DAWN.COM

Today's Paper | December 26, 2024

Published 16 Jan, 2014 07:38am

What was Edward Snowden doing in India?

WASHINGTON: Nearly three years before he revealed himself as the source of leaked documents about NSA surveillance, Edward Snowden travelled to New Delhi, India. There, he spent six days taking courses in computer hacking and programming at a local professional school, according to school officials and people familiar with Snowden’s trip.

Working with a private instructor, Snowden, who was then a contractor for the spy agency, took a course in “ethical hacking,” where he learned advanced techniques for breaking into computer systems and exploiting flaws in software. The class’s ostensible purpose is to train students to protect computers and their contents from thieves and spies. But to do that, they learn how to break into computers and steal information. Snowden also inquired about methods to reverse-engineer the world’s most popular kits for committing widespread online crime.

Snowden didn’t disclose his India trip to investigators when renewing his top-secret security clearance the following year. It was that clearance, NSA officials say, that gave Snowden access to the 1.7 million classified files he later stole from the agency’s computer networks and databases. US intelligence officials have faulted the company that conducted Snowden’s background check for not more thoroughly questioning him about overseas travel and what foreign nationals he may have met with, which is standard procedure for detecting whether someone is spying for a foreign power. They have characterised the background check as flawed and incomplete.

But Foreign Policy has learned that Snowden’s trip to India should not have been a mystery to the US government or intelligence agencies. Snowden was in the country in his capacity as an NSA contractor “to assist as a technical expert” at the US embassy in New Delhi, according to an individual with knowledge of the situation who asked not to be identified. Snowden also told his computer instructor that he worked for the NSA and that he was in the city “on business,” said Rohit Aggarwal, the CEO and founder of the school, Koenig Solutions. Government employees and contractors are not required to disclose foreign trips of an official nature, and may even be instructed not to, to avoid compromising intelligence operations and programmes, according to two former US intelligence officials.Precisely what work Snowden did at the embassy in New Delhi is unclear. At the time, he worked as a technology specialist for Dell at an NSA facility in Japan. US intelligence personnel are often stationed in American embassies, so it’s conceivable that Snowden could have been working on surveillance equipment in New Delhi. Among the documents that Snowden disclosed were those describing a programme called Stateroom, which gathers electronic communications using equipment based in US embassies around the world. Other documents Snowden released showed that the NSA may have spied on the Indian Embassy in Washington and on the country’s mission to the United Nations.

Spokespersons for the NSA, the CIA and the Office of the Director of National Intelligence all declined to comment for this article.

According to officials at the Koenig school, Snowden flew to India from Japan, arriving on Sept 2, 2010, and staying for one night at New Delhi’s Hyatt Regency hotel. A Koenig representative picked him up at the hotel on Sept 3 and then drove him to a lodging facility provided by the school. He stayed there for until Sept 9 while he took classes, and then returned for one more night at the Hyatt before leaving India on Sept 11, the school said.

Snowden’s instructor said he made no secret about his work for the NSA. While he did not describe the specific purpose of his visit, he did say he wanted to squeeze in some computer coursework while he was in town. The US embassy is only six miles from the Koenig school. Snowden paid the $2,000 tuition and lodging fee himself, using a personal credit card, Aggarwal said.

Snowden’s instructor described him as quiet and diligent. He didn’t take many breaks. And he already had a high-level of knowledge about computer science, hacking and programming.

Koenig spokesman Somit Biswas said Snowden also inquired about courses in the analysis and reverse engineering of malicious computer code, such as the ZeuS, Fragus and SpyEye crimeware kits. That was a curious request, and potentially at odds with his interest in ethical hacking. Understanding malware is important for defending against it. But these are not ordinary malware. ZeuS is the world’s premier toolbox for custom-building online crime campaigns. It has been used to infect millions of computers around the world. All three programmes have been used by criminals to commandeer individuals’ computers and to steal financial information. SpyEye allows criminals to create fake bank web pages in order to trick people into entering their login and password, which the criminal then steals and uses to enter, and empty, their accounts.

It’s not clear why Snowden wanted to know about reverse engineering financial crime malware, but his resume indicates he may have been working on cyber security-related projects while a contractor with Dell. Koenig told Snowden that it didn’t offer courses along the lines he was interested in, but that it was considering adding them to its curriculum.

—By arrangement with Foreign Policy-Washington Post

Read Comments

Police verification now required for Pakistani travellers to UAE, Senate body informed Next Story