Slashdot Mirror
The NSA Leak Is Real, Snowden Documents Confirm (theintercept.com)
Sam Biddle, reporting for The Intercept: On Monday, A hacking group calling itself the "ShadowBrokers" announced an auction for what it claimed were "cyber weapons" made by the NSA. Based on never-before-published documents provided by the whistleblower Edward Snowden, The Intercept can confirm that the arsenal contains authentic NSA software, part of a powerful constellation of tools used to covertly infect computers worldwide. The provenance of the code has been a matter of heated debate this week among cybersecurity experts, and while it remains unclear how the software leaked, one thing is now beyond speculation: The malware is covered with the NSA's virtual fingerprints and clearly originates from the agency. The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, "ace02468bdf13579." That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE. SECONDDATE plays a specialized role inside a complex global system built by the U.S. government to infect and monitor what one document estimated to be millions of computers around the world. Its release by ShadowBrokers, alongside dozens of other malicious tools, marks the first time any full copies of the NSA's offensive software have been available to the public, providing a glimpse at how an elaborate system outlined in the Snowden documents looks when deployed in the real world, as well as concrete evidence that NSA hackers don't always have the last word when it comes to computer exploitation.
> classified top secret, provided by Snowden, and not previously available to the public.
But it was available to Wikileaks. Occam Razor says hacking wikileaks is probably easier.
Your hair look like poop, Bob! - Wanker.
I'm still waiting for major US news outlets to cover the story. Are they being censored? The story has major political implications, e.g. often proposed mandate to allow government to access encrypted private communications, etc. BBC seems have no problem reporting on this.
The real interesting thing will be when detection tools for this malware are created. Then we will see how many people -without warrants- the NSA is using this on.
Silence is a state of mime.
That's amazing. I've got the same combination on my luggage!
We need an untraceable unique identifier.
How about splitting alternate letters and numbers then concatenating the strings.
Unique, memorable and plainly untraceable, I like it.
Do you really need to ask if US News agencies censored? The current media puts the old Pravda to shame. If they were merely protecting State secrets I'd give them a pass on this, at least in terms of discussing details. They should however discuss concerns with the operations in general terms so that the public can debate and direct the Government. They are not however interested in protecting the State and have no concern for truth and honesty. Have not had such concerns for literally decades now. The fact that media claims to have different names makes it less visible to the unwary.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
I would think that anyone who actually chose to work for the NSA in an offensive capacity would be quite dedicated to their job. Same goes for most intelligence operatives -- I can't imagine they get paid as much as they could make in a private business or a well-funded covert organization, yet there they are. By contrast, Snowden was basically a contract sysadmin who had access to what was going on -- he wasn't coming up with these plans/exploits. I'd guess anyone voluntarily working on these exploits would be pretty serious about guarding their work and wouldn't take copies home on the train with them.
So -- is it old fashioned espionage tactics, finding out who these people are and squeezing them in various ways? Did whoever is behind this just get lucky and happened upon unencrypted copies of these tools? Should be interesting to watch.
You obviously didn't even read the summary. That, or your English interpretation skills are subpar. It specifically says the Snowden leaks referenced a manual on how to track the malware. What they found is that what they use to track the software is ask over the new leak.
Snowden obviously did not leak any software, just the manual to use said software.
Maybe I'm missing something here, but as I read this, it is saying that these software shows traits described in the documents Snowden released to the public years ago... how is this in any way proof?
Imagine I were to publish in a newspaper, "every article I write will include the word 'stegosaurus.'" Now somebody else publishes an article, intentionally includes the word "stegosaurus," and then claims that that is proof that I wrote it. That's obviously dumb, because everybody knew that that was my habit, so anybody could imitate it.
Could the same thing not be true of this hack? It's certainly circumstantial evidence, but it is far from conclusive proof in my opinion.
Betting the likelihood of the NSA reporting these zero days to their respective software vendors is zero.
They broke our Enigma code.
What they found is that what they use to track the software is ask over the new leak.
I have no idea what you meant there.
But if you had read the article you would see the direct connection to the documents Snowden admits he stole and the code that ShadowBrokers is trying to sell today. His leak didn't "reference" a manual, it was the manual. The code existed before he headed to Russia.
The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, “ace02468bdf13579.” That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE.
When stuff like this occurs I always wonder...is the super-snazzy NSA really just a bunch of knuckleheads or are they really slick and this is part of an elaborate and well planned disinformation campaign? Based on my life experience I'm pretty sure its the former...but TV/movies make me wish it were like the latter.
it's bullshit and/or a massive honey-pot and/or an attempt at some future propaganda piece to smooth over or calm the anger against the U.S and its NSA. "it's the Russians or Chinese because they have our h4xx0r tools!" etc
My favorite part is any argument the government makes now that they need access to everyone's devices, and weakened encryption. Sorry, but you can't even keep a lid on your own stuff. **** off.
Right, and government/law enforcement backdoors are going to be perfectly safe and will never, not ever, fall into the wrong hands, pinky swear! Just trust us!
When the copyright term is "forever minus a day", live every day like it's the last.
Exactly, so he did not "steal" any software.
Autocorrect on my tablet makes sentences incomprehensible sometimes. But you just pointed it to be how Snowden did not steal any software, yet your original post says he did. What did I miss?
Dammit that's the combination to my luggage!
When the only tool you have is a claw hammer every problem starts to look like the back of someone's skull.
The NSA gives at least two shits, that's who.
And they have the ear of the guys with guns, so attempting to "fuck em" is likely to end up with the fucker becoming the fuckee. At best. At worst, the fucker may become the subject of interment. And these aren't just any guys with guns, either. These are the guys with the most guns.
Those two-or-more shits could get a lot of people killed.
Snowden is probably an NSA plant meant to distract us anyway. He might not even know he is, they just fed him all the crap that he's "revealing" and it's either fake, or they don't care that we know. Think about it, has Snowden actually told us anything that we didn't already know (or suspected at least)? Who gives a crap if the NSA got hacked, it's what they do, the hack, they get hacked, and the cycle continues.
I'll guess it's been fabricated by the NSA to root out interested parties, and certainly to fool Snowden.
So have antivirus/antimalware vendors updated their definitions to detect the exploits that have been leaked so far?
That would be both useful and informative as to the scope of these programs.
The documents are still there. So Snowden didn't so much "steal" them as "share" them.
The only way to get a second date for me is to install, or preferably let the gals of the NSA install this package to my system.
Ralgha is probably an NSA plant meant to distract us anyway. He might not even know he is, they just fed him all the crap that he's "revealing" and it's either fake, or they don't care that we know. Think about it, has Ralgha actually told us anything that we didn't already know (or suspected at least)? Who gives a crap if the NSA got hacked, it's what they do, the hack, they get hacked, and the cycle continues.
Leaks like this are a good reason it's a bad idea to require that encryption systems have backdoors that are turned over to the government.
https://yro.slashdot.org/story/16/08/18/2213257/how-the-us-will-likely-respond-to-shadow-brokers-leak
NSA leaked bullshit then claimed their shadow did it.
Do not believe shit on this fucking site right now regarding security or government.
Or really anything.
From first post on other story...
But now look at the new FBI Slashdot spin...
The Intercept can confirm that the arsenal contains authentic NSA software, part of a powerful constellation of tools used to covertly infect computers worldwide.
Confirmed wow. Authentic wow. Powerful wow. Constellation wow. Covertly infect wow. Worldwide wow.
You blow it 1) on dupe... the first time failed that was a big clue 2) sensationalizing the dupe and failing even more dramatically.
Anybody who posted like OH WOW NO KIDDING is a liar here too.
All bullshit. Not real. Ignore the whole fucking summary. owefjioqwehfweio and seconddate seconddate is all cunt shit.
You lying mother fuckers keep pushing this agenda. It is all based on the dupe story from Snowden on Twitter the other day.
He does not use Twitter. Guess who controls Twitter? The USA government. 9/11 was a big lie too. But can you see through large lies?
So, how many anti-virus companies scan for that ace.... code?
This should be an obvious addition to the virus signatures.
Where did I point out that he didn't steal the code? He admitted that he stole the manual, and now the code which goes with the manual turns up. How obvious does it have to be that he took the code at the same time he took the manual.
It's strange to me that no one seems to ever question the integrity of the documents provided by Snowden - they are assumed to be exactly as he found them.
Never once a question of editing those documents, or adding new ones.
Bizarre, isn't it? How easily we receive what we want to believe.
Being labeled as authentic will certainly raise the bidding price on the auction. Is Snowden actually ShadowBrokers? Does he get a cut from the auction?
Why else is he engaged in a timely marketing campaign to authenticate the software? I would think he could have waited until after the sale, unless we really wanted to boost the price.
*drops the mic.*
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
everything about everything
A: The hackers do.
Snowden himself said they were "authenticious"
When you make an assumption, you make an ass out of u and umption.
You're assuming the code and the manual that went with it were taken in separate attacks? Why would you assume that?