14 DAY TRIAL // Researchers from Venafi’s Threat Center are confident they’ve found out how Edward Snowden has managed to breach the NSA’s systems to steal all the data he has been leaking over the past months.
The company is so confident in the results of its research that it challenges the intelligence agency to prove its conclusions wrong.
According to Jeff Hudson, Venafi’s CEO, experts have found evidence that Snowden used fabricated SSH keys and self-signed certificates. These elements, combined with the NSA’s inability to detect their presence and use, are what ultimately led to Snowden having access to classified information.
First, researchers analyzed Snowden’s work environment and the tools he had at his disposal.
As a contractor, he had a Common Access Card that granted him access to certain systems. As a system admin, he had access to the Secure Shell (SSH) keys utilized to authenticate and manage systems. On the other hand, the computing resources he had at his disposal were limited and his credentials didn't grant him full access.
Testimonies from officials, including the NSA’s General Alexander, interviews with Snowden himself, and reports about him stealing credentials from his colleagues have helped Venafi put the pieces of the puzzle together.
Experts concluded that Snowden used his valid access credentials to determine where the sensitive information was being stored, even if he didn’t have full access to it. The stolen credentials were utilized to obtain administrative SSH keys and even allowed him to insert his own as trusted.
Once he gained full access to the information he was targeting, he employed a tactic often used by cybercriminals to exfiltrate data: upload data to command and control servers by using self-signed certificates. Since the NSA wasn't properly tracking keys and certificates, his efforts remained undetected.
“As a leading organization responsible for contributing to U.S. national and global cyber defense, the NSA has a responsibility to disclose the truth behind the breach,” Hudson said.
“Until the agency openly admits what happened along with all of the steps it's taken to correct the problem, all organizations that rely on keys and certificates to ensure trust will remain vulnerable to this attack vector.”
Venafi has also published an infographic on how Snowden breached the NSA. Additional details are provided in a post published by Hudson on the company’s blog.
You can also check out this video, which sums up everything nicely:
