Leaked Files Show How the NSA Tracks Other Countries' Hackers

An analysis of leaked tools believed to have been developed by the U.S. National Security Agency (NSA) gives us a glimpse into the methods used by the organization to detect the presence of other state-sponsored actors on hacked devices, and it could also help the cybersecurity community discover previously unknown threats. The Intercept: When the mysterious entity known as the "Shadow Brokers" released a tranche of stolen NSA hacking tools to the internet a year ago, most experts who studied the material honed in on the most potent tools, so-called zero-day exploits that could be used to install malware and take over machines. But a group of Hungarian security researchers spotted something else in the data, a collection of scripts and scanning tools the National Security Agency uses to detect other nation-state hackers on the machines it infects. It turns out those scripts and tools are just as interesting as the exploits. They show that in 2013 -- the year the NSA tools were believed to have been stolen by the Shadow Brokers -- the agency was tracking at least 45 different nation-state operations, known in the security community as Advanced Persistent Threats, or APTs. Some of these appear to be operations known by the broader security community -- but some may be threat actors and operations currently unknown to researchers.

The scripts and scanning tools dumped by Shadow Brokers and studied by the Hungarians were created by an NSA team known as Territorial Dispute, or TeDi. Intelligence sources told The Intercept the NSA established the team after hackers, believed to be from China, stole designs for the military's Joint Strike Fighter plane, along with other sensitive data, from U.S. defense contractors in 2007; the team was supposed to detect and counter sophisticated nation-state attackers more quickly, when they first began to emerge online. "As opposed to the U.S. only finding out in five years that everything was stolen, their goal was to try to figure out when it was being stolen in real time," one intelligence source told The Intercept. But their mission evolved to also provide situational awareness for NSA hackers to help them know when other nation-state actors are in machines they're trying to hack.

Just putting it out there

[Anonymous Coward]

that one of NSA's designated missions since the rapid growth of the internet became a fact in the mid-90's has been to breach and acquire foreign research and technology that was to be kept secret.

It's always hypocrisy of the highest order when America accuses others of IP theft.

Re:

[Neuroelectronic]

Core Values

Commitment to Service - Knowing that the country, our friends and allies are relying on us, we are dedicated to fulfilling our commitment to serve and to excellence in the pursuit of our critical mission.
Respect for the Law - Everything we undertake in our missions is grounded in our adherence to the U.S. Constitution and compliance with the U.S. laws, regulations and policies that govern our activities.
Integri

Re:

[Teun]

I assume this was encrypted till you found it?

Re:

[Anonymous Coward]

There would actually need to be IP worth stealing before claiming hypocrisy. China's technology debuts always seem to appear after the US has already demonstrated the technology. Just take a look at the Chinese stealth fighter and tell me it is not copied from the US stealth fighters. Russia might covet US technology as well but take a look at their 5th generation fighters and see the Russians at least tried to introduce their own take on the technology. Russia has always had robust scientific and engineeri

Re: Just putting it out there

[Brockmire]

Can you name such incidents of US stealing Chinese tech? Because there's only about a million cases of Chinese stealing US and Canadian IP. Do you think the US has an infiltration program in China equivalent to the Chinese infiltration in US? They're not even fucking close.

Re:

[AHuxley]

AC The NSA's raison d'être is to ensure the USA never has its 1930's US Army and Navy duplicated seperate decryption efforts again.
The NSA does not want to get discovered in a computer network when spies from another 5 eye nation are in the same network.

this is why...

[k3v0]

governments can't be trusted with encryption backdoors

Re:

[Kurdy]

I would leave it at : "governments can't be trusted"

Re:

[AlanObject]

I would leave it at : "governments can't be trusted"

We trust the government with nukes. Many other governments are trusted with this as well.

We trust the government with the data the IRS collects.

We trust the government with regulating the food supply, the water supply, and pharmaceuticals.

We trust the government to keep air travel safe. Pretty damn good job over the last 10 years even though Trump thinks he deserves credit for it.

I could go on, but at this point I would wonder what you mean.

Re:

[gnick]

s/government/politicians

Re:

[gnick]

You trust your government with nukes ?!?!

Who would you suggest putting in charge of them?

Re:

[Kurdy]

I'd rather have governments that are less obsessed with weapons of mass destruction and that are looking to reduce their stockpile. That would give me more trust. I do not think that there is really anyone that is enough "qualified" to be in charged of such powerful monstrosity. Especially the ones currently in charge.

Re:

[Anonymous Coward]

I'd rather have governments that are less obsessed with weapons of mass destruction and that are looking to reduce their stockpile. That would give me more trust. I do not think that there is really anyone that is enough "qualified" to be in charged of such powerful monstrosity. Especially the ones currently in charge.

Suppose you run a country. You get to decide how many nukes your country has. You do not get to decide what weapons other countries have. You also do not get to decide who runs those countries. In five or ten years, some country might be run by a crazy person who decides to attack you for some reason.

Would you reduce your stockpile of nukes without getting the other countries to reduce their arsenal? If so, you are an idiot.

Would you trust other countries when they say they are reducing *their* arsena

Re:

[AHuxley]

List of military nuclear accidents https://en.wikipedia.org/wiki/... [wikipedia.org]
How to stop that list from growing so the mil and contractors still look good?
Dont keep a list of military nuclear accidents.

Re:

[oldgraybeard]

It is not trust! It is forced compliance!

Anything someone wants released to the world, just give that information to the government and it will rapidly be out for all to see.

Just my 2 cents ;)

Re:

[rtb61]

We trust government to do things in the public interest in a public manner so we don't have to fucking trust them. We want to be able to fucking check everything going on and everything they will affect not only who we vote for but who we actively vociferously campaign against. Trust, limited trust for a limited time, if the government has nothing to hide than why does it keep secrets from us the people, us the bosses, those who representatives are meant to represent not fucking rule or lead. We are the fuc

Re:

[AlanObject]

As the author of the post you are responding to I reserve the right to reply: good answer.

If you can't trust the government

[sgrover]

"If you can't trust the governments of the world, who can you trust?" - Young Einstien

Re:

[gnick]

And now, folks, it's time for "Who do you trust!" Hubba, hubba, hubba! Money, money, money! Who do you trust?

-The Joker

Re:this is why...

[RobertNotBob]

What? Why?... The only actual content from this article that I can see is that WHEN the NSA has compromised a system, they look to see if anybody else has also owned the box. ... That's not untrustworthy Government, that is sound, logical procedure. And every single White-Hat organization does this. --- Now don't get me wrong, I'm not advocating for the NSA, but I'm not going to blame them for using industry recognized Best Practices.

Re: this is why...

[Brockmire]

Yes. What part don't you understand? It's pretty fucking straight forward.

Re:

[dcollins117]

What? Why?... The only actual content from this article that I can see is that WHEN the NSA has compromised a system, they look to see if anybody else has also owned the box.

See the part where is says "Leaked files" and "tranche of stolen NSA hacking tools?" If the NSA can't keep their secrets secret then you shouldn't trust them or any one else with a backdoor key to encryption. One of many reasons, actually.

Re:

[iggymanz]

Funny the fad of using the term "best practices" thinking that by the power of those magic words anything they advocate becomes the right thing to do.

No, the NSA does not employ "best practices" in either the technical or legal sense. Their security has been breached, they are careless with data, they spy on U.S. citizens illegally, they invade allies systems.

Re:

[tinkerton]

This more or less makes sense. It's not a fingerpointing article, it analyses tools and explains what they do.

It also underscores another argument, that they have some serious tools in their toolbox and when there's a hacking claim and the NSA remains quiet, it means something. The NSA never produced any proof that the DNC was hacked.

NSA's most successful project was...

[raftpeople]

AOL cd's

North Korea

[dj245]

Given that North Korea is a high profile hacking target by just about every other government, is it any wonder that their computer networks are separated from the rest of the world? "Repressive" regimes tend to do this to control dissent, but reducing exposure to worldwide networks could be another reason for running a national intranet.

I also wondered why the heck New Zealand is in the Five Eyes [wikipedia.org]. The wikipedia article is probably not surprising to many people but interesting nonetheless.

Re:

[Teun]

Two reasons, like Americans they speak a sort of English that US politicians understand.
And there isn't a chance in hell anyone else would be available in that area.

Re:

[AHuxley]

The network into NK are left open so the NSA and GCHQ can connect the CIA and MI6 to the NK command and control structure.
The top NK mil get made offers. Stand down the more complex mil systems and CIA funded escape negotiation is always an option.
Go to war with all mil systems and that CIA escape is not going to be offered.
That internet link is the communications network for the NSA direct to the NK command.
NK has become wise to such communications and is looking to a new generation of its own trus

Re: OH NO!

[Reverend Green]

Good morning, Agent Smith! How's the weather in Fort Meade today?

Those APTs include(d) ...

[Anonymous Coward]

Occupy, Anonymous, Wikileaks, and even the Tea Party by the way.

And the methods involved injecting moles to cause them to infight, and act as agents provocateurs, to create destuction and violence, so it will be easy to discredit and destroy them officially.

In most cases, the original group (or mindset, as Anonymous was NOT a group until they created one in that name) was perfectly peaceful and sensible, and the evil acts were entirely the actions of "our" oh-so-good "law enforcement".

Yes, I did read the or

How to run that script?

[alexmagni]

Some hints to the availability of that script, for self-cleaning purposes?