NSA debates amnesty for Snowden
U.S. spy agency worries about as-yet unknown information Snowden may have stolen as a NSA contractor
IDG News Service - The person running a U.S. National Security Agency task force to assess the damage of the leaks by Edward Snowden told a TV network that granting him amnesty is "worth having a conversation about."
The NSA may be willing to do a deal with Snowden as reports suggest that the agency is not clear yet as to how much information its former contractor was able to collect from classified government computers.
But the director of the NSA, General Keith Alexander, told CBS TV news show 60 Minutes that people have to be held accountable for their actions.
Snowden, who has been granted temporary asylum by Russia, has disclosed through newspapers since June that the NSA was collecting bulk telephone records from Verizon besides having access in real-time to content on the servers of Internet companies, which the Internet companies have denied. The NSA is also said to be tapping into communications links between Yahoo and Google data centers, besides spying on a number of leaders of countries.
The NSA is worried that Snowden still has some 31,000 documents that could give intelligence adversaries a roadmap on what the U.S. knows and doesn't and could implicitly provide them a way to protect their information from U.S. intelligence, Rick Ledgett, who heads the NSA task force, told the 60 Minutes program.
"So, my personal view is, yes, it's worth having a conversation about," Ledgett said. "I would need assurances that the remainder of the data could be secured and my bar for those assurances would be very high. It would be more than just an assertion on his part."
Ledgett said the view was not unanimous. Alexander, for example, told the interviewer that "this is analogous to a hostage taker taking 50 people hostage, shooting 10 and then say, 'If you give me full amnesty I'll let the other 40 go.'" He added that "what we don't want is the next person to do the same thing, race off to Hong Kong and to Moscow with another set of data knowing they can strike the same deal."
The New York Times quoted an administration official as stating that investigators have spent "hundreds and hundreds of man-hours" trying to reconstruct everything Snowden extracted from government computers, but still don't know all of what he took. Snowden logged into classified systems using the passwords of other security agency employees and by hacking firewalls to gain access to certain parts of the system, according to the newspaper report.
Fearing Snowden had left behind a computer bug or virus, NSA removed the computers Snowden had access to on the NSA's classified and unclassified networks, including the actual cables that connected them, Ledgett said. The operation cost in the tens of millions of dollars, he added.
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Cybercrime and Hacking White Papers | Webcasts