Slashdot Mirror

← Back to Stories (view on slashdot.org)

Probe Of Leaked US NSA Hacking Tools Examines Operative's Mistake (reuters.com)

Posted by msmash on from the new-wrinkle dept.

Joseph Menn and John Walcott, reporting for Reuters: A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer and Russian hackers found them, four people with direct knowledge of the probe told Reuters. The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers. The public release of the tools coincided with U.S. officials saying they had concluded that Russia or its proxies were responsible for hacking political party organizations in the run-up to the Nov. 8 presidential election. On Thursday, lawmakers accused Russia of being responsible. Various explanations have been floated by officials in Washington as to how the tools were stolen. Some feared it was the work of a leaker similar to former agency contractor Edward Snowden, while others suspected the Russians might have hacked into NSA headquarters in Fort Meade, Maryland.

24 of 57 comments (clear)

  1. Oh geez by Anonymous Coward · · Score: 2, Funny

    Those gosh darn Russian hackers.

  2. Hanlon's Razor by ColdWetDog · · Score: 4, Informative

    Never attribute to malice that which can be explained by incompetence.....

    --
    Faster! Faster! Faster would be better!
    1. Re:Hanlon's Razor by fustakrakich · · Score: 1

      Don't be so hasty to whitewash any of it. What some call "incompetence" can also be seen as sabotage. Few things are more effective than a bureaucrat committing a *job action*.

      --
      “He’s not deformed, he’s just drunk!”
  3. Dual_EC_DRBG by Anonymous Coward · · Score: 5, Insightful

    Bigger picture: you saw how Snowden easily accessed all the NSA secret documents. You read how Dual_EC_DRBG, was an encryption random number generator with a backdoor key that let them strip encryption with as little as 32 bytes of a message.

    If they couldn't keep their own tools secret, and couldn't keep their own staff from access to everything (2 million plus US contractors security cleared), then that backdoor key will also have been stolen.

    Which means every password sent over networks protected by that encryption are also compromised. But hey, lets not give Snowden a pardon, lets give General Alexander a fat lucrative contract instead.... because...merika!

    1. Re:Dual_EC_DRBG by 93+Escort+Wagon · · Score: 4, Insightful

      Yup, this is exactly why a government-held "master encryption key for all US-based transactions" must never, ever be allowed to happen. Even the NSA can make mistakes.

      --
      #DeleteChrome
    2. Re:Dual_EC_DRBG by AHuxley · · Score: 1

      The internal NSA networks are open to staff, other agencies, random contractors for a reason. So many had projects to run that securing it all would have slowed down. It was sold as a new decade of searches, help, access by contractors.
      Other agencies wanted domestic or staff information on topics the NSA had no need to question.
      So most US internal gov networks are open, plain text for rapid searching. The security thinking is any search on the inside is legal, valid and secure.
      The 'couldn't keep their own staff from access to everything" was the warning from history. Letting private contractors into gov secrets is always an error from a security perspective. The CIA, GCHQ warned the NSA. NSA gov staff warned the NSA. But the political drive for profits and the lobbying by the private sector was too strong. Decades of good gov security was lost to private sector contractors in years self signing their own access for profit.

      --
      Domestic spying is now "Benign Information Gathering"
  4. Careless to use the tools? by laughingskeptic · · Score: 2

    The operative's job requires them to place their tools on remote machines. That is how you make progress on a hack. I'm guessing they had a 'favorite' bundle that they deployed rather than trying tools one at a time like they were probably supposed to.

    1. Re:Careless to use the tools? by Anonymous Coward · · Score: 1

      You never know when you're hacking into some sort of honeypot. A machine they put on the net to attract (governmental) hackers, with constant snapshotting in order to pick up interesting toolkits & exploits that they haven't seen.

      Got a unknown backdoor into cisco switches, using some obscure protocol quirk? Some russian lab has a switch with a memory reader connected. Waiting month after month - when the memory changes, the right people are notified. Likewise for a large number of popular products & servers.

      Harvesting exploits that only one part "knows" is easy enough, when you can take the toys apart for examination at any point in time. You set the traps, and then you just wait. Someday they use the exploits, "just checking", and then it is all known. While you wait, you set more of these traps . . .

    2. Re:Careless to use the tools? by Anonymous Coward · · Score: 1

      Local build?

    3. Re:Careless to use the tools? by BlueStrat · · Score: 1

      The tools will contain portions that have to be placed on the remote machine, because you're trying to execute their payload in a privileged context on that machine.

      But didn't this release also include command servers and user manuals? Things which would never be placed on a device which is the target of a compromise, so even if you assume usage of a "bundle", it's unreasonable to think they would be included in it.

      This.

      There's no way any 'honeypot' or similar tactic is going to obtain the portions of the tools that are never uploaded to a target like user manuals and command server code.

      This is simply a combination of CYA and an attempt at psychological manipulation to try to smoke out whomever hacked into NSA HQ and/or leaked these tools.

      Hey NSA, it sucks when the hunter becomes the hunted, doesn't it? Your unconstitutional and criminal actions have now placed you at the top of every private and government hacker's dream-hack list both domestic and foreign, and even inside your organization among your own coworkers. Every last bit of dirt will be exposed for all to see. You are the greater threat to national security and will be dealt with accordingly regardless of what corrupt laws are in place to protect your illegal/unconstitutional actions because you are far-outnumbered and vastly out-resourced.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    4. Re:Careless to use the tools? by AHuxley · · Score: 1

      Strange that for decades no other admins, system workers, network designers, skilled top academics, telco staff, the private sector or other gov's ever noticed and published details about staging servers and methods found.
      Now its all in the open? What went wrong with decades of never really been noticed? All that easy access, bulk data moved globally and no trace by the smart people with total access to the networks lost.
      Has commercial and consumer cloud AV really gotten that good and responsive that staff can track a mil/gov staging server to its origin and just look around?

      --
      Domestic spying is now "Benign Information Gathering"
  5. Cloud services by WillAffleckUW · · Score: 2

    Rookie epic fail

    Next time, remember: there is no such thing as a secure cloud service. Ever.

    --
    -- Tigger warning: This post may contain tiggers! --
    1. Re:Cloud services by poofmeisterp · · Score: 1

      Rookie epic fail

      Next time, remember: there is no such thing as a secure cloud service. Ever.

      I still face-plant every time I have to talk to a non-tech (AND EVEN SOME TECH) persons about what "the cloud" is. It's very simple:

      "The Cloud" == a data center, or a set of datacenters used to store and/or process information remotely. The word "Cloud" is used to simplify a term that's been in existence since, what, the 1940s?

      Those who are given this simple infomration respond with, "Huh? So what is the cloud then?"

  6. Re:elites pimping nostalgia by AutodidactLabrat · · Score: 2

    He's ignoring the economics.
    Absent the Soviet closed economy, Putin is at least 12 trillion / year short of the necessary national income to pay for a new string of wars.
    Where will he get the tools, the raw materials from China, the newest radar / lidar / standing wave receive only tech?
    Not for free. And it will take 3 decades to catch up with where we are now
    Of course, a few more ignorant spendthrift projects like the F-35 and he can just walk in, waiting for our "superior aircraft" to take a nosedive against the F-16's he can buy from Argentina

  7. Saving face by bobmajdakjr · · Score: 2

    the russians cant hack our shit they just found it laying around when someone left them on the shared global spy server. they aint /that/ good.

  8. Scapegoat Du Jour by Anonymous Coward · · Score: 2, Interesting

    Russian (state sponsored) hackers seem to be the scapegoat du jour. For the past few years, all hacking was attributed to Chinese hackers. Then Donald Trump makes some flippant statement, the news starts talking about the Russian government hacking the DNC and BAM, all hacking is now attributed to Russian hackers.

    Did China suddenly stop hacking entirely? Are there no longer any hackers in Romania? Where did the Nigerians go?

    1. Re:Scapegoat Du Jour by AHuxley · · Score: 1

      How many Bear related names are ready for the local press?

      --
      Domestic spying is now "Benign Information Gathering"
  9. The tools, which enable hackers to exploit... by Narcocide · · Score: 3, Insightful

    The tools, which enable [salaried government employees] (who don't understand how they work) to exploit software flaws in computer and communications systems (which they also don't fundamentally understand), from [American companies] such as Cisco Systems and Fortinet Inc, (whose customers and reputations and overall integrity they also don't care about), were dumped onto public websites last month by a group calling itself Shadow Brokers.

    There, FTFY.

  10. Re:elites pimping nostalgia by F.Ultra · · Score: 1

    Perhaps by doing say industrial espionage against say the US?

  11. Re: elites pimping nostalgia by hackwrench · · Score: 1

    There's enough nostalgia to go around. It's naive to think that the only ones with nostalgia are the most blatant actors.

  12. Extremely Careless by CanEHdian · · Score: 1

    C'mon people... get it right. It's "extremely careless" and you're off the hook, no charges will be recommended.

    --
    When the copyright term is "forever minus a day", live every day like it's the last.
  13. Re:elites pimping nostalgia by AHuxley · · Score: 1

    Even when the press works out its trusted US insiders walking out the data, the tech press and sock puppets still try and push an all powerful Russia or China cyber fantasy.
    That other nations can get into networks, stay in, get all kinds of plain text data in bulk, get the data out without been detected. Hours later contractors find all the ip ranges, logs, fully understood and expected code fragments are found intact. The media is full aware of methods, ip's hours later...
    Later the insider aspect is finally hinted at.

    --
    Domestic spying is now "Benign Information Gathering"
  14. Re:elites pimping nostalgia by rtb61 · · Score: 1

    George Bush was the only world leader to declare a nuclear first strike policy. The USA has invaded how many countries since the Soviet Union collapsed? How many Russian died fighting over the Crimea when it was part of Russia, how many hundreds of thousand. Seriously in what sane world would any country risk internal revolution trying to stop Don Cossacks from crossing a border to defend their relatives from attacks by Zaphorisian Cossacks (cossacks have the reputation they have because they well and truly earned it). The US government and US corporate controlled main stream media was full of it and the Russians no matter what anyone claims, including the Russian government dumped the Ukraine because it was too corrupt and costing them too much money (there are a whole lot of Ukrainians living in Russia and dumping the Ukraine they way they did, is not really all that politically acceptable, originally, not so much now). Americans just whining because they spent 5 billion dollars to give Russia back the Crimea and ended up stuck with a 30 billion dollar mess, as the EU is not interested in picking up the tab for a corrupt Ukraine).

    Speaking of a corrupt Ukraine, both the EU and the US complain about it, quite a lot, yet not one faces prosecution, even when those corrupt individuals travel overseas, so the EU and US complain about the corrupt Ukrainians they are protecting from prosecution for corruption, in order to, I have no idea, just seems totally utterly stupid for governments to complain about corruption and yet do nothing what so ever to prosecute it, if fact they provide safe harbour for the profits of those corrupt individuals.

    --
    Chaos - everything, everywhere, everywhen
  15. Haven't quite figured out.... by martinfb · · Score: 1

    ....who we can blame this one on yet?

    --


    Self-importance and self-indulgence is the root of ALL evil.