When Edward Snowden, the former NSA Contractor started disclosing the classified details of several top secret surveillance programs of the US intelligence agencies during June this year, all were wondering how he gained access to those highly confidential information.
Five months later, an exclusive report in the Reuters now reveals that Snowden has used perhaps the easiest possible way to gain unauthorized access to the secrets. Misusing his position as a system administrator, he had reportedly persuaded nearly 20 of his colleagues to share their login credentials with him in the pretext of doing his job. They had unwittingly provided him the credentials, which led to the worst breach of information security in NSA’s history. They thought they were giving out the credentials to a trusted insider unaware of Snowden’s real intent.
This report reminded me of a funny campaign titled “Passwords are like underwear” ran by the Information Technology Central Services at the University of Michigan a few years back to create awareness on protecting passwords.
True, passwords are like underwear – obviously not meant to be shared with others. Unfortunately, practical needs are mostly the opposite. Business requirements demand selective sharing of passwords with others. In most of the organizations, users often tend to reveal administrative passwords of sensitive IT resources to their colleagues for some reason or other.