Edward Snowden answered questions via an online chat on Thursday, in a move that may seem like risky exposure given that the fugitive leaker of National Security Agency documents is living on the lam in Russia.
But Snowden, who publicized the NSA’s "Prism" spying program, knows better than most about governments’ ability to track online activity — and it’s simple for him to mask his location online.
"It sounds complicated, but in truth, it’s relatively easy," said Christopher Hadnagy, the "chief human hacker" at security firm Social-Engineer, Inc. "[Snowden] could make it very difficult, next to impossible, to find him."
Snowden is likely using two methods to make it tough to track him down, Hadnagy said.
First: Devices that connect to the Internet are each assigned a unique Internet Protocol (IP) address: a series of numbers that, among other things, serves as a form of identification for the device. That identification information includes the location of the device — something that Snowden wouldn’t want to share.
But it’s easy to route a computer’s traffic through another IP address in an entirely different location, through what is called a "proxy server." Simply Google that phrase and you’ll find a list of IP addresses tied to countries across the globe, which you can pop into your Web browser’s settings.
As Hadnagy put it: "I can use a computer in the U.S. and run it through a proxy server in China, and there it is: It looks like my traffic is coming from China."
Snowden likely ran his connection through a daisy chain of several proxy servers across the globe, Hadnagy said, distancing himself even more.
Secondly: Beyond the proxy servers, Hadnagy said Snowden likely also used a virtual private network (VPN), which "takes all of a computer’s traffic and shoves it through a secure tunnel, then routes it through a private network" that could be located anywhere across the globe. Plus, many VPNs don’t keep logs of users’ activity.
That patchwork of proxy servers and VPNs would make Snowden’s location extremely tough to track.
"You effectively have some intermediary computer connecting to a network that doesn’t keep traffic logs," Hadnagy said. "Good luck trying to figure that one out."
Even if someone were able to trace that twisted trail to Snowden, Hadnagy said, the whistleblower would have likely conducted the chat at a semi-public place where he feels safe – not at wherever he is living — and leave that area quickly.
What’s more, no one knows whether Snowden was actually the person physically typing in the responses.
"If it was me I’d say to a trusted friend, I’ll call you from an anonymous phone and you type in my answers," Hadnagy said. "I’m sure he’s got many levels of protection figured out. He’s not going to make a dumb mistake now and get himself caught."
During the discussion on Thursday, Snowden focused on his call for the U.S. to end what he called "indiscriminate mass surveillance" — but, he said, "not all spying is bad." The former NSA contractor also denied a report that he used colleagues’ login credentials.
The site that hosted the chat, Free Snowden, is run by a trust called The Courage Foundation that is soliciting donations for Snowden. The domain name is registered to WikiLeaks founder Julian Assange — as well as accountant Derek Rothera, whose firm audits The Courage Foundation — and is hosted on Wikileaks servers, according to WHOIS, a Verisign service that provides information about domain ownership. WikiLeaks has worked closely with Snowden to provide him with aid since he left the United States.