NSA whistleblower likely had easy access to classified data
Even low-level systems admins like Snowden often get very high-level privileges for normal IT tasks, security experts say
Computerworld - A defiant Edward Snowden resurfaced in Hong Kong today vowing to fight any U.S. efforts to extradite him on charges that he leaked classified documents describing two secret government data collection programs.
In comments to the South China Morning Post published on Wednesday, Snowden maintained that he did not flee to Hong Kong to avoid facing the consequences for his actions.
Instead, he wants to use Hong Kong as a refuge to expose the "criminality" of U.S. government domestic spying programs, Snowden said.
"I have had many opportunities to flee Hong Kong, but I would rather stay and fight the US government in the courts, because I have faith in HK's rule of law," Snowden told the Hong Kong newspaper.
According to the Post, Snowden leaked documents purporting to show that the NSA has been hacking into computers in Hong Kong and mainland China since at least 2009. He contended that the attacks targeted Chinese officials, businesses and students in in China and Hong Kong, the paper noted.
Snowden's comments came as questions continue to swirl about how he managed to get his hands on top secret National Security Agency documents while employed as a relatively low-level IT contract worker for the spy agency.
Snowden's actions, hailed as heroic by some and traitorous by others, have sparked an intense national debate on privacy and domestic surveillance.
Snowden was employed by government contractor Booz Allen Hamilton until earlier this week when he was fired. During his three months at the company, he worked with a team in Hawaii as a $122,000 a year IT administrator contracted to the NSA.
In that brief time, Snowden says he accessed top-secret NSA documents that he later leaked to reporters in the U.K. and the U.S. While it remains unclear how he accessed the data, several security experts say it's not surprising that he could.
The odds are high that Snowden had access to classified documents as part of his job, said Sid Probstein, chief technology officer at security vendor Attivio. "It may seem shocking that someone with only a few months tenure could gain access to sensitive information, but that is exactly what happens in the enterprise, all the time," Probstein said.
Newly hired system administrators in major corporations often receive passwords and other information that provides access to very sensitive data, such as CEO emails, customer data and merger and acquisition documents.
"In fact, this might happen long before they reach the three month mark. Most admins likely have this information within a few days of starting work," Probstein said.
Network and systems administrators often need access to such data to perform their jobs, said Jody Brazil, president and chief technology officer at FireMon, a provider of security management products.
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
- Update: Judge rules NSA spy efforts may be unconstitutional
- Perspective: Privacy concerns could keep Amazon delivery drones grounded
- NSA collects data from millions of cellphones daily
- Perspective: Curbing data use is key to reining in NSA
- Lavabit-DOJ dispute zeroes in on encryption key ownership
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Privacy White Papers | Webcasts