Document details alleged pre‑planned NSA data theft by Edward Snowden using deception and custom “spider” tools

90 He returned on April 13th to Hawaii, One domestic task he to attend to was helping Mills pack up their possessions, which they stored in boxes in the garage. The lease on their house was up on April 30, 2013, so he found a temporary rental for them just a few blocks away. On Monday April 15th, Snowden began on-the-job training as an analyst at the National Threat Operations Center—a training that he would not complete. The same week he began the training, he prepared his exit by writing Booz Allen that he needed a brief medical leave in May to undergo medical treatment for his putative epilepsy symptoms. Even though he had no planned any treatments, and, as far as is known did not suffer from epilepsy, Booz Allen required a minimum of one month’s notice for foreign travel. By making the request, he lessened the likelihood that it would arouse undue suspicion when he departed Hong Kong with stolen documents on May 18, 2013. This brief window left him some four weeks to take the lists that he coveted. Snowden carried out the heist with precision reminiscent of a “Mission Impossible” movie caper. First, he needed to get passwords to up to 24 compartments at the National Threat Operation Center that he had not been “read into.” Even in the “open culture” of the NSA this was not an easy challenge since he no longer had a plausible pretext for asking other experienced threat analysts had their passwords, as he did when he was a system administrator at Dell. He would now be asking them to break strict NSA rules that prohibited intelligence workers from disclosing their passwords to an unauthorized party. In addition, they were supposed to report anyone who asked to use their passwords. He may have obtained some passwords through deception, such as tricking them into typing in their passwords in a device that captured them. As the NSA informed Congress in 2014, three of his fellow workers told the FBI that Snowden may have deceived them to gain access their passwords. He may have also have used electronic means to have stolen the remaining passwords. In any case, however he accomplished this incredible feat, he gained access to 24 compartments containing the NSA’s most closely guarded secrets in a matter of a few weeks. Next, he had to find the lists he was seeking in a vast sea of data. He used for this task pre- programmed robotic devices, called “spiders” to crawl through the data and find the files he was after. Snowden deployed these spiders soon after he began working at the Center, raising the possibility that Snowden had prepared in advance the operation. According to the subsequent NSA damage assessment, Snowden’s spiders indexed well over one million documents. Many of those that he copied and moved were from Level 3 “Sensitive Compartmented Information” according to the NSA analysis. The spiders also made his penetration relatively safe. As previously mentioned, the Hawaii base did not have a real time auditing system. So alarm bells would go off in the security office when he indexed documents. Finally, Snowden had to find a way to transfer this data to a computer with an opened USB port. Most of the computers at the center had had their ports sealed shut to prevent unauthorized HOUSE_OVERSIGHT_020242