The NSA Leak Is Real, Snowden Documents Confirm (theintercept.com) 146
Sam Biddle, reporting for The Intercept: On Monday, A hacking group calling itself the "ShadowBrokers" announced an auction for what it claimed were "cyber weapons" made by the NSA. Based on never-before-published documents provided by the whistleblower Edward Snowden, The Intercept can confirm that the arsenal contains authentic NSA software, part of a powerful constellation of tools used to covertly infect computers worldwide. The provenance of the code has been a matter of heated debate this week among cybersecurity experts, and while it remains unclear how the software leaked, one thing is now beyond speculation: The malware is covered with the NSA's virtual fingerprints and clearly originates from the agency. The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, "ace02468bdf13579." That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE. SECONDDATE plays a specialized role inside a complex global system built by the U.S. government to infect and monitor what one document estimated to be millions of computers around the world. Its release by ShadowBrokers, alongside dozens of other malicious tools, marks the first time any full copies of the NSA's offensive software have been available to the public, providing a glimpse at how an elaborate system outlined in the Snowden documents looks when deployed in the real world, as well as concrete evidence that NSA hackers don't always have the last word when it comes to computer exploitation.
Soooo (Score:1)
> classified top secret, provided by Snowden, and not previously available to the public.
But it was available to Wikileaks. Occam Razor says hacking wikileaks is probably easier.
Re: (Score:2, Insightful)
seriously, when will government employess, contractor or not, realise that LYING should not be part of their job description.
Re:Soooo (Score:5, Insightful)
When the paychecks stop coming.
Its very easy to ignore the truth when your salary requires it to not be taken into account.
Re: (Score:3)
When I worked for the federal government in the 80's, I had to break federal laws every day just to get my job done.
It is not an efficient system.
Re: (Score:3)
Funny how the public keeps on electing people who have perfected lying to an art form.
Re:Soooo (Score:5, Insightful)
Its not surprising, as the signal to noise ratio is very low, and only a professional watchdog can begin to sort it all out. And even that doesn't help because there are also liars posing as watchdogs.
The internet only makes it worse, spewing like a fire hose.
Re: (Score:2)
Interesting point about the watchdogs. Who actually IS a watchdog these days?
When I was a kid, you could generally trust the media. However, since the repeal of the "fairness doctrine," every media outlet is biased, and is really more of a propaganda machine than simply news.
Re: (Score:2)
The "fairness doctrine" never really helped, because it just caused the media to water down the problem in order to not piss anyone off. For example:
Congressional Republicans decide that the world is not a sphere, and must be flat.* Congressional Democrats send 180 Congressmen to give speeches from the Well in the US House of Representatives about how idiotic that is.
The headline? "Democrats and Republicans disagree on geometry of Earth"
That's what the so-called Fairness Doctrine gets us. When did we ge
Re:Soooo (Score:5, Interesting)
Facts are not unfair or biased. However, media can (and often does) choose which facts need to be reported.
As a quick example, homicides are down over 50% since their peak around 1992 or 1993. The last time homicides were this low was 1957 (facts, based on FBI statistics). However, I have actually seen articles about "What (insert candidate name here) is going to do about gun violence?" This already assumes several things, and it is possible that NONE of them are true:
1) Gun deaths are somehow worse than knife deaths
2) A criminal without a gun will suddenly stop being a criminal
3) That doing something will automatically make the public safer, instead of just disarming the honest people.
4) Gun laws will actually affect criminals, whose job actually involves breaking the law.
Each of those points could be a discussion by itself, and yet some "news" pretends that all assumptions are already decided.
That is now news, that is propaganda. It is actually shaping the discussion to stack the deck in your favor.
Re: (Score:1)
First of all hats off to you for making this about guns.
There are many many times more gun deaths than knife deaths in the USA each year [quandl.com] So yes, gun deaths are much worse than any other form if only by the numbers.
A criminal without a gun is less likely to kill you, so while still a criminal he is far less of a criminal, criminality is a question of degrees, we've all broken a law at some point. To my mind any crime committed with a weapon of any kind (including non firearms) should be treated as an aggrav
Re: (Score:2)
I did not INTEND this to be a gun thread. I was just pointing out how the media can make ASSUMPTIONS that are not actually true!
Facts for you, besides the ones showing that the homicide rate is DECREASING. Quick! The streets are safer every year. DO SOMETHING TO REVERSE THIS HORRIBLE TREND!
We tried an "assault weapons ban" for 10 years. No noticeable affect on crime.
Over 300 millions guns in the US. 8,124 gun homicides in 2014. That means that for every gun used in a murder, there are were 37,000 tha
Re: (Score:2)
By the way, you are right about more gun deaths than knife deaths. However, it would be extremely foolish to think that by removing guns, that those killed by guns would still be alive. Most of those would just turn into knife deaths. And, once again, I point out that people killed by knives are JUST AS DEAD as those killed by guns. How many people were killed by a TRUCK in France last month? Do you think that all of those grieving relatives are happy that their loved ones were not killed by a gun? Sh
Re: (Score:2)
Sure its possible that none of them are true, but its likely that they are -- or at least they're closer to true than "ignoring a problem will magically solve it," which seems to be the route the NRA and friends would like to take.
1) Gun deaths aren't worse than knife deaths -- dead is dead. Its just a hell of a lot easier to kill someone with a gun than it is with a knife. This should be fairly obvious. If it wasn't true, then the army would use kitchenware rather than assault rifles.
2) They won't stop
Re: (Score:2)
Ahhhh, another person who elevates assumptions to the level of facts.
1) Yes, guns are more powerful. However, the VAST majority of murders are in ones and twos. Mass murders are actually hardly a blip on the statistics. So can a person kill another person with only a knife? YES. In fact, it is possible to commit MASS murder with a knife. A couple of years ago, a guy near a college campus killed several people. He killed just as many people WITHOUT a gun as he did WITH a gun. Also, the army faces ENE
Re: (Score:2)
1) Its not about possibility, its about probability. Sure you indeed can go on a spree with a knife, but its a lot less likely. Not in any small part because of:
2) 20 is quite a bit bigger than 3. I have more than 6x the amount of time to realize the situation is shitty and can attempt to flee before defending myself (or not) is even in question. And 20' is already a fairly low estimate depending on the attacker's weapon and skill with said weapon.
3) Way to not read to the end. I explicitly said you ne
Re: (Score:2)
Wow. Soooo much fail in one post.
Let's assume that we DID get rid of all guns. What would be the result? Criminals tend to be young males. Victims can be anybody, including women, and the elderly. Statistically speaking, in a physical confrontation, elderly and women are at a disadvantage compared to men. So you are clearly in FAVOR of criminals having an advantage. How very nice of you to make the streets safe for murderers and rapists. What chance does a 100-pound woman have against a crazy-ex? I
Re: (Score:2)
That first paragraph.. I have no idea what the fuck you're going on about. That's taking everything I said to an extreme, then pulling out your gun, shooting the extreme and continuing on well past absurd. "Safe for murderers and rapists?" I don't recall ever stating that the police should be disbanded. I'd also like to find out your source for determining that shoot-outs are somehow safer for a woman (never mind any children or bystanders that might be nearby) than just running away and calling the cop
Re: (Score:2)
Wow, once again, you COMPLETELY FAIL TO GET THE POINT. I don't know if you are TRYING to be obtuse or if it just comes naturally.
When I say "safe for murderers and rapists," are you REALLY so dumb that you don't realize? Police generally come when (if) called, and they take time to get there. We have police, and over 11,000 homicides in 2014. Police CANNOT prevent homicide. They show up AFTER the murder and try to catch the criminal. If s
Re: (Score:2)
Here are three people who are alive because of a gun. A grizzly attacked some fishermen in the Alaskan wilderness. Do you really want to tell those people that you would prefer that they be dead right now because guns are evil?
https://www.americanhunter.org... [americanhunter.org]
Re: (Score:1)
1) Gun deaths are somehow worse than knife deaths
If I had to kill someone, I would select a gun over a knife. A gun would allow me to achieve the goal at a greater distance and probably in less time and with less practice.
I also suspect that the memory may be less traumatizing due to the difference in mess and due to the length of time that I could have stopped myself before completing the horrible actions.
Re: (Score:2)
A gun is certainly a better tool for killing than a knife. However, if denied a gun, you certainly CAN kill with a knife, and the victim will be just as dead.
A guy in France managed to kill close to 100 people without using a gun.
Re: (Score:2)
No, the Fairness Doctrine didn't really cause this at all. Your knowledge of history is weak.
The result you cite hypothetically above is the result of three things:
1. Corporate media, sometimes called "journalists" aren't really journalists at all, and feed from a very narrow set of supplied "facts".
2. Public media journalists are routinely castrated, and create very little "journalism" on their own. They're scared of: CPB funding losses, and the barely breathing budgets of PBS and NPR affiliates.
3. The pub
Re: (Score:2)
Re: (Score:1)
Sounds like a Dollar Shave Club commercial in the making....
Re: (Score:1)
Wikileaks? They have nothing to do with it.
Censorship? (Score:1, Interesting)
No offense, but duh.. (Score:2, Insightful)
Do you really need to ask if US News agencies censored? The current media puts the old Pravda to shame. If they were merely protecting State secrets I'd give them a pass on this, at least in terms of discussing details. They should however discuss concerns with the operations in general terms so that the public can debate and direct the Government. They are not however interested in protecting the State and have no concern for truth and honesty. Have not had such concerns for literally decades now. Th
Re:Censorship? (Score:5, Informative)
What kind of major outlets are you looking for?
http://abcnews.go.com/Internat... [go.com]
https://www.washingtonpost.com... [washingtonpost.com]
http://www.wsj.com/articles/gr... [wsj.com]
http://www.npr.org/sections/th... [npr.org]
Hell, even the NY Daily News covered it:
http://www.nydailynews.com/new... [nydailynews.com]
Re: (Score:3)
"Spies Spying" is not really front page news. Every interesting story can't make the front page. That's why there are other fucking pages.
This is not a media blackout. This is a niche story with reasonably broad implications, but just because you appreciate all the implications doesn't mean everyone else does.
Re: (Score:3)
Re:Censorship? (Score:5, Interesting)
Ok, abcnews does have it on front page, CNN, wsj, nytimes do not.
Blame readers.
At the end of the day newspapers are in the business of attracting readers. A story about NSA hacking tools is too esoteric for most of their readers and lacks the cool characters or personalized villains that drive narratives.
Even the last /. story only had 130 comments [slashdot.org], and it's a story specifically about the NSA and hackers. If it barely interests the /. audience I don't imagine it's going to be a hit with the general public.
Re: (Score:1)
Ok, abcnews does have it on front page, CNN, wsj, nytimes do not.
Blame readers.
At the end of the day newspapers are in the business of attracting readers. A story about NSA hacking tools is too esoteric for most of their readers and lacks the cool characters or personalized villains that drive narratives.
Even the last /. story only had 130 comments [slashdot.org], and it's a story specifically about the NSA and hackers. If it barely interests the /. audience I don't imagine it's going to be a hit with the general public.
Can we please stop being nice and say things like they are? The average person is too stupid to understand why something like this is important, much less the actual content. They are gullible, incompetent fools who will believe literally anything if it plays to an emotional response. This is true for all major issues and is the primary reason most people should not be allowed to have any influence or say in major decisions.
Re: (Score:1)
Re: (Score:2)
Stupidity is not required. Ignorance is more than sufficient. There are probably people out there with a 95 IQ who understand this issue better than some random mathematician with a 140 simply because the average intelligence person works as an IT janitor and deals with it every day, while the mathematician is working on some obscure problem requiring an esoteric proof and doesn't have any exposure to it.
Intelligence only gets you so far if you have no pertinent experience or knowledge to process with you
Re: (Score:2)
Ok, abcnews does have it on front page, CNN, wsj, nytimes do not.
Blame readers.
At the end of the day newspapers are in the business of attracting readers. A story about NSA hacking tools is too esoteric for most of their readers and lacks the cool characters or personalized villains that drive narratives.
Even the last /. story only had 130 comments [slashdot.org], and it's a story specifically about the NSA and hackers. If it barely interests the /. audience I don't imagine it's going to be a hit with the general public.
130 comments is a pretty good discussion on Slashdot. It may even be above average.
Re: (Score:2)
It didn't show up in your FB news feed, right?
Re: (Score:1)
They're too busy getting Hillary elected.
Re:Censorship? (Score:5, Insightful)
At this point, anything broadly considered to be a "major US news outlet" has, at best, a tangential relationship with "news." CNN is hopelessly clueless and out of touch, while Fox & MSNBC are the propaganda arms of their respective parties. The NYT sat on a vitally important story, clearly in the public interest, in order to help GWB's re-election campaign. These groups are marketing organizations, who sometimes publish news as a means of promoting their brand.
On the plus side, a major US journalism outlet, The Intercept, is on it.
Re: (Score:2)
That isn't news worthy. There was a 4 season edutainment TV show some years ago called Battlestar Galactica.
If you aren't operating under the above presumption, you are doing it wrong, dead wrong.
Witty comment here... (Score:5, Insightful)
Re:Witty comment here... (Score:5, Interesting)
The real interesting thing will be when detection tools for this malware are created.
Well, in order for detection tools to be developed . . . folks will need access to the NSA toolkit code. The honorable thing for the ShadowBrokers to do, would be to make this freely and openly available for all.
But the fact that they are offering this as an auction, shows us that the ShadowBrokers are just in it for the money.
I'm guessing that China, Russia and the NSA itself will create bidding "fronts" to bid for them, and no private entities will be able to match their funds. So whatever is in that toolkit will still stay secret.
Re: (Score:1)
If they were honorable, they wouldn't be thieves. Any assurance that the tools would be sold only once would require some sense of honor.
Re: (Score:2)
The honorable thing for the ShadowBrokers to do, would be to make this freely and openly available for all.
But the fact that they are offering this as an auction, shows us that the ShadowBrokers are just in it for the money.
Not so fast...
Once Shepard and Liara had killed the few operatives aware of the Broker's true identity, Liara will take over without anyone else in the organization suspecting a transition. Liara is well aware of the power at her disposal, as she could use the information network to start a war in ten minutes if she wanted to, but she vows to not abuse her position and to help Shepard find a way to combat the Reapers.
Re: (Score:2)
Re:Witty comment here... (Score:4, Interesting)
How quickly can a tool be built that scans all of memory for that string?
Re: (Score:2)
You can pretty much do that in a single cli command. But you'll get the 25 or so copies your browser made of it by viewing this page, too.
Re: (Score:2)
... and that command line would be? Bonus points if it works under Windows, too (or has an equivalent)!
Re: (Score:2)
Re: (Score:3)
No, the really interesting thing is going to be what happens to these "shadow brokers" in time. They've hacked a state sponsored defense agency and published weapons of war for sale. This is the kind of thing that's likely to get you put on a rendition list.
code (Score:3, Funny)
That's amazing. I've got the same combination on my luggage!
Re: (Score:2)
Eliot would be proud.
Re:code (Score:5, Funny)
Maybe they did! Maybe those were Chinese! (Score:1)
*drops the mic.*
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
Re: It's time (Score:1)
You obviously didn't even read the summary. That, or your English interpretation skills are subpar. It specifically says the Snowden leaks referenced a manual on how to track the malware. What they found is that what they use to track the software is ask over the new leak.
Snowden obviously did not leak any software, just the manual to use said software.
Re: (Score:2)
What they found is that what they use to track the software is ask over the new leak.
I have no idea what you meant there.
But if you had read the article you would see the direct connection to the documents Snowden admits he stole and the code that ShadowBrokers is trying to sell today. His leak didn't "reference" a manual, it was the manual. The code existed before he headed to Russia.
The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, “ace02468bdf13579.” That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE.
Re: (Score:1)
The documents are still there. So Snowden didn't so much "steal" them as "share" them.
Re: (Score:2)
Re: (Score:2)
OK, so how did it happen? (Score:3, Interesting)
I would think that anyone who actually chose to work for the NSA in an offensive capacity would be quite dedicated to their job. Same goes for most intelligence operatives -- I can't imagine they get paid as much as they could make in a private business or a well-funded covert organization, yet there they are. By contrast, Snowden was basically a contract sysadmin who had access to what was going on -- he wasn't coming up with these plans/exploits. I'd guess anyone voluntarily working on these exploits would be pretty serious about guarding their work and wouldn't take copies home on the train with them.
So -- is it old fashioned espionage tactics, finding out who these people are and squeezing them in various ways? Did whoever is behind this just get lucky and happened upon unencrypted copies of these tools? Should be interesting to watch.
Re: (Score:3)
Perhaps, on the other hand I bet there are at least a few NSA types making fortunes on insider trading, along with black programs funded by insider trading.
The agency, no doubt, has the software widely enough distributed to have plausible deniability if the greedy spooks were caught by the SEC (like that would happen).
Re: (Score:3)
I always figured that the best way to fund black programs was just to back a truck up to the bureau of engraving and take a few pallets of $100s.
Re: (Score:2)
'Best' would mean the least number of people would know about it (also means least oversight). So your method has a flaw.
Re: (Score:1)
There are 30,000 people working at the NSA (!). Even with background checks, etc...that's way too many to keep any secrets. SO yes, I bet we are talking about old-school espionage...cash payments...blackmail...theft/break in to someone's apartment...etc. And don't forget government contractors...maybe they just asked Infosys for the files.
Re: (Score:2)
Right now, there are three types working for the NSA. those who feel ethically compromised and disgruntled and those whose ethics are 'flexible' enough to overlook that their agency is shirking half of it's charter and violating the other half, all while lying to congress and likely the President. The third type isn't heads up enough to have noticed anything.
Re: (Score:2)
The old timestamps are more likely because they had to give some away to prove they had something worth buying but believed the newer ones would have the most perceived value.
Re: (Score:2)
Re: (Score:2)
Did you watch Citizenfour [imdb.com]? There were a couple scenes in there, IIRC, where comments were made about a "second leaker". I believe there were also mentions in some of the Guardian articles as well. Not a lot in either, but definite indications the Snowden was not the only one.
I was wondering what happened to #2...
Re: (Score:2)
The example of the "Star Trek set" guy and a few others indicated that they are a bunch of horse judges doing a "heck of a job" getting sit-down money and playing at being toy soldiers.
IMHO it should be run by the military at military wages with military professionalism instead of all this pissing in pockets and outsourcing of huge contracts to good friends or political connections.
Re: (Score:2)
The press is protected. Public discussion on material thats published then gets issues fixed, legal teams can ask governments to stop collect it all spying domestically ect.
The main issues is the flood of contractors and a lack of real vetting in the past few years. Too many people are needed to collect domestically and a rapid expansion ensured access could come from
Report the Zero Days (Score:2)
Re: (Score:2)
The academics, corporate structure, staff, legal departments, political leaders seem indifferent, obvious or unable to to cope with their junk crypto product they promote as a standard..
An expensive product sold as very secure VPN then becomes nothing more than the cheapest server that can be totally collected on.
Crypto standards get set in a race to be the most easy to revert to tracking users and getting pla
Question is it real or dis-information (Score:1)
When stuff like this occurs I always wonder...is the super-snazzy NSA really just a bunch of knuckleheads or are they really slick and this is part of an elaborate and well planned disinformation campaign? Based on my life experience I'm pretty sure its the former...but TV/movies make me wish it were like the latter.
Re: (Score:3)
even slick and savvy very intelligent people fuck up every once in a while. and when your organization is made up of 40,000 people, that means, statistically, at any point in time there is always someone in the process of fucking something up royally, no matter how sharp they are by and large.
Re: (Score:1)
When stuff like this occurs I always wonder...is the super-snazzy NSA really just a bunch of knuckleheads or are they really slick and this is part of an elaborate and well planned disinformation campaign? Based on my life experience I'm pretty sure its the former...but TV/movies make me wish it were like the latter.
When you were in school and didn't know the answer to a multiple-choice question, what was the usual answer?
"D : All of the above" ===
Could be the knuckle-heads are being manipulated by the actual operators, as a show for us.
Of course, who is a knuckle-head and who is an operator, changes frequently...
But encryption! (Score:1)
My favorite part is any argument the government makes now that they need access to everyone's devices, and weakened encryption. Sorry, but you can't even keep a lid on your own stuff. **** off.
Re: (Score:2)
exactly. the US wants a back door built into every device because we can trust them to use it only when needed!
even if we COULD trust them (which we can't) we KNOW we can't trust them to keep the keys to that back door out of the hands of "bad guys".
Re: (Score:2)
A Nigerian branch of a US oil company was asked to provide sensitive information to a US intelligence group and they told the spooks to fuck off because they were sure the spooks would have a leak.
Government/Law Enforcement Backdoors (Score:2)
Re: (Score:2)
This cannot be repeated enough and needs to be brought up every time some agency suggests it.
ace02468bdf13579? (Score:2)
Dammit that's the combination to my luggage!
Of course it has NSA fingerprints (Score:1)
Updated detections? (Score:2)
So have antivirus/antimalware vendors updated their definitions to detect the exploits that have been leaked so far?
That would be both useful and informative as to the scope of these programs.
Re: (Score:2)
The detection of a users interest in a forum, as an ip, chat room, phrase, friends, friends of friends. That gets an automated push down of complex ads, random OS ready malware, tracking cookies that are set to be more persistent. Every aspect of their computer, provider, account, friends of friends is collected on.
Been an every day part of the internet, thats expected by any user and is a great place for govs to start.
That maps out a basic idea of who the user is, what they h
Snowden === ShadowBrokers ? (Score:1)
Being labeled as authentic will certainly raise the bidding price on the auction. Is Snowden actually ShadowBrokers? Does he get a cut from the auction?
Why else is he engaged in a timely marketing campaign to authenticate the software? I would think he could have waited until after the sale, unless we really wanted to boost the price.
I guess we've answered the question (Score:2)
A: The hackers do.
Re: (Score:1)
The NSA gives at least two shits, that's who.
And they have the ear of the guys with guns, so attempting to "fuck em" is likely to end up with the fucker becoming the fuckee. At best. At worst, the fucker may become the subject of interment. And these aren't just any guys with guns, either. These are the guys with the most guns.
Those two-or-more shits could get a lot of people killed.
Who Believes Ralgha Anymore Anyway? (Score:1)
Ralgha is probably an NSA plant meant to distract us anyway. He might not even know he is, they just fed him all the crap that he's "revealing" and it's either fake, or they don't care that we know. Think about it, has Ralgha actually told us anything that we didn't already know (or suspected at least)? Who gives a crap if the NSA got hacked, it's what they do, the hack, they get hacked, and the cycle continues.