Venafi Reveals how Edward Snowden Breached the NSA; Challenges Agency to Prove Conclusions Wrong
Salt Lake City, UT
November 12, 2013
NSA’s Inability to Detect and Respond to Fabricated Cryptographic Keys and Certificates Allowed Exiled Attacker to Steal Thousands of Classified Documents and Intellectual Property
Venafi, the leading cyber security company in Next-Generation Trust Protection, today announced the results of in-depth research by its Threat Center team into how Edward Snowden successfully breached the National Security Agency (NSA). After months of review, analysis and peer feedback, this research reveals that the contract worker leveraged valid credentials as a low-level system administrator to fabricate cryptographic keys and digital certificates, which he then used to access and steal classified information and US intellectual property. The NSA’s inability to detect or respond to anomalous key and certificate activity on its network allowed him to infiltrate systems and exfiltrate data without being detected.
“For more than a decade, we’ve been observing similar attacks at some of the most security-minded enterprises and agencies in the world. Based on all available evidence, we’ve concluded that fabricated SSH keys and self-signed certificates along with the agency’s inability to detect their presence and use is what led to the breach,” said Jeff Hudson, CEO, Venafi. “The NSA knows this is how the breach was accomplished, and we’re so confident in our analysis and conclusions that we’re comfortable challenging the NSA—or Edward Snowden—to prove us wrong.”
Cybercriminals and nation-backed operators have successfully used unsecured keys and certificates to breach trust on enterprise and government agency systems on repeated occasion. Most global organizations have no ability to detect anomalies or to respond to attacks on trust that leverage compromised, stolen or fabricated keys and certificates. Because of these deficiencies, enterprises are “sitting ducks” according to a recent Forrester Consulting report
In addition to Forrester’s conclusion, it is also well documented that some of the most famous computer breaches have been the result of abused keys and certificates, including the Flame, Duqu and Stuxnet attacks. Attackers and common cyber-criminals understand this well, which is why attackers increasingly use self-signed certificates and maliciously manipulated SSH and asymmetric keys to attack organizations in order to steal data and valuable intellectual property.
“As a leading organization responsible for contributing to U.S. national and global cyber defense, the NSA has a responsibility to disclose the truth behind the breach,” continued Hudson. “Until the agency openly admits what happened along with all of the steps it’s taken to correct the problem, all organizations that rely on keys and certificates to ensure trust will remain vulnerable to this attack vector.”
Following analysis and peer review of the information that has been publically reported, Venafi has identified the critical elements to piece together the full story of how Snowden attacked common trust mechanisms in order to breach the NSA, and has released its findings via multiple sources that outline in detail how the attack occurred: