Just over a year ago Edward Snowden began revealing the breadth and depth of government surveillance around the world. It has changed the way a lot of people have operated online with an increased interest in privacy and security even among ordinary citizens. The revelations from the documents Snowden took while working for the NSA continue to shock and surprise, with the latest revelation showing that the NSA captured and retained intimate and sensitive email conversations, images and documents of more than 10,000 citizens – despite those men and women not being classified as targets.
However it was a revelation about NSA spying from last week in Germany which has raised another question: Is there another Edward Snowden out there, leaking sensitive information about the NSA’s inner workings to journalists? On Thursday, German website Tagesschau revealed that the NSA was using a tool called XKeyScore to target web users who searched for anything related to privacy-focused operating system Tails or the anonymity network called Tor, branding those that did as “extremists”.
In a report on BoingBoing, Cory Doctorow says he spoke to technical experts who have worked on “the full set of Snowden docs” about this latest leak and they were “shocked”.
Another expert Doctorow spoke to suggested that this leak came from a source other than Snowden.
“I think there’s a second leaker out there”
Picking up Doctorow’s story, renowned security expert Bruce Schneier said: “I do not believe that this came from the Snowden documents. I also don’t believe the TAO catalog came from the Snowden documents. I think there’s a second leaker out there.” The other report Schneier references is a leak from December 2013 about the Office of Tailored Access Operations (TAO) hacking group within the NSA which was created at the beginning of the internet with the mission of “getting the ungettable.”
The suggestion is that Snowden would have inspired a fellow NSA employee to follow his lead and leak information about the agency’s practices which they believed went against their own ethical or moral code.
“The leaks did come from Snowden”
However, Maxim Kammerer from Liberté Linux – a secure Linux distro – says he does not believe “there is a good case that the leaks do come from Snowden, since it is possible to pinpoint the date range when the rule sources have been last updated.”
He believes that if the leaker was someone other than Snowden – who he says initially tried to get in touch with journalist Glenn Greenwald at the end of 2012 – then they would “have probably downloaded a more up-to-date rules file.”
The basis of the original story on Tagesschau was “secret source code” which two German regional public broadcasting institutions (NDR and WDR) had access to, without giving any details of where the source code came from. The source code included the filter rules which the NSA used to decide which internet users to target. Without having any way of confirming where the source code came from, it is impossible to say with any certainty if there is a second Snowden out there.
David Gilbert is the technology editor at the International Business Times UK, covering everything from the latest mobile trends to the murky world of cybercrime. David won the prestigious Digital Writer of the Year award at the Online Media Awards 2013. Previously, he worked as news editor at Trusted Reviews for two years after moving to London from Ireland where he worked for national and regional newspapers for three years.