Did Edward Snowden take training in India for hacking?

Edward Snowden visited New Delhi, India, nearly three years before revealing himself as the source of leaked papers regarding NSA eavesdropping. According to school authorities and those aware of Snowden’s trip, he spent six days there taking computer hacking and programming courses at a local professional school. Snowden, who was then a contractor for the spy agency, took a course in “ethical hacking,” where he acquired sophisticated techniques for breaking into computer systems and exploiting software faults. The purported goal of the lesson is to teach students how to protect computers and their contents against thieves and spies. However, in order to do so, they must first learn how to break into computers and steal data.

Snowden also requested methods for reverse-engineering the world’s most popular kits for broad online criminal activity.

Snowden did not tell investigators about his travel to India when he renewed his top-secret security clearance the following year. According to NSA officials, it was this clearance that provided Snowden access to the 1.7 million classified files he later stole from the agency’s computer networks and databases. US intelligence authorities have chastised the organisation that handled Snowden’s background check for not interrogating him more fully about his abroad travel and any foreign people he may have met, which is the typical procedure for determining whether someone is spying for a foreign power. They have described the background check as faulty and insufficient.

However, according to Foreign Policy, Snowden’s travel to India should not have been a surprise to the US government or intelligence agencies. According to a source with knowledge of the issue who begged not to be identified, Snowden was in the nation as an NSA contractor “to assist as a technical specialist” at the US embassy in New Delhi. Snowden also informed his computer instructor that he worked for the NSA and was in town “on business,” according to Rohit Aggarwal, the CEO and founder of Koenig Solutions.

According to two former US intelligence officials, government workers and contractors are not required to declare foreign trips of an official nature, and may even be instructed not to, in order to prevent jeopardising intelligence operations and programmes.

Snowden’s stay in India has attracted coverage in the Indian news but little interest in the United States. The travels provide a unique peek into his actions in the years before he became possibly America’s most renowned leaker of classified secrets.

It’s unclear exactly what Snowden performed at the embassy in New Delhi. He was working as a technology specialist for Dell Inc. at an NSA site in Japan at the time. Snowden could have been working on surveillance equipment in New Delhi, as US intelligence operatives are frequently stationed in American embassies. Among the documents provided by Snowden were those revealing the Stateroom operation, which collects electronic conversations using equipment located in US embassies across the world. Other documents leaked by Snowden revealed that the NSA may have spied on the Indian embassy in Washington as well as the country’s UN mission.

Calls and emails to the United States embassy in New Delhi went unanswered. The National Security Agency, the Central Intelligence Agency, and the Office of the Director of National Intelligence all declined to comment for this piece.

Snowden travelled to India from Japan, arriving on September 2, 2010, and stayed for one night at the Hyatt Regency hotel in New Delhi, according to Koenig school officials. On September 3, a Koenig official met him at the hotel and drove him to a school-provided accommodation facility. He stayed there until September 9 to take classes, then returned for one more night at the Hyatt before departing India on September 11, according to the school.

(According to Indian news outlets quoting official travel and immigration paperwork, Snowden was in the nation during this time.)

Snowden’s tutor stated that he made no secret of his NSA employment. While he did not specify the reason for his visit, he did state that he planned to fit in some computer coursework while he was in town. The Koenig school is about six miles from the US embassy. Snowden paid the $2,000 tuition and accommodation charge with a personal credit card, according to Aggarwal.

Snowden’s teacher regarded him as calm and hardworking. He rarely took pauses. And he was already well-versed in computer science, hacking, and programming.

If background investigators had queried about Snowden’s travels, they would have most certainly asked if he had any communication with foreign nationals while abroad. All security clearance holders must report significant contact with foreigners. A former intelligence officer believes that any professors or pupils Snowden met would not have risen to that level. According to a Koenig representative, the school could only confirm Snowden’s whereabouts during the day. “Other than our personnel and students, we have no idea who he met,” spokesman Somit Biswas said.

In addition to the ethical hacking course, Snowden studied the Java programming language. Snowden stated that the training “would help him in ‘managing a team who does’ work on Java” at Dell, according to a Koenig spokeswoman, citing a questionnaire that Snowden was supposed to fill out before arriving at the school.

“His stated goal for coming to train at Koenig … was ‘getting knowledge and evaluating Koenig’s training program for my company. Certification might be nice, but it is not necessary,’” Biswas said. “He had also stated that his employers had approved Koenig as a training provider and that he would also be writing a review of the training experience which would help his company to evaluate Koenig as a future training partner and might be mutually beneficial to both.”

Dell spokesperson David Frink declined to comment. “We have not and will not discuss Mr Snowden’s participation with Dell,” he stated. According to intelligence papers, Snowden’s “work supervisor” alerted investigators doing the background check that he had gone to India, but they failed to define the purpose of the trip, resulting in a report that “did not offer a comprehensive picture of Mr. Snowden.”

Snowden also enquired about courses on the analysis and reverse engineering of malicious computer code, such as the Zeus, Fragus, and SpyEye crimeware kits, according to Biswas. That was a strange request, and it seemed to contradict his interest in ethical hacking. Understanding malware is essential for fighting it. However, this is not your typical malware. ZeuS is the world’s leading toolkit for creating tailored online crime campaigns. It has infected millions of computers all around the world. Criminals have used all three apps to take control of people’s computers and steal financial information.

It’s unclear why Snowden was interested in reverse engineering financial crime malware, but his resume suggests he may have worked on cybersecurity-related projects as a contractor for Dell. Koenig told Snowden that while it didn’t provide the courses he was looking for, it was thinking about adding them to its curriculum.

Snowden abruptly ended his coursework before completing a final portion of his training, Aggarwal said, in computer hacking forensics and an administrator course in the Linux operating system. “He was supposed to come back one morning, but he didn’t. He sent an email saying, please cancel the rest of my courses. I have a medical condition and need to go back to Japan for medical advice,” according to Aggarwal. Snowden spent the night of September 10 at the Hyatt Regency, and then left India the next day, he said.

According to Aggarwal, Snowden finished the ethical hacking course as well as the Java programming course. Snowden’s professional résumé, which was current as of 2013, according to a source acquainted with it, mentions his certification in ethical hacking as well as computer network defence. According to this source, the only reference to Java is in regard to Snowden’s employment for a website company named Clockwork Chihuahua. Snowden claimed to have altered JavaScript there (which is loosely related to but is not the same as Java). According to his résumé, Snowden also claimed to have Japanese language abilities and to be “comfortable working in austere situations.”

Snowden began downloading sensitive NSA material while working for Dell in April 2012, according to US officials. The next year, he went to work for another NSA contractor, Booz Allen Hamilton. Snowden told the South China Morning Post that he accepted the job so that he could gain access to confidential NSA papers.

“My employment with Booz Allen Hamilton provided me with access to lists of NSA-hacked equipment all across the world,” Snowden explained. “That’s why I took the job around three months ago.” Snowden was only employed by the corporation for a few months, at a site in Hawaii. He took more documents there before leaving for Hong Kong. He is currently residing in Russia, where he has been granted temporary refuge by the authorities.

According to computer security training professionals in the United States, it is common for Americans to take courses abroad, notably in India, where tuition is a fraction of what it can be in the United States. However, the expert opposed the teaching of “ethical hacking.”

Even if they label it ‘ethical,’ it is still hacking. “You’re teaching someone how to hack a system,” the expert explained.

According to Aggarwal, the CEO of Koening, it is not uncommon to have US intelligence officials taking classes at his school, and between 50 and 100 US military service, men attend courses there each year, as well as at a facility in Dubai. A Defense Department spokeswoman could not confirm whether military personnel had taken classes at the institution or whether it had been approved as a training centre by the Pentagon. Personnel in charge of defending the department’s computer systems, on the other hand, are expected to get commercial certifications, including in ethical hacking.