SOURCE: Venafi


November 13, 2013 08:00 ET

Venafi Reveals How Edward Snowden Breached the NSA; Challenges Agency to Prove Conclusions Wrong

NSA's Inability to Detect and Respond to Fabricated Cryptographic Keys and Certificates Allowed Exiled Attacker to Steal Thousands of Classified Documents and Intellectual Property

SALT LAKE CITY, UT--(Marketwired - Nov 13, 2013) - Venafi, the leading cyber security company in Next-Generation Trust Protection, today announced the results of in-depth research by its Threat Center team into how Edward Snowden successfully breached the National Security Agency (NSA). After months of review, analysis and peer feedback, this research reveals that the contract worker leveraged valid credentials as a low-level system administrator to fabricate cryptographic keys and digital certificates, which he then used to access and steal classified information and US intellectual property. The NSA's inability to detect or respond to anomalous key and certificate activity on its network allowed him to infiltrate systems and exfiltrate data without being detected.

Tweet: @Venafi analysis reveals how #Snowden breached #NSA. Inability to detect fabricated #keys allowed him to steal data

"For more than a decade, we've been observing similar attacks at some of the most security-minded enterprises and agencies in the world. Based on all available evidence, we've concluded that fabricated SSH keys and self-signed certificates along with the agency's inability to detect their presence and use is what led to the breach," said Jeff Hudson, CEO, Venafi. "The NSA knows this is how the breach was accomplished, and we're so confident in our analysis and conclusions that we're comfortable challenging the NSA -- or Edward Snowden -- to prove us wrong."

Cybercriminals and nation-backed operators have successfully used unsecured keys and certificates to breach trust on enterprise and government agency systems on repeated occasion. Most global organizations have no ability to detect anomalies or to respond to attacks on trust that leverage compromised, stolen or fabricated keys and certificates. Because of these deficiencies, enterprises are "sitting ducks" according to a recent Forrester Consulting report

In addition to Forrester's conclusion, it is also well documented that some of the most famous computer breaches have been the result of abused keys and certificates, including the Flame, Duqu and Stuxnet attacks. Attackers and common cyber-criminals understand this well, which is why attackers increasingly use self-signed certificates and maliciously manipulated SSH and asymmetric keys to attack organizations in order to steal data and valuable intellectual property.

"As a leading organization responsible for contributing to U.S. national and global cyber defense, the NSA has a responsibility to disclose the truth behind the breach," continued Hudson. "Until the agency openly admits what happened along with all of the steps it's taken to correct the problem, all organizations that rely on keys and certificates to ensure trust will remain vulnerable to this attack vector."

Following analysis and peer review of the information that has been publically reported, Venafi has identified the critical elements to piece together the full story of how Snowden attacked common trust mechanisms in order to breach the NSA, and has released its findings via multiple sources that outline in detail how the attack occurred:

  • Venafi CEO Blog: Deciphering how Edward Snowden breached the NSA

  • Video: NSA breach kill chain whiteboard

  • Infographic: Breaching the NSA; how Snowden did it

  • On-demand webinar: Breaching the NSA via an attack on trust

To access the content, visit:

For even more information and to join the Snowden discussion:

About Venafi
Venafi is the market leading cyber security company in Next-Generation Trust Protection. As a Gartner-recognized Cool Vendor, Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that every business and government depend on for secure communications, commerce, computing, and mobility. As part of an enterprise infrastructure protection strategy, Venafi Director prevents attacks on trust with automated discovery and intelligent policy enforcement, detects and reports on anomalous activity and increased threats, and remediates errors and attacks by automatically replacing keys and certificates. Venafi Threat Center provides research and threat intelligence regarding trust-based attacks. Venafi customers are among the world's most demanding, security-conscious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit