Resume shows Snowden honed his hacking skills

Whistleblower transformed himself into a cybersecurity expert as the NSA desired

In 2010, while working for a National Security Agency contractor, Edward J Snowden learned to be a hacker.

He took a course that trains security professionals to think like hackers and understand their techniques, all with the intent of turning out “certified ethical hackers” who can better defend their employers’ networks.

But the certification, listed on a resume Snowden later prepared, would also have given him some of the skills he needed to rummage undetected through NSA computer systems and gather the highly classified surveillance documents that he leaked last month, security experts say.

Snowden’s resumé, which has not been made public and was described by people who have seen it, provides a new picture of how his skills and responsibilities expanded while he worked as an intelligence contractor. Although federal officials offered only a vague description of him as a “systems administrator,” the resume suggests that he had transformed himself into the kind of cybersecurity expert the NSA is desperate to recruit, making his decision to release the documents even more embarrassing to the agency.

“If he’s looking inside U.S. government networks for foreign intrusions, he might have very broad access,” said James A. Lewis, a computer security expert at the Center for Strategic and International Studies. “The hacker got into the storeroom.”
In an age when terabytes of data can be stashed inside palm-size devices, the new details about Snowden’s training and assignments underscore the challenges the NSA faces in recruiting a new generation of free-spirited computer experts with diverse political views.

Snowden, who is now marooned at an airport in Moscow waiting to see if another country will grant him asylum, has said he leaked the documents to alert the public to the sweeping nature of the US government’s surveillance. He took a job as an “infrastructure analyst” with Booz Allen Hamilton in April at an NSA facility in Hawaii, he has said, to gain access to lists of computers that the agency had hacked around the world.

Snowden prepared the resume shortly before applying for that job, while he was working in Hawaii for the NSA with Dell, the computer maker, which has intelligence contracts. Little has been reported about his four years with Dell, but his resume, as described, says he rose from supervising computer system upgrades for the spy agency in Tokyo to working as a “cyberstrategist” and an “expert in cyber counterintelligence” at several locations in the United States.

In what may have been his last job for Dell in Hawaii, he was responsible for the security of “Windows infrastructure” in the Pacific, he wrote, according to people who have seen his resume. He had enough access there to start making contacts with journalists in January and February about disclosing sensitive information. His work for Dell may also have enabled him to see that he would have even more access at Booz Allen.

Some intelligence experts say that the types of files he improperly downloaded at Booz Allen suggest he had shifted to the offensive side of electronic spying or cyberwarfare, in which the NSA examines other nations’ computer systems to steal information or to prepare attacks. The NSA’s director, Gen. Keith B Alexander, has encouraged workers to try their skills both defensively and offensively, and moving to offense from defense is a common career pattern, officials say.

Whatever his role, Snowden’s ability to comb through the networks as a lone wolf - and walk out the door with the documents on thumb drives - shows how the agency’s internal security system has fallen short, former officials say.

Continuous monitoring

“If Visa can call me and say, 'Are you in Dakar, Senegal?' when they see a purchase that doesn’t fit my history, then we ought to be able to detect something like this,” said Michael V. Hayden, a former director of the NSA and the CIA. “That continuous monitoring does not seem to have been in place.”

But Michael Maloof, a software developer who supplied internal monitoring systems to private companies, said that with Snowden’s training in hacking, he “would have known to keep his probes low and slow, a little bit here, a little bit there, so there was nothing to detect.”

If alarms went off as he grabbed documents, Maloof said, Snowden might have been able to explain away the alerts by saying he was merely testing the protections as part of his security job. Snowden grew up in Baltimore’s southern suburbs, where many of his neighbors would have been tech-savvy NSA employees working at the agency’s headquarters at Fort Meade. Conventional schooling did not agree with him, and he dropped out of high school and eventually sought technical training in a series of courses.

As early as 2003, when he was 20, he showed interest in the skills, prized by hackers, required to operate anonymously online. “I wouldn’t want God himself to know where I’ve been, you know?” he, or someone identified as him from his screen name and other details, wrote on a forum on the tech news site Ars Technica.

Three years later, about the time he joined the CIA, he had discovered the long list of jobs available to anyone with computer expertise who could pass a detailed “lifestyle” polygraph test and get a security clearance. “If you’re cleared, have a lifestyle, and have specialized IT skills, you can go anywhere in the world right now,” he wrote under the screen name, TheTrueHOOHA.

For years, NSA officials have visited hacker gatherings to promote the agency and recruit workers. Alexander, the director, gave the keynote address a year ago at Defcon, a large hacker conference, in Las Vegas. But Snowden’s profile will now be carefully studied by intelligence officials for clues about how to hire skilled young hackers without endangering the agency’s secrets.

John R. Schindler, a former NSA official who now teaches at the Naval War College, said that the background investigation for Snowden’s security clearance was clearly flawed. “For years, NSA and now the Cyber Command have struggled with how to relate to the hacker community,” he added. “It’s obvious that some sort of arrangement to allow hackers to work for NSA and the intelligence community in a systematic way is needed.”

Comments (+)