USA Today reports the NSA’s Tailored Access Operation unit had a serious data breach. This is one of the largest incidents at NSA over the last five years.
The story reports, the access controls at the TAO’s locations are “porous”, allowing workers to easily remove information by digitally removing or by simply walking out the front door.
Here are a few quotes from the story:
“Physical security wasn’t much better, at least at one TAO operator’s facility. He told The Daily Beast that there were “no bag checks or anything” as employees and contractors left work for the day—meaning, it was easy smuggle things home. Metal detectors were present, including before Snowden, but “nobody cared what came out,” the second source added. The third source, who visited TAO facilities, said bag checks were random and weak.”
“If you have a thumb drive in your pocket, it’s going to get out,” they said.
Unsurprisingly, workers need to swipe keycards to access certain rooms. But, “in most cases, it’s pretty easy to get into those rooms without swipe access if you just knock and say who you’re trying to see,” the third source added.
“The TAO is the tip of the NSA’s offensive hacking spear, and could have access to much more sensitive information”.
“Defense Department’s inspector general completed in 2016 found that the NSA’s “Secure the Net” project—which aimed to restrict access to its most sensitive data after the Snowden breach—fell short of its stated aims. The NSA did introduce some improvements, but it didn’t effectively reduce the number of user accounts with ‘privileged’ access, which provide more avenues into sensitive data than normal users, nor fully implement technology to oversee these accounts’ activities”
I guess the Top Secret classification doesn’t mean what it used too…