The National Security Agency is still dealing with the actions of its former contractor Edward Snowden, who leaked information several weeks ago that detailed extensive data collecting activities from the spy agency. As we have reported before, Snowden's leaks claim that the NSA was able to access several of Microsoft's online services, among other tech companies.
Now the head of the NSA, General Keith Alexander, hinted that Snowden could have used Microsoft's SharePoint collaboration software to assist in moving the information he gathered for those leaks. In a Q&A this week at the Aspen Institute, General Alexander answered a question from a Washington Post reporter on how the agency could better protect itself from insider leaks.
General Alexander, while not naming Snowden directly, answered the question by saying, "This leaker was a system administrator who was trusted with moving the information to actually make sure that the right information was on the SharePoint servers that NSA Hawaii needed." He then added that the leak was " ... a huge break in trust and confidence. So there are issues we have got to fix there."
General Alexander then said that the NSA is currently talking about how much information sysadmins can have access while working at the agency. Some solutions such as locking down the server rooms, having sysadmins work in pairs, and keeping them from downloading data have been suggested. However, General Alexander pointed out, "As you may know, system administrators need removable media to do their job. That just makes our job twice as hard now."
It's interesting that the NSA works with SharePoint for at least part of their server software and a possible solution for plugging leaks might be to beef up security on those NSA SharePoint servers.