Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
It has been recently discovered that Edward Snowden used a web crawler to access unencrypted, confidential NSA data. Snowden used this common tool for a prolonged period while working for the NSA. His activities were not secret, yet the agency did nothing to get to the bottom of it. Now that Snowden has let the cat out of the bag, he is dismissed as a terrorist. This accusation now sounds more like a cover up for NSA incompetence in allowing a simple data scrape to go on under their noses.
Snowden’s Investigation Not Simple Terrorism
Snowden configured the web crawler, agency investigators presume. They say he must have designed it to follow a predesignated level of links and save the data. The planning behind this process brings into question again whether Snowden’s acts were terrorism. He carefully thought out and executed the collection of confidential data, made much easier because none of the files were encrypted. He had a higher goal to achieve than simple intimidation, extortion or violence.
The process was programmed, but this does not mean the Snowden did not monitor it. A simple web crawler indexing and copying pages off a network should have been a simple program to detect. Yet the NSA did not notice its presence until a long and thorough investigation. It seems that Snowden intended to ensure that he was able to gather as much relevant data as he could. Put this together with the timing of the different documents’ release to the press, and the intentions become clear. It looks like Snowden wanted to expose the shady nature of the NSA’s operations and point to evidence that they are not worthy of handling our sensitive data.
Simple Web Crawler Defeats NSA Internal Security
This negligence in monitoring agents also brings to light again the question of competence. The NSA is tasked with the safeguarding of very important classified information and networks. The NSA is supposed to make sure that the strongest government supported hacker groups from China, Russia, North Korea, and other enemies of the state cannot get in. They are tasked with protecting several systems from sophisticated attacks. Yet one of their own agents with open access to classified data, easily identifiable, was not monitored. And he used a piece of software that anyone can find on the Web. And the data on the networks was stored unencrypted. And intelligence investigator admit that he may even have had access to the passwords of other NSA agents.
NSA Incompetence Puts Users at Risk
Even after the NSA questioned Snowden, he continued his data gathering activities. The agency accepted his explanations and allowed him to proceed unhindered from a facility that had not yet even received the latest security upgrades. Now the NSA is ironically releasing more classified information to the press in an attempt to discredit Snowden. They now say that he was trying to get military documents. But they cannot say whether or not Snowden took any military files. So far, he has not released anything of this nature.
A cheap web crawler in the hands of one skilled programmer can scrape NSA data unnoticed. This bodes ill for the vast amounts of data that the NSA has on their servers and databases. The failure of the NSA to secure top secret information begs the question, what about data that is less important to them, i.e. our data? Snowden was able to search and copy almost 2 million of the most sensitive files, according to intelligence officials. How much could be taken of files considered less valuable? Snowden’s actions were not for personal gain, but any NSA insider with less integrity is apparently free to take any data they want.
Internet users who do not want to have their sensitive data end up unencrypted and free for all on NSA servers need to protect themselves. They need to make sure that the data does not get picked up by the NSA in the first place. Taking care to not share a lot of information with companies through their online accounts. And they need to learn that a good VPN service can help them to defeat NSA surveillance.