Snowden suspected of bypassing electronic logs

Adam Goldman and Kimberly Dozier | The Associated Press

WASHINGTON (AP) — The U.S. government's efforts to determine which highly classified materials leaker Edward Snowden took from the National Security Agency have been frustrated by Snowden's sophisticated efforts to cover his digital trail by deleting or bypassing electronic logs, government officials told the Associated Press. Such logs would have showed what information Snowden viewed or downloaded.

The government's forensic investigation is wrestling with Snowden's apparent ability to defeat safeguards established to monitor and deter people looking at information without proper permission, said the officials, who spoke on condition of anonymity because they weren't authorized to discuss the sensitive developments publicly.

The disclosure undermines the Obama administration's assurances to Congress and the public that the NSA surveillance programs can't be abused because its spying systems are so aggressively monitored and audited for oversight purposes: If Snowden could defeat the NSA's own tripwires and internal burglar alarms, how many other employees or contractors could do the same?

In July, nearly two months after Snowden's earliest disclosures, NSA Director Keith Alexander declined to say whether he had a good idea of what Snowden had downloaded or how many NSA files Snowden had taken with him, noting an ongoing criminal investigation.

NSA spokeswoman Vanee Vines told the AP that Alexander "had a sense of what documents and information had been taken," but "he did not say the comprehensive investigation had been completed." Vines would not say whether Snowden had found a way to view and download the documents he took without the NSA knowing.

In defending the NSA surveillance programs that Snowden revealed, Deputy Attorney General James Cole told Congress last month that the administration effectively monitors the activities of employees using them.

"This program goes under careful audit," Cole said. "Everything that is done under it is documented and reviewed before the decision is made and reviewed again after these decisions are made to make sure that nobody has done the things that you're concerned about happening."

The disclosure of Snowden's hacking prowess inside the NSA also could dramatically increase the perceived value of his knowledge to foreign governments, which would presumably be eager to learn any counterdetection techniques that could be exploited against U.S. government networks.

It also helps explain the recent seizure in Britain of digital files belonging to David Miranda — the partner of Guardian journalist Glenn Greenwald — in an effort to help quantify Snowden's leak of classified material to TheGuardian newspaper. Authorities there stopped Miranda last weekend as he changed planes at Heathrow Airport while returning home to Brazil from Germany, where Miranda had met with Laura Poitras, a U.S. filmmaker who has worked with Greenwald on the NSA story.

Snowden, a former U.S. intelligence contractor, was employed by Booz Allen Hamilton in Hawaii before leaking classified documents to the Guardian and The Washington Post. As a systems administrator, Snowden had the ability to move around data and had access to thumb drives that would have allowed him to transfer information to computers outside the NSA's secure system, Alexander has said.

In his job, Snowden purloined many files, including ones that detailed the U.S. government's programs to collect the metadata of phone calls of U.S. citizens and copy Internet traffic as it enters and leaves the U.S., then routes it to the NSA for analysis.

Officials have said Snowden had access to many documents but didn't know necessarily how the programs functioned. He dipped into compartmentalized files as systems administrator and took what he wanted. He managed to do so for months without getting caught. In May, he flew to Hong Kong and eventually made his way to Russia, where that government has granted him asylum.

NBC News reported Thursday that the NSA was "overwhelmed" in trying to figure what Snowden had stolen and didn't know everything he had downloaded.

Insider threats have troubled the administration and Congress, particularly in the wake of Bradley Manning, a young soldier who decided to leak hundreds of thousands of sensitive documents in late 2009 and early 2010.

Congress had wanted to address the insider threat problem in the 2010 Intelligence Authorization Act, but the White House asked for the language to be removed because of concerns about successfully meeting a deadline. In the 2013 version, Congress included language urging the creation of an automated, insider-threat detection program.