First on The Cipher Brief: Snowden's Boss Shares Lessons Learned
The man who was Edward Snowden’s boss when the National Security Agency (NSA) leaker fled the United States is now speaking out about his experiences and how to counter insider threats.
Steven Bay, who served as Snowden’s boss when he worked as a NSA contractor with Booz Allen Hamilton from April 1 to May 20, 2013, told The Cipher Brief he has decided to publicly discuss his brief time working with the NSA leaker to fill out a “gap in the history” and combat what he calls a wealth of “misinformation that’s out there.”
Along with his recent departure from Booz Allen Hamilton, Bay said the release this week of Oliver Stone’s “Snowden” movie also served as a spur to discuss his time with Snowden.
Bay was speaking Tuesday at the Rock Stars of Cybersecurity conference in Seattle. Speaking to The Cipher Brief he detailed how companies can “protect themselves from both your average employee with no ill-intent as well as your malicious insider.” As Snowden showed, Bay said, “the insider threat is real,” and although it is rarer, a malicious actor working within a company has the potential to do “far more damage” than an external hacker.
“I wanted to not only be able to tell the story, but apply it to what companies can do to protect themselves,” Bay said of his presentation on Tuesday. Businesses need to accept that they can never be totally protected from rogue employees, but Bay said he wanted to highlight that there are a few technical solutions that can help.
Digitally classifying data and tracking its movement, employing network monitoring and building rule sets that send alerts when classified data leaves the network, and blocking file sharing websites that are not specifically approved by the company are three ways to help deal with the challenge of an insider threat, according to Bay. Offering training programs and being open with employees about cybersecurity and malicious activity are also key to helping staffers stay vigilant, he noted.
Bay said he started his career with the Air Force, working as a Persian-Farsi linguist and network intelligence analyst through 2007. He then moved over to Booz Allen Hamilton as a contractor doing intelligence analysis for the NSA in Maryland until 2011, at which point he moved to Hawaii to lead the work there. During that time, he hired Snowden.
Bay said his official title was “lead associate,” and he was a network intelligence analyst. There were about 10-13 people on his Booz Allen team in Hawaii, including Snowden, according to Bay, and “we were spread throughout the agency, the facility, with different NSA teams and missions, doing different work.”
“Ed and I didn’t sit next to each other on a team as much as he sat in the office kind of around the corner from me, but I was the closest one to him. So he and I worked fairly close together, but he and I worked different missions. Overlapped missions, but different,” Bay said.
Snowden’s interview took place in February 2013, Bay said, and he and his technical director were impressed with the man who had moved to Hawaii to work at an NSA facility originally as a Dell employee.
“His resume came across, it looked solid, and it had a lot of the good technical things I was looking for,” Bay said. “The other big challenge we had was there was just not a lot of good technical talent in Hawaii. When we interviewed him, we had a set standard of questions, technical questions, that we asked. And we asked most of those questions and it was pretty evident early on that the questions were very simple for him.”
“He knew his stuff,” Bay added.
During the interview, the three discussed information security, hacking, and internet anonymization, according to Bay. “After Ed left, my Technical Lead and I were like, man, this guy is a good candidate and he’d be a great fit for either of the positions. And so that’s where we decided to push forward with an offer.”
Snowden started on April 1st, but within a few weeks, Bay said that he was occasionally coming in late to work and noted that he had received “a complaint or two” from Snowden’s government lead.
“Ed came to me and told me he had epilepsy — and it wasn’t the kind you get a seizure or something and fall down, but more just kind of black out for a while and you come to. He said, it’s been getting worse lately, and I don’t know why, so I’ve got medical appointments to get this thing figured out, and I’m going to be in and out of the office for a while trying to get this thing figured out. Obviously I gave him support in that area,” Bay said.
Then in the week before Snowden fled the country, Bay said Snowden approached him and said his condition was worsening and he was going to have full day appointments with doctors to get tests on the following Monday and Tuesday.
If the test results were bad, Bay recalled Snowden telling him he would have to take time off work. Bay said he asked Snowden to reach out to HR to initiate the process for short-term disability, and he was surprised by his response.
“He wanted to do leave without pay, because as he put it, I’ve gone through this a bunch, I’ve got a lot of money saved, and short-term disability is a pain in the butt. But that was one thing where I was like, that’s really weird, because why would you waste your own money when you could get paid and coverage for this stuff?” Bay recalled.
In retrospect, Bay said that was clearly a red flag. There was another moment with Snowden that after the fact now looks suspicious, Bay said, although at the time it did not seem to be a strange request.
“He asked me two or three times on how to get access to what essentially was the PRISM data — we didn’t call it that internally, but that’s kind of what everyone knows it is. That’s one of the interesting things about his story is that people don’t realize, he never actually had access to any of that data. All of the quote domestic collection stuff that he revealed, he never had access to that. So he didn’t understand the oversight and compliance, he didn’t understand the rules for handling it, and he didn’t understand the processing of it,” Bay said.
He just “simply grabbed some PowerPoints” and “released those to the world,” according to Bay.
After the revelations were published in The Guardian and the Washington Post, Snowden told the South China Morning Post that he sought out his position at Booz Allen Hamilton with the intention of collecting information on the NSA and its surveillance programs.
“My position with Booz Allen Hamilton granted me access to lists of machines all over the world the NSA hacked," he told the South China Morning Post on June 12, 2013. "That is why I accepted that position about three months ago."
In the week Snowden left the United States, Bay said he heard from Snowden one final time.
“That Monday is when he flew to Hong Kong and he emailed me from there, apparently, on Tuesday and said the tests went bad and I’m going to be out for a while. And then the last thing I heard from him was an email that essentially said, alright, thanks, I’ll get in touch with HR and talk to you later. That was the last time I ever heard from him,” Bay said, noting that before the revelations came out, he and NSA security scoured the island for Snowden, but the news that Snowden was the leaker “threw us for a loop.”
For Bay, the fallout was swift. When he heard the news, he said he broke down and cried, feeling like it “was the end of the world.”
“Every negative thought a person could have came to me,” Bay said. “It was selfish thoughts like — I’m going to lose my family, I’m going to lose my job, I’m going to go to jail, I’m going to be blamed, I’m going to be the fall guy — to thoughts about what does this do to NSA, are people’s lives going to be lost, are agents going to be compromised to concerns about my employees, my staff, people who rely on me for jobs. Are we all going to be fired? All these things collapsed in my mind.”
The day it was revealed Snowden was behind the leaks was “one of the worst days of my life,” Bay said.
“I spent that evening, about three or four hours, down at the FBI offices in Kapolei, Hawaii being interviewed by FBI. And they had an NSA security person there as well. So I went through that. And then a couple more interviews throughout the next year with FBI and with NSA,” Bay recalled.
Then, in late July 2013, Bay said he had his access removed from the NSA.
“I got called by the FBI and NSA security, there was one interaction that I had with Ed that constituted a security violation. It wasn’t very severe. They even kind of admitted that to me. But, you know, they needed to be cautious. So they took my access away,” Bay said, describing the incident as copying and pasting some data from a source that Snowden did not have access to, and then sending some foreign intel data — not source data — over to the junior analyst.
“I’m grateful that I didn’t send him the whole raw traffic with all the collection data in it, knowing what I know now. But I still sent him — I didn’t even remember doing it, but they found it as they were going through my stuff and I did apparently copy and paste some stuff into a Word doc and sent it over to him, pertaining to his mission that he was working for the client,” he said.
Losing his NSA access meant losing his work with the agency. Bay said he had to find a new position within Booz Allen or he had to leave, since he was no longer billable with NSA. Bay ended up getting a gig with the company’s commercial team in late 2013, and in June of this year he left Booz Allen.
Bay said he wanted to share his story about “what happened on the inside and how there were real people affected by it.” “There were people that completely lost their clearance and got it worse than I did because of the fallout of this,” he said.
Beyond the personal aspects of how it impacted people who worked with Snowden, Bay said he is also frustrated by the way many people view Snowden and his actions.
“I get frustrated by things like people considering Ed an expert in all things NSA, even though he was kind of a junior analyst and had a relatively junior role there. He’s not the foremost expert on this stuff. He’s a smart guy, don’t get me wrong, and he had experience, but he wasn’t some senior level person,” Bay said. “And the second part is, in my mind, Ed’s not a hero.”
“He didn’t understand the programs. He didn’t understand the oversight. I understand the Fourth Amendment concerns, I understand the issues that he brings up. But the reality is it seems to be everything he did was self-serving, and I don’t think he was altruistic as everyone believes him to be. And I think he’s done far more damage to our intelligence and national security,” he added.
Mackenzie Wenger is a national security reporter at The Cipher Brief.