Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Government Security United States

The NSA Leak Is Real, Snowden Documents Confirm (theintercept.com) 146

Sam Biddle, reporting for The Intercept: On Monday, A hacking group calling itself the "ShadowBrokers" announced an auction for what it claimed were "cyber weapons" made by the NSA. Based on never-before-published documents provided by the whistleblower Edward Snowden, The Intercept can confirm that the arsenal contains authentic NSA software, part of a powerful constellation of tools used to covertly infect computers worldwide. The provenance of the code has been a matter of heated debate this week among cybersecurity experts, and while it remains unclear how the software leaked, one thing is now beyond speculation: The malware is covered with the NSA's virtual fingerprints and clearly originates from the agency. The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, "ace02468bdf13579." That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE. SECONDDATE plays a specialized role inside a complex global system built by the U.S. government to infect and monitor what one document estimated to be millions of computers around the world. Its release by ShadowBrokers, alongside dozens of other malicious tools, marks the first time any full copies of the NSA's offensive software have been available to the public, providing a glimpse at how an elaborate system outlined in the Snowden documents looks when deployed in the real world, as well as concrete evidence that NSA hackers don't always have the last word when it comes to computer exploitation.
This discussion has been archived. No new comments can be posted.

The NSA Leak Is Real, Snowden Documents Confirm

Comments Filter:
  • > classified top secret, provided by Snowden, and not previously available to the public.

    But it was available to Wikileaks. Occam Razor says hacking wikileaks is probably easier.

    • by Anonymous Coward

      Wikileaks? They have nothing to do with it.

  • Censorship? (Score:1, Interesting)

    by sshir ( 623215 )
    I'm still waiting for major US news outlets to cover the story. Are they being censored? The story has major political implications, e.g. often proposed mandate to allow government to access encrypted private communications, etc. BBC seems have no problem reporting on this.
    • by s.petry ( 762400 )

      Do you really need to ask if US News agencies censored? The current media puts the old Pravda to shame. If they were merely protecting State secrets I'd give them a pass on this, at least in terms of discussing details. They should however discuss concerns with the operations in general terms so that the public can debate and direct the Government. They are not however interested in protecting the State and have no concern for truth and honesty. Have not had such concerns for literally decades now. Th

    • Re:Censorship? (Score:5, Informative)

      by b0bby ( 201198 ) on Friday August 19, 2016 @11:49AM (#52733039)

      What kind of major outlets are you looking for?

      http://abcnews.go.com/Internat... [go.com]

      https://www.washingtonpost.com... [washingtonpost.com]

      http://www.wsj.com/articles/gr... [wsj.com]

      http://www.npr.org/sections/th... [npr.org]

      Hell, even the NY Daily News covered it:

      http://www.nydailynews.com/new... [nydailynews.com]

      • by sshir ( 623215 )
        Ok, abcnews does have it on front page, CNN, wsj, nytimes do not.
        • Re:Censorship? (Score:5, Interesting)

          by quantaman ( 517394 ) on Friday August 19, 2016 @12:20PM (#52733281)

          Ok, abcnews does have it on front page, CNN, wsj, nytimes do not.

          Blame readers.

          At the end of the day newspapers are in the business of attracting readers. A story about NSA hacking tools is too esoteric for most of their readers and lacks the cool characters or personalized villains that drive narratives.

          Even the last /. story only had 130 comments [slashdot.org], and it's a story specifically about the NSA and hackers. If it barely interests the /. audience I don't imagine it's going to be a hit with the general public.

          • by Anonymous Coward

            Ok, abcnews does have it on front page, CNN, wsj, nytimes do not.

            Blame readers.

            At the end of the day newspapers are in the business of attracting readers. A story about NSA hacking tools is too esoteric for most of their readers and lacks the cool characters or personalized villains that drive narratives.

            Even the last /. story only had 130 comments [slashdot.org], and it's a story specifically about the NSA and hackers. If it barely interests the /. audience I don't imagine it's going to be a hit with the general public.

            Can we please stop being nice and say things like they are? The average person is too stupid to understand why something like this is important, much less the actual content. They are gullible, incompetent fools who will believe literally anything if it plays to an emotional response. This is true for all major issues and is the primary reason most people should not be allowed to have any influence or say in major decisions.

            • No..no..no. They only care about Hillary, Trump, or Bernie and BLM.
            • by tnk1 ( 899206 )

              Stupidity is not required. Ignorance is more than sufficient. There are probably people out there with a 95 IQ who understand this issue better than some random mathematician with a 140 simply because the average intelligence person works as an IT janitor and deals with it every day, while the mathematician is working on some obscure problem requiring an esoteric proof and doesn't have any exposure to it.

              Intelligence only gets you so far if you have no pertinent experience or knowledge to process with you

          • by dj245 ( 732906 )

            Ok, abcnews does have it on front page, CNN, wsj, nytimes do not.

            Blame readers.

            At the end of the day newspapers are in the business of attracting readers. A story about NSA hacking tools is too esoteric for most of their readers and lacks the cool characters or personalized villains that drive narratives.

            Even the last /. story only had 130 comments [slashdot.org], and it's a story specifically about the NSA and hackers. If it barely interests the /. audience I don't imagine it's going to be a hit with the general public.

            130 comments is a pretty good discussion on Slashdot. It may even be above average.

        • Oh, I get it...
          It didn't show up in your FB news feed, right?
    • by Anonymous Coward

      Are they being censored?

      They're too busy getting Hillary elected.

    • Re:Censorship? (Score:5, Insightful)

      by clubby ( 1144121 ) on Friday August 19, 2016 @12:05PM (#52733163)

      At this point, anything broadly considered to be a "major US news outlet" has, at best, a tangential relationship with "news." CNN is hopelessly clueless and out of touch, while Fox & MSNBC are the propaganda arms of their respective parties. The NYT sat on a vitally important story, clearly in the public interest, in order to help GWB's re-election campaign. These groups are marketing organizations, who sometimes publish news as a means of promoting their brand.

      On the plus side, a major US journalism outlet, The Intercept, is on it.

    • by I4ko ( 695382 )
      What news would that be exactly - "Computers are insecure, networked computers even more so!"- these ones?
      That isn't news worthy. There was a 4 season edutainment TV show some years ago called Battlestar Galactica.

      If you aren't operating under the above presumption, you are doing it wrong, dead wrong.
  • by wbr1 ( 2538558 ) on Friday August 19, 2016 @11:36AM (#52732925)
    The real interesting thing will be when detection tools for this malware are created. Then we will see how many people -without warrants- the NSA is using this on.
    • by PolygamousRanchKid ( 1290638 ) on Friday August 19, 2016 @12:07PM (#52733193)

      The real interesting thing will be when detection tools for this malware are created.

      Well, in order for detection tools to be developed . . . folks will need access to the NSA toolkit code. The honorable thing for the ShadowBrokers to do, would be to make this freely and openly available for all.

      But the fact that they are offering this as an auction, shows us that the ShadowBrokers are just in it for the money.

      I'm guessing that China, Russia and the NSA itself will create bidding "fronts" to bid for them, and no private entities will be able to match their funds. So whatever is in that toolkit will still stay secret.

      • by 6ULDV8 ( 226100 )

        If they were honorable, they wouldn't be thieves. Any assurance that the tools would be sold only once would require some sense of honor.

      • The honorable thing for the ShadowBrokers to do, would be to make this freely and openly available for all.

        But the fact that they are offering this as an auction, shows us that the ShadowBrokers are just in it for the money.

        Not so fast...
        Once Shepard and Liara had killed the few operatives aware of the Broker's true identity, Liara will take over without anyone else in the organization suspecting a transition. Liara is well aware of the power at her disposal, as she could use the information network to start a war in ten minutes if she wanted to, but she vows to not abuse her position and to help Shepard find a way to combat the Reapers.

    • by pz ( 113803 ) on Friday August 19, 2016 @12:14PM (#52733245) Journal

      How quickly can a tool be built that scans all of memory for that string?

      • by skids ( 119237 )

        You can pretty much do that in a single cli command. But you'll get the 25 or so copies your browser made of it by viewing this page, too.

        • by pz ( 113803 )

          ... and that command line would be? Bonus points if it works under Windows, too (or has an equivalent)!

          • Windows has some catching up to do. On Linux you can do something like: cat /dev/ram | strings | grep "ace02468bdf1357"
    • No, the really interesting thing is going to be what happens to these "shadow brokers" in time. They've hacked a state sponsored defense agency and published weapons of war for sale. This is the kind of thing that's likely to get you put on a rendition list.

  • code (Score:3, Funny)

    by MagicM ( 85041 ) on Friday August 19, 2016 @11:38AM (#52732941)

    That's amazing. I've got the same combination on my luggage!

  • by ErichTheRed ( 39327 ) on Friday August 19, 2016 @11:47AM (#52733023)

    I would think that anyone who actually chose to work for the NSA in an offensive capacity would be quite dedicated to their job. Same goes for most intelligence operatives -- I can't imagine they get paid as much as they could make in a private business or a well-funded covert organization, yet there they are. By contrast, Snowden was basically a contract sysadmin who had access to what was going on -- he wasn't coming up with these plans/exploits. I'd guess anyone voluntarily working on these exploits would be pretty serious about guarding their work and wouldn't take copies home on the train with them.

    So -- is it old fashioned espionage tactics, finding out who these people are and squeezing them in various ways? Did whoever is behind this just get lucky and happened upon unencrypted copies of these tools? Should be interesting to watch.

    • Perhaps, on the other hand I bet there are at least a few NSA types making fortunes on insider trading, along with black programs funded by insider trading.

      The agency, no doubt, has the software widely enough distributed to have plausible deniability if the greedy spooks were caught by the SEC (like that would happen).

      • by swb ( 14022 )

        I always figured that the best way to fund black programs was just to back a truck up to the bureau of engraving and take a few pallets of $100s.

        • 'Best' would mean the least number of people would know about it (also means least oversight). So your method has a flaw.

    • by Anonymous Coward

      There are 30,000 people working at the NSA (!). Even with background checks, etc...that's way too many to keep any secrets. SO yes, I bet we are talking about old-school espionage...cash payments...blackmail...theft/break in to someone's apartment...etc. And don't forget government contractors...maybe they just asked Infosys for the files.

    • by sjames ( 1099 )

      Right now, there are three types working for the NSA. those who feel ethically compromised and disgruntled and those whose ethics are 'flexible' enough to overlook that their agency is shirking half of it's charter and violating the other half, all while lying to congress and likely the President. The third type isn't heads up enough to have noticed anything.

    • The software was likely left on a staging server that got disconnected or forgotten about so the NSA was unable to delete it. The NSA doesn't launch attacks from Virginia so they would likely keep their tools close (hop and latency wise) to their target.
    • by chill ( 34294 )

      Did you watch Citizenfour [imdb.com]? There were a couple scenes in there, IIRC, where comments were made about a "second leaker". I believe there were also mentions in some of the Guardian articles as well. Not a lot in either, but definite indications the Snowden was not the only one.

      I was wondering what happened to #2...

    • by dbIII ( 701233 )

      I would think that anyone who actually chose to work for the NSA in an offensive capacity would be quite dedicated to their job

      The example of the "Star Trek set" guy and a few others indicated that they are a bunch of horse judges doing a "heck of a job" getting sit-down money and playing at being toy soldiers.
      IMHO it should be run by the military at military wages with military professionalism instead of all this pissing in pockets and outsourcing of huge contracts to good friends or political connections.

    • by AHuxley ( 892839 )
      The walk out of material in the US context is nothing new. Every decade sees people walk out material they feel the public should know.
      The press is protected. Public discussion on material thats published then gets issues fixed, legal teams can ask governments to stop collect it all spying domestically ect.
      The main issues is the flood of contractors and a lack of real vetting in the past few years. Too many people are needed to collect domestically and a rapid expansion ensured access could come from
  • Betting the likelihood of the NSA reporting these zero days to their respective software vendors is zero.
  • by Anonymous Coward

    When stuff like this occurs I always wonder...is the super-snazzy NSA really just a bunch of knuckleheads or are they really slick and this is part of an elaborate and well planned disinformation campaign? Based on my life experience I'm pretty sure its the former...but TV/movies make me wish it were like the latter.

    • by pezpunk ( 205653 )

      even slick and savvy very intelligent people fuck up every once in a while. and when your organization is made up of 40,000 people, that means, statistically, at any point in time there is always someone in the process of fucking something up royally, no matter how sharp they are by and large.

    • When stuff like this occurs I always wonder...is the super-snazzy NSA really just a bunch of knuckleheads or are they really slick and this is part of an elaborate and well planned disinformation campaign? Based on my life experience I'm pretty sure its the former...but TV/movies make me wish it were like the latter.

      When you were in school and didn't know the answer to a multiple-choice question, what was the usual answer?
      "D : All of the above" ===

      Could be the knuckle-heads are being manipulated by the actual operators, as a show for us.

      Of course, who is a knuckle-head and who is an operator, changes frequently...

  • by Anonymous Coward

    My favorite part is any argument the government makes now that they need access to everyone's devices, and weakened encryption. Sorry, but you can't even keep a lid on your own stuff. **** off.

    • by pezpunk ( 205653 )

      exactly. the US wants a back door built into every device because we can trust them to use it only when needed!

      even if we COULD trust them (which we can't) we KNOW we can't trust them to keep the keys to that back door out of the hands of "bad guys".

    • by dbIII ( 701233 )
      Something like that came up in the Manning "cablegate" leak.
      A Nigerian branch of a US oil company was asked to provide sensitive information to a US intelligence group and they told the spooks to fuck off because they were sure the spooks would have a leak.
  • Right, and government/law enforcement backdoors are going to be perfectly safe and will never, not ever, fall into the wrong hands, pinky swear! Just trust us!
    • by sjames ( 1099 )

      This cannot be repeated enough and needs to be brought up every time some agency suggests it.

  • Dammit that's the combination to my luggage!

  • I'll guess it's been fabricated by the NSA to root out interested parties, and certainly to fool Snowden.
  • So have antivirus/antimalware vendors updated their definitions to detect the exploits that have been leaked so far?

    That would be both useful and informative as to the scope of these programs.

    • by AHuxley ( 892839 )
      Think of it as 3 stages.
      The detection of a users interest in a forum, as an ip, chat room, phrase, friends, friends of friends. That gets an automated push down of complex ads, random OS ready malware, tracking cookies that are set to be more persistent. Every aspect of their computer, provider, account, friends of friends is collected on.
      Been an every day part of the internet, thats expected by any user and is a great place for govs to start.
      That maps out a basic idea of who the user is, what they h
  • Being labeled as authentic will certainly raise the bidding price on the auction. Is Snowden actually ShadowBrokers? Does he get a cut from the auction?

    Why else is he engaged in a timely marketing campaign to authenticate the software? I would think he could have waited until after the sale, unless we really wanted to boost the price.

  • Q: Who watches the watchers?

    A: The hackers do.

If you steal from one author it's plagiarism; if you steal from many it's research. -- Wilson Mizner

Working...