Snowden actually downloaded.”   If he was logged in as others, well yes, that would make this all even more difficult to determine.

Related posts:

  • Liberty Coalition gives University of Hawaii an ‘F’ for data breaches
Category: Government SectorInsiderOf NoteU.S.

Post navigation

← JP: University private info left open to public access
So the police have a warrant…. does that compel the physician to help execute it? →

5 thoughts on “Snowden persuaded other NSA workers to give up passwords – sources”

  1. Anonymous says:
    November 8, 2013 at 11:14 am

    There is a lot of (mis)information flying around on this story – and clearly some are aiming to take Snowden down a notch in the public eye. I wouldn’t give a lot of credance to anonymous souces.

    1. Dissent says:
      November 8, 2013 at 5:41 pm

      Are you saying that Reuter’s sources on this particular story are providing misinformation? If so, what are your sources and what is the accurate info?

  2. RetiredMil says:
    November 9, 2013 at 2:27 am

    Regardless of the source of information on this story, social engineering is very much a concerning issues, especially when dealing with the employees who we work along side day in and day out. A trusting face, and the “position of authority” can be very hard to resist to NOT give up a password. Social engineering is a great deal easier to do than most would think. Bad apple employees are a huge risk to companies who hire them.

    I am not saying that Snowden did this or didnt, but in his position of authority it is very probable. Being an IT specialist I have been able to do it, just to test peoples willingness to give up something very private. But, at the time when they needed my help and was vulnerable to suggestion, they will do almost anything.

    1. Dissent says:
      November 9, 2013 at 7:49 am

      I found the story credible, too. That doesn’t make it true, of course, but hopefully Reuters has reliable sources. And as you note, it raises important reminders…. employees may be on their guard against external phishing or SE attempts, but have their guard down with colleagues who may be either “going rogue” or planning to use the information for non-approved purposes.

  3. IA Eng says:
    November 12, 2013 at 11:42 am

    Ok, snowden may have not been an administrator, but IF he was all he would have to do is go into Active Directory and change their passwords, do what he wanted. Once he was done, he simply tries logging in several times with bogus passwords until the accounts lock. Then, contact the people and say hackers have been trying to access their accounts and they need to change their passwords.

    These people seem clueless who the Admins were, or understand what an “admin” can do…It would have helped if the story writer had insight to the powers of an admin, or the potentail victims knowledge of who is an admin and who is not.

    None of the people questioned his need for thier passwords? Commmmon, this is NSA, it seems unlikely that people with high level access are going to put thier careers on the line to give some hobo their password. The data owners are brain washed on password security and not to release that information to anyone. period. All I can say is, if they did give up their keys to the kingdom so he could do more damage, then relieving them is a good thing, since a clearance and access to highly sensitive data to these people didn’t matter who sees it. They didn’t even know if the individual was cleared for those programs or not… Just the word of the hobo and all is ok ! geesus.

    The NSA has been protecting the USA for a long time. through different means, which I am not going to get into, I bet they have thwarted MANY attacks on USA soil. The paranoid need to stay paranouid and find another agency to chew on and let the specialists at NSA do thier job, this time only better. Sweep it under the rug and move on. A news agency is taking advantage of a lull in the hobo snowden’s activity and wants to see how many hits they can get if they revive an otherwise boring subject.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.