The media furore continues around Edward Snowden, who has sensationally been named as the whistleblower behind the news of the NSA/PRISM breach, reported as ‘one of the most significant leaks in US political history’. As the global fall-out around the news continues, it has emerged that Snowden held several IT roles, in which he had broad access rights to highly sensitive information – having worked as a system engineer and systems administrator for the NSA and as a senior advised for the CIA. Up until recent events, Snowden was also employed by Booz Allen Hamilton – a defence contractor that provides consulting services to the US Government.
In an interview with the Guardian, Snowden revealed the astonishing level of control and broad access that he held in these technical positions: “Anybody in the positions of access with the technical capabilities that I had could suck out secrets, pass them on the open market to Russia, they always have an open door, as we do […] I had access to the full roster of everyone working at the NSA, the entire intelligence community, and undercover assets all around the world, the locations of every stations we have, what their missions are and so forth. If I just wanted to harm the US, I could shut down the entire surveillance system in an afternoon.”
Udi Mokady, President & CEO of Cyber-Ark, has made the following comments: “While media coverage of this incident has predominantly revolved around the US’s cyber spying practises, there is an important lesson to be learnt here on the vast power entrusted to employees and the potential damage that can ensue if these internal privileges are misused. Regardless of whether or not you agree with Snowden’s actions and his political motivations, organisations should not lose sight of the fundamental truth that he was exposed to this highly sensitive information via the internal privileged credentials that he was privy to. There’s almost an unfortunate sense of déjà vu here as well, as just six months previously, intelligence agencies in the US and UK were warned that secret information on counter-terrorism shared by foreign governments may have been compromised and stolen by a senior IT technician for Switzerland's intelligence service.
“In each and every organisation, employees are entrusted with these immensely powerful privileged credentials, which include administrative log in rights. These access points enable a ‘privileged super-user’ to log on – often anonymously – and take control of the network, with full access to the most sensitive data held within. A little known fact is that these commonly neglected accounts are also often grossly underestimated, as they frequently outnumber the headcount within an organisation. Left unmanaged and unmonitored, privileged accounts can be used to the detriment of a business – whether at the hand of a rogue insider; a hapless employee; or by cyber attackers, who as we can see from recent high-profile attacks, actively target these accounts in order to execute enterprise assaults.
“The NSA/PRISM case is undoubtedly an extreme case of employee misuse of privileges, but it raises an important question which is entirely relevant to enterprise decision makers: Are you doing enough to secure the ‘keys’ to your most crucial corporate assets?”