Snowden persuaded other NSA workers to give up passwords – sources
Mark Hosenball and Warren Strobel report that Edward Snowden successfully socially engineered employees at the NSA into giving him their login credentials:
Former U.S. National Security Agency contractor Edward Snowden used login credentials and passwords provided unwittingly by colleagues at a spy base in Hawaii to access some of the classified material he leaked to the media, sources said.
A handful of agency employees who gave their login details to Snowden were identified, questioned and removed from their assignments, said a source close to several U.S. government investigations into the damage caused by the leaks.
Snowden may have persuaded between 20 and 25 fellow workers at the NSA regional operations center in Hawaii to give him their logins and passwords by telling them they were needed for him to do his job as a computer systems administrator, a second source said.
Read more on Reuters.
Okay, this gets my vote for both the insider breach of the year and the social engineering breach of the year, if anyone’s polling.
Reuters reports that sources tell them although the “government now believes it has a good idea of all the data to which Snowden could have accessed, investigators are not positive which and how much of that data Snowden actually downloaded.” If he was logged in as others, well yes, that would make this all even more difficult to determine.