It’s been known for quite a while that Edward Snowden was doing contract work for the NSA while working as a systems administrator for Booz Allen Hamilton. While working there, he had obtained the documents which were subsequently leaked to the press. The main culprit of the tale was his access to NSA systems through a client computer from his Honolulu location.
The specific client technology used is not clearly named in the story, but Citrix products, such as the VDI-in-a-Box would be the most popular products used. The products enable any user to stay connected using a special client program to a server, which has the function to run numerous virtual desktop sessions, each of which appears to be a Windows desktop system.
As a system administrator, Snowden had privileges which allowed him the ability to unobtrusively extract and access classified information which even the NSA Analysts can’t get their hand on. It had been previously speculated that Snowden, who was trained to be a government hacker at Dell, used those skills to navigate the NSA’s networks undiscovered.
It is extremely disturbing to know that Snowden was not just granted access to all the documents he required, but was allotted permission to copy them to local storage. Mainstream management systems have allowed enterprises to govern their clients, but clients, including thin clients can copy data to local storage, for a long time now.
The manner was extremely similar to what Bradley Manning did, a few years ago. Just like Snowden, Manning was also given access to a huge library of sensitive materials and permissions to copy it to local storage. The NSA might be accused of being negligent, but it may also be that the sensitive data is too much to handle.