What Did Snowden Really Do? A Tech Primer Before You Watch the Movie

September 20, 2016 Arctic Wolf Networks

By Sridhar Karnam

Snowden, a high-school drop-out has been passionate about IT and computers since he was 16. He took computer courses in community college and even tried military service for a month, but got discharged. His IT skills earned him a job to secure IT at CIA for a few years and he became really good at it.

Then his story of what he did is really of four weeks. He took a new job that allowed him to be an elite ghost system admin at the NSA. This gave him access to not only any server at the NSA but also access to any NSA-hacked system/data. He was really good with OS and networking, and he was able to get credentials of his colleagues either through hacking or social engineering.

He started using his privilege ghost access credentials to get unauthorized access to servers and data from networks and was probably able to delete logs and be under the radar of any IT or security tools using his ghost protocols. He was able to download all of the information onto a USB stick and say it was part of a backup as he was reinstating a server or a data source.

After downloading roughly 1.7 million files, he took sick leave from his new job of four weeks and fled to Hong Kong and then to Russia. He went from criticizing the New York Times leak of the joint operation between the U.S. and Israel over Russia (Stuxnet) to creating the largest NSA hacking/ whistleblowing operation in the history.

Leaving aside the motive behind this, and if we look at the means of how it was done, we can see some valuable lessons.

Your business is IT and the data you have. It is no longer different. The three most important things in your business/IT are users, apps and data that you need to monitor. Make sure you have the right role-based, access-controlled mechanism, and monitor your privileged users. For apps, have a proper logging and monitoring mechanism including access controls and monitoring. For data, ensure proper encryption and key management technologies to make sure good data loss prevention techniques. An encrypted data with a good key management solution ensures that even if data and files are lost, it will be useless to users who don’t have an authorized access.

Now you know enough to go watch the movie, learn something, and more importantly to have fun…


Previous Article
Peace_of_mind@yahoo.com: What You should Know About the Yahoo! Breach, the Largest Data Loss in History…

Next Article
What You Need to Know about Incident Response

Mitigating the damage of a cyberattack takes swift, decisive action.


Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Thanks for subscribing!
Error - something went wrong!