How The US Will Likely Respond To Shadow Brokers Leak

blottsie writes: The NSA and FBI are both expected to investigate the leak of NSA-linked cyberweapons this week by an entity calling itself the Shadow Brokers, experts with knowledge of the process tell the Daily Dot. However, multiple experts say any retaliation by the U.S. will likely remain secret to keep the tactical advantage. Meanwhile, Motherboard reports that some former NSA staffers believe the leak is the work of a "rogue NSA insider." "First, the incident will be investigated by the National Security Agency as it tracks down exactly what went so wrong that top-secret offensive code and exploits ended up stolen and published for the world to see," reports Daily Dot. "An FBI counterintelligence investigation will likely follow, according to experts with knowledge of the process. [...] Following the investigation, the NSA and other entities within the United States government will have to decide on a response." The response will depend on a lot of things, such as whether or not an insider at the NSA is responsible for the breach -- a theory that is backed by a former NSA staffer and other experts. "The process is called an IGL: Intelligence Gain/Loss," reports Daily Dot. "Authorities suss out a pro and con list for various reactions, including directly and publicly blaming another country. [Chris Finan, a former director of cybersecurity legislation in the Obama administration and now CEO of the security firm Manifold Technology, said:] 'Some people think about responding in kind: A U.S. cyberattack. Doing that gives up the asymmetric response advantage you have in cyberspace.' Finan urged authorities to look at all tools, including economic sanctions against individuals, companies, groups, governments, or diplomatic constraints, to send a message through money rather than possibly burning a cyberwar advantage. Exactly if and how the U.S. responds to the Shadow Brokers incident will depend on the source of the attack. Attribution in cyberwar is tricky or even impossible much of the time. It quickly becomes a highly politicized process ripe with anonymous sources and little solid fact."

SLASHDOT, THE ONE STOP FBI BULLSHIT SITE

NSA leaked bullshit then claimed their shadow did it.

Do not believe shit on this fucking site right now regarding security or government.

Or really anything.

Re:SLASHDOT, THE ONE STOP FBI BULLSHIT SITE

>experts with knowledge of the process tell the Daily Dot.

So easily confirmed by their own shadows I suppose.

Re:SLASHDOT, THE ONE STOP FBI BULLSHIT SITE

Yes, down with reasoned assumptions that may only be partially right, but yay for the fox telling us hens everything is fine, right?

The fact that our own intelligence agencies violate our rights and treat us as enemy combatants leaves me with little sympathy when their own arrogance and ineptitude get then pwnt.

Re:SLASHDOT, THE ONE STOP FBI BULLSHIT SITE

The NSA is way out of their league here. There are hackers out there who they can't even begin to match and many more than the number of people they have working for them.

Re:SLASHDOT, THE ONE STOP FBI BULLSHIT SITE

One thing is for sure, they will be on the same page.

Re: SLASHDOT, THE ONE STOP FBI BULLSHIT SITE

The NSA have the money, the soldiers and all forms of resources though.

Re: SLASHDOT, THE ONE STOP FBI BULLSHIT SITE

[Grishnakh]

The NSA have the money, the soldiers and all forms of resources though.

They do?

I realize the US government controls a large amount of money, for fairly obvious reasons, but it's also infamous for government jobs not paying very well compared to private-sector jobs. This has been a big problem for some time now with the government unable to effectively recruit and retain tech workers. The main draw of a government job is stability, not pay, so this results in the government having a lot of not-so-competent workers, while all the best people go to work in private industry somewhere where they can get a lot more money.

I have a hard time believing that the NSA is somehow exempt from this problem. Federal government compensation is, to my knowledge, standardized across all the agencies.

Having soldiers isn't any help here, we're talking about malware, hacking tools, etc. If your goal is to hack into some computer on the other side of the planet, without being detected, so that you can spy on someone, having a gun isn't going to help you.

The OPM data breech last year should have been a good indicator about how incompetent the US government is at computer security. When you can't hire and retain the best people, but you're trying to protect one of the most valuable targets in the world, disaster is imminent. And due to the utterly broken nature of the government (basically, good luck getting Congress to agree to pass a law fixing this problem), there is no solution.

Re: SLASHDOT, THE ONE STOP FBI BULLSHIT SITE

Government work is the realm of the incompetent and lazy. It holds true for each and every nation in the world. Smart people are coveted by private enterprise.

FBI need to rock this song.

http://www.youtube.com/watch?v=sD73t0xa0Ew

Their moles won't like it though because they are not Americans.

Re:FBI need to rock this song.

none of the FBI are americans in true sense. they bring in child porn and child sex trafficking and drugs more than any other group does in the states.

Re:FBI need to rock this song.

The FBI, CIA and NSA are all traitors to the United States and have been undermining liberty and have been propagating terrorist fear for years. Every single person who works for one of those agencies needs to be tried and executed for treason.

Yea

but was it "intentional"???

Re:Yea

duh, they can't accidentally shadow broker to themselves.

Re:Yea

[saloomy]

They will conduct a witch hunt in public, of course. Their response will be in public, of course. The blame will be covered well by the media, the retaliation made public. Not to set an example. No. The real reason all of this will be done in public is because it keeps the media (and everyone the media then manipulate into accepting that the important things are whatever the media spins in our "culture of outrage") focused on the wrong thing.

Keeping the conversation on the leaker, and not what is being leaked, is the only way for them to perpetuate their continued violation of law, their intelligence systems functional, funded, and their ability to persecute whomever they want, for whatever they want, liberty be damned.

What we should be talking about is: How can they sit by in good conscience, and exploit the mistakes of the very industry that boosts the economy of the 21st century? How can they leave us exposed? How do they expect other governments (of countries more populated than we are) to not have the same skill set to discover these flaws? Where is our protection?

The intelligence community has clearly lost track of its real mandate. It needs to be disassembled and rebuilt from the ground up. J Edgar's legacy is alive and well, and it is a pox on our house. Focus on that, and thank the leakers, whomever they are for pressing this issue with the American people.

Re:Yea

[Velox_SwiftFox]

Look up the phrases "need to know" and "plausible deniability".

Re:Yea

The intelligence community has clearly lost track of its real mandate.

Domestic state security over the national population has always been the primary of the secret police.

Re:Yea

of course, of course.

Re:Yea

[currently_awake]

Our Intelligence Agencies need to be split between attack and defense, so that every time we get hacked we know who to blame. Let the CIA take care of all offense and spying stuff, with the NSA devoted to keeping America safe. Big question: will they (now) help patch the holes in our security? That would neutralize the weapons their poor security dumped into the hands of America's enemies.

Easy.

[wierd_w]

1) there will be a witch hunt.
The nsa will investigate its own employees against its already existing psych profile sheets to see who is the most likely to have been motivated to steal the data. Then they will set up an internal emtrapment scenario to catch the leaker red handed. They will then be charged with federal espionage, and put into prison.

2) the same investigation will sift out accomplices and contacts. The trap will not be sprung until positive id has been made on all members of the cell.

3) the nsa will not directly move against the other members of the cell. Instead it will monitor, and selectively leak false intel to this cell, making it ineffectual, or worse, countereffectual to the foriegn government operating it.

4) if deemed useful to do so, the cell will be infiltrated with a new "insider", who will actually be collecting and analyzing the cells instructions to better predict and respond to the foriegn power's activities.

Really, this is not hard.

Re:Easy.

Ever heard of Ed Snowden? He explained very frankly that is NOT how the NSA operate.

It should be obvious when you have the us government employees themselves calling Ed Snowden a treasonist for telling on them.

And to top it off, you read it on FBI Slashdot. Who are you really though?

Re:Easy.

Sorry for my sloth but....am I correct in understanding that the NSA knew about security holes in important aspects of our cyber infrastructure, and rather than report them so they could be fixed, they sat on them so they could use them "to protect us"?

They knowing left these holes open, with no idea (nor any way of knowing) whether or not any criminals were exploiting these holes already, to our detriment?

I'd say they aren't just failing to do their job, they are knowingly doing the opposite of their job. Their conscious inaction put at-risk those they are supposed to protect, is therefore unethical, and constitutes an enormous breach of trust given their position of authority.

They should all burn. I don't give a shit who spilled the beans, I want the decision-makers at the top to be thrown in jail for this.

Of course...I am not super-rich, so I won't get my way.

Re:Easy.

[wierd_w]

I have.

Note in citizen 4, the first phase of the nsa's activity against Snowden was in sussing out his aberrent behavior, and surveiling his girlfriend, family, and Hawaii place of residence. This is what happens in phase 1) of my short list. A list of persons of interest is produced using psych details, and active monitoring starts. Connections maps are created. Points of surveillance are established, and monitoring priority increases. Phase one ideally (for the nsa) ends with apprehension of their leak, but the process does not end there.

After sussing out the entry point of the leaker, the companion network is either dismantled, or subtly repurposed for cointel.
False intel is fed to the group. If the false intel causes the foriegn agency to suspect compromise, it sends the message to that foriegn agency that their action was detected, and that thier methods are not valid any longer. If the foriegn agency fails to change the operational behavior of the cell, then it may become beneficial to plant a double agent. This double agent can then cause the foriegn power to change its policies or public activities, through contaminated or misleading intelligence, created specifically for this purpose.

That they can conduct such a profoundly invasive phase one investigation using literally any internet connected, or broadcast capable device, along with your financial data, and the information about you provided by your so called friends on social media, is the primary thrust behind snowden's leaks. What the NSA will do, and why they will do it is not going to change. The leaks from snowden concerned the how and the what.

Re:Easy.

[wierd_w]

From ths perspective of people who like to watch, as the nsa does, telling the landlord about where all the best places to peep so they can be fixed, is counter intuitive.

That the same building techniques are used in thier own house, and that other people who like to watch can peep on them through them, is not seriously considered.

Instead, only the loss of really good ways to peep is what is considered. If the method of peeping is likely to be discovered, or the architecture behind the means of peeping changes such that the approach becomes less valuable, the peeping Tom may delude himself into thinking that he is doing a service to society and the landlord by pointing out how that peeping may happen. (See for instance, methods used to remotely observe what is displayed on a crt monitor by monitoring the em spectrum for telltale radio artifacts-- who uses crts these days?)

The nsa is sick, and likes to watch. The very idea that they would feel they should stopper up the holes they look through, or alert people that they are looking at them through them, is counter to their fetish. The very idea is absurd to them. Only somebody that sees by accident, and is disgusted by having seen, has motive to see to it that no such seeing ever happens again, apart of course, from somebody catching somebody peeping on them, and discovering the hole that way.

From the perspective of the nsa, if they have eno ugh places to peep through, you can putty up holes all day, and they can wack off to watching you do it. Telling you where all the holes are stops that from happening. They want to watch you. Not keep you safe from being peeped on.

Re:Easy.

I agree. Why in hell is the NSA allowed to investigate their own leak? Don't we think they'll place the blame where they want it placed? Surely the DoJ, at the Supreme Court level, should be investigating this leak.

Re:Easy.

[TheRaven64]

am I correct in understanding that the NSA knew about security holes in important aspects of our cyber infrastructure, and rather than report them so they could be fixed, they sat on them so they could use them "to protect us"?

Yes. This is a big problem with the NSA and GCHQ, which have the dual missions of securing infrastructure and compromising enemy infrastructure. These missions come into direct conflict when the core of your and your enemy's infrastructure rely on the same components. Germany separates the two missions into separate institutions.

The same thing came up when Heartbleed was discovered. There were basically two options:

• The NSA had not found the vulnerability, in which case they were seriously failing in both missions as they'd either failed to notice that OpenSSL is core infrastructure (for the USA and for other countries) or they had failed to fuzz the protocol properly (part of the embarrassment about Heartbleed was that proper testing would have found it years ago). If this is the case, they are incompetent because there was evidence that the vulnerability had been exploited in the wild before the official disclosure.
• The NSA had found the vulnerability but had decided that being able to attack SSL connections was worth the cost of leaving all financial and a lot of secure government communications vulnerable to foreign intelligence and criminal organisations. If this is the case, then they are incompetent at risk analysis and should not be permitted to engage in risky behaviour.

There is no interpretation of events that makes them appear competent.

Re:Easy.

You forgot...

5) Blame Putin

Re: Easy.

Snowden's my hero but he is showing symptoms of Stockolm syndrome.

Re:Easy.

[AmiMoJo]

That's assuming it was insiders. Snowden said it looked like they got in via an NSA malware staging server. Those kinds of servers will always be weak points.

Re:Easy.

I prefer to directly go to waterboarding of randomly chosen employees of the agency. Maybe even better - 1/10 will be waterboarded by the rest. Who refuses to cooperate will be put on the stick.

Re:Easy.

[ausekilis]

Playing devil's advocate (and kinda sounding like a gov shill... sigh...):

Sorry for my sloth but....am I correct in understanding that the NSA knew about security holes in important aspects of our cyber infrastructure, and rather than report them so they could be fixed, they sat on them so they could use them "to protect us"?

Considering how much of the global gov/economy mimics the US in terms of software/hardware used, it's not just the U.S. that is vulnerable to these exploits. Just sayin'.

They knowing left these holes open, with no idea (nor any way of knowing) whether or not any criminals were exploiting these holes already, to our detriment?

What? And help our adversaries protect their low-hanging fruit?

I'd say they aren't just failing to do their job, they are knowingly doing the opposite of their job. Their conscious inaction put at-risk those they are supposed to protect, is therefore unethical, and constitutes an enormous breach of trust given their position of authority.

Here you have a good point. There's this concept of organizational charters for the government. It's the CIA's job to look outside our borders, the FBI's to enforce federal laws within our borders, and the NSA? to grope us at airport terminals? Why are they around again?

They should all burn. I don't give a shit who spilled the beans, I want the decision-makers at the top to be thrown in jail for this.

Of course...I am not super-rich, so I won't get my way.

You should know that's not the way the gov works. You get a demotion and shoved in some clerical job until you retire. It worked for Patreus, and he should have spent a good 25+ years in club fed. Of course, the gov often does the wrong thing for the right reasons and the only way we can instill any change is by voting for the lesser evil and actively participating in government. They won't listen to 100 or even 1000 people, but once you start getting into millions then maybe.

Re:Easy.

[thoromyr]

You are assuming that this was an insider. If that assumption is false then your #1 is really a witch hunt (as you designated it, though given the rest of your comment I doubt you understand what the term means).

"Really, this is not hard."

Great, thanks for your confidence. You mention Edward Snowden in a comment below to justify this fantasy. An important difference is that in that case they *knew* who had done it. You conveniently overlook the difficulty in conducting this kind of investigation.

Taking as true your assumption that it was an inside job, for your "witch hunt" to be a real investigation with ability to identify the actual culprit there has to be a means of discrimination. One example of how the government routinely fails in this task is their reliance on lie detectors. Everyone working for the NSA has been through it during screening on periodically thereafter. The government loves this absolutely unscientific and thoroughly discredited technique for the simple reason that it gives them the ability to score individuals with pass/fail for clearance. Note that, in general, it is not required to go through a polygraph to obtain a TS clearance -- the various scopes are reserved for particular employment (e.g., FBI, CIA, NSA, etc.). In other words, this is the "step-up" tool that they rely on to improve discrimination before granting access to an individual.

And yet, it fails. Edward Snowden is the currently most famous example, but there are others. If the polygraph had any utility it would have identified the insiders before things blew up. Everyone with a clearance has been investigated during screening, and again periodically. And yet, these investigations failed to stop these individuals. But you have faith that "doing it again" will somehow reveal their identity. Bully for you, but pardon me if I lack such faith.

One of the other difficulties with finding an insider (assuming that such is the case) is how do you know that you aren't tasking the insider with finding himself? When it became obvious that the CIA had a mole leaking the identities of turned agents the investigation was 100% need to know and very few people were in the know. And yet, the target of the investigation was one of those people (head of counterintelligence). Yes, they did catch him. Just because the mole is aware of -- and even running -- the investigation does not preclude identifying him. But it is pretty easy to understand how it complicates things by providing opportunity for framing, surreptitiously destroying evidence, etc. And, considering that case in particular, it was clear from reviewing his file that Aldritch Ames was career managed, but the CIA claimed they found a solitary mole and that imprisoning him ended it. How many other moles did the Soviets successfully implant? Who managed Ames' career?

Without clear knowledge that it was an insider, any internal investigation is very likely to result in what aptly termed a witch hunt rather than a productive investigation. Someone may be identified and it may even be a mole -- related or not to the present incident. But ground knowledge truth is remarkably difficulty to achieve, as is apparent to anyone who has conducted real investigations.

Really, this is hard.

Re:Easy.

Another big problem is how allied intelligence collude to conduct surveillance on the other's citizenry, and then disclose the findings.

Re:Easy.

That the same building techniques are used in thier own house, and that other people who like to watch can peep on them through them, is not seriously considered.

That is the first thing that occurs to a thinking person in any scenario: if this can happen to them, can it happen to me? We're not talking about stupid people here, either.

Re:Easy.

[liquid_schwartz]

They should all burn. I don't give a shit who spilled the beans, I want the decision-makers at the top to be thrown in jail for this.

Alas we have already reached the point where despite being caught in lies and multiple smoking guns government itself now openly admits that the connected are above the law and that "no reasonable prosecutor would bring such a case". So while I agree that they should hang for treason it won't happen. They can do whatever they want and can do it more openly and brazenly than ever before.

Re:Easy.

[currently_awake]

The phrase you are looking for is "Deserting your post in the face of the enemy", and usually meets the definition of Treason (but not in the USA).

Re:Easy.

>What the NSA will do, and why they will do it is not going to change.

It already has changed.

You seem to concede defeat to government employees even when there has been none.

Snowden has yet to leak all names. The names eventually go public. Then you look at what harm have they actually done to the United States population. The USA is far beyond bankrupt and is only persistent because the population are like you... accepting being raped.

That only works for so long, again, because they are not anonymous people like they wished they were. They don't care about their families and left them to go be spies but that doesn't mean their families are not in harm's way. There are few spies compared to gun owners. This includes military with the same clearances that actually have morals. So as I am typing this, it is already happening.

The US is fucked over and robbed every way and the spy intention is to rob the rest of the world similarly. They can never steal enough. They are wackjobs. There is no god or morals in them. They lie to get what they want like raccoons or some other sort of critters.

The USA has foreigners flooding the borders every day in the MILLIONS. The social services are strained yet people keep showing up to work for those fiat dollars. When this stops, when the people collectively say oh fuck no... no more of this... you will have a well armed already active duty militia to remove the pieces of shit that not only pulled off the 9/11 false flag but have ripped the country's finances to shreds.

Enemies in USA right now are both foreign and domestic. It is being dismantled from THE INSIDE. Now who do you kill? Russians or sand people? No. That is what the ones ripping you off want you to do for them. They are not clever, they just prey on the innate nature of people to think everybody hopes for good. This is why treason is death penalty. The deaths should be gruesome to spare future stupidity like this.

CIA USA FBI DOJ STRATCOM DHS (???) are all guilty of mass murder and even thus, against the American people. That is the nature of their treason. Ed Snowden was only the first of them to say fuck this shit.

Re:Easy.

[sysrammer]

Govt openly admits to reality! News at 11!
As Douglas Adams said, "People are a problem".
Sadly, this is the way humans do things.
Revolutionaries allatime kicking the old bosses out.
"Meet the new boss, same as the old boss". /endofmorningrambletimeforcoffee

Good luck with investigation!

[sshir]

It was 3 years ago. Importance of this detail is this: in pre-Snowden era NSA did not have access logs or other internal audit tools. Those were considered risk to security of operations.
My speculation is that this is why the data dump is so old - to maximally complicate forensic team's job.

Re:Good luck with investigation!

What a coincidence for somebody as knowledgeable as yourself to just show up for this story? And to comment as you did/

And you are (#52729323) and SS here at the same time? You work for STRATCOM. I have all your shit bitch.

Re:Good luck with investigation!

[tshawkins]

Or the actual breach occured over 3 years ago and the data has been in cold storage until now.

Backdoored Releases

[zenlessyank]

For you tracking pleasure. Either these guys have gotten complacent or this is a setup. Either way it is fucked up.

"Secret" and "Tactical Advantage"

"remain secret to keep the tactical advantage"

I'm not entirely convinced the FBI and NSA know what those terms mean.

Financial implications?

If Trump were president somebody would be getting Nuked over this.

Re:Easy. ---CITIZEN FOUR-- Go watch it NOW

Everybody on this FBI ass BBS need to go watch Citizen Four (Ed Snowden actually explains the NSA ways)

Everywhere you look something on your computer or website is trying to hijack you. The spies need to fuck off and die. They pretend they are your solution but can you count the debt of your country? Do you feel like they used your money to help you?

Do you see anybody in burka's trying to kill you or spy on you? No. There is no ISIS neighborhood just FBI and CIA NSA lies.

Thanks for taking over Slashdot feds. We needed to talk about this.

Mole hunt or blame Snowden?

Why not both!

Re:Mole hunt or blame Snowden?

You have to fire the entire bunch. They knew it was possible so they set ways up to counter that approach.

1) steal all of your money.

There you go.

So impeach of course, and kill for treason. The Senate are vastly treasonous, kill them. House of Reps less treason, fire them and don't worry about it. Spy agencies? Treason every last employee of them. Close the borders and disembowel all spies. Begin there.

Military have connections to the spy agencies, so you have to convince their chains of commands it would benefit them to stay alive AND protect the USA from enemies foreign AND domestic. You don't need martial law, you just need the backstabs out. This includes the Federal Reserve but then you have a huge calamity, the money is not there. Fort Knox is empty too. They had a fun time fucking you though.

Take care.

Re:Mole hunt or blame Snowden?

Ed Snowden was right and is right. He also has not dumped all names, nor is he the only one with access to them. :-)

"rogue NSA insider"

I think you mean a decent human being unlike all the other thugs

Unsurprising

[z0idberg]

Not one of the steps involves questioning whether the NSA should be sitting on these 0-day exploits for their own use for years and leaving their own citizens and companies vulnerable to attack, rather than notifying the owners of the code and getting them patched.

First order of business is finding out who let the cat out of the bag and getting retribution.

Re:Unsurprising

[sjames]

It seems to me the first responsibility is to inform each vendor who has a vulnerability that is exploited so the stolen cache of cyberweapons becomes useless.

Re:Unsurprising

[z0idberg]

Cisco already has.

http://news.softpedia.com/news...

Re:Unsurprising

[sjames]

True, but that's no thanks to the NSA. The exploit they fixed was leaked as part of the proof they actually have something worth paying for.

Re:Unsurprising

[rtb61]

The first step is patience, let the tools spread and behind a wave of script kiddie attacks, the NSA launches a global back door offensive, trying to stick in as many back doors as possible behind a wave of script kiddie attacks, some of which will be prosecuted as cover. A stolen idea back from when crackers (before main stream media renamed them hackers), distributed their software to provide cover for their activities and have the heat taken off when those script kiddies get busted. Kind of odd making the leak public but their are lots of good people at the NSA who would not approve of this kind of criminal activity, by corrupt political appointees, so publicise the release of those NSA tools, rather than have honest NSA agents report that NSA tools were used in a criminal fashion.

Re:Unsurprising

Normal.

Ignore the crimes revealed. We must find who revealed them!

See DNC hack. Blame russia! How can we make this trumps fault?

Re:Unsurprising

Jimmy Carter said he does not trust internet and uses old fashioned snail mail and a stamp.
Pop a usb stick or SD card in the mail and done .
The dope who leaked this waited years then created a bitcoin link that will closely be monitored - or attacked - misdirection?
One expects it will lead to a dead end of individuals - and probably one who used a logging exploit.

I think the take home here is really big companies are slack - may as well buy Chinese gear, because the confidence level in USA made gear is iffy: you know it has HISTORY un-patched back doors.

Re:Unsurprising

First order of business is finding out who let the cat out of the bag and getting retribution.

This is how all hierarchical organizations work, government or private.

it was north korea

because of seth rogen, trust me, it was all because a freaking seth rogen movie

ive got inside sources and stuff guyz

Not much.

The shadow broker leak is pretty boring. Just a bunch of exploit tools for publicly unknown zero days (Yeah sort of redundant but you get what I mean)

No back doors, no secret keys, no yet unheard of techniques or technologies. Just zero days exploits for popular commercial systems.

Even the fact that most are security appliances really isn't shocking. Such things promote a false sense of security and users trust them far too much, leading to an easy attack surfaced. - It just reinforces what we've known for a long time. Closed, commercial, security is an oxymoron. If you can't audit it, expect it to be vulnerable.

Absolutely nothing you would not expect for an organization that has state actor levels of funding and support.

Re:Not much.

The shadow broker leak is pretty boring. Just a bunch of exploit tools for publicly unknown zero days (Yeah sort of redundant but you get what I mean)

No back doors, no secret keys, no yet unheard of techniques or technologies. Just zero days exploits for popular commercial systems.

So it's safe to assume that you only inspected the free stuff.

If only they could actually learn...

If the NSA, CIA and FBI would actually use their powers for good and share the information they find to make our systems more fortified we'd be much better off than letting these exploits continue. They sure as fuck are not plugging the holes in their systems or other government systems, they just exploit them. They let our financial industry run around with the same exploits they know about and they are dumb as fuck to think that someone else China, Russia, you name it, are not also discovering these exploits. As we can see they were used on the NSA. What a bunch of retarded idiots.

It's much easier and cheaper to defend and create strong defenses than it is to attack and exploit weakness. Why don't they work with everyone and plug the holes, create truly unbreakable encryption and let's move forward. You do not need weak encryption to catch the bad guys. The bad guys ALWAYS ultimately will have a weak link who will bring down an organization. If you're always working on a strong defense nobody is going to penetrate, but if you're always trying to attack, someone will penetrate your weak defenses because you're focusing on attacking.

To bad power hungry assholes can't see that working together benefits all everyone, where as the constant fighting ultimately doesn't benefit anyone except for a very tiny few.

Re:If only they could actually learn...

man you should have just shut up. you slipped.

Re:If only they could actually learn...

How so?

Re:If only they could actually learn...

[Agripa]

If the NSA, CIA and FBI would actually use their powers for good and share the information they find to make our systems more fortified we'd be much better off than letting these exploits continue.

This is the United States Government. They do not do this sort of thing.

It makes sense for sure now that the FBI is here.

this thread has given me many brainstorms. I am appauled at the audacity of these assholes that are supposed to work for the people of america.

Snowden?

[Razed+By+TV]

Part of me wonders if this leak is somehow related to Snowden's mysterious messages a couple weeks ago.
I can't find mention of Shadow Brokers on Google before this hack. (Granted, they may have wanted to remain hidden.) Did the Shadow Brokers exist before this hack? Did they adopt a new name because of the scale?

Re:Snowden?

Ed Snowden doesn't use Twitter. Those are all lies. Guess who runs Twitter? US GOV.

big fat clue.

Re:Snowden?

I am amazed at anybody that would think Snowden would use Twitter for even one second. Did they not listen to what he said?

He explained it all even in that documentary Citizen Four. I am sure there is someplace you can watch it online.

Re:Snowden?

Google bitcoin 911

Re:Snowden?

Shadow Broker is a character in the game Mass Effect: http://masseffect.wikia.com/wiki/Shadow_Broker

"response in kind"

Some people think about responding in kind: A U.S. cyberattack.

I vote we do much worse than that. The very worst, in fact!

When we figure out who the bastards were, we send them Donald Trump. And no giving him back.

Re:"response in kind"

Two topics always pop up when the pressure is on feds to tell the truth lately. One is Donald Trump and the other one is Pokemon GO.

You people are some fucking weirdos.

One thing for sure, this is not Snowdot.

I do see many comments that sound very plausible. I have seen Citizen Four myself.

I have been a /. reader for a long time

I don't log in any more but this is surely odd in the summary.
https://motherboard.vice.com/read/former-nsa-staffers-rogue-insider-shadow-brokers-theory

It is linked twice? Are you even like kidding me? How hard do you need to hammer that narrative in?

Myself, I reject it. I know this place is feds just by the content of the posts lately.

retro-active comment

This looks like the political response. Which narrative out of a "Snowden 2.0" or a "Russia broke us" has less political costs? Of course - there has already been Snowden 1.0. Snowden says this looks like Moscow. The general narrative so far is "Moscow". Even Kaspersky - the folks who "discovered" the equation group and verified the authenticity of the software - says it was likely Russian.

Asymmetric advantage is an interesting idea here. Economic sanctions against a rouge agent? The article is suggesting nation-states as targets because they are likely sources. Can they actually bomb a hacker? I think the costs would be horrific. That means the asymmetric advantage in the current circumstances might be in favor of the shadow brokers.

A better piece of misinformation might be "we already downloaded the other trove, and know what makes the key" and "we watch all communication on the planet (Echelon) and will know within seconds when it is released" - in fact we will know well enough to intercept it, delay it, and get both the source and the destination. Such a statement would delay and complicate the interactions of parties, as well as being true. As folks with the source code, and keys to most encryption (and brute force to crack nearly everything unclassified on the planet in under 3 days) they have decoded everything that is currently public. With eyes in several places, they likely have a good idea both of who has copies, and when they got those copies. They have had man-in-the-middle corruption since the 90's, so there might plausibly "call home" flaws and such in the downloaded code, should it ever attempt to be activated.

Re:retro-active comment

tl;dr

Incoherent.

NIGGA THIS STORY IS BUNK NIGGA

Feds all up in this bitch fuck you

I wonder if there ARE any feds around here?

9.99/10 yes.

NSA got high score on Pokemon GO

They run that game like beasts.

The "rogue NSA agent"

[zedaroca]

Just gave security to a lot of previously unprotected American citizens and foreigners.
It seems like the only agents worth their food are the rogue ones.

I use this now.

https://www.sendspace.com/file/w35ddl

It was linked someplace online, it is Tails Linux and not a compromised version. I think this should go here.

In other news

[johnsmithperson123]

Hackers breach Russian Command and Control server, auction off exploits.

Where is you get yo torrents from uhh

https://yro.slashdot.org/story/16/08/05/0329246/popular-bittorrent-search-engine-site-torrentzeu-mysteriously-disappears

They'll do all the traditional things

Such as blaming national actors or internal leaks
And they will convince themselves they are correct

and the cycle will continue

Re:They'll do all the traditional things

"actors" and "clandestine" are spy talk. Somebody else gave themselves away too.

have a good one FBI. I suggest moving to an island, maybe buy some water wings.

gravitate to profession coincides with interest

... they bring in child porn and child sex trafficking and drugs more than any other group does in the states.

As people are prone to gravitate toward profession that coincide with their interest (child molester to schools, church, summer camps, etc. closet thugs likes to join police force, etc.) I suspect FBI is full of them.

high treason

The FBI, CIA and NSA are all traitors to the United States and have been undermining liberty and have been propagating terrorist fear for years. Every single person who works for one of those agencies needs to be tried and executed for treason.

our elected officials (and thus indrectly, us) created this fine mess, we're all guilty of high treason.

Re:high treason

our elected officials (and thus indrectly, us) created this fine mess, we're all guilty of high treason.

Without the knowledge and therefore without the consent of the people.

Re:high treason

[Grishnakh]

Oh BS. We're about to happily elect Hillary, who is blatantly corrupt. We, the voters, are entirely to blame for this fine mess.

Another walkout

[AHuxley]

That fits with the way people in large bureaucracy act when they feel they can only talk to the press. Given the US press is still constitutionally protected at least the wider public can have the "collect it all" domestic spying conversation that an internal bureaucracy never will.
The NSA will try and counter any more walk outs with more automation of the product lines to other agencies. Wider issues of more human security is then the final customers responsibility not with collection.
More of the buddy system (two workers at any site or for any task) insuring more contractors will be needed for the same amount of work.
Logging and tracking of all workers at work and in the community at all levels. Proactive collection on all US journalists by default rather than after publication.
i.e. an expansion of FIRSTFRUIT. "The Most Intriguing Spy Stories From 166 Internal NSA Reports" (May 17 2016)
https://theintercept.com/2016/...
Less of the artisan thinking to add value to the raw product line and more of a direct production line with a classic time and motion study on every worker all day, every day.
The GCHQ ideas shared with the US in the 1960-80's to ensure good working conditions for all staff could be fully reversed in the US.
How much more access to ongoing education, good wages, great conditions can cover for the domestic collection issue?
Give collection to the FBI and their experts can buy in more hardware, hire contractors, get upgrades. Compliment collection with skilled local staff to finally fully expand on all domestic investigations.
The interesting aspect is that other agencies could task directly to the CIA, FBI and over time the CIA and FBI could take up all the international and domestic work in house.
That could then see a change in flow of future budgets back to more productive traditional methods and make skilled staff very happy. Better control over budgets and a clear focus on all domestic or international collection missions. Staff get the new tools they need locally and depth of ongoing support in house.
A camaraderie, esprit de corps sets in given new cash, experts and missions not needing to slow down to try and seek constant outside agency support.

Re:Another walkout

[Agripa]

You forgot:

Beatings will commence and continue until moral improves.

Leave Liara out of this!

[Voyager529]

How The US Will Likely Respond To Shadow Brokers Leak

Liara needed that intel so Commander Shepard could thwart actual terrorist attacks.

Now everyones backdoors are unlocked

If they make a master key to unlock backdoors into everyones houses, and someone copies that key, now everyone can be robbed. This is why we don't have backdoors all unlockable with a master key. Maybe they shoukd have thought of fixing vulnerabilities instead of building a master key to backdoor into people's computers.

Yummy sources!

[PMuse]

It quickly becomes a highly politicized process ripe^H^H^H^H rife with anonymous sources and little solid fact.

There. Fixed that for ya.

Isn't this just a bunch of zero-day exploits?

[ErichTheRed]

This release would be very interesting if it broke new ground -- finding a computationally-easy way to break commonly used encryption, or a smoking gun universal back door built into OSes or network gear. From what I've read this is just previously undisclosed, easy to implement and potentially dangerous flaws in network equipment firmware.

Here's an interesting question from someone not in the security field -- is this basically what hacking groups do? Are they just collecting a huge inventory of bugs by constantly banging on these devices every possible way they can?

As the investigation goes on, it's going to be enlightening to see how this got out, if it's an actual legit NSA "hack." Was it a spy agency using traditional espionage tactics? Was it a rogue Snowden-esque contractor? Was it some idiot taking work home, then getting his bag stolen on the train or out of his car? Time will tell.

Re:Isn't this just a bunch of zero-day exploits?

Here's an interesting question from someone not in the security field -- is this basically what hacking groups do? Are they just collecting a huge inventory of bugs by constantly banging on these devices every possible way they can?

That is one option, you can send broken data at a server/client in the hope that you will trigger a crash and then analyze what happened. It is called fuzzing. There are also methods the analyze binaries to determine likely security issues. Another option is analyzing the source code for bugs if you have it (either via tools, or manual reading by trained eyes, or usually both).

Re:Isn't this just a bunch of zero-day exploits?

[Agripa]

Is this basically what hacking groups do? Are they just collecting a huge inventory of bugs by constantly banging on these devices every possible way they can?

They also infiltrate their targets and introduce exploits they can take advantage of. The NIST is a good example. Or they might pay the target to include the exploit like with RSA.

Read CALEA that was signed into law in 1994

"CALEA is intended to preserve the ability of law enforcement agencies to conduct electronic surveillance by requiring that telecommunications carriers and manufacturers of telecommunications equipment design and modify their equipment, facilities, and services to ensure that they have the necessary surveillance capabilities as communications network technologies evolve. Communications services utilizing Circuit Mode equipment and facilities, and communications services utilizing packet mode are all subject to CALEA. "

Packet mode = Applies to all American networking companies and telecom companies, esp now that VOIP is so wide spread, broadband, email, etc this was amended in 2006.

I know Cisco and third parties sell CALEA compliant software, BUT:

-Cisco invented Netflow in 1996, a standard to spew out network traffic to collectors for analysis. Say a CALEA compliant collector / Analyzer. Netflow collects metadata, but it's enough to know who is talking to who.
-Also after they bought Cascade and created the Catalyst switching line, those switches feature Netflow and software port span/mirroring(this allows full capture of data without taps)

-CALEA response to comments [2] states if manufacture equipment is used to facilitate any type of telecommunication activity it must have backdoors .

-Cisco purchased Stratcom and Lightstream in 1996/1997I think? LS made ATM switches, ATM connections both intra facility and Stracom made long haul ATM WAN gear that drove much of voice, video, and data traffic in the 90s. These switches would have to be compliant.

-Cisco purchased a SONET telecom company, Cerent in 1999, this was a service provider - ATM and DWDM switches were compliant as well, because they could pass voice traffic, and IP traffic.

-Cisco created the lawful intercept package in 2007, right after tapping the Internet was authorized by CALEA.

It seems like Cisco seriously jumped on the bandwagon right after CALEA and it wouldn't surprise me at all if all of their source code was audited for either compliance to CALEA or by NSA for equipment use in TS government networks, and of course, spying.

I don't know if NSA and Cisco worked together in secret, if it was the result of source code auditing, and we'll probably never know Due to National Security. Add in Juniper and Fortinet, sounds like too many big players are involved in 0 day NSA military grade exploits.

To get CALEA data all it took was a search warrant or a National Security Letter or the like..... This has been going starting with voice then Internet for atleast 22 years. Then don't forget about NSA Echelon where the five eyes spied on all Satellite communication and committed industrial espionage against Europe.... In the early mid 90s. Look it up

maybe...

[haedus]

Maybe they are just trying to work out escape sequences for the Snowden character.

He was the hero who showed the U.S. how it is violating itself with unconstitutional behavior. Then, once it reaches the epic peak, they will pin him as 'the shadow' broker, or whatever name they come up with, later on, if this attempt fails...

When this happens the force for those who stand with him and his principles will be pitted against the force of people who at best vaguely understood him as either hero or villian, will wax over the glossy details of his principles.

Russia will have no excuse to protect him anymore, either. It will be proven he acted purely in self-interest (well grey area proven). Then Russia could use this as pretext for war. They could deny extradition and escalate things. Once that fuse is lit, every other country in the world can start picking sides...

I don't know a whole lot about who's who in the national sphere of things, but I'm sure There are plenty of nations who would side with russia to bring their own beef to the table, and like wise...

This would be the goal of the Snowden game...

I always personally felt very fishy about Snowden from the start, not to the same degree as I did about 9/11... that was beyond fishy, that was like a two ton truck of fish who's refridgerator went out 5 days ago and was stuck parked out front of your house...

Snowden always felt more subtle... Like a fish-hook, waiting to see if anyone would bite... Or perhaps a loose thread that if pulled could unravel the entire garment...

Historically speaking, from my limited understanding, China usually just wants outsiders to stay outside...

Russia on the other hand... I know very little about (I know very little about mostly anything... but..)

and to top it all off, this whole argument is based on the assumption the world is currently operating as a collective of nations, which on many many levels it may; but I would gander the snowden character is not operating under the auspices of any one nation's interest....

Possibly a bit more how a lot of European nations decided to divide up Africa. The real big players are making another land grab, so to speak... (TPP?)

If I do know anything about Russia, I would guess it's that they highly value a certain type of greatness. And if nothing else, I think they would be highly motivated to get to a place where the world can look to Russia and feel awe at their accomplishments, at least looking at things from the point of view of national interest...

That's my bit...

Transparency

This is another example of why there should be no secrets about anything, anywhere on our planet.

Part of a larger campaign

[pablo_max]

This seems to be clearly part of a larger campaign against the US. Whether true or not, I think that many of the smaller countries and even some of the larger ones feel that America has been the unchecked bully for far too long. Continuously chastising others while performing those same actions. Do as I say, not as I do.
I can imagine that these players are working in concert to destabilize America with attacks designed to make the average American lose trust in the government and lose faith in the entire political system.

I fully expect that in the next 2-3 month there will be several new “leaks” which are vastly more damaging to the democratic party than the current batch which only proves the primary was rigged.

Combine this with the fact that for many in Russia, the cold war never ended and you have an obvious conclusion.

Re:Part of a larger campaign

[oh_my_080980980]

"attacks designed to make the average American lose trust in the government and lose faith in the entire political system."

Where the fuck have you been. Americans have been distrusting government since the country was founded!! Move along Potsy.

Re:Part of a larger campaign

[eaglesrule]

Yes, we need a foreign enemy to fear and blame, and thankfully our media will helpfully focus on that rather than the contents of the message. People need to go on believing that the country is fair and just and a force for good in the world, and that it hasn't been hijacked to be the enforcer for rich plutocrats. There needs to be the illusion of choice, since it is better to think of oneself as a citizen rather than merely a subject.

Never underestimate the power of denial.

Seems fair

So uh let me get this straight. We infected others with malware, some of them allies, some enemies. They release the malware we tried to infect them with and this article says we should retaliate with economic sanctions? How is that fair?

Re:Seems fair

Whoever said anything about being fair? Might is right, period. We can infiltrate your systems but you can't do the same to us.

Isn't that the reason we come up with colorful words like "Collateral Damage" for bombing innocent civilians under the pretext of WMDs *cough*free oil*cough* but when someone else does the same it is an act of terror/brutality?

Those Shadow Brokers...

[Alypius]

...better be some smokin' hot Asaris.

Bureacratic Responses

Here is a mostly complete set of Bureacratic Responses. Sometimes these are used serially, and in approximately this order:

1). Deny the problem exists;
2). Admit the problem exists but claim it doesn't matter;
3). OK, the problem exists and matters, but we told someone in an obscure and forgotten policy paper;
4). We asked for money to fix the problem and were denied;
5). We asked for money to fix the problem and were funded, but we screwed up the implementation;
6). The problem existed in the past under "previous leadership" but it's all good now;
7). We tried to fix the problem but required cooperation from outside entity X. Entity X did not cooperate (for all possible values of cooperate, including Entity X setting themselves on fire, in public, in the middle of Times Square, at High Noon on a work day);
8). We are hunting for the Guilty now and we are Shocked! Shocked we say!
9). We are punishing several innocent parties as we speak. Say no more;
10). None of this would have happened if we had the budget for our Plan Opticon Uber Security Delta Integration Scheme! We've not previously revealed our Top Secret internal plans for this, but for the low, low price of 1 Trillion Dollars, we can get the basics up and running!
11). We've repeated asked for all the other security agencies to be folded into our own. We'll never get proper coordination unless we own, er, dominate, er, manage the entire security picture ourselves. Why does no one listen to these urgent requests!? Proper Int-Op-Sec-Norm-Blat-Pop clearly mandates that this take place!

Please....Please....Please

Please let this be the result of a breach of Hillary Clinton's email server.....oh please, oh please, oh please!

So basically nothing

Basically they will do nothing except pound and cry. Possibly also use this as a way to restrict freedoms on the internet for the average civilian.