Former senior NSA official: Maybe only 30 or 40 agency officials had access to that FISA order that leaked

Normally, this is where I’d say there are only two obvious possibilities: Either I’m right that he conspired with someone higher up the chain who fed him these highly sensitive documents or the guy’s some sort of master hacker who managed to slip past NSA’s internal security to lift top-secret stuff off their servers. But I can’t say that in this case because none of us really has any idea how NSA operates. Could the IT guy have had routine access to bombshell surveillance program data? I … don’t think so, but I … guess, maybe?

Even the intel guys can’t figure it out:

Among the questions is how a contract employee at a distant NSA satellite office was able to obtain a copy of an order from the Foreign Intelligence Surveillance Court, a highly classified document that would presumably be sealed from most employees and of little use to someone in his position.

A former senior NSA official said that the number of agency officials with access to such court orders is “maybe 30 or maybe 40. Not large numbers.”…

Officials questioned some of Snowden’s assertions in his interview with the Guardian, saying that several of his claims seemed exaggerated. Among them were assertions that he could order wiretaps on anyone from “a federal judge to even the president.”

“When he said he had access to every CIA station around the world, he’s lying,” said a former senior agency official, who added that information is so closely compartmented that only a handful of top-ranking executives at the agency could access it.

“Investigators also need to determine whether anyone else was involved in disclosing the information to reporters,” per WaPo’s sources. That’s one possibility — Snowden in cahoots with a more senior person who wants the information out but doesn’t want his fingerprints on it. In theory, though, security at NSA is so tight that there’s no way to access, let alone remove, information without leaving a cyber-fingerprint of some kind. That’s the whole point of PRISM, right? Finding even the faintest cyber-prints? An agency that can track people’s physical movements based on their use of electronic devices should, one would think, be able to track their own contracted employees’ virtual movements on their premises. And yet here we are, with Snowden safely decamped with the goods to Hong Kong and Glenn Greenwald promising even more revelations.

Theory two, then: Snowden’s a hacking genius who somehow beat NSA’s internal security. Marc Ambinder assesses the degree of difficulty:

According to several current and former officials who’ve worked on NSANet, every keystroke is logged and subject to random audits. “Screengrabs” are prohibited. Documents can be printed with special facilities but that, too, leaves a record. As a mission support specialist, Snowden would have had access as part of his jobs to the physical servers and hard drives that contain material.

If he did not want to leave an audit trail, he might have disconnected a hard drive containing temporarily cached documents, brought them into an area that included desktops and hardware not cleared for such access, connected them, and then printed documents out. It is also possible that he disabled, under the guise of fixing something, access privileges for auditors. He could have temporarily escalated his own access privileges, although this would have raised flags among his superiors.

In theory, this would have alerted NISIRT, the NSA’s Information Systems Incident Response Team, which maintains a 24/7 watch over the backend of NSANet. Operational branches, including Special Source Operations (domestic and compartmented collection programs), Global Access Operations (satellites and other international SIGINT platforms), and Tailored Access Operations (cyber) have their own NISIRT team.

The agency also has a counterspy team that looks at NSA employees — and contractors? — in hopes of anticipating who might be ready to leak. Evidently they missed the Ron-Paul-donating loner who’d apparently been in contact with Glenn Greenwald for months before he skipped town. And if Ambinder’s scenario is correct, they also missed one of their hard drives going offline. Would a powerpoint on PRISM and a FISA order authorizing phone-record harvesting even be on the same hard drive? I.e. did Snowden collect this stuff steadily over time, by accessing different NSA “compartments,” rather than in one grand heist? Because if so, that’s an even more catastrophic internal security breakdown. Could NSA counterspies have missed repeated breaches?

Hopefully we’ll be able to game all of this out as part of the great national debate on NSA spying that Obama supposedly welcomes but won’t lift a finger to actually make possible. (“If President Obama really welcomed a debate, there are all kinds of things he could do in terms of declassification and disclosure to foster it.”) Exit question: Why did Snowden claim he was making $200,000 a year if he was only making $122,000? Is he including benefits in measuring his compensation? Any lie he tells, however small, will raise doubts about his motives. Seems weird that he’d open himself up to a challenge on something as minor as that.