Slashdot Mirror

← Back to Stories (view on slashdot.org)

The NSA Leak Is Real, Snowden Documents Confirm (theintercept.com)

Posted by msmash on from the boom dept.

Sam Biddle, reporting for The Intercept: On Monday, A hacking group calling itself the "ShadowBrokers" announced an auction for what it claimed were "cyber weapons" made by the NSA. Based on never-before-published documents provided by the whistleblower Edward Snowden, The Intercept can confirm that the arsenal contains authentic NSA software, part of a powerful constellation of tools used to covertly infect computers worldwide. The provenance of the code has been a matter of heated debate this week among cybersecurity experts, and while it remains unclear how the software leaked, one thing is now beyond speculation: The malware is covered with the NSA's virtual fingerprints and clearly originates from the agency. The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, "ace02468bdf13579." That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE. SECONDDATE plays a specialized role inside a complex global system built by the U.S. government to infect and monitor what one document estimated to be millions of computers around the world. Its release by ShadowBrokers, alongside dozens of other malicious tools, marks the first time any full copies of the NSA's offensive software have been available to the public, providing a glimpse at how an elaborate system outlined in the Snowden documents looks when deployed in the real world, as well as concrete evidence that NSA hackers don't always have the last word when it comes to computer exploitation.

23 of 146 comments (clear)

  1. Witty comment here... by wbr1 · · Score: 5, Insightful

    The real interesting thing will be when detection tools for this malware are created. Then we will see how many people -without warrants- the NSA is using this on.

    --
    Silence is a state of mime.
    1. Re:Witty comment here... by PolygamousRanchKid+ · · Score: 4, Interesting

      The real interesting thing will be when detection tools for this malware are created.

      Well, in order for detection tools to be developed . . . folks will need access to the NSA toolkit code. The honorable thing for the ShadowBrokers to do, would be to make this freely and openly available for all.

      But the fact that they are offering this as an auction, shows us that the ShadowBrokers are just in it for the money.

      I'm guessing that China, Russia and the NSA itself will create bidding "fronts" to bid for them, and no private entities will be able to match their funds. So whatever is in that toolkit will still stay secret.

      --
      Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    2. Re:Witty comment here... by pz · · Score: 3, Interesting

      How quickly can a tool be built that scans all of memory for that string?

      --

      Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
    3. Re:Witty comment here... by rahvin112 · · Score: 2

      No, the really interesting thing is going to be what happens to these "shadow brokers" in time. They've hacked a state sponsored defense agency and published weapons of war for sale. This is the kind of thing that's likely to get you put on a rendition list.

  2. code by MagicM · · Score: 2, Funny

    That's amazing. I've got the same combination on my luggage!

    1. Re:code by imatter · · Score: 5, Funny

      So the combination is... A, C, E, zero, two, four, six, eight, B, D, F, one, three, five, seven, nine. That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!

  3. Re:Soooo by Anonymous Coward · · Score: 2, Insightful

    seriously, when will government employess, contractor or not, realise that LYING should not be part of their job description.

  4. OK, so how did it happen? by ErichTheRed · · Score: 2, Interesting

    I would think that anyone who actually chose to work for the NSA in an offensive capacity would be quite dedicated to their job. Same goes for most intelligence operatives -- I can't imagine they get paid as much as they could make in a private business or a well-funded covert organization, yet there they are. By contrast, Snowden was basically a contract sysadmin who had access to what was going on -- he wasn't coming up with these plans/exploits. I'd guess anyone voluntarily working on these exploits would be pretty serious about guarding their work and wouldn't take copies home on the train with them.

    So -- is it old fashioned espionage tactics, finding out who these people are and squeezing them in various ways? Did whoever is behind this just get lucky and happened upon unencrypted copies of these tools? Should be interesting to watch.

    1. Re:OK, so how did it happen? by HornWumpus · · Score: 2

      Perhaps, on the other hand I bet there are at least a few NSA types making fortunes on insider trading, along with black programs funded by insider trading.

      The agency, no doubt, has the software widely enough distributed to have plausible deniability if the greedy spooks were caught by the SEC (like that would happen).

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    2. Re:OK, so how did it happen? by swb · · Score: 2

      I always figured that the best way to fund black programs was just to back a truck up to the bureau of engraving and take a few pallets of $100s.

    3. Re:OK, so how did it happen? by FeelGood314 · · Score: 2

      The software was likely left on a staging server that got disconnected or forgotten about so the NSA was unable to delete it. The NSA doesn't launch attacks from Virginia so they would likely keep their tools close (hop and latency wise) to their target.

  5. Re:Censorship? by b0bby · · Score: 5, Informative

    What kind of major outlets are you looking for?

    http://abcnews.go.com/Internat...

    https://www.washingtonpost.com...

    http://www.wsj.com/articles/gr...

    http://www.npr.org/sections/th...

    Hell, even the NY Daily News covered it:

    http://www.nydailynews.com/new...

  6. Report the Zero Days by DatbeDank · · Score: 2

    Betting the likelihood of the NSA reporting these zero days to their respective software vendors is zero.

  7. Re:Censorship? by sshir · · Score: 2

    Ok, abcnews does have it on front page, CNN, wsj, nytimes do not.

  8. Re:Censorship? by clubby · · Score: 5, Insightful

    At this point, anything broadly considered to be a "major US news outlet" has, at best, a tangential relationship with "news." CNN is hopelessly clueless and out of touch, while Fox & MSNBC are the propaganda arms of their respective parties. The NYT sat on a vitally important story, clearly in the public interest, in order to help GWB's re-election campaign. These groups are marketing organizations, who sometimes publish news as a means of promoting their brand.

    On the plus side, a major US journalism outlet, The Intercept, is on it.

  9. Re:Soooo by TheCarp · · Score: 4, Insightful

    When the paychecks stop coming.

    Its very easy to ignore the truth when your salary requires it to not be taken into account.

    --
    "I opened my eyes, and everything went dark again"
  10. Re:Censorship? by quantaman · · Score: 4, Interesting

    Ok, abcnews does have it on front page, CNN, wsj, nytimes do not.

    Blame readers.

    At the end of the day newspapers are in the business of attracting readers. A story about NSA hacking tools is too esoteric for most of their readers and lacks the cool characters or personalized villains that drive narratives.

    Even the last /. story only had 130 comments, and it's a story specifically about the NSA and hackers. If it barely interests the /. audience I don't imagine it's going to be a hit with the general public.

    --
    I stole this Sig
  11. Re:Soooo by harrkev · · Score: 2

    Funny how the public keeps on electing people who have perfected lying to an art form.

    --
    "-1 Troll" is the apparently the same as "-1 I disagree with you."
  12. Re:Question is it real or dis-information by pezpunk · · Score: 2

    even slick and savvy very intelligent people fuck up every once in a while. and when your organization is made up of 40,000 people, that means, statistically, at any point in time there is always someone in the process of fucking something up royally, no matter how sharp they are by and large.

    --
    i could live a little longer in this prison
  13. Re:Censorship? by cfalcon · · Score: 2

    "Spies Spying" is not really front page news. Every interesting story can't make the front page. That's why there are other fucking pages.

    This is not a media blackout. This is a niche story with reasonably broad implications, but just because you appreciate all the implications doesn't mean everyone else does.

  14. Re:Soooo by maharvey · · Score: 4, Insightful

    Its not surprising, as the signal to noise ratio is very low, and only a professional watchdog can begin to sort it all out. And even that doesn't help because there are also liars posing as watchdogs.

    The internet only makes it worse, spewing like a fire hose.

  15. Re:Soooo by boristdog · · Score: 2

    When I worked for the federal government in the 80's, I had to break federal laws every day just to get my job done.

    It is not an efficient system.

  16. Re:Soooo by harrkev · · Score: 4, Interesting

    Facts are not unfair or biased. However, media can (and often does) choose which facts need to be reported.

    As a quick example, homicides are down over 50% since their peak around 1992 or 1993. The last time homicides were this low was 1957 (facts, based on FBI statistics). However, I have actually seen articles about "What (insert candidate name here) is going to do about gun violence?" This already assumes several things, and it is possible that NONE of them are true:

    1) Gun deaths are somehow worse than knife deaths

    2) A criminal without a gun will suddenly stop being a criminal

    3) That doing something will automatically make the public safer, instead of just disarming the honest people.

    4) Gun laws will actually affect criminals, whose job actually involves breaking the law.

    Each of those points could be a discussion by itself, and yet some "news" pretends that all assumptions are already decided.

    That is now news, that is propaganda. It is actually shaping the discussion to stack the deck in your favor.

    --
    "-1 Troll" is the apparently the same as "-1 I disagree with you."