HOUSE_OVERSIGHT_019698.jpg

210 | HOW AMERICA LOST ITS SECRETS The question was considered by the NSA’s National Threat Oper- ations Center, the same unit from which Edward Snowden later stole a huge trove of secret documents. According to a report in 1996 titled “Out of Control” (later released by the NSA), the danger of an Ames-type penetration could not be excluded. Even though the “threat officer” who wrote this report was not identified by name, his analysis proved incredibly prescient. He said that the NSA’s drive to enhance its performance by networking its computers would result in the intelligence services’ putting “all their classified infor- mation ‘eggs’ into one very precarious basket.” The basket was the computer networks run by technicians called system administrators. He pointed out that the NSA was becoming increasingly dependent on such networked computer systems, and he predicted that the NSA’s “Aldrich Ames,” as he put it, would be a “system administra- tor,” which was the position that Edward Snowden held nearly two decades later at Dell when he began stealing secrets. The NSA‘s system administrators were, as the threat officer pointed out, very different from the traditional military employees ) at the NSA. They were usually civilians who effectively served as © repairmen for complex computer systems. Moreover, many of them had not been directly hired by the NSA. Instead, their recruitment had been privatized to outside contractors. This outsourcing had deep roots tracing back to World War II. Ed Booz and Jim Allen, the founders of Booz Allen Hamilton, obtained contracts to help manage ship construction from the U.S. Navy. After the war ended, they sought contracts for their firm in clas- sified work. These contracts grew in size as the NSA needed more and more system administrators and other information technolo- gists to manage the computer networks. These system administra- tors needed to be given special privileges to do their service job. One such privilege allowed them to bypass password protection. Another privilege allowed then to temporarily transfer data to an external storage device while they repaired computers. These two privileges greatly increased the risk of a massive breach. Seeing them as the weak link in the chain, the threat officer wrote in the report that “system administrators are likely to be increasingly targeted by for- | | Epst_9780451494566_2p_all_r.indd 210 ® 9/3016 8:13AM | | HOUSE_OVERSIGHT_019698