A Stolen NSA Tool Is Being Used in a Global Cyberattack

The shadow of ousted FBI director James Comey hung over the Senate Intelligence committee’s worldwide threat hearing yesterday. Like Banquo’s ghost in Macbeth, the presence of Comey’s absence was everywhere. But it wasn’t the most surreal aspect of the day. Here was a hearing on external threats at a moment when internal threats are growing more serious and scary than any time in recent memory. Just 24 hours later, the magnitude of that danger came into sharp focus as cyber attacks using stolen NSA tools hit an estimated 45,000 computers in more than 70 countries, disrupting Britain’s health system and sending officials from Moscow to Madrid back to paper and pens.

Insider threats are not new but the speed and scale of their destructive impact are. In 2001, Robert Philip Hanssen, a 25-year veteran of the FBI, was caught hiding a garbage bag full of classified documents in a “dead drop” under a Virginia park bridge. His arrest ended a 15-year mole hunt for one of the most damaging traitors in American history. Hanssen was found to have passed a few thousand highly classified documents to the Soviets over two decades, including the names of dozens of American agents. Several were killed as a result of his treachery.

Today, trusted insiders can steal and release classified information in terabytes, not trash bags, all in a matter of days, not decades. Chelsea Manning downloaded the contents of more than 250,000 State Department cables on a fake Lady Gaga CD, lip syncing to Lady Gaga's “Telephone” as he exfiltrated the data. Former NSA contractor Edward Snowden stole an estimated 1.5 million documents, including information about some of the most highly classified programs in the U.S. government—and not just by copying what he happened to see on his desktop.

A bipartisan review by the House Intelligence Committee found that Snowden deliberately sought access to classified programs by tricking coworkers into giving him their security credentials and by searching their network drives without their permission, downloading away. The “vast majority of the documents he stole,” the report concludes, “have nothing to do with programs impacting individual privacy interests—they instead pertain to military, defense, and intelligence programs of great interest to America’s adversaries.” Snowden’s operation took just 10 months before he high-tailed it to Hong Kong.

And for all the efforts to glue shut thumb drives and call for better procedures to detect when trusted officials become untrustworthy, the breaches just keep coming. In the past year, press reports have made public another wave of breaches believed to have been perpetrated by insiders at both the NSA and CIA that stole and released some of nation’s most sophisticated cyber hacking tools, including the WannaCry ransomware used today. In February, a second former NSA contractor, Hal Martin, was indicted for stealing classified documents. How many exactly? The Justice Department believes it could be as much as 50 terabytes—that’s the equivalent of 500 million pages.

At yesterday's hearing, Director of National Intelligence Dan Coats delivered a 28-page threat assessment about the dangers confronting the United States. Two lines look awfully ominous today: “Trusted insiders who disclose sensitive or classified US Government information without authorization will remain a significant threat in 2017 and beyond. The sophistication and availability of information technology that increases the scope and impact of unauthorized disclosures exacerbate this threat.”

About the Author

Amy Zegart is a contributing editor at The Atlantic. She is the co-director of the Center for International Security and Cooperation, a senior fellow at the Hoover Institution, and a senior fellow at the Freeman Spogli Institute at Stanford University. She is the author of Spying Blind: The CIA, the FBI, and the Origins of 9/11.

The former New York mayor is the splashy hire, but the addition of two other attorneys to the president’s team may say more about where the Mueller probe is going.

Sometimes the biggest news items on a given day aren’t the most telling ones.

Consider three stories on Thursday about President Trump’s legal issues. First, Bloomberg reported that Deputy Attorney General Rod Rosenstein told the president last week that he is not a target of either special counsel Robert Mueller’s investigation nor of a separate investigation in Manhattan that produced a raid on his longtime fixer, Michael Cohen.

A few hours later, Rudy Giuliani, the former New York City mayor, U.S. Attorney, and presidential candidate, said he was joining Trump’s legal team, telling The Washington Post, “I’m doing it because I hope we can negotiate an end to this for the good of the country and because I have high regard for the president and for Bob Mueller.”