Using public statements from Edward Snowden and NSA officials, digital-certificate firm Venafi pieces together a likely scenario for how the former contractor accessed classified documents.
Edward Snowden has not publicly stated how he leveraged his privileged access to certain servers and top-secret information at the National Security Agency into a wider fishing expedition, netting classified secrets that he had no clearance to access. The NSA hasn't provided much insight either.This week, however, security researchers at certificate-management firm Venafi threw their collective hat into the ring, posting an analysis stating that Snowden likely used authentication keys to give his account privileged access to other servers in the network. Secure shell (SSH) keys are frequently used by system administrators to log into remote computers without a password, and Snowden likely gained access to others' keys or to privileged accounts and inserted his own keys, the company said.
The most significant clue is General Keith Alexander's testimony in which the NSA chief reportedly stated that Snowden "fabricated digital keys" to gain access to classified systems, Jeff Hudson, CEO of Venafi, told eWEEK.
"It all comes back to one thing: 'He fabricated the SSH keys,'" he said. "What he did was he allowed himself access to other systems and in the process he elevated his privilege."
More news at http://www.eweek.com/security/snowden-likely-used-ssh-keys-to-access-classified-nsa-data-venafi.html
No comments:
Post a Comment
Add your comments.All the inputs are important and valuable.