Former National Security Agency contractor Edward Snowden allegedly used logins and passwords provided unwittingly by colleagues at a base in Hawaii to access some of the classified material he leaked to the media, Reuters reported Friday, citing unnamed sources.
A handful of agency employees who gave their login details to Snowden were identified, questioned and removed from their assignments, according to a source close to several government investigations into the damage caused by the leaks.
Snowden may have persuaded 20 to 25 fellow workers at the NSA regional operations center in Hawaii to give him their logins and passwords by telling them they were needed for him to do his job as a computer systems administrator, a second source alleged.
The revelation is the latest to indicate that inadequate security measures at the NSA played a significant role in the worst breach of classified data in the supersecret eavesdropping agency's 61-year history.
Reuters reported last month that the NSA failed to install the most up-to-date anti-leak software at the Hawaii site before Snowden went to work there and downloaded highly classified documents belonging to the agency and its British counterpart, Government Communication Headquarters.
Glenn Greenwald, who worked for The Guardian newspaper and has been publishing the revelations provided by Snowden, expressed doubt about the allegations. "Now that anonymous officials disseminated these claims through Reuters, let's blindly assume they're true," he said sarcastically on his Twitter account. "And when did it become journalistically sound to report what 'may have' happened? Anything 'may have' happened."
If those accounts are true, it is not clear what rules, if any, the employees may have broken by giving Snowden their passwords, which allowed the contractor unauthorized access to data.
Snowden worked at the Hawaii site for about a month last spring, during which he downloaded tens of thousands of secret NSA documents.
"In the classified world, there is a sharp distinction between insiders and outsiders. If you've been cleared and especially if you've been polygraphed, you're an insider and you are presumed to be trustworthy," said Steven Aftergood, a secrecy expert with the Federation of American Scientists.
"What agencies are having a hard time grappling with is the insider threat, the idea that the guy in the next cubicle may not be reliable," he added.
Officials with the NSA and the Office of the Director of National Intelligence declined to comment because of a criminal investigation related to Snowden, who disclosed previously secret U.S. government mass surveillance programs while in Hong Kong in June and then fled to Russia, where he was granted temporary asylum.
People familiar with efforts to assess the damage to U.S. intelligence caused by Snowden's leaks have said progress has been slow because Snowden succeeded in obscuring some electronic traces of how he accessed the records.
The sources did not know if the NSA employees who were removed from their assignments were given other duties or fired.
While the U.S. government now believes it has a good idea of all the data to which Snowden could have had access, investigators are not sure how much of that data and which files he downloaded, the sources said.
Snowden and some of his interlocutors have said he provided NSA secrets only to media representatives like Greenwald and filmmaker Laura Poitras. They have emphatically denied that he provided any classified material to countries such as China and Russia.
The revelation that Snowden got access to some of the material he leaked by using colleagues' passwords surfaced as the U.S. Senate Intelligence Committee approved a bill intended in part to tighten security for U.S. intelligence data.
One provision of the bill would earmark a classified sum — estimated at less than $100 million — to help fund intelligence agencies' efforts to install new software designed to spot and track attempts to access or download secret materials without proper authorization.
The bill also requires that the director of national intelligence set up a system requiring intelligence contractors to quickly report to spy agencies on incidents in which data networks have been accessed by unauthorized people.
Al Jazeera and Reuters
Error
Sorry, your comment was not saved due to a technical problem. Please try again later or using a different browser.