NBC is reporting that Edward Snowden “swiped” a co-worker’s password in order to gain access to classified material.  Michael Isikoff’s piece, in fact, claims that Snowden socially engineered at least one co-worker into entering his password at Snowden’s computer terminal.  Isikoff cites an internal NSA memo dated three days ago:

On June 18, 2013, the NSA civilian admitted to FBI Special Agents that he allowed Mr. Snowden to use his (the NSA civilian’s) Public Key Infrastructure (PKI) certificate to access classified information on NSANet; access that he knew had been denied to Mr. Snowden. Further, at Mr. Snowden’s request, the civilian entered his PKI password at Mr. Snowden’s computer terminal. Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information. The civilian was not aware the Mr. Snowden intended to unlawfully disclose classified information. However, by sharing his PKI certificate, he failed to comply with security obligations.

It sounds open and shut, doesn’t it?  There are several problems with this story, however, and the NSA is hoping you don’t dig too deeply and find them.

Scott Jarkoff, a former Chief of Cyber Security for the Department of Defense, spoke to Victory Girls about some of the holes in the NSA’s story.

“Fact is, Snowden already had access because of his position, so there was no need for him to get passwords from co-workers,” he told us.  “Then all he did was use wget [a software package for retrieving files] to crawl their internal sites and ‘automagically’ pull down files.”

The civilian contractor who supposedly gave Snowden his password has been terminated, according to the NSA memo, but they never name him.  Why not?  Doesn’t it seem logical that they would make public the name of the person who gave Snowden all this access?  Keep in mind as well that Snowden has already denied doing this several times, most recently in a live Q&A session on FreeSnowden.is:

Q: Was the privacy of your co-workers considered while you were stealing their log-in and password information?

A: With all due respect to Mark Hosenball [Reuters reporter], the Reuters report that put this out there was simply wrong. I never stole any passwords, nor did I trick an army of co-workers.

From a statement analysis standpoint, this is a solid denial.  Snowden does not equivocate or play word games; he simply says I did not do this.  Period.  We already know from Jarkoff that Snowden didn’t need anyone else’s password; he already had “the keys to the kingdom” simply by virtue of being the system administrator—and an extremely brilliant one, according to some of his co-workers.  Jarkoff agrees.  “I find it hard to believe he would install a keylogger on an NSA terminal; although its possible, he seems smarter than that.”  Why install a keylogger to capture a password he didn’t need anyway?

According to a month-old poll, 31% of Americans support his actions, with over 60% saying he should stand trial for what he did.  The government, however, is highly interested in demonizing Snowden as much as possible; “focus on Snowden, not on what he exposed” is the motto here.

Which brings us to the biggest holes of all in this story.  How did Michael Isikoff manage to get his hands on an internal NSA memo from three days ago?  It obviously was not part of Snowden’s package.  It was “sent to congressional intelligence and judiciary committees this week,” says Isikoff.  Interestingly enough, he is the only person it was apparently leaked to.  Even he calls the memo “sketchy,” and Michael Isikoff would know all about sketchy.  As you may remember, he’s the guy responsible for exposing Bill Clinton’s relationship with Monica Lewinsky.  He’s also the guy who falsely reported that an interrogator at Guantanamo Bay flushed a Koran down the toilet.  His shoddy, sketchy reporting resulted in rioting and 17 people dead.

But back to this memo.  There’s something called “denial and deception,” and it’s one of the cornerstones of intelligence.  From Wikipedia, for those unfamiliar: It “blocks an adversary’s access to accurate information regarding one’s actions or intentions and, simultaneously, convinces said adversary of the accuracy of false information regarding those actions and intentions.”

Let’s put all of this together. The NSA needs Snowden to be a villain.  They need the American people to focus on his actions, to ignore what they were caught doing.  In an effort to redirect the public perception back on to Snowden, they write a memo detailing an unnamed person who was unwittingly coerced into typing his password into Snowden’s computer terminal, and had his password captured by an evil keylogger that the even more evil Snowden installed to get access to classified information.  Of course, the memo is worthless unless the public sees it.  The NSA ensures it is not classified, so that whoever ‘leaks’ it is not themselves guilty of a crime.  They need to ensure that whoever they give it to will publish it as fact, and so to do that they need someone who they know can be used.  Enter Michael Isikoff, who has a track record with the Gitmo story of publishing things that aren’t true, and doesn’t really care about things like integrity.  Perfect.  Isikoff miraculously ends up with a copy of the memo, and NBC has an “exclusive,” which everyone else dutifully picks up and spreads around.  Well played, NSA.

Obviously there is no proof either way, which is what the NSA is betting on.  People tend to believe whatever was in the last story they read on a subject, so this will simply help cement it in people’s minds that Snowden Is Bad.  If you didn’t get caught up in the mind game, however, the NSA will know.  While you’re staring at Snowden…they’re staring at you.