WASHINGTON — U.S. intelligence and law enforcement investigators have concluded that they may never know the entirety of what the former National Security Agency contractor Edward J. Snowden extracted from classified government computers before leaving the United States, according to senior government officials.
Investigators remain in the dark about the extent of the data breach partly because the NSA facility in Hawaii where Snowden worked — unlike other NSA facilities — was not equipped with up-to-date software that allows the spy agency to monitor which corners of its vast computer landscape its employees are navigating at any given time.
Six months since the investigation began, officials said Snowden had further covered his tracks by logging into classified systems using the passwords of other security agency employees, as well as by hacking firewalls installed to limit access to certain parts of the system.
Advertisement
“They’ve spent hundreds and hundreds of man-hours trying to reconstruct everything he has gotten, and they still don’t know all of what he took,” a senior administration official said. “I know that seems crazy, but everything with this is crazy.”
That Snowden was so expertly able to exploit blind spots in the systems of America’s most secretive spy agency illustrates how far computer security still lagged years after President Barack Obama ordered standards tightened after the WikiLeaks revelations of 2010.
Snowden’s disclosures set off a national debate about the expansion of the NSA’s powers to spy both at home and abroad, and have left the Obama administration trying frantically to mend relations with allies after his revelations about U.S. eavesdropping on foreign leaders.
A presidential advisory committee that has been examining the security agency’s operations submitted its report to Obama on Friday. The White House said the report would not be made public until next month, when Obama announces which of the recommendations he has embraced and which he has rejected.
Advertisement
Snowden gave his cache of documents to a small group of journalists, and some from that group have shared documents with several news organizations — leading to a flurry of exposures about spying on friendly governments. In an interview with The New York Times in October, Snowden said he had given all of the documents he downloaded to journalists and kept no additional copies.
In recent days, a senior NSA official has told reporters that he believed Snowden still had access to documents not yet disclosed. The official, Rick Ledgett, who is heading the security agency’s task force examining Snowden’s leak, said he would consider recommending amnesty for Snowden in exchange for those documents.
“So, my personal view is, yes, it’s worth having a conversation about,” Ledgett told CBS News. “I would need assurances that the remainder of the data could be secured, and my bar for those assurances would be very high. It would be more than just an assertion on his part.”
Snowden is living and working in Russia under a one-year asylum. The Russian government has refused to extradite Snowden, who was indicted by the Justice Department in June on charges of espionage and stealing government property, to the United States.
Snowden has said he would return to the United States if he were offered amnesty, but it is unclear whether Obama — who would most likely have to make such a decision — would make such an offer, given the damage the administration has claimed Snowden’s leaks have done to national security.
Advertisement
Because the NSA is still uncertain about exactly what Snowden took, government officials sometimes first learn about specific documents from reporters preparing their articles for publication — leaving the State Department with little time to notify foreign leaders about coming disclosures.
With the security agency trying to revamp its computer network in the aftermath of what could turn out to be the largest breach of classified information in U.S. history, the Justice Department has continued its investigation of Snowden.
According to senior government officials, FBI agents from the bureau’s Washington field office, who are leading the investigation, believe that Snowden methodically downloaded the files over several months while working as a government contractor at the Hawaii facility. They also believe that he worked alone, the officials said.
But for all of Snowden’s technical expertise, some U.S. officials also place blame on the security agency for being slow to install software that can detect unusual computer activity carried out by the agency’s workforce — which, at approximately 35,000 employees, is the largest of any intelligence agency.
An NSA spokeswoman declined to comment.
After a similar episode in 2010 — when an Army private, Chelsea Manning, gave hundreds of thousands of military chat logs and diplomatic cables to the anti-secrecy group WikiLeaks — the Obama administration took steps intended to prevent another government employee from downloading and disseminating large volumes of classified material.
Advertisement
In October 2011, Obama signed an executive order establishing a task force charged with “deterring, detecting and mitigating insider threats, including the safeguarding of classified information from exploitation, compromise, or other unauthorized disclosure.” The task force, led by the attorney general and the director of national intelligence, has the responsibility of developing policies and new technologies to protect classified information.
But one of the changes, updating computer systems to track the digital meanderings of the employees of intelligence agencies, occurred slowly.
“We weren’t able to flip a switch and have all of those changes made instantly,” said one U.S. intelligence official.
Lonny Anderson, the NSA’s chief technology officer, said in a recent interview that much of what Snowden took had come from parts of the computer system open to anyone with a high-level clearance. And part of his job was to move large amounts of data between different parts of the system.
But, Anderson said, Snowden’s activities were not closely monitored and did not set off warning signals.
“So the lesson learned for us is that you’ve got to remove anonymity” for those with access to classified systems, Anderson said during the interview with the Lawfare blog, part of a podcast series the website plans to run this week.
Officials said Snowden, who had an intimate understanding of the NSA’s computer architecture, would have known that the Hawaii facility was behind other agency outposts in installing monitoring software.
According to a former government official who spoke recently with Gen. Keith B. Alexander, the NSA director, the general said that, at the time Snowden was downloading the documents, the spy agency was several months away from having systems in place to catch the activity.
Advertisement
As investigations by the FBI and the NSA grind on, the State Department and the White House have absorbed the impact of Snowden’s disclosures on America’s diplomatic relations with other countries.
“There are ongoing and continuing efforts by the State Department still to reach out to countries and to tell them things about what he took,” said one senior administration official. The official said the State Department often described the spying to foreign leaders as “business as usual” between nations.