Slashdot Mirror

← Back to Stories (view on slashdot.org)

Probe Of Leaked US NSA Hacking Tools Examines Operative's Mistake (reuters.com)

Posted by msmash on from the new-wrinkle dept.

Joseph Menn and John Walcott, reporting for Reuters: A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer and Russian hackers found them, four people with direct knowledge of the probe told Reuters. The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers. The public release of the tools coincided with U.S. officials saying they had concluded that Russia or its proxies were responsible for hacking political party organizations in the run-up to the Nov. 8 presidential election. On Thursday, lawmakers accused Russia of being responsible. Various explanations have been floated by officials in Washington as to how the tools were stolen. Some feared it was the work of a leaker similar to former agency contractor Edward Snowden, while others suspected the Russians might have hacked into NSA headquarters in Fort Meade, Maryland.

57 comments

  1. Oh geez by Anonymous Coward · · Score: 2, Funny

    Those gosh darn Russian hackers.

  2. Hanlon's Razor by ColdWetDog · · Score: 4, Informative

    Never attribute to malice that which can be explained by incompetence.....

    --
    Faster! Faster! Faster would be better!
    1. Re:Hanlon's Razor by fustakrakich · · Score: 1

      Don't be so hasty to whitewash any of it. What some call "incompetence" can also be seen as sabotage. Few things are more effective than a bureaucrat committing a *job action*.

      --
      “He’s not deformed, he’s just drunk!”
  3. Trust me... by Anonymous Coward · · Score: 0

    Penetrating Ft Meade is probably nigh impossible. Not impossible but impractically hard- virtually everything critical is airgapped if they have proper security.

    The Command and Control server theory is most plausible.

    In fact I wouldn't be surprised if some of the NSA's tools were originally pilfered from the Russians, as the NSA has a definite tendency to hoard the goodies as opposed to flaunting how they just snatched them off the other boy and handing them out.

  4. Dual_EC_DRBG by Anonymous Coward · · Score: 5, Insightful

    Bigger picture: you saw how Snowden easily accessed all the NSA secret documents. You read how Dual_EC_DRBG, was an encryption random number generator with a backdoor key that let them strip encryption with as little as 32 bytes of a message.

    If they couldn't keep their own tools secret, and couldn't keep their own staff from access to everything (2 million plus US contractors security cleared), then that backdoor key will also have been stolen.

    Which means every password sent over networks protected by that encryption are also compromised. But hey, lets not give Snowden a pardon, lets give General Alexander a fat lucrative contract instead.... because...merika!

    1. Re:Dual_EC_DRBG by 93+Escort+Wagon · · Score: 4, Insightful

      Yup, this is exactly why a government-held "master encryption key for all US-based transactions" must never, ever be allowed to happen. Even the NSA can make mistakes.

      --
      #DeleteChrome
    2. Re:Dual_EC_DRBG by AHuxley · · Score: 1

      The internal NSA networks are open to staff, other agencies, random contractors for a reason. So many had projects to run that securing it all would have slowed down. It was sold as a new decade of searches, help, access by contractors.
      Other agencies wanted domestic or staff information on topics the NSA had no need to question.
      So most US internal gov networks are open, plain text for rapid searching. The security thinking is any search on the inside is legal, valid and secure.
      The 'couldn't keep their own staff from access to everything" was the warning from history. Letting private contractors into gov secrets is always an error from a security perspective. The CIA, GCHQ warned the NSA. NSA gov staff warned the NSA. But the political drive for profits and the lobbying by the private sector was too strong. Decades of good gov security was lost to private sector contractors in years self signing their own access for profit.

      --
      Domestic spying is now "Benign Information Gathering"
  5. Careless to use the tools? by laughingskeptic · · Score: 2

    The operative's job requires them to place their tools on remote machines. That is how you make progress on a hack. I'm guessing they had a 'favorite' bundle that they deployed rather than trying tools one at a time like they were probably supposed to.

    1. Re:Careless to use the tools? by Anonymous Coward · · Score: 0

      And didn't sufficiently harden the hacked host on which they installed the tools.

      And didn't clean up the host after they were done.

    2. Re:Careless to use the tools? by Anonymous Coward · · Score: 0

      The operative's job requires them to place their tools on remote machines. That is how you make progress on a hack. I'm guessing they had a 'favorite' bundle that they deployed rather than trying tools one at a time like they were probably supposed to.

      Yes and no.

      The tools will contain portions that have to be placed on the remote machine, because you're trying to execute their payload in a privileged context on that machine.

      But didn't this release also include command servers and user manuals? Things which would never be placed on a device which is the target of a compromise, so even if you assume usage of a "bundle", it's unreasonable to think they would be included in it.

    3. Re:Careless to use the tools? by Anonymous Coward · · Score: 1

      You never know when you're hacking into some sort of honeypot. A machine they put on the net to attract (governmental) hackers, with constant snapshotting in order to pick up interesting toolkits & exploits that they haven't seen.

      Got a unknown backdoor into cisco switches, using some obscure protocol quirk? Some russian lab has a switch with a memory reader connected. Waiting month after month - when the memory changes, the right people are notified. Likewise for a large number of popular products & servers.

      Harvesting exploits that only one part "knows" is easy enough, when you can take the toys apart for examination at any point in time. You set the traps, and then you just wait. Someday they use the exploits, "just checking", and then it is all known. While you wait, you set more of these traps . . .

    4. Re:Careless to use the tools? by Anonymous Coward · · Score: 0

      Why would the deployed bundle include code? That's what confuses me...

    5. Re: Careless to use the tools? by Anonymous Coward · · Score: 0

      Better to have a one time upload than to risk discovery by making frequent visits.

    6. Re:Careless to use the tools? by Anonymous Coward · · Score: 1

      Local build?

    7. Re:Careless to use the tools? by BlueStrat · · Score: 1

      The tools will contain portions that have to be placed on the remote machine, because you're trying to execute their payload in a privileged context on that machine.

      But didn't this release also include command servers and user manuals? Things which would never be placed on a device which is the target of a compromise, so even if you assume usage of a "bundle", it's unreasonable to think they would be included in it.

      This.

      There's no way any 'honeypot' or similar tactic is going to obtain the portions of the tools that are never uploaded to a target like user manuals and command server code.

      This is simply a combination of CYA and an attempt at psychological manipulation to try to smoke out whomever hacked into NSA HQ and/or leaked these tools.

      Hey NSA, it sucks when the hunter becomes the hunted, doesn't it? Your unconstitutional and criminal actions have now placed you at the top of every private and government hacker's dream-hack list both domestic and foreign, and even inside your organization among your own coworkers. Every last bit of dirt will be exposed for all to see. You are the greater threat to national security and will be dealt with accordingly regardless of what corrupt laws are in place to protect your illegal/unconstitutional actions because you are far-outnumbered and vastly out-resourced.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    8. Re:Careless to use the tools? by Anonymous Coward · · Score: 0

      Never underestimate the power of blackmail.

    9. Re:Careless to use the tools? by AHuxley · · Score: 1

      Strange that for decades no other admins, system workers, network designers, skilled top academics, telco staff, the private sector or other gov's ever noticed and published details about staging servers and methods found.
      Now its all in the open? What went wrong with decades of never really been noticed? All that easy access, bulk data moved globally and no trace by the smart people with total access to the networks lost.
      Has commercial and consumer cloud AV really gotten that good and responsive that staff can track a mil/gov staging server to its origin and just look around?

      --
      Domestic spying is now "Benign Information Gathering"
  6. I can has ur upload? by Anonymous Coward · · Score: 0

    This is one of those things where even if you're not "careless," you're still eventually going to give it away anyway. If someone wants your stuff, all they have to do is lure you into a honeypot. Then you go on trying everything, thinking that "rm" deletes whatever you just used. Nope.

    The mistake was in the strategy, not the procedures. You can't put stuff on someone else's machine and still assume you've retained a monopoly.

  7. Honeypot Trap? by Anonymous Coward · · Score: 0

    After reading that the NSA "tuned its tools" to detect use of the released exploits, I think that it really could have been a purposeful leaked. You know, build in some honeypots in the leak and see if you can find out more about the groups that would use the methods.

    1. Re:Honeypot Trap? by Anonymous Coward · · Score: 0

      much as I loathe the NSA and think there is vast incompetence at all levels, your theory sounds much more plausible to me than the current narrative. Snowden's revelations seem to show an NSA that is smart enough not to go around leaving big collections of stuff (with documentation even?) lying around on some target system. I vaguely recall in the Snowden aftermath seeing specifically rather competent tactics in that regard. Sure, maybe it was some renegade/rogue slip up, but that's an amazing story for them to try and sell post-Snowden. Though Snowden's buying of the narrative just makes me suspect he isn't above board all the more.

  8. elites pimping nostalgia by Anonymous Coward · · Score: 0

    Remember when it was the Chinese and not the Russians that were breaking into corporate and government systems everywhere all the time? Why it seems that it was only just 1-2 years ago that Slashdot featured almost daily articles where the Chinese military was the big ol' CYBERBAD that the US was on the brink of going to cyberwar with. Now? Well, apparently the Chinese have seen the error of their hacking ways because I can't recall a single story in the $CURRENT_YEAR that's involved Chinese hackers. Instead its PUUUUUTTTTTIIIINNNNNN! Just like our hollywood movies, our politics are now all about nostalgia, particularly Cold War nostalgia.

    1. Re:elites pimping nostalgia by smooth+wombat · · Score: 0

      particularly Cold War nostalgia.

      Since Putin is working on reconstituting the former Soviet Union by invading and attacking his neighbors and stealing their internationally recognized land, it would appear Putin is the one pining for the nostalgia of the Cold War.

      This doesn't include his and his lackeys repeated comments about ready to use nuclear weapons or taking over the Baltic States since they were never "granted" their independence.

      Don't stop the propaganda, comrade. You need to earn your daily vodka allotment since your economy is a wreck, the ruble is rubble and Putin and his oligarchs are stealing everything they can.

      --
      We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
    2. Re: elites pimping nostalgia by Anonymous Coward · · Score: 0

      Remember when North Korea allegedly hacked Sony in retaliation for some garbage Seth Rogen movie? Haha. Those were good times.

    3. Re:elites pimping nostalgia by Anonymous Coward · · Score: 0

      Fuck off neocon scum. The American people are woke to your propaganda. The level of trust in the mass media is at its lowest point EVER. We won't be fooled again.

    4. Re:elites pimping nostalgia by Anonymous Coward · · Score: 0

      And next year it will be the North Koreans, and after that it will be whatever "ISIS" calls itself at that time, and then it will be whoever else is on the governments "blame them" list that particular year. No doubt that most of them (including US) are engaged in some level of Cyberwarefare/espionage but we humans have a tendency to fixate on blaming everything on whoever is the most convenient opponent at that particular time. And its not limited to international events, just look at the whole "bath salts" scare a year or so ago. For a while every crazy persons behavior in the entire country was blamed on it, after all of the politicians got their laws passed and extracted their political capital it was quietly noted that virtually all of the cases the media/government had touted as the evidence that "we need to act" wasn't in any way related to bath salts.

    5. Re:elites pimping nostalgia by AutodidactLabrat · · Score: 2

      He's ignoring the economics.
      Absent the Soviet closed economy, Putin is at least 12 trillion / year short of the necessary national income to pay for a new string of wars.
      Where will he get the tools, the raw materials from China, the newest radar / lidar / standing wave receive only tech?
      Not for free. And it will take 3 decades to catch up with where we are now
      Of course, a few more ignorant spendthrift projects like the F-35 and he can just walk in, waiting for our "superior aircraft" to take a nosedive against the F-16's he can buy from Argentina

    6. Re:elites pimping nostalgia by Anonymous Coward · · Score: 0

      Damn straight. Just look how he keeps putting his country around our bases!

    7. Re: elites pimping nostalgia by Anonymous Coward · · Score: 0

      That is what happens in a country where everybody gets their news from Facebook memes.

    8. Re:elites pimping nostalgia by F.Ultra · · Score: 1

      Perhaps by doing say industrial espionage against say the US?

    9. Re: elites pimping nostalgia by hackwrench · · Score: 1

      There's enough nostalgia to go around. It's naive to think that the only ones with nostalgia are the most blatant actors.

    10. Re:elites pimping nostalgia by AHuxley · · Score: 1

      Even when the press works out its trusted US insiders walking out the data, the tech press and sock puppets still try and push an all powerful Russia or China cyber fantasy.
      That other nations can get into networks, stay in, get all kinds of plain text data in bulk, get the data out without been detected. Hours later contractors find all the ip ranges, logs, fully understood and expected code fragments are found intact. The media is full aware of methods, ip's hours later...
      Later the insider aspect is finally hinted at.

      --
      Domestic spying is now "Benign Information Gathering"
    11. Re:elites pimping nostalgia by rtb61 · · Score: 1

      George Bush was the only world leader to declare a nuclear first strike policy. The USA has invaded how many countries since the Soviet Union collapsed? How many Russian died fighting over the Crimea when it was part of Russia, how many hundreds of thousand. Seriously in what sane world would any country risk internal revolution trying to stop Don Cossacks from crossing a border to defend their relatives from attacks by Zaphorisian Cossacks (cossacks have the reputation they have because they well and truly earned it). The US government and US corporate controlled main stream media was full of it and the Russians no matter what anyone claims, including the Russian government dumped the Ukraine because it was too corrupt and costing them too much money (there are a whole lot of Ukrainians living in Russia and dumping the Ukraine they way they did, is not really all that politically acceptable, originally, not so much now). Americans just whining because they spent 5 billion dollars to give Russia back the Crimea and ended up stuck with a 30 billion dollar mess, as the EU is not interested in picking up the tab for a corrupt Ukraine).

      Speaking of a corrupt Ukraine, both the EU and the US complain about it, quite a lot, yet not one faces prosecution, even when those corrupt individuals travel overseas, so the EU and US complain about the corrupt Ukrainians they are protecting from prosecution for corruption, in order to, I have no idea, just seems totally utterly stupid for governments to complain about corruption and yet do nothing what so ever to prosecute it, if fact they provide safe harbour for the profits of those corrupt individuals.

      --
      Chaos - everything, everywhere, everywhen
  9. Russia? And Yet Nobody is Talking... by Anonymous Coward · · Score: 0

    About Israel's interest in the Amercian Presidential (s)election.

    Coincidence? I think not.

  10. Cloud services by WillAffleckUW · · Score: 2

    Rookie epic fail

    Next time, remember: there is no such thing as a secure cloud service. Ever.

    --
    -- Tigger warning: This post may contain tiggers! --
    1. Re:Cloud services by poofmeisterp · · Score: 1

      Rookie epic fail

      Next time, remember: there is no such thing as a secure cloud service. Ever.

      I still face-plant every time I have to talk to a non-tech (AND EVEN SOME TECH) persons about what "the cloud" is. It's very simple:

      "The Cloud" == a data center, or a set of datacenters used to store and/or process information remotely. The word "Cloud" is used to simplify a term that's been in existence since, what, the 1940s?

      Those who are given this simple infomration respond with, "Huh? So what is the cloud then?"

    2. Re:Cloud services by Anonymous Coward · · Score: 0

      I still face-plant every time I have to talk to a non-tech (AND EVEN SOME TECH) persons about what "the cloud" is.

      You actually fall to the ground and land directly on your face whenever you talk to people about "the cloud"?

    3. Re: Cloud services by Anonymous Coward · · Score: 0

      Yes. That is exactly what happens. Something even grows from my dead body after said injury.

    4. Re:Cloud services by Anonymous Coward · · Score: 0

      The word "Cloud" is used to simplify a term that's been in existence since, what, the 1940s?

      No not the 40's, the term "cloud" was coined in the 1960's.
      The term "datacenter" was also only put into use in the 1960's
      But yes "the cloud" is a very old term, older than most of us here on slashdot.

      It's kind of sad that nearly all of computing history is completely lost on many of the current people working in the industry.

  11. Saving face by bobmajdakjr · · Score: 2

    the russians cant hack our shit they just found it laying around when someone left them on the shared global spy server. they aint /that/ good.

  12. Scapegoat Du Jour by Anonymous Coward · · Score: 2, Interesting

    Russian (state sponsored) hackers seem to be the scapegoat du jour. For the past few years, all hacking was attributed to Chinese hackers. Then Donald Trump makes some flippant statement, the news starts talking about the Russian government hacking the DNC and BAM, all hacking is now attributed to Russian hackers.

    Did China suddenly stop hacking entirely? Are there no longer any hackers in Romania? Where did the Nigerians go?

    1. Re:Scapegoat Du Jour by Anonymous Coward · · Score: 0

      "Where did the Nigerians go?"

      The Nigerian princes are all set now. I already posted the $5000 to help them complete their financial transactions.

    2. Re:Scapegoat Du Jour by Anonymous Coward · · Score: 0

      I was just about to send them some money too. Have you received your millions yet?

    3. Re:Scapegoat Du Jour by Anonymous Coward · · Score: 0

      Yes, and they included an Xbox One. Didn't you get the tracking number at least?

    4. Re:Scapegoat Du Jour by AHuxley · · Score: 1

      How many Bear related names are ready for the local press?

      --
      Domestic spying is now "Benign Information Gathering"
  13. Harambe's Razor by Anonymous Coward · · Score: 0

    Never attribute to malice that which can be explained by autism.

  14. The tools, which enable hackers to exploit... by Narcocide · · Score: 3, Insightful

    The tools, which enable [salaried government employees] (who don't understand how they work) to exploit software flaws in computer and communications systems (which they also don't fundamentally understand), from [American companies] such as Cisco Systems and Fortinet Inc, (whose customers and reputations and overall integrity they also don't care about), were dumped onto public websites last month by a group calling itself Shadow Brokers.

    There, FTFY.

  15. Sure by Anonymous Coward · · Score: 0

    It must be the Russkies, the Default Culprit.

    1. Re: Sure by Anonymous Coward · · Score: 0

      Actually default is now China. Russia is trying to stay relevant.

  16. SPYWARE by Anonymous Coward · · Score: 0

    The tools are spyware, in the sense if you use them, the tools will call home to the NSA and tell them all about you.

    A few years back they had their own distro of linux they made available to the public, and the first thing it did on boot up was call home.

    Don't trust them. Besides, there are better tools out there.

  17. Re: Hanlon's Razor GAY NIGGER FUCK SCUM by Anonymous Coward · · Score: 0

    Of Thomas Jefferson were alive today he'd be really old

  18. Three years ago by Anonymous Coward · · Score: 0
    FTFA:

    NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said...

    Investigators have not ruled out the possibility that the former NSA person, who has since departed the agency for other reasons, left the tools exposed deliberately.

    Snowden left the agency about three years ago for "other reasons". Just a coincidence I'm sure.

  19. Extremely Careless by CanEHdian · · Score: 1

    C'mon people... get it right. It's "extremely careless" and you're off the hook, no charges will be recommended.

    --
    When the copyright term is "forever minus a day", live every day like it's the last.
  20. FTFY by Anonymous Coward · · Score: 0

    Yup, this is exactly why a government-held "master encryption key for all US-based transactions" must never, ever be allowed to happen. Even the NSA 'is still making' mistakes and will continue to do so..

  21. Haven't quite figured out.... by martinfb · · Score: 1

    ....who we can blame this one on yet?

    --


    Self-importance and self-indulgence is the root of ALL evil.