The release of the documentary “Citizenfour”, captures the first interviews with NSA whistleblower Edward Snowden. The Guardian calls the film ”gripping” while the Telegraph says “everyone needs to see it”.
For the world at large the clear focus is on what Snowden leaked and his motivations for doing so, his actions have shaken a world more reliant on technology than we ever realised. But for those of us looking to keep the data that we’re responsible for in our organisations safe, the question is whether someone inside could use his methods to compromise us.
So how exactly did he do it? As is often the case with compromising security measures it was a combination of identifying a technical weakness combined with social engineering, For Snowden that was his colleagues in the NSA.
The foundation for Snowden’s ability to leak was undoubtedly the elevated privileges he was initially given as a systems administrator. Encryption experts Venafi are of the firm belief that he fabricated SSH keys and self-signed digital certificates to access and steal the NSA documents.
As far as the social engineering is concerned it’s clear that Snowden was able to use credentials from his NSA co-workers to access more SSH keys as well as other systems to access the data he copied.
With network monitoring and log management solutions focussed on external threats, do you think your existing security architecture would be likely to spot this kind of activity? Especially given that Snowden had privileged access to some of these resources anyway.
If we accept that the Snowden leak proved a tipping a point for us to recognise that our data needs protecting not only from the threats outside of our perimeter but also those people with access on the inside, we must begin to consider how we can mitigate these risks without hindering the work of our privileged users.
We've created a FREE guide to help you spot an insider in your organisation as well as practical steps you can take to reduce your risk.