A National Security Agency employee resigned from the agency after admitting to federal investigators that he gave former NSA analyst Edward Snowden a digital key that allowed him to gain access to classified materials, the NSA has told Congress. Snowden has previously said he did not steal any passwords.
The unnamed civilian employee who worked with Snowden resigned last month after the government revoked his security clearance, according to a letter that NSA legislative director Ethan L. Bauman sent this week to the House Judiciary Committee. A military employee and a private contractor also lost their access to NSA data as part of the continuing investigation by the FBI, Bauman said.
Bauman's memo, dated Feb. 10, provides some of the first details about what authorities said they have learned about how Snowden retrieved so many classified documents before passing them to news organizations. Top U.S. national security officials have acknowledged they do not know many files Snowden took before he fled the U.S.
Snowden has denied that he stole computer passwords or tricked some co-workers into giving him their passwords. The NSA letter suggested Snowden tricked at least one co-worker and copied the employee's password without his knowledge.
The civilian NSA worker told FBI investigators last June that he allowed Snowden to use an encrypted digital key known as a Public Key Infrastructure certificate to gain access to classified information on NSANet, the agency's computer network. The system connects into many of the NSA's classified databanks. The memo said that previously Snowden had been denied access to the network.
After the co-worker entered his secure PKI password, Snowden "was able to capture the password, allowing him even greater access to classified information," Bauman told lawmakers. He said the civilian NSA employee was not aware that Snowden intended to reveal any classified information. It was not clear from the memo how much classified information Snowden had collected before using the co-worker's password.
Last month, Snowden participated in a public question-and-answer session on the "Free Snowden" website. "I never stole any passwords, nor did I trick an army of co-workers," he asserted.
The NSA suspended the co-worker's access to secure data and, in November, revoked his security clearance. The NSA informed the employee it planned to fire him and he resigned in January, Bauman said.
Regarding the U.S. military employee and the private contractor also lost their access to classified data, Bauman's letter did not disclose what lapses they might have committed.
The head of U.S. spying programs, Director of National Intelligence James Clapper, told senators this week that Snowden's access to so many classified files has accelerated plans to tighten clearance procedures and monitoring on government computers.
Clapper told the Senate Armed Services Committee that the Snowden breach was a "perfect storm" for him, since Snowden was a systems administrator and a highly skilled and technically skilled IT professional.
"And so he knew exactly what he was doing," Clapper said. "And it was his job as assistant administrator to arrange across a lot of the databases. And he was pretty skilled at staying below the radar, so what he was doing wasn't visible."
Clapper acknowledged that the Hawaii NSA station where Snowden worked did not have the same level of security that exists at the agency's Fort Meade, Md., headquarters. The agency is strengthening security levels throughout its network, Clapper said, tightening daily access to its databanks and laying plans to subject its employees to random clearance and security checks.