Thursday, August 14, 2014
Snowden: I Left the NSA Clues, But They Couldn’t Find Them
BY ANDY GREENBERG
7:00 AM |
If the NSA still doesn’t know the full extent of the greatest leak of secrets in its history, it’s not because of Edward Snowden’s attempts to cover his tracks. On the contrary, the NSA’s most prolific whistleblower now claims he purposefully left a trail of digital bread crumbs designed to lead the agency directly to the files he’d copied.
In a WIRED interview published today, the 31-year-old megaleaker has revealed that he planted hints on NSA networks that were intended to show which of its documents he’d smuggled out among the much larger set he accessed or could have accessed. Those hints, he says, were intended to make clear his role as a whistleblower rather than a foreign spy, and to allow the agency time to minimize the national security risks created by the documents’ public release.
The fact that NSA officials have told the press that his haul may have been as large as 1.7 million documents, says Snowden, is a sign that the agency has either purposely inflated the size of his leak or lacks the forensic skills to see the clues he left for its auditors. “I figured they would have a hard time,” Snowden tells WIRED, describing the agency’s attempts to reverse-engineer his leak. “I didn’t figure they would be completely incapable.”
In a speech late last year, NSA director Keith Alexander said that Snowden had given reporters “between 50,000 and 200,000 documents.” But in later statements to the press, NSA officials have said only that Snowden “accessed” 1.7 million documents, without specifying how much of that access was part of his authorized NSA duties. And Alexander also admitted in an interview after his resignation that the NSA still doesn’t know the full extent of Snowden’s leak. Indeed, an agency official said in a 60 Minutes interview that its post-leak investigation removed from the NSA’s classified network every computer Snowden could have ever accessed, at a cost of tens of millions of dollars, for fear that he might have planted spyware on the machines for future data collection.
That image of Snowden as a stealthy spy contrasts sharply with Snowden’s own depiction of his leaking actions. As journalist Glenn Greenwald wrote in his book No Place To Hide, Snowden claims he could have left no trace on the NSA’s network due to its lack of audit controls. But he said he instead left behind some “footprints” to show NSA investigators that he had acted alone and to prevent suspicion of his coworkers.
Snowden’s new claims go further: That he intended those footprints to outline exactly what he’d taken. In addition to shedding light on his motives, Snowden says he meant the clues to allow the NSA to avoid collateral damage from his leaks, changing codenames and plans to anticipate the release of some of its most sensitive secrets.
The repetition of the 1.7 million number by political figures and the press is at least partly intended to mischaracterize Snowden’s intentions, argues his lawyer Jesselyn Radack, who is also national security director for the whistleblower-focused Government Accountability Project. “I think they probably didn’t spot the bread crumbs,” she says of the NSA’s investigators. “Even if they did get them, I think this [1.7 million] number is manufactured out of whole cloth to give the impression of a wholesale data dump. In fact, Ed very carefully selected exactly what he wanted to turn over and why.”
When WIRED asked an NSA spokesperson to comment on Snowden’s new claims or its internal estimate of the size of his leak, spokesperson Vanee Vines responded with this statement: “If Mr. Snowden wants to discuss his activities, that conversation should be held with the U.S. Department of Justice. He needs to return to the United States to face the charges against him.”
In a followup inquiry through his ACLU lawyer Ben Wizner, Snowden wouldn’t offer any more details on how exactly he left his network bread crumbs for the NSA or the real total number of documents he took. In forensic analyses of a typical computer network, a leaker’s behavior could be found in everything from logs kept by network monitoring tools to changes in operating system files like Windows’ system registry, which can be analyzed to show what documents a user has opened.
Despite his early intention to make the NSA aware of the scope of his data theft, Snowden may have good reason to now keep the extent of his leaks secret. That knowledge could serve as an important bargaining chip if Snowden seeks to return to the U.S. and negotiate a plea deal, an option he’s hinted at exploring.
In the meantime, Snowden tells WIRED—perhaps with a certain amount of schadenfreude—that the government’s overestimation of the size of his leak has left it to imagine the worst. “I think they think there’s a smoking gun in there that would be the death of them all politically,” Snowden says. “The fact that the government’s investigation failed—that they don’t know what was taken and that they keep throwing out these ridiculous huge numbers—implies to me that somewhere in their damage assessment they must have seen something that was like, ‘Holy shit.’ And they think it’s still out there.”