Leaked Files Show How the NSA Tracks Other Countries' Hackers (theintercept.com)

← Back to Stories (view on slashdot.org)

Leaked Files Show How the NSA Tracks Other Countries' Hackers (theintercept.com)

Posted by msmash on Wednesday March 7, 2018 @04:45AM from the it-gets-better dept.

An analysis of leaked tools believed to have been developed by the U.S. National Security Agency (NSA) gives us a glimpse into the methods used by the organization to detect the presence of other state-sponsored actors on hacked devices, and it could also help the cybersecurity community discover previously unknown threats. The Intercept: When the mysterious entity known as the "Shadow Brokers" released a tranche of stolen NSA hacking tools to the internet a year ago, most experts who studied the material honed in on the most potent tools, so-called zero-day exploits that could be used to install malware and take over machines. But a group of Hungarian security researchers spotted something else in the data, a collection of scripts and scanning tools the National Security Agency uses to detect other nation-state hackers on the machines it infects. It turns out those scripts and tools are just as interesting as the exploits. They show that in 2013 -- the year the NSA tools were believed to have been stolen by the Shadow Brokers -- the agency was tracking at least 45 different nation-state operations, known in the security community as Advanced Persistent Threats, or APTs. Some of these appear to be operations known by the broader security community -- but some may be threat actors and operations currently unknown to researchers.

The scripts and scanning tools dumped by Shadow Brokers and studied by the Hungarians were created by an NSA team known as Territorial Dispute, or TeDi. Intelligence sources told The Intercept the NSA established the team after hackers, believed to be from China, stole designs for the military's Joint Strike Fighter plane, along with other sensitive data, from U.S. defense contractors in 2007; the team was supposed to detect and counter sophisticated nation-state attackers more quickly, when they first began to emerge online. "As opposed to the U.S. only finding out in five years that everything was stolen, their goal was to try to figure out when it was being stolen in real time," one intelligence source told The Intercept. But their mission evolved to also provide situational awareness for NSA hackers to help them know when other nation-state actors are in machines they're trying to hack.

66 comments

Min score:

Reason:

Sort:

Just putting it out there by Anonymous Coward · 2018-03-07 04:52 · Score: 1

that one of NSA's designated missions since the rapid growth of the internet became a fact in the mid-90's has been to breach and acquire foreign research and technology that was to be kept secret.
It's always hypocrisy of the highest order when America accuses others of IP theft.
1. Re:Just putting it out there by Neuroelectronic · 2018-03-07 05:00 · Score: 1, Interesting
  
  Core Values
  Commitment to Service - Knowing that the country, our friends and allies are relying on us, we are dedicated to fulfilling our commitment to serve and to excellence in the pursuit of our critical mission.
  Respect for the Law - Everything we undertake in our missions is grounded in our adherence to the U.S. Constitution and compliance with the U.S. laws, regulations and policies that govern our activities.
  Integrity - We are committed to communicating honestly and directly, acting ethically and fairly and carrying out our mission efficiently and effectively.
  Transparency - We are committed to fostering public understanding of NSA's mission and to providing complete transparency to those who authorize and oversee NSA's work on behalf of the American people.
  Respect for People - We are committed to ensuring that all NSA personnel are respected, included and valued for their diverse backgrounds, experiences, skills and contributions to our mission and culture.
  Accountability - We are accountable for our actions and take responsibility for our decisions, practicing wise stewardship of public resources and placing prudent judgment over expediency.
2. Re:Just putting it out there by Anonymous Coward · 2018-03-07 05:34 · Score: 1
  
  There would actually need to be IP worth stealing before claiming hypocrisy. China's technology debuts always seem to appear after the US has already demonstrated the technology. Just take a look at the Chinese stealth fighter and tell me it is not copied from the US stealth fighters. Russia might covet US technology as well but take a look at their 5th generation fighters and see the Russians at least tried to introduce their own take on the technology. Russia has always had robust scientific and engineering capabilities. They just have never had the economic resources to match the US military industrial capabilities. Of course back in the good ole USSR era Russia's top scientists were basically forced labor and expected to produce if they wanted to live. It's one of the reason the Russian stealth fighters are still in the testing phase and they have not started mass producing the new fighters yet. The US has fielded stealth technology on battlefields across the world since 1991. The biggest step in developing new technologies is knowing the technology is actually viable before starting to invest time and money into developing the technology. How many countries would have ever spent the money developing stealth technology if the US had not shown them the technology was possible in the first place? What's funny is that the US proved to everyone that you can actually pull off manned missions to the moon but no other country has duplicated the feat in over 45+ years. The Chinese have been announcing a manned mission to the moon for the past 10 years but has not delivered. The fact that nobody has even tried to duplicate that feat says quite a lot about the rest of the world refusing to even risk the attempt. Hell the US went to the moon for the propaganda value not the scientific value. The effort also served as a way for the US to piggy back their ICBM technology development at the time. The US proved it was actually possible to land robotic survey vehicles on Mars for extended missions and others have tried to duplicate this feat but the success rate has been dismal. The US pioneered the global GPS and was the first country to integrate that technology into it's missile guidance technologies. And it sure the hell wasn't Russia, China, or anyone else who kicked off the PC and Internet.
  The only country the US relies on for advanced technology is Israel. US drone technology was obtained from the Israel. The US also relies on joint ventures with the Israelis for missile defense technology.
3. Re:Just putting it out there by Teun · 2018-03-07 06:42 · Score: 1
  
  I assume this was encrypted till you found it?
  
  --
  "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
4. Re:Just putting it out there by Anonymous Coward · 2018-03-07 09:24 · Score: 0
  
  After reading that big old list, one could wonder, why are they hacking into other countries networks? Hm.
5. Re:Just putting it out there by Anonymous Coward · 2018-03-07 09:38 · Score: 0
  
  Invention and research is not something that is reserved for Americans and only to happen in America. Also, the things that are invented usually involves many of those 100K per year foreign talents you recruit on H1B visas. Your tech sector would crumble without them.
  __EVERYTHING__ the world has today is based on prior research and invention, over and over again, and has effectively involved scientists and researchers from all over the world.
  Only in your ignorant little bubble do you think America comes up with everything from scratch, a.k.a. "we invented all the things".
6. Re: Just putting it out there by Brockmire · 2018-03-07 12:48 · Score: 1
  
  Can you name such incidents of US stealing Chinese tech? Because there's only about a million cases of Chinese stealing US and Canadian IP. Do you think the US has an infiltration program in China equivalent to the Chinese infiltration in US? They're not even fucking close.
7. Re:Just putting it out there by AHuxley · 2018-03-07 13:02 · Score: 1
  
  AC The NSA's raison d'être is to ensure the USA never has its 1930's US Army and Navy duplicated seperate decryption efforts again.
  The NSA does not want to get discovered in a computer network when spies from another 5 eye nation are in the same network.
  
  --
  Domestic spying is now "Benign Information Gathering"
8. Re:Just putting it out there by Anonymous Coward · 2018-03-07 13:04 · Score: 0
  
  I dislike America chest thumping, but if you are an American, loose the skirt and stop hating. If not, keep putting on the green blush, looks good on you.
9. Re: Just putting it out there by Anonymous Coward · 2018-03-07 23:20 · Score: 0
  
  Our tech sector would experience an incredible boom without the H1Bs. We all know it, and you know it too, Comrade Wang.
10. Re: Just putting it out there by Anonymous Coward · 2018-03-08 07:24 · Score: 0
  
  That BS makes sense. NSA will only hack Cambodians, I guess.
this is why... by k3v0 · 2018-03-07 04:58 · Score: 4, Insightful

governments can't be trusted with encryption backdoors
1. Re:this is why... by Kurdy · 2018-03-07 05:01 · Score: 2
  
  I would leave it at : "governments can't be trusted"
  
  --
  The soul becomes dyed with the color of its thoughts. - Marcus Aurelius
2. Re:this is why... by RobertNotBob · 2018-03-07 05:06 · Score: 3, Insightful
  
  What? Why?... The only actual content from this article that I can see is that WHEN the NSA has compromised a system, they look to see if anybody else has also owned the box. ... That's not untrustworthy Government, that is sound, logical procedure. And every single White-Hat organization does this. --- Now don't get me wrong, I'm not advocating for the NSA, but I'm not going to blame them for using industry recognized Best Practices.
  
  --
  ___ I don't respond to Anonymous Cowards, and I Never Mod them UP.
3. Re:this is why... by Anonymous Coward · 2018-03-07 05:19 · Score: 0
  
  lol so its best practice to hack into a system unauthorized and then check to make sure it wasn't already hacked? How about don't hack into a system that you don't have authorization for, that would be an industry best practice.
4. Re:this is why... by AlanObject · 2018-03-07 05:20 · Score: 2, Interesting
  
  I would leave it at : "governments can't be trusted"
  We trust the government with nukes. Many other governments are trusted with this as well.
  We trust the government with the data the IRS collects.
  We trust the government with regulating the food supply, the water supply, and pharmaceuticals.
  We trust the government to keep air travel safe. Pretty damn good job over the last 10 years even though Trump thinks he deserves credit for it.
  I could go on, but at this point I would wonder what you mean.
5. Re:this is why... by gnick · 2018-03-07 06:34 · Score: 1
  
  s/government/politicians
  
  --
  He's getting rather old, but he's a good mouse.
6. Re:this is why... by Kurdy · 2018-03-07 06:34 · Score: 0
  
  You trust your government with nukes ?!?! I guess coming from the only country in the world who ever nuked another one , it might make sense to you.
  Also for regulations; I do not now if you follow the news but your current government is working very hard to deregulate a lot of things. But do not wonder about what I mean just stay in your "trust" comfort zone ; everything will be fine.
  
  --
  The soul becomes dyed with the color of its thoughts. - Marcus Aurelius
7. Re:this is why... by dcollins117 · 2018-03-07 07:25 · Score: 1
  
  What? Why?... The only actual content from this article that I can see is that WHEN the NSA has compromised a system, they look to see if anybody else has also owned the box.
  See the part where is says "Leaked files" and "tranche of stolen NSA hacking tools?" If the NSA can't keep their secrets secret then you shouldn't trust them or any one else with a backdoor key to encryption. One of many reasons, actually.
8. Re:this is why... by Anonymous Coward · 2018-03-07 07:37 · Score: 0
  
  Governments can't be trusted. Anyone who isn't cynical of government is ignorant and mentally impaired. Period.
  Anything a government does should be verified. The fact that we don't is why there is so much rampant corruption. Another comment attempts to incorrectly substitute government with politician. But that's silly because governments are people. It's not a nebulous thing - it's PEOPLE! It's really people who can't be trusted.
  Nukes can be monitored - and are. We don't trust government.
  The IRS was illegally wielded as a weapon under Obama, by Obama, and has a terrible and well documented record of abuse and illegal practices. We don't trust government.
  The government regulates food but in most cases it verified. In many cases they have been discovered with wrong doing (example, fluoride, water fluoride and the FDA's admission of unknown levels and wide spread fluorosis). That's just one of endless examples. As for food (normally food and drink, thusly the water comment), it's monitored by non-government people. We don't trust government.
  The FAA is actually associated with less air safety in many situations. The moto is "we are not happy until you are not happy." Pilots and aircraft owners assign this for reason. They also needlessly increase costs. Estimates cite a minimum of doubling costs. We don't trust governments.
  We trusted government with healthcare and we got the nightmares known as Obamacare and the VA. We don't trust government.
  You could keep going and going but the fact is that you would ALWAYS, without failure, be wrong.
  Only an idiot trusts government. The entire nation of the United States of America is literally founded on the notion that only imbeciles trust government. To date, there has never been an exception. Only imbeciles trust government.
  In the twentieth century alone, governments killed more than 100 million people. Only imbeciles trust government.
9. Re:this is why... by Anonymous Coward · 2018-03-07 07:41 · Score: 0
  
  This is, of course, the only correct answer. Don't let anyone tell you otherwise. For if they do, they are ignorant, stupid, or a tyrant.
10. Re:this is why... by gnick · 2018-03-07 07:45 · Score: 2
  
  You trust your government with nukes ?!?!
  Who would you suggest putting in charge of them?
  
  --
  He's getting rather old, but he's a good mouse.
11. Re:this is why... by Anonymous Coward · 2018-03-07 07:50 · Score: 0
  
  every single White-Hat organization does this.
  
  Black hats too...
12. Re:this is why... by iggymanz · 2018-03-07 08:04 · Score: 1
  
  Funny the fad of using the term "best practices" thinking that by the power of those magic words anything they advocate becomes the right thing to do.
  No, the NSA does not employ "best practices" in either the technical or legal sense. Their security has been breached, they are careless with data, they spy on U.S. citizens illegally, they invade allies systems.
13. Re:this is why... by Kurdy · 2018-03-07 08:07 · Score: 1
  
  I'd rather have governments that are less obsessed with weapons of mass destruction and that are looking to reduce their stockpile. That would give me more trust. I do not think that there is really anyone that is enough "qualified" to be in charged of such powerful monstrosity. Especially the ones currently in charge.
  
  --
  The soul becomes dyed with the color of its thoughts. - Marcus Aurelius
14. Re:this is why... by tinkerton · 2018-03-07 08:10 · Score: 1
  
  This more or less makes sense. It's not a fingerpointing article, it analyses tools and explains what they do.
  It also underscores another argument, that they have some serious tools in their toolbox and when there's a hacking claim and the NSA remains quiet, it means something. The NSA never produced any proof that the DNC was hacked.
15. Re:this is why... by oldgraybeard · 2018-03-07 08:11 · Score: 1
  
  It is not trust! It is forced compliance!
  
  Anything someone wants released to the world, just give that information to the government and it will rapidly be out for all to see.
  
  Just my 2 cents ;)
16. Re:this is why... by Anonymous Coward · 2018-03-07 08:31 · Score: 0
  
  Fortunately, we have a strategic, calculating leader and we don't have to worry about impulsive overreactions.
17. Re:this is why... by Anonymous Coward · 2018-03-07 08:59 · Score: 0
  
  A computer with Tic-Tac-Toe set to "number players: 0".
  Just save everyone some drama and do the tic-tac-toe thing before installing the nuclear weapons.
18. Re:this is why... by Anonymous Coward · 2018-03-07 09:05 · Score: 0
  
  It's less that we "trust" government and more that any institution tasked with overseeing anything important ultimately becomes functionally equivalent to a government.
  The US government was meant to be a collection of governments all watching each otehr for corruption/abuse. Over time that's broken down with our electoral system largely consolidating power into two governments (the major political parties) which operate outside most of the established checks and balances.
19. Re:this is why... by Anonymous Coward · 2018-03-07 09:13 · Score: 1
  
  I'd rather have governments that are less obsessed with weapons of mass destruction and that are looking to reduce their stockpile. That would give me more trust. I do not think that there is really anyone that is enough "qualified" to be in charged of such powerful monstrosity. Especially the ones currently in charge.
  Suppose you run a country. You get to decide how many nukes your country has. You do not get to decide what weapons other countries have. You also do not get to decide who runs those countries. In five or ten years, some country might be run by a crazy person who decides to attack you for some reason.
  Would you reduce your stockpile of nukes without getting the other countries to reduce their arsenal? If so, you are an idiot.
  Would you trust other countries when they say they are reducing *their* arsenal? You would probably want to verify that they did so. How would you do that? Some countries are large. Proving that there are no nukes anywhere inside them is not something you should bet your life and the life of everyone in your country on.
20. Re:this is why... by Anonymous Coward · 2018-03-07 09:24 · Score: 0
  
  I'd rather have governments that are less obsessed with weapons of mass destruction and that are looking to reduce their stockpile.
  Great idea! Kazakhstan hasn't shown much of an obsession with weapons of mass destruction. Let's give all our nukes to them! Problem solved.
21. Re: this is why... by Anonymous Coward · 2018-03-07 12:11 · Score: 0
  
  /g
22. Re: this is why... by Anonymous Coward · 2018-03-07 12:25 · Score: 0
  
  As crazy as that is, it's worse than what you describe.
  The NSA hacking is so obnoxious that even groups within their own agency would "accidentally" hack into a system that another NSA group had ALREADY compromised the security on to the point they were stepping on each others toes. They can't even keep track of their own internal bullshit.
  Fuckers!
23. Re:this is why... by AHuxley · 2018-03-07 12:41 · Score: 1
  
  List of military nuclear accidents https://en.wikipedia.org/wiki/...
  How to stop that list from growing so the mil and contractors still look good?
  Dont keep a list of military nuclear accidents.
  
  --
  Domestic spying is now "Benign Information Gathering"
24. Re: this is why... by Brockmire · 2018-03-07 12:53 · Score: 1
  
  Yes. What part don't you understand? It's pretty fucking straight forward.
25. Re:this is why... by rtb61 · 2018-03-07 17:25 · Score: 1
  
  We trust government to do things in the public interest in a public manner so we don't have to fucking trust them. We want to be able to fucking check everything going on and everything they will affect not only who we vote for but who we actively vociferously campaign against. Trust, limited trust for a limited time, if the government has nothing to hide than why does it keep secrets from us the people, us the bosses, those who representatives are meant to represent not fucking rule or lead. We are the fucking leaders, we demand the right to know, we demand the right to not fucking relying on blind ignorant faith.
  There is trust and their is stupidly wilfully gullible ignorant trust. I trust the government will corruptly cheat and even kill me if I do not strive to monitor and control it, that's what I trust. As much as it grinds my gears, yes I do trust government more than I trust private industry and in my experience the bigger the corporation worse they are and the less they are to be trusted and in reality should be broken up to be far less dangerous to society.
  
  --
  Chaos - everything, everywhere, everywhen
26. Re: this is why... by Anonymous Coward · 2018-03-08 02:31 · Score: 0
  
  Its seems you are the one not understanding - the NSA breaking into a computer is not an industry best practice by any stretch of the phrase, it is breaking the law.
27. Re:this is why... by AlanObject · 2018-03-08 04:38 · Score: 1
  
  As the author of the post you are responding to I reserve the right to reply: good answer.
Matroska Spy v Spy by Anonymous Coward · 2018-03-07 05:13 · Score: 0

It's a trap!
NSA's most successful project was... by raftpeople · 2018-03-07 05:26 · Score: 1

AOL cd's
1. Re:NSA's most successful project was... by Anonymous Coward · 2018-03-07 05:36 · Score: 0
  
  AOL cd's
  Sure, but because of the tiny cameras and microphones they put in them, not the executable data, since most folks used the CD's as coasters rather than installation media.
2. Re:NSA's most successful project was... by Anonymous Coward · 2018-03-07 05:51 · Score: 0
  
  CD's what?
3. Re:NSA's most successful project was... by Anonymous Coward · 2018-03-08 09:25 · Score: 0
  
  CD's what?
  CD's nuts!
Seems like there are good reasons by Anonymous Coward · 2018-03-07 05:32 · Score: 0

Suppose, for example, an infected machine appeared malicious. It may be prudent, for example to protect the privacy of everyone involved, to hack that machine to search for evidence of remote operation. I donâ(TM)t know, seems like a good thing to be able to detect to me.
North Korea by dj245 · 2018-03-07 05:33 · Score: 1

Given that North Korea is a high profile hacking target by just about every other government, is it any wonder that their computer networks are separated from the rest of the world? "Repressive" regimes tend to do this to control dissent, but reducing exposure to worldwide networks could be another reason for running a national intranet.

I also wondered why the heck New Zealand is in the Five Eyes. The wikipedia article is probably not surprising to many people but interesting nonetheless.

--
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
1. Re:North Korea by Teun · 2018-03-07 06:55 · Score: 1
  
  Two reasons, like Americans they speak a sort of English that US politicians understand.
  And there isn't a chance in hell anyone else would be available in that area.
  
  --
  "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
2. Re:North Korea by Anonymous Coward · 2018-03-07 12:00 · Score: 0
  
  No, it is the other way around. Americans speak a sort of English that people in rest of English speaking country understand.
3. Re:North Korea by AHuxley · 2018-03-07 12:35 · Score: 1
  
  The network into NK are left open so the NSA and GCHQ can connect the CIA and MI6 to the NK command and control structure.
  The top NK mil get made offers. Stand down the more complex mil systems and CIA funded escape negotiation is always an option.
  Go to war with all mil systems and that CIA escape is not going to be offered.
  That internet link is the communications network for the NSA direct to the NK command.
  NK has become wise to such communications and is looking to a new generation of its own trusted nuclear scientists who are less susceptible to CIA offers than the NK mil.
  
  --
  Domestic spying is now "Benign Information Gathering"
If you can't trust the government by sgrover · 2018-03-07 05:57 · Score: 1

"If you can't trust the governments of the world, who can you trust?" - Young Einstien
1. Re:If you can't trust the government by gnick · 2018-03-07 06:35 · Score: 1
  
  And now, folks, it's time for "Who do you trust!" Hubba, hubba, hubba! Money, money, money! Who do you trust?
  -The Joker
  
  --
  He's getting rather old, but he's a good mouse.
Staycation by Anonymous Coward · 2018-03-07 06:40 · Score: 0

Poor Russian haxors, afraid to go abroad on vacation in case the Feds grab you. No more Turkey, Egypt, UK or Cyprus, looks like it's Chechnya for you this year.
1. Re:Staycation by Anonymous Coward · 2018-03-07 08:19 · Score: 0
  
  fake passports?
2. Re: Staycation by Anonymous Coward · 2018-03-07 23:29 · Score: 0
  
  So they can't visit any of the tyrannies propped up by Uncle Sam. Fair enough.
APTs by Anonymous Coward · 2018-03-07 06:59 · Score: 0

Nitpick for clarity: While nation-state operations generally employ the use APTs, APTs are not limited to nation-state operations.
OH NO! by Anonymous Coward · 2018-03-07 07:57 · Score: 0

The NSA should NOT be allowed to interfere with hackers! Guys I think our government is out of control /s
P.S. I'm a raging moron spreading anti-government BS where it doesn't belong in the slightest.
1. Re: OH NO! by Reverend+Green · 2018-03-07 23:30 · Score: 1
  
  Good morning, Agent Smith! How's the weather in Fort Meade today?
2. Re: OH NO! by Anonymous Coward · 2018-03-08 09:28 · Score: 0
  
  sunny and cold.
Those APTs include(d) ... by Anonymous Coward · 2018-03-07 11:41 · Score: 1

Occupy, Anonymous, Wikileaks, and even the Tea Party by the way.
And the methods involved injecting moles to cause them to infight, and act as agents provocateurs, to create destuction and violence, so it will be easy to discredit and destroy them officially.
In most cases, the original group (or mindset, as Anonymous was NOT a group until they created one in that name) was perfectly peaceful and sensible, and the evil acts were entirely the actions of "our" oh-so-good "law enforcement".
Yes, I did read the original presentations back then.
Re:Moscow Donald Helps Russia's Hackers by Anonymous Coward · 2018-03-07 12:22 · Score: 0

Nice try Ivan
Dear Shadowbrokers... by Anonymous Coward · 2018-03-07 19:05 · Score: 0

Can you please release some hacking tools or exploits used by the Russians, Chinese, and North Koreans? Releasing NSA tricks only makes them less effective while the other guys continue to steal my data and influence our elections. Thanks.
1. Re: Dear Shadowbrokers... by Anonymous Coward · 2018-03-07 23:35 · Score: 0
  
  Oh c'mon - look at how much money the Chinese spent trying to get Hillary "I'd sell out my whole country for $50" Clinton elected. And they still failed.
  Have some faith in the American people. We may be deplorable, but we know a crook when we see one.
How to run that script? by alexmagni · 2018-03-07 20:28 · Score: 1

Some hints to the availability of that script, for self-cleaning purposes?
1. Re:How to run that script? by Anonymous Coward · 2018-03-08 09:31 · Score: 0
  
  https://github.com/misterch0c/shadowbroker
Re: Moscow Donald Helps Russia's Hackers by Anonymous Coward · 2018-03-07 23:18 · Score: 0

The butthurt is strong in this one...
Vote Hillary in 2020 for MOAR WAR!!!!1!!1!!!