Edward Snowden

Snowden learned hacker skills while working for NSA contractor

On-the-job education gave whistle-blower the skills he needed to steal US surveillance secrets

PUBLISHED : Saturday, 06 July, 2013, 12:00am
UPDATED : Tuesday, 13 August, 2013, 3:48pm

In 2010, while working for a National Security Agency contractor, Edward Snowden learned to be a hacker.

He took a course that trains security professionals to think like hackers and understand their techniques, all with the intent of turning out "certified ethical hackers", who can better defend their employers' networks.

But the certification, listed on a résumé Snowden later prepared, would also have given him some of the skills he needed to rummage undetected through NSA computer systems and gather the highly classified surveillance documents that he leaked last month, security experts say.

Snowden's résumé, which has not been made public and was described by people who have seen it, provides a new picture of how his skills and responsibilities expanded while he was an intelligence contractor.

Although federal officials offered only a vague description of him as a "systems administrator", the résumé suggests that he had transformed into the kind of cybersecurity expert the NSA is desperate to recruit, making his decision to release the documents even more embarrassing to the agency.

"If he's looking inside US government networks for foreign intrusions, he might have very broad access," said James Lewis, a computer security expert at the Centre for Strategic and International Studies. "The hacker got into the storeroom."

In an age when terabytes of data can be stashed inside palm-size devices, the new details about Snowden's training and assignments underscore the challenges the NSA faces in recruiting a new generation of free-spirited computer experts with diverse political views.

Snowden said he leaked the documents to alert the public to the sweeping nature of the US government's surveillance. He took a job as an "infrastructure analyst" with Booz Allen Hamilton in April at an NSA facility in Hawaii to gain access to lists of computers that the agency had hacked around the world.

Snowden prepared the résumé shortly before applying for that job, while he was working in Hawaii for the NSA with Dell, the computer maker, which has intelligence contracts. Little has been reported about his four years with Dell, but his résumé, as described, says he rose from supervising computer system upgrades for the spy agency in Tokyo to working as a "cyberstrategist" and an "expert in cyber counterintelligence" at several locations in the US.

In what may have been his last job for Dell in Hawaii, he was responsible for the security of "Windows infrastructure" in the Pacific, according to people who have seen his résumé.

Whatever his role, Snowden's ability to comb through the networks as a lone wolf - and walk out the door with the documents on thumb drives - shows how the agency's internal security system has fallen short, officials say.

"If Visa can call me and say, 'Are you in Dakar, Senegal?' when they see a purchase that doesn't fit my history, then we ought to be able to detect something like this," said Michael Hayden, a former director of the NSA and the CIA. "That continuous monitoring does not seem to have been in place."