December 14, 2013
Officials Say U.S. May Never Know Extent of Snowden’s Leaks
By MARK MAZZETTI and MICHAEL S. SCHMIDT
WASHINGTON — American intelligence and law enforcement investigators have concluded that they may never know the entirety of what the former National Security Agency contractor Edward J. Snowden extracted from classified government computers before leaving the United States, according to senior government officials.
Investigators remain in the dark about the extent of the data breach partly because the N.S.A. facility in Hawaii where Mr. Snowden worked — unlike other N.S.A. facilities — was not equipped with up-to-date software that allows the spy agency to monitor which corners of its vast computer landscape its employees are navigating at any given time.
Six months since the investigation began, officials said Mr. Snowden had further covered his tracks by logging into classified systems using the passwords of other security agency employees, as well as by hacking firewalls installed to limit access to certain parts of the system.
“They’ve spent hundreds and hundreds of man-hours trying to reconstruct everything he has gotten, and they still don’t know all of what he took,” a senior administration official said. “I know that seems crazy, but everything with this is crazy.”
That Mr. Snowden was so expertly able to exploit blind spots in the systems of America’s most secretive spy agency illustrates how far computer security still lagged years after President Obama ordered standards tightened after the WikiLeaks revelations of 2010.
Mr. Snowden’s disclosures set off a national debate about the expansion of the N.S.A.’s powers to spy both at home and abroad, and have left the Obama administration trying frantically to mend relations with allies after his revelations about American eavesdropping on foreign leaders.
A presidential advisory committee that has been examining the security agency’s operations submitted its report to Mr. Obama on Friday. The White House said the report would not be made public until next month, when Mr. Obama announces which of the recommendations he has embraced and which he has rejected.
Mr. Snowden gave his cache of documents to a small group of journalists, and some from that group have shared documents with several news organizations — leading to a flurry of exposures about spying on friendly governments. In an interview with The New York Times in October, Mr. Snowden said he had given all of the documents he downloaded to journalists and kept no additional copies.
In recent days, a senior N.S.A. official has told reporters that he believed Mr. Snowden still had access to documents not yet disclosed. The official, Rick Ledgett, who is heading the security agency’s task force examining Mr. Snowden’s leak, said he would consider recommending amnesty for Mr. Snowden in exchange for those documents.
“So, my personal view is, yes, it’s worth having a conversation about,” Mr. Ledgett told CBS News. “I would need assurances that the remainder of the data could be secured, and my bar for those assurances would be very high. It would be more than just an assertion on his part.”
Mr. Snowden is living and working in Russia under a one-year asylum. The Russian government has refused to extradite Mr. Snowden, who was indicted by the Justice Department in June on charges of espionage and stealing government property, to the United States.
Mr. Snowden has said he would return to the United States if he was offered amnesty, but it is unclear whether Mr. Obama — who would most likely have to make such a decision — would make such an offer, given the damage the administration has claimed Mr. Snowden’s leaks have done to national security.
Because the N.S.A. is still uncertain about exactly what Mr. Snowden took, government officials sometimes first learn about specific documents from reporters preparing their articles for publication — leaving the State Department with little time to notify foreign leaders about coming disclosures.
With the security agency trying to revamp its computer network in the aftermath of what could turn out to be the largest breach of classified information in American history, the Justice Department has continued its investigation of Mr. Snowden.
According to senior government officials, F.B.I. agents from the bureau’s Washington field office, who are leading the investigation, believe that Mr. Snowden methodically downloaded the files over several months while working as a government contractor at the Hawaii facility. They also believe that he worked alone, the officials said.
But for all of Mr. Snowden’s technical expertise, some American officials also place blame on the security agency for being slow to install software that can detect unusual computer activity carried out by the agency’s work force — which, at approximately 35,000 employees, is the largest of any intelligence agency.
An N.S.A. spokeswoman declined to comment.
After a similar episode in 2010 — when an Army private, Chelsea Manning, gave hundreds of thousands of military chat logs and diplomatic cables to the antisecrecy group WikiLeaks — the Obama administration took steps intended to prevent another government employee from downloading and disseminating large volumes of classified material.
In October 2011, Mr. Obama signed an executive order establishing a task force charged with “deterring, detecting and mitigating insider threats, including the safeguarding of classified information from exploitation, compromise, or other unauthorized disclosure.” The task force, led by the attorney general and the director of national intelligence, has the responsibility of developing policies and new technologies to protect classified information.
But one of the changes, updating computer systems to track the digital meanderings of the employees of intelligence agencies, occurred slowly.
“We weren’t able to flip a switch and have all of those changes made instantly,” said one American intelligence official.
Lonny Anderson, the N.S.A.’s chief technology officer, said in a recent interview that much of what Mr. Snowden took came from parts of the computer system open to anyone with a high-level clearance. And part of his job was to move large amounts of data between different parts of the system.
But, Mr. Anderson said, Mr. Snowden’s activities were not closely monitored and did not set off warning signals.
“So the lesson learned for us is that you’ve got to remove anonymity” for those with access to classified systems, Mr. Anderson said during the interview with the Lawfare blog, part of a podcast series the website plans to run this week.
Officials said Mr. Snowden, who had an intimate understanding of the N.S.A.’s computer architecture, would have known that the Hawaii facility was behind other agency outposts in installing monitoring software.
According to a former government official who spoke recently with Gen. Keith B. Alexander, the N.S.A. director, the general said that at the time Mr. Snowden was downloading the documents, the spy agency was several months away from having systems in place to catch the activity.
As investigations by the F.B.I. and the N.S.A. grind on, the State Department and the White House have absorbed the impact of Mr. Snowden’s disclosures on America’s diplomatic relations with other countries.
“There are ongoing and continuing efforts by the State Department still to reach out to countries and to tell them things about what he took,” said one senior administration official. The official said the State Department often described the spying to foreign leaders as “business as usual” between nations.