NSA’s Inability to Detect and Respond to Fabricated Cryptographic Keys and Certificates Allowed Exiled Attacker to Steal Thousands of Classified Documents and Intellectual Property
Salt Lake City, UT – November 12, 2013
Venafi, the leading cyber security company in Next-Generation Trust Protection, today announced the results of in-depth research by its Threat Center team into how Edward Snowden successfully breached the National Security Agency (NSA). After months of review, analysis and peer feedback, this research reveals that the contract worker leveraged valid credentials as a low-level system administrator to fabricate cryptographic keys and digital certificates, which he then used to access and steal classified information and US intellectual property. The NSA’s inability to detect or respond to anomalous key and certificate activity on its network allowed him to infiltrate systems and exfiltrate data without being detected.