He took a course that trains security professionals to think like hackers and understand their techniques, all with the intent of turning out “certified ethical hackers” who can better defend their employers’ networks.
But the certification, listed on a résumé that Mr. Snowden later prepared, would also have given him some of the skills he needed to rummage undetected through N.S.A. computer systems and gather the highly classified surveillance documents that he leaked last month, security experts say.
Mr. Snowden’s résumé, which has not been made public and was described by people who have seen it, provides a new picture of how his skills and responsibilities expanded while he worked as an intelligence contractor. Although federal officials offered only a vague description of him as a “systems administrator,” the résumé suggests that he had transformed himself into the kind of cybersecurity expert the N.S.A. is desperate to recruit, making his decision to release the documents even more embarrassing to the agency.
“If he’s looking inside U.S. government networks for foreign intrusions, he might have very broad access,” said James A. Lewis, a computer security expert at the Center for Strategic and International Studies. “The hacker got into the storeroom.”
In an age when terabytes of data can be stashed inside palm-size devices, the new details about Mr. Snowden’s training and assignments underscore the challenges that the N.S.A. faces in recruiting a new generation of free-spirited computer experts with diverse political views.
Mr. Snowden, who is now marooned at an airport in Moscow waiting to see if another country will grant him asylum, has said he leaked the documents to alert the public to the sweeping nature of the American government’s surveillance. He took a job as an “infrastructure analyst” with Booz Allen Hamilton in April at an N.S.A. facility in Hawaii, he has said, to gain access to lists of computers that the agency had hacked around the world.
Mr. Snowden prepared the résumé shortly before applying for that job, while he was working in Hawaii for the N.S.A. with Dell, the computer maker, which has intelligence contracts. Little has been reported about his four years with Dell, but his résumé, as described, says that he rose from supervising computer system upgrades for the spy agency in Tokyo to working as a “cyberstrategist” and an “expert in cyber counterintelligence” at several locations in the United States.
In what may have been his last job for Dell in Hawaii, he was responsible for the security of “Windows infrastructure” in the Pacific, he wrote, according to people who have seen his résumé. He had enough access there to start making contacts with journalists in January and February about disclosing delicate information. His work for Dell may also have enabled him to see that he would have even more access at Booz Allen.
Some intelligence experts say that the types of files he improperly downloaded at Booz Allen suggest that he had shifted to the offensive side of electronic spying or cyberwarfare, in which the N.S.A. examines other nations’ computer systems to steal information or to prepare attacks. The N.S.A.’s director, Gen. Keith B. Alexander, has encouraged workers to try their skills both defensively and offensively, and moving to offense from defense is a common career pattern, officials say.
Whatever his role, Mr. Snowden’s ability to comb through the networks as a lone wolf — and walk out the door with the documents on thumb drives — shows how the agency’s internal security system has fallen short, former officials say.
“If Visa can call me and say, ‘Are you in Dakar, Senegal?’ when they see a purchase that doesn’t fit my history, then we ought to be able to detect something like this,” said Michael V. Hayden, a former director of the N.S.A. and the C.I.A. “That continuous monitoring does not seem to have been in place.”
But Michael Maloof, a software developer who supplied internal monitoring systems to private companies, said that with Mr. Snowden’s training in hacking, he “would have known to keep his probes low and slow, a little bit here, a little bit there, so there was nothing to detect.”
If alarms went off as he grabbed documents, Mr. Maloof said, Mr. Snowden might have been able to explain away the alerts by saying that he was merely testing the protections as part of his security job.
Mr. Snowden grew up in Baltimore’s southern suburbs, where many of his neighbors would have been tech-savvy N.S.A. employees working at the agency’s headquarters at Fort Meade. Conventional schooling did not agree with him, and he dropped out of high school and eventually sought technical training in a series of courses.
Article source: http://www.nytimes.com/2013/07/05/us/resume-shows-snowden-honed-hacking-skills.html?partner=rss&emc=rss