WASHINGTON — Former National Security Agency (NSA) contract employee Edward Snowden used a computer thumb drive to smuggle highly classified documents out of an NSA facility in Hawaii, using a portable digital device supposedly barred inside the agency, U.S. officials said.
Investigators “know how many documents he downloaded and what server he took them from,” said one official who spoke on condition of anonymity.
Snowden worked as a system administrator, a technical job that gave him wide access to NSA computer networks and presumably a keen understanding of how those networks are monitored for unauthorized downloads.
“Of course, there are always exceptions” to the thumb-drive ban, a former NSA official said, particularly for network administrators. “There are people who need to use a thumb drive and they have special permission. But when you use one, people always look at you funny.”
- Seattle’s vanishing black community
- Bellevue School District seeks to fire football coach Goncharoff over scandal
- Boeing tankers will be delivered to Air Force late — and incomplete
- Paul Allen ends KEXP’s yearslong fundraising drive with $500,000 donation
- A six-pack of observations from Seahawks' OTAs: Justin Britt, Alex Collins, Tharold Simon and more
Most Read Stories
FBI Director Robert Mueller said Thursday that he expects Snowden to be arrested and prosecuted in this country.
“He is the subject of an ongoing criminal investigation,” Mueller told a House hearing. “We are taking all necessary steps to hold this person responsible for these disclosures.”
Confirmation of a thumb drive solved one of the central mysteries in the case: how Snowden, who worked for contracting company Booz Allen Hamilton, physically removed classified material from a spy agency famous for strict security and ultra-secrecy.
He acknowledged Sunday that he gave two news organizations details of secret NSA surveillance programs on telephones and the Internet, but he did not say how he had transferred the data. He is believed to be hiding in Hong Kong.
Officials said they don’t know how Snowden got access to an order marked “Top Secret” from the Foreign Intelligence Surveillance Act (FISA) Court, or a highly classified directive from President Obama authorizing a military target list for cyber attacks. Neither document would be widely shared or normally available to a low-level NSA employee.
A larger number of NSA employees and contractors might have access to a PowerPoint slideshow on PRISM, which uses online data from nine U.S. Internet and technology companies. Snowden said he provided the slides to The Washington Post and The Guardian.
“There is a certain level of information that is not specific to a mission, but helps people who work there understand how the place functions,” the former NSA operator said.
The Pentagon, which includes the NSA, banned connecting thumb drives and other portable storage devices to classified computers after malicious software was discovered on the military’s classified network in October 2008.
The chief suspect was Russian intelligence, and investigators determined that the malware was introduced through a corrupted thumb drive. The yearslong effort to clean up the system was code-named Operation Buckshot Yankee. Many of the external drives on Defense Department computers were disabled.
Two years later, Army Pfc. Bradley Manning, an intelligence analyst in Iraq, downloaded hundreds of thousands of classified documents onto thumb drives and computer discs, and transferred the data to the anti-secrecy website WikiLeaks.
After that, “there was a lot of focus on this type of insider threat,” the former operator said. “If it is still easy to use a thumb drive, that is a major problem.”
Manning is on trial at Fort Meade, Md., on charges of aiding America’s enemies. If convicted, he could be sentenced to life in prison. He already has pleaded guilty to 10 lesser counts.