Bamford writes: "Rather than the NSA hacking tools being snatched as a
result of a sophisticated cyber operation by Russia or some other nation, it
seems more likely that an employee stole them. Experts who have analyzed the
files suspect that they date to October 2013, five months after Edward
Snowden left his contractor position with the NSA."
Former U.S. National Security Agency contractor Edward Snowden. (photo: Mark
Blinch/Reuters)
Evidence Points to Another Snowden at the NSA
By James Bamford, Reuters
22 August 16
In the summer of 1972, state-of-the-art campaign spying consisted of
amateur burglars, armed with duct tape and microphones, penetrating the
headquarters of the Democratic National Committee. Today, amateur burglars
have been replaced by cyberspies, who penetrated the DNC armed with
computers and sophisticated hacking tools.
Where the Watergate burglars came away empty-handed and in handcuffs, the
modern- day cyber thieves walked away with tens of thousands of sensitive
political documents and are still unidentified.
Now, in the latest twist, hacking tools themselves, likely stolen from the
National Security Agency, are on the digital auction block. Once again, the
usual suspects start with Russia - though there seems little evidence
backing up the accusation.
In addition, if Russia had stolen the hacking tools, it would be senseless
to publicize the theft, let alone put them up for sale. It would be like a
safecracker stealing the combination to a bank vault and putting it on
Facebook. Once revealed, companies and governments would patch their
firewalls, just as the bank would change its combination.
A more logical explanation could also be insider theft. If that's the case,
it's one more reason to question the usefulness of an agency that secretly
collects private information on millions of Americans but can't keep its
most valuable data from being stolen, or as it appears in this case, being
used against us.
In what appeared more like a Saturday Night Live skit than an act of
cybercrime, a group calling itself the Shadow Brokers put up for bid on the
Internet what it called a "full state-sponsored toolset" of "cyberweapons."
"!!! Attention government sponsors of cyberwarfare and those who profit from
it !!!! How much would you pay for enemies cyberweapons?" said the
announcement.
The group said it was releasing some NSA files for "free" and promised
"better" ones to the highest bidder. However, those with loosing bids "Lose
Lose," it said, because they would not receive their money back. And should
the total sum of the bids, in bitcoins, reach the equivalent of half a
billion dollars, the group would make the whole lot public.
While the "auction" seemed tongue in cheek, more like hacktivists than
Russian high command, the sample documents were almost certainly real. The
draft of a top-secret NSA manual for implanting offensive malware, released
by Edward Snowden, contains code for a program codenamed SECOND22 August 16.
That same 16-character string of numbers and characters is in the code
released by the Shadow Brokers. The details from the manual were first
released by The Intercept last Friday.
The authenticity of the NSA hacking tools were also confirmed by several
ex-NSA officials who spoke to the media, including former members of the
agency's Tailored Access Operations (TAO) unit, the home of hacking
specialists.
"Without a doubt, they're the keys to the kingdom," one former TAO employee
told the Washington Post. "The stuff you're talking about would undermine
the security of a lot of major government and corporate networks both here
and abroad." Another added, "From what I saw, there was no doubt in my mind
that it was legitimate."
Like a bank robber's tool kit for breaking into a vault, cyber exploitation
tools, with codenames like EPICBANANA and BUZZDIRECTION, are designed to
break into computer systems and networks. Just as the bank robber hopes to
find a crack in the vault that has never been discovered, hackers search for
digital cracks, or "exploits," in computer programs like Windows.
The most valuable are "zero day" exploits, meaning there have been zero days
since Windows has discovered the "crack" in their programs. Through this
crack, the hacker would be able to get into a system and exploit it, by
stealing information, until the breach is eventually discovered and patched.
According to the former NSA officials who viewed the Shadow Broker files,
they contained a number of exploits, including zero-day exploits that the
NSA often pays thousands of dollars for to private hacking groups.
The reasons given for laying the blame on Russia appear less convincing,
however. "This is probably some Russian mind game, down to the bogus
accent," James A. Lewis, a computer expert at the Center for Strategic and
International Studies, a Washington think tank, told the New York Times. Why
the Russians would engage in such a mind game, he never explained.
Rather than the NSA hacking tools being snatched as a result of a
sophisticated cyber operation by Russia or some other nation, it seems more
likely that an employee stole them. Experts who have analyzed the files
suspect that they date to October 2013, five months after Edward Snowden
left his contractor position with the NSA and fled to Hong Kong carrying
flash drives containing hundreds of thousands of pages of NSA documents.
So, if Snowden could not have stolen the hacking tools, there are
indications that after he departed in May 2013, someone else did, possibly
someone assigned to the agency's highly sensitive Tailored Access
Operations.
In December 2013, another highly secret NSA document quietly became public.
It was a top secret TAO catalog of NSA hacking tools. Known as the Advanced
Network Technology (ANT) catalog, it consisted of 50 pages of extensive
pictures, diagrams and descriptions of tools for every kind of hack, mostly
targeted at devices manufactured by U.S. companies, including Apple, Cisco,
Dell and many others.
Like the hacking tools, the catalog used similar codenames. Among the tools
targeting Apple was one codenamed DROPOUTJEEP, which gives NSA total control
of iPhones. "A software implant for the Apple iPhone," says the ANT catalog,
"includes the ability to remotely push/pull files from the device. SMS
retrieval, contact-list retrieval, voicemail, geolocation, hot mic, camera
capture, cell-tower location, etc."
Another, codenamed IRATEMONK, is, "Technology that can infiltrate the
firmware of hard drives manufactured by Maxtor, Samsung, Seagate and Western
Digital."
In 2014, I spent three days in Moscow with Snowden for a magazine assignment
and a PBS documentary. During our on-the-record conversations, he would not
talk about the ANT catalog, perhaps not wanting to bring attention to
another possible NSA whistleblower.
I was, however, given unrestricted access to his cache of documents. These
included both the entire British, or GCHQ, files and the entire NSA files.
But going through this archive using a sophisticated digital search tool, I
could not find a single reference to the ANT catalog. This confirmed for me
that it had likely been released by a second leaker. And if that person
could have downloaded and removed the catalog of hacking tools, it's also
likely he or she could have also downloaded and removed the digital tools
now being leaked.
In fact, a number of the same hacking implants and tools released by the
Shadow Brokers are also in the ANT catalog, including those with codenames
BANANAGLEE and JETPLOW. These can be used to create "a persistent back-door
capability" into widely used Cisco firewalls, says the catalog.
Consisting of about 300 megabytes of code, the tools could easily and
quickly be transferred to a flash drive. But unlike the catalog, the tools
themselves - thousands of ones and zeros - would have been useless if leaked
to a publication. This could be one reason why they have not emerged until
now.
Enter WikiLeaks. Just two days after the first Shadow Brokers message,
Julian Assange, the founder of WikiLeaks, sent out a Twitter message. "We
had already obtained the archive of NSA cyberweapons released earlier
today," Assange wrote, "and will release our own pristine copy in due
course."
The month before, Assange was responsible for releasing the tens of
thousands of hacked DNC emails that led to the resignation of the four top
committee officials.
There also seems to be a link between Assange and the leaker who stole the
ANT catalog, and the possible hacking tools. Among Assange's close
associates is Jacob Appelbaum, a celebrated hacktivist and the only publicly
known WikiLeaks staffer in the United States - until he moved to Berlin in
2013 in what he called a "political exile" because of what he said was
repeated harassment by U.S. law enforcement personnel. In 2010, a Rolling
Stone magazine profile labeled him "the most dangerous man in cyberspace."
In December 2013, Appelbaum was the first person to reveal the existence of
the ANT catalog, at a conference in Berlin, without identifying the source.
That same month he said he suspected the U.S. government of breaking into
his Berlin apartment. He also co-wrote an article about the catalog in Der
Spiegel. But again, he never named a source, which led many to assume,
mistakenly, that it was Snowden.
In addition to WikiLeaks, for years Appelbaum worked for Tor, an
organization focused on providing its customers anonymity on the Internet.
But last May, he stepped down as a result of "serious, public allegations of
sexual mistreatment" made by unnamed victims, according to a statement put
out by Tor. Appelbaum has denied the charges.
Shortly thereafter, he turned his attention to Hillary Clinton. At a
screening of a documentary about Assange in Cannes, France, Appelbaum
accused her of having a grudge against him and Assange, and that if she were
elected president, she would make their lives difficult. "It's a situation
that will possibly get worse" if she is elected to the White House, he said,
according to Yahoo News.
It was only a few months later that Assange released the 20,000 DNC emails.
Intelligence agencies have again pointed the finger at Russia for hacking
into these emails.
Yet there has been no explanation as to how Assange obtained them. He told
NBC News, "There is no proof whatsoever" that he obtained the emails from
Russian intelligence. Moscow has also denied involvement.
There are, of course, many sophisticated hackers in Russia, some with close
government ties and some without. And planting false and misleading
indicators in messages is an old trick. Now Assange has promised to release
many more emails before the election, while apparently ignoring email
involving Trump. (Trump opposition research was also stolen.)
In hacktivist style, and in what appears to be phony broken English, this
new release of cyberweapons also seems to be targeting Clinton. It ends with
a long and angry "final message" against "Wealthy Elites . . . breaking
laws" but "Elites top friends announce, no law broken, no crime commit[ed].
. . Then Elites run for president. Why run for president when already
control country like dictatorship?"
Then after what they call the "fun Cyber Weapons Auction" comes the real
message, a serious threat. "We want make sure Wealthy Elite recognizes the
danger [of] cyberweapons. Let us spell out for Elites. Your wealth and
control depends on electronic data." Now, they warned, they have control of
the NSA's cyber hacking tools that can take that wealth away. "You see
attacks on banks and SWIFT [a worldwide network for financial services] in
news. If electronic data go bye-bye where leave Wealthy Elites? Maybe with
dumb cattle?"
Snowden's leaks served a public good. He alerted Americans to illegal
eavesdropping on their telephone records and other privacy violations, and
Congress changed the law as a result. The DNC leaks exposed corrupt policies
within the Democratic Party.
But we now have entered a period many have warned about, when NSA's cyber
weapons could be stolen like loose nukes and used against us. It opens the
door to criminal hackers, cyber anarchists and hostile foreign governments
that can use the tools to gain access to thousands of computers in order to
steal data, plant malware and cause chaos.
It's one more reason why NSA may prove to be one of Washington's greatest
liabilities rather than assets.
Error! Hyperlink reference not valid. Error! Hyperlink reference not valid.
Former U.S. National Security Agency contractor Edward Snowden. (photo: Mark
Blinch/Reuters)
http://www.reuters.com/article/us-intelligence-nsa-commentary-idUSKCN10X01Ph
ttp://www.reuters.com/article/us-intelligence-nsa-commentary-idUSKCN10X01P
Evidence Points to Another Snowden at the NSA
By James Bamford, Reuters
22 August 16
n the summer of 1972, state-of-the-art campaign spying consisted of amateur
burglars, armed with duct tape and microphones, penetrating the headquarters
of the Democratic National Committee. Today, amateur burglars have been
replaced by cyberspies, who penetrated the DNC armed with computers and
sophisticated hacking tools.
Where the Watergate burglars came away empty-handed and in handcuffs, the
modern- day cyber thieves walked away with tens of thousands of sensitive
political documents and are still unidentified.
Now, in the latest twist, hacking tools themselves, likely stolen from the
National Security Agency, are on the digital auction block. Once again, the
usual suspects start with Russia - though there seems little evidence
backing up the accusation.
In addition, if Russia had stolen the hacking tools, it would be senseless
to publicize the theft, let alone put them up for sale. It would be like a
safecracker stealing the combination to a bank vault and putting it on
Facebook. Once revealed, companies and governments would patch their
firewalls, just as the bank would change its combination.
A more logical explanation could also be insider theft. If that's the case,
it's one more reason to question the usefulness of an agency that secretly
collects private information on millions of Americans but can't keep its
most valuable data from being stolen, or as it appears in this case, being
used against us.
In what appeared more like a Saturday Night Live skit than an act of
cybercrime, a group calling itself the Shadow Brokers put up for bid on the
Internet what it called a "full state-sponsored toolset" of "cyberweapons."
"!!! Attention government sponsors of cyberwarfare and those who profit from
it !!!! How much would you pay for enemies cyberweapons?" said the
announcement.
The group said it was releasing some NSA files for "free" and promised
"better" ones to the highest bidder. However, those with loosing bids "Lose
Lose," it said, because they would not receive their money back. And should
the total sum of the bids, in bitcoins, reach the equivalent of half a
billion dollars, the group would make the whole lot public.
While the "auction" seemed tongue in cheek, more like hacktivists than
Russian high command, the sample documents were almost certainly real. The
draft of a top-secret NSA manual for implanting offensive malware, released
by Edward Snowden, contains code for a program codenamed SECOND22 August 16.
That same 16-character string of numbers and characters is in the code
released by the Shadow Brokers. The details from the manual were first
released by The Intercept last Friday.
The authenticity of the NSA hacking tools were also confirmed by several
ex-NSA officials who spoke to the media, including former members of the
agency's Tailored Access Operations (TAO) unit, the home of hacking
specialists.
"Without a doubt, they're the keys to the kingdom," one former TAO employee
told the Washington Post. "The stuff you're talking about would undermine
the security of a lot of major government and corporate networks both here
and abroad." Another added, "From what I saw, there was no doubt in my mind
that it was legitimate."
Like a bank robber's tool kit for breaking into a vault, cyber exploitation
tools, with codenames like EPICBANANA and BUZZDIRECTION, are designed to
break into computer systems and networks. Just as the bank robber hopes to
find a crack in the vault that has never been discovered, hackers search for
digital cracks, or "exploits," in computer programs like Windows.
The most valuable are "zero day" exploits, meaning there have been zero days
since Windows has discovered the "crack" in their programs. Through this
crack, the hacker would be able to get into a system and exploit it, by
stealing information, until the breach is eventually discovered and patched.
According to the former NSA officials who viewed the Shadow Broker files,
they contained a number of exploits, including zero-day exploits that the
NSA often pays thousands of dollars for to private hacking groups.
The reasons given for laying the blame on Russia appear less convincing,
however. "This is probably some Russian mind game, down to the bogus
accent," James A. Lewis, a computer expert at the Center for Strategic and
International Studies, a Washington think tank, told the New York Times. Why
the Russians would engage in such a mind game, he never explained.
Rather than the NSA hacking tools being snatched as a result of a
sophisticated cyber operation by Russia or some other nation, it seems more
likely that an employee stole them. Experts who have analyzed the files
suspect that they date to October 2013, five months after Edward Snowden
left his contractor position with the NSA and fled to Hong Kong carrying
flash drives containing hundreds of thousands of pages of NSA documents.
So, if Snowden could not have stolen the hacking tools, there are
indications that after he departed in May 2013, someone else did, possibly
someone assigned to the agency's highly sensitive Tailored Access
Operations.
In December 2013, another highly secret NSA document quietly became public.
It was a top secret TAO catalog of NSA hacking tools. Known as the Advanced
Network Technology (ANT) catalog, it consisted of 50 pages of extensive
pictures, diagrams and descriptions of tools for every kind of hack, mostly
targeted at devices manufactured by U.S. companies, including Apple, Cisco,
Dell and many others.
Like the hacking tools, the catalog used similar codenames. Among the tools
targeting Apple was one codenamed DROPOUTJEEP, which gives NSA total control
of iPhones. "A software implant for the Apple iPhone," says the ANT catalog,
"includes the ability to remotely push/pull files from the device. SMS
retrieval, contact-list retrieval, voicemail, geolocation, hot mic, camera
capture, cell-tower location, etc."
Another, codenamed IRATEMONK, is, "Technology that can infiltrate the
firmware of hard drives manufactured by Maxtor, Samsung, Seagate and Western
Digital."
In 2014, I spent three days in Moscow with Snowden for a magazine assignment
and a PBS documentary. During our on-the-record conversations, he would not
talk about the ANT catalog, perhaps not wanting to bring attention to
another possible NSA whistleblower.
I was, however, given unrestricted access to his cache of documents. These
included both the entire British, or GCHQ, files and the entire NSA files.
But going through this archive using a sophisticated digital search tool, I
could not find a single reference to the ANT catalog. This confirmed for me
that it had likely been released by a second leaker. And if that person
could have downloaded and removed the catalog of hacking tools, it's also
likely he or she could have also downloaded and removed the digital tools
now being leaked.
In fact, a number of the same hacking implants and tools released by the
Shadow Brokers are also in the ANT catalog, including those with codenames
BANANAGLEE and JETPLOW. These can be used to create "a persistent back-door
capability" into widely used Cisco firewalls, says the catalog.
Consisting of about 300 megabytes of code, the tools could easily and
quickly be transferred to a flash drive. But unlike the catalog, the tools
themselves - thousands of ones and zeros - would have been useless if leaked
to a publication. This could be one reason why they have not emerged until
now.
Enter WikiLeaks. Just two days after the first Shadow Brokers message,
Julian Assange, the founder of WikiLeaks, sent out a Twitter message. "We
had already obtained the archive of NSA cyberweapons released earlier
today," Assange wrote, "and will release our own pristine copy in due
course."
The month before, Assange was responsible for releasing the tens of
thousands of hacked DNC emails that led to the resignation of the four top
committee officials.
There also seems to be a link between Assange and the leaker who stole the
ANT catalog, and the possible hacking tools. Among Assange's close
associates is Jacob Appelbaum, a celebrated hacktivist and the only publicly
known WikiLeaks staffer in the United States - until he moved to Berlin in
2013 in what he called a "political exile" because of what he said was
repeated harassment by U.S. law enforcement personnel. In 2010, a Rolling
Stone magazine profile labeled him "the most dangerous man in cyberspace."
In December 2013, Appelbaum was the first person to reveal the existence of
the ANT catalog, at a conference in Berlin, without identifying the source.
That same month he said he suspected the U.S. government of breaking into
his Berlin apartment. He also co-wrote an article about the catalog in Der
Spiegel. But again, he never named a source, which led many to assume,
mistakenly, that it was Snowden.
In addition to WikiLeaks, for years Appelbaum worked for Tor, an
organization focused on providing its customers anonymity on the Internet.
But last May, he stepped down as a result of "serious, public allegations of
sexual mistreatment" made by unnamed victims, according to a statement put
out by Tor. Appelbaum has denied the charges.
Shortly thereafter, he turned his attention to Hillary Clinton. At a
screening of a documentary about Assange in Cannes, France, Appelbaum
accused her of having a grudge against him and Assange, and that if she were
elected president, she would make their lives difficult. "It's a situation
that will possibly get worse" if she is elected to the White House, he said,
according to Yahoo News.
It was only a few months later that Assange released the 20,000 DNC emails.
Intelligence agencies have again pointed the finger at Russia for hacking
into these emails.
Yet there has been no explanation as to how Assange obtained them. He told
NBC News, "There is no proof whatsoever" that he obtained the emails from
Russian intelligence. Moscow has also denied involvement.
There are, of course, many sophisticated hackers in Russia, some with close
government ties and some without. And planting false and misleading
indicators in messages is an old trick. Now Assange has promised to release
many more emails before the election, while apparently ignoring email
involving Trump. (Trump opposition research was also stolen.)
In hacktivist style, and in what appears to be phony broken English, this
new release of cyberweapons also seems to be targeting Clinton. It ends with
a long and angry "final message" against "Wealthy Elites . . . breaking
laws" but "Elites top friends announce, no law broken, no crime commit[ed].
. . Then Elites run for president. Why run for president when already
control country like dictatorship?"
Then after what they call the "fun Cyber Weapons Auction" comes the real
message, a serious threat. "We want make sure Wealthy Elite recognizes the
danger [of] cyberweapons. Let us spell out for Elites. Your wealth and
control depends on electronic data." Now, they warned, they have control of
the NSA's cyber hacking tools that can take that wealth away. "You see
attacks on banks and SWIFT [a worldwide network for financial services] in
news. If electronic data go bye-bye where leave Wealthy Elites? Maybe with
dumb cattle?"
Snowden's leaks served a public good. He alerted Americans to illegal
eavesdropping on their telephone records and other privacy violations, and
Congress changed the law as a result. The DNC leaks exposed corrupt policies
within the Democratic Party.
But we now have entered a period many have warned about, when NSA's cyber
weapons could be stolen like loose nukes and used against us. It opens the
door to criminal hackers, cyber anarchists and hostile foreign governments
that can use the tools to gain access to thousands of computers in order to
steal data, plant malware and cause chaos.
It's one more reason why NSA may prove to be one of Washington's greatest
liabilities rather than assets.
http://e-max.it/posizionamento-siti-web/socialize
http://e-max.it/posizionamento-siti-web/socialize
