No, it wasn't by some ultra secretive means of super-complex cyber code writing and cloud encryption by which good ol' Eddy breached America's security in arguably the most secure compound on the planet — nope — he simply walked in with a thumb drive, downloaded the NSA, and walked out.
Carl Weinschenk of IT Business Times breaks down how bad a threat flash drives can be:
The U.S. Department of Homeland Security ran a test in which staffers dropped flash drives in the parking lot of government and contractor buildings. Sixty percent of folks who picked them up simply plugged them into networked computers. That percentage jumped to 90 percent if the drive had an official logo.
(emphasis ours)
Here and America thought it was so smart when it got an "unsuspecting" Iranian scientist to plug a flash drive into nuclear networks.
The Washington Times breaks down the threat further by reminding everyone that a "number of commercially available programs can switch off the USB port of every computer on the network."
Pretty easy, huh?
NSA officials “were laying down on their job if they didn’t disable the USB port,” an unnamed government IT the specialist told the Washington Times, referring to the small socket on the side of a computer where thumb drives are plugged in.
Organizations, whether they're public or private, have had difficulty enforcing Bring Your Own Device security measures now for a number of years.
Certainly there are places in government buildings where there are NO recording devices or storage devices allowed under ANY circumstances.
Regardless, Snowden managed to get one in and get one out.
So, if the difference between having an international incident of grave consequences to national security and not having one is shooting down to Best Buy for some simple software ... then shouldn't we just get the software?
Or, as the IT professional who talked to the Washington Times pointed out, "I have seen places where they used a hot glue gun to block [USB ports]."