With an agency as powerful as the NSA anybody would be forgiven if they thought that Edward Snowden used some high-tech hack to get his hands on secret documents relating to the PRISM programme, but that couldn’t be further from the truth. Snowden simply asked NSA employees for their logins and passwords – proving that social engineering is still effective, and that humans are weakest link in any security system.
Snowden used his role as a system administrator to coerce unsuspecting NSA employees to part with their credentials, leaving him with unfettered access to the NSA’s data. He was also then able to gather as many documents as he wanted without raising any flags: any computer systems the NSA have in place would simply see people accessing documents and files they’re supposed to. Even if those accounts were used for unauthorised access, Snowden wouldn’t have been the first suspect.
Since then, we know he’s shared the agency’s secrets with the whole world, putting the American spy system’s far-reaching actions in the spotlight and causing world leaders to question American policies.
Given the most recent findings, the NSA is now reportedly cracking down on those who inadvertently aided Snowden by handing over their passwords. That might cast doubt over the effectiveness of the policies in places, if employees were allowed to just give their credentials to any old IT guy.