by John Worrall
Whatever your personal views on Edward Snowden’s activities with NSA secrets, his words and actions should send a chill down the spine of every infosec professional. Every organization has someone with the privileged access that Snowden was trusted with. For the NSA, the information has national security implications, but privileged users in commercial organizations can cause catastrophic business damage as well.
Take this quote from the Q&A with Snowden in his video interview with The Guardian on June 6th. As you read it, replace his references to “NSA secrets” with your company’s most confidential data. Then ask yourself this: what you are doing to manage privileged identities and continuously monitor their use?
“Anybody in the positions of access with the technical capabilities that I had could suck out secrets, pass them on the open market to Russia, they always have an open door, as we do […] I had access to the full roster of everyone working at the NSA, the entire intelligence community, and undercover assets all around the world, the locations of every stations we have, what their missions are and so forth. If I just wanted to harm the US, I could shut down the entire surveillance system in an afternoon.”
(Listen to Snowden in his own words. This quote starts around the 9’45” mark of the video.)