But Snowden was not most users. A typical NSA worker has a “top secret” security clearance, which gives access to most, but not all, classified information. Snowden also had the enhanced privileges of a “system administrator.” The NSA, which has as many as 40,000 employees, has 1,000 system administrators, most of them contractors.
As a system administrator, Snowden was allowed to look at any file he wanted, and his actions were largely unaudited. “At certain levels, you are the audit,” said an intelligence official.
He was also able to access NSAnet, the agency’s intranet, without leaving any signature, said a person briefed on the postmortem of Snowden’s theft. He was essentially a “ghost user,” said the source, making it difficult to trace when he signed on or what files he accessed.
If he wanted, he would even have been able to pose as any other user with access to NSAnet, said the source.
The “thin client” system and system administrator job description also provided Snowden with a possible cover for using thumb drives.
The system is intentionally closed off from the outside world, and most users are not allowed to remove information from the server and copy it onto any kind of storage device. This physical isolation – which creates a so-called “air gap” between the NSA intranet and the public internet — is supposed to ensure that classified information is not taken off premises.
But a system administrator has the right to copy, to take information from one computer and move it to another. If his supervisor had caught him downloading files, Snowden could, for example, have claimed he was using a thumb drive to move information to correct a corrupted user profile.
“He was an authorized air gap,” said an intelligence official.
Finally, Snowden’s physical location worked to his advantage. In a contractor’s office 5,000 miles and six time zones from headquarters, he was free from prying eyes. Much of his workday occurred after the masses at Ft. Meade had already gone home for dinner. Had he been in Maryland, someone who couldn’t audit his activities electronically still might have noticed his use of thumb drives.
It’s not yet certain when Snowden began exploiting the gaps in NSA security. Snowden worked for Booz Allen Hamilton for less than three months, and says he took the job in order to have access to documents. But he may have begun taking documents many months before that, while working with the NSA via a different firm. According to Reuters, U.S. officials said he downloaded documents in April 2012, while working for Dell.
Snowden is thought to have made his initial attempt to offer documents to the media in late 2012, while at Dell. According to published accounts, he tried to contact Guardian journalist Glenn Greenwald in December and started talking to filmmaker Laura Poitras in January.
He began working for Booz Allen in March. In May, he told his supervisor he needed to take time off to deal with a health issue, and then flew to Hong Kong, where he met with Poitras and Greenwald, on May 20. He later told the Guardian that he was downloading documents on his last day at work. The revelations based on his documents started appearing in the Guardian and the Washington Post within weeks.