Slashdot Mirror

← Back to Stories (view on slashdot.org)

Leaked Files Show How the NSA Tracks Other Countries' Hackers (theintercept.com)

Posted by msmash on from the it-gets-better dept.

An analysis of leaked tools believed to have been developed by the U.S. National Security Agency (NSA) gives us a glimpse into the methods used by the organization to detect the presence of other state-sponsored actors on hacked devices, and it could also help the cybersecurity community discover previously unknown threats. The Intercept: When the mysterious entity known as the "Shadow Brokers" released a tranche of stolen NSA hacking tools to the internet a year ago, most experts who studied the material honed in on the most potent tools, so-called zero-day exploits that could be used to install malware and take over machines. But a group of Hungarian security researchers spotted something else in the data, a collection of scripts and scanning tools the National Security Agency uses to detect other nation-state hackers on the machines it infects. It turns out those scripts and tools are just as interesting as the exploits. They show that in 2013 -- the year the NSA tools were believed to have been stolen by the Shadow Brokers -- the agency was tracking at least 45 different nation-state operations, known in the security community as Advanced Persistent Threats, or APTs. Some of these appear to be operations known by the broader security community -- but some may be threat actors and operations currently unknown to researchers.

The scripts and scanning tools dumped by Shadow Brokers and studied by the Hungarians were created by an NSA team known as Territorial Dispute, or TeDi. Intelligence sources told The Intercept the NSA established the team after hackers, believed to be from China, stole designs for the military's Joint Strike Fighter plane, along with other sensitive data, from U.S. defense contractors in 2007; the team was supposed to detect and counter sophisticated nation-state attackers more quickly, when they first began to emerge online. "As opposed to the U.S. only finding out in five years that everything was stolen, their goal was to try to figure out when it was being stolen in real time," one intelligence source told The Intercept. But their mission evolved to also provide situational awareness for NSA hackers to help them know when other nation-state actors are in machines they're trying to hack.

31 of 66 comments (clear)

  1. Just putting it out there by Anonymous Coward · · Score: 1

    that one of NSA's designated missions since the rapid growth of the internet became a fact in the mid-90's has been to breach and acquire foreign research and technology that was to be kept secret.

    It's always hypocrisy of the highest order when America accuses others of IP theft.

    1. Re:Just putting it out there by Neuroelectronic · · Score: 1, Interesting

      Core Values

              Commitment to Service - Knowing that the country, our friends and allies are relying on us, we are dedicated to fulfilling our commitment to serve and to excellence in the pursuit of our critical mission.
              Respect for the Law - Everything we undertake in our missions is grounded in our adherence to the U.S. Constitution and compliance with the U.S. laws, regulations and policies that govern our activities.
              Integrity - We are committed to communicating honestly and directly, acting ethically and fairly and carrying out our mission efficiently and effectively.
              Transparency - We are committed to fostering public understanding of NSA's mission and to providing complete transparency to those who authorize and oversee NSA's work on behalf of the American people.
              Respect for People - We are committed to ensuring that all NSA personnel are respected, included and valued for their diverse backgrounds, experiences, skills and contributions to our mission and culture.
              Accountability - We are accountable for our actions and take responsibility for our decisions, practicing wise stewardship of public resources and placing prudent judgment over expediency.

    2. Re:Just putting it out there by Anonymous Coward · · Score: 1

      There would actually need to be IP worth stealing before claiming hypocrisy. China's technology debuts always seem to appear after the US has already demonstrated the technology. Just take a look at the Chinese stealth fighter and tell me it is not copied from the US stealth fighters. Russia might covet US technology as well but take a look at their 5th generation fighters and see the Russians at least tried to introduce their own take on the technology. Russia has always had robust scientific and engineering capabilities. They just have never had the economic resources to match the US military industrial capabilities. Of course back in the good ole USSR era Russia's top scientists were basically forced labor and expected to produce if they wanted to live. It's one of the reason the Russian stealth fighters are still in the testing phase and they have not started mass producing the new fighters yet. The US has fielded stealth technology on battlefields across the world since 1991. The biggest step in developing new technologies is knowing the technology is actually viable before starting to invest time and money into developing the technology. How many countries would have ever spent the money developing stealth technology if the US had not shown them the technology was possible in the first place? What's funny is that the US proved to everyone that you can actually pull off manned missions to the moon but no other country has duplicated the feat in over 45+ years. The Chinese have been announcing a manned mission to the moon for the past 10 years but has not delivered. The fact that nobody has even tried to duplicate that feat says quite a lot about the rest of the world refusing to even risk the attempt. Hell the US went to the moon for the propaganda value not the scientific value. The effort also served as a way for the US to piggy back their ICBM technology development at the time. The US proved it was actually possible to land robotic survey vehicles on Mars for extended missions and others have tried to duplicate this feat but the success rate has been dismal. The US pioneered the global GPS and was the first country to integrate that technology into it's missile guidance technologies. And it sure the hell wasn't Russia, China, or anyone else who kicked off the PC and Internet.

      The only country the US relies on for advanced technology is Israel. US drone technology was obtained from the Israel. The US also relies on joint ventures with the Israelis for missile defense technology.

    3. Re:Just putting it out there by Teun · · Score: 1

      I assume this was encrypted till you found it?

      --
      "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
    4. Re: Just putting it out there by Brockmire · · Score: 1

      Can you name such incidents of US stealing Chinese tech? Because there's only about a million cases of Chinese stealing US and Canadian IP. Do you think the US has an infiltration program in China equivalent to the Chinese infiltration in US? They're not even fucking close.

    5. Re:Just putting it out there by AHuxley · · Score: 1

      AC The NSA's raison d'être is to ensure the USA never has its 1930's US Army and Navy duplicated seperate decryption efforts again.
      The NSA does not want to get discovered in a computer network when spies from another 5 eye nation are in the same network.

      --
      Domestic spying is now "Benign Information Gathering"
  2. this is why... by k3v0 · · Score: 4, Insightful

    governments can't be trusted with encryption backdoors

    1. Re:this is why... by Kurdy · · Score: 2

      I would leave it at : "governments can't be trusted"

      --
      The soul becomes dyed with the color of its thoughts. - Marcus Aurelius
    2. Re:this is why... by RobertNotBob · · Score: 3, Insightful

      What? Why?... The only actual content from this article that I can see is that WHEN the NSA has compromised a system, they look to see if anybody else has also owned the box. ... That's not untrustworthy Government, that is sound, logical procedure. And every single White-Hat organization does this. --- Now don't get me wrong, I'm not advocating for the NSA, but I'm not going to blame them for using industry recognized Best Practices.

      --
      ___ I don't respond to Anonymous Cowards, and I Never Mod them UP.
    3. Re:this is why... by AlanObject · · Score: 2, Interesting

      I would leave it at : "governments can't be trusted"

      We trust the government with nukes. Many other governments are trusted with this as well.

      We trust the government with the data the IRS collects.

      We trust the government with regulating the food supply, the water supply, and pharmaceuticals.

      We trust the government to keep air travel safe. Pretty damn good job over the last 10 years even though Trump thinks he deserves credit for it.

      I could go on, but at this point I would wonder what you mean.

    4. Re:this is why... by gnick · · Score: 1

      s/government/politicians

      --
      He's getting rather old, but he's a good mouse.
    5. Re:this is why... by dcollins117 · · Score: 1

      What? Why?... The only actual content from this article that I can see is that WHEN the NSA has compromised a system, they look to see if anybody else has also owned the box.

      See the part where is says "Leaked files" and "tranche of stolen NSA hacking tools?" If the NSA can't keep their secrets secret then you shouldn't trust them or any one else with a backdoor key to encryption. One of many reasons, actually.

    6. Re:this is why... by gnick · · Score: 2

      You trust your government with nukes ?!?!

      Who would you suggest putting in charge of them?

      --
      He's getting rather old, but he's a good mouse.
    7. Re:this is why... by iggymanz · · Score: 1

      Funny the fad of using the term "best practices" thinking that by the power of those magic words anything they advocate becomes the right thing to do.

      No, the NSA does not employ "best practices" in either the technical or legal sense. Their security has been breached, they are careless with data, they spy on U.S. citizens illegally, they invade allies systems.

    8. Re:this is why... by Kurdy · · Score: 1

      I'd rather have governments that are less obsessed with weapons of mass destruction and that are looking to reduce their stockpile. That would give me more trust. I do not think that there is really anyone that is enough "qualified" to be in charged of such powerful monstrosity. Especially the ones currently in charge.

      --
      The soul becomes dyed with the color of its thoughts. - Marcus Aurelius
    9. Re:this is why... by tinkerton · · Score: 1

      This more or less makes sense. It's not a fingerpointing article, it analyses tools and explains what they do.

      It also underscores another argument, that they have some serious tools in their toolbox and when there's a hacking claim and the NSA remains quiet, it means something. The NSA never produced any proof that the DNC was hacked.

    10. Re:this is why... by oldgraybeard · · Score: 1

      It is not trust! It is forced compliance!

      Anything someone wants released to the world, just give that information to the government and it will rapidly be out for all to see.

      Just my 2 cents ;)

    11. Re:this is why... by Anonymous Coward · · Score: 1

      I'd rather have governments that are less obsessed with weapons of mass destruction and that are looking to reduce their stockpile. That would give me more trust. I do not think that there is really anyone that is enough "qualified" to be in charged of such powerful monstrosity. Especially the ones currently in charge.

      Suppose you run a country. You get to decide how many nukes your country has. You do not get to decide what weapons other countries have. You also do not get to decide who runs those countries. In five or ten years, some country might be run by a crazy person who decides to attack you for some reason.

      Would you reduce your stockpile of nukes without getting the other countries to reduce their arsenal? If so, you are an idiot.

      Would you trust other countries when they say they are reducing *their* arsenal? You would probably want to verify that they did so. How would you do that? Some countries are large. Proving that there are no nukes anywhere inside them is not something you should bet your life and the life of everyone in your country on.

    12. Re:this is why... by AHuxley · · Score: 1

      List of military nuclear accidents https://en.wikipedia.org/wiki/...
      How to stop that list from growing so the mil and contractors still look good?
      Dont keep a list of military nuclear accidents.

      --
      Domestic spying is now "Benign Information Gathering"
    13. Re: this is why... by Brockmire · · Score: 1

      Yes. What part don't you understand? It's pretty fucking straight forward.

    14. Re:this is why... by rtb61 · · Score: 1

      We trust government to do things in the public interest in a public manner so we don't have to fucking trust them. We want to be able to fucking check everything going on and everything they will affect not only who we vote for but who we actively vociferously campaign against. Trust, limited trust for a limited time, if the government has nothing to hide than why does it keep secrets from us the people, us the bosses, those who representatives are meant to represent not fucking rule or lead. We are the fucking leaders, we demand the right to know, we demand the right to not fucking relying on blind ignorant faith.

      There is trust and their is stupidly wilfully gullible ignorant trust. I trust the government will corruptly cheat and even kill me if I do not strive to monitor and control it, that's what I trust. As much as it grinds my gears, yes I do trust government more than I trust private industry and in my experience the bigger the corporation worse they are and the less they are to be trusted and in reality should be broken up to be far less dangerous to society.

      --
      Chaos - everything, everywhere, everywhen
    15. Re:this is why... by AlanObject · · Score: 1

      As the author of the post you are responding to I reserve the right to reply: good answer.

  3. NSA's most successful project was... by raftpeople · · Score: 1

    AOL cd's

  4. North Korea by dj245 · · Score: 1

    Given that North Korea is a high profile hacking target by just about every other government, is it any wonder that their computer networks are separated from the rest of the world? "Repressive" regimes tend to do this to control dissent, but reducing exposure to worldwide networks could be another reason for running a national intranet.

    I also wondered why the heck New Zealand is in the Five Eyes. The wikipedia article is probably not surprising to many people but interesting nonetheless.

    --
    Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
    1. Re:North Korea by Teun · · Score: 1

      Two reasons, like Americans they speak a sort of English that US politicians understand.
      And there isn't a chance in hell anyone else would be available in that area.

      --
      "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
    2. Re:North Korea by AHuxley · · Score: 1

      The network into NK are left open so the NSA and GCHQ can connect the CIA and MI6 to the NK command and control structure.
      The top NK mil get made offers. Stand down the more complex mil systems and CIA funded escape negotiation is always an option.
      Go to war with all mil systems and that CIA escape is not going to be offered.
      That internet link is the communications network for the NSA direct to the NK command.
      NK has become wise to such communications and is looking to a new generation of its own trusted nuclear scientists who are less susceptible to CIA offers than the NK mil.

      --
      Domestic spying is now "Benign Information Gathering"
  5. If you can't trust the government by sgrover · · Score: 1

    "If you can't trust the governments of the world, who can you trust?" - Young Einstien

    1. Re:If you can't trust the government by gnick · · Score: 1

      And now, folks, it's time for "Who do you trust!" Hubba, hubba, hubba! Money, money, money! Who do you trust?

      -The Joker

      --
      He's getting rather old, but he's a good mouse.
  6. Those APTs include(d) ... by Anonymous Coward · · Score: 1

    Occupy, Anonymous, Wikileaks, and even the Tea Party by the way.

    And the methods involved injecting moles to cause them to infight, and act as agents provocateurs, to create destuction and violence, so it will be easy to discredit and destroy them officially.

    In most cases, the original group (or mindset, as Anonymous was NOT a group until they created one in that name) was perfectly peaceful and sensible, and the evil acts were entirely the actions of "our" oh-so-good "law enforcement".

    Yes, I did read the original presentations back then.

  7. How to run that script? by alexmagni · · Score: 1

    Some hints to the availability of that script, for self-cleaning purposes?

  8. Re: OH NO! by Reverend+Green · · Score: 1

    Good morning, Agent Smith! How's the weather in Fort Meade today?