Advertisements

NSA ‘Shadow Brokers’ Hack Shows SpyWar with Kremlin Is Turning Hot 

Russ-Hack

Western intelligence bosses recently have become open about stating what they’ve known for years, that Snowden is a Kremlin pawn designed to inflict pain on Russia’s adversaries in the SpyWar.

 writes: The National Security Agency can’t catch a break. Over three years ago, Edward Snowden, an IT contractor for the agency, defected to Moscow with more than a million classified documents. Since then, Snowden’s vast trove has been used to embarrass NSA about the extent of its global espionage reach.

“Significant questions loom over this new scandal.  In the first place, what really is The Shadow Brokers? They appear to be a transparent front for Russian intelligence. Indeed, they’re not really hiding that fact, given the broken English they used in their online auction notice asking for bitcoin in exchange for NSA information.” 

I’ve been warning from Day One that the Snowden Operation was a Russian propaganda ploy aimed at inflicting pain on NSA, America’s most important spy agency, and its global alliance of espionage partnerships that’s been the backbone of the powerful Western intelligence system since it helped defeat the Nazis and Japan in World War II.

“From his Russian exile, even Snowden admitted on Twitter that this was pretty obviously a Kremlin spy game.”

Western intelligence bosses recently have become open about stating what they’ve known for years, that Snowden is a Kremlin pawn designed to inflict pain on Russia’s adversaries in the SpyWar. There’s no doubt that’s the case, especially since the Kremlin now has admitted that Snowden is their agent.

putin-computer

For more than three years NSA has been subjected to an unprecedented stream of leaks about myriad Top Secret intelligence programs. Although Snowden claimed his motivation was to protect the civil liberties of fellow Americans by exposing secrets, it’s impossible to miss that well over 95 percent of the programs he’s compromised are purely involved with foreign intelligence. The impact of all this on agency morale has been devastating and NSA is in a state of crisis thanks to Snowden.

[Read the full story here, at the Observer]

This week things took a marked turn for the worse, however, with the exposure of highly sensitive NSA hacking tools on the Internet by a murky group calling itself “The Shadow Brokers” which announced it planned to sell programs purloined from the agency. Like clockwork, NSA’s public website crashed and stayed down for almost a full day. Although there’s no indication this was linked to The Shadow Brokers, the optics for NSA were terrible.

hillary-computer

First, some explanation is needed of what’s been compromised. The crown jewel here is a 300-megabyte file containing “exploits”—that is, specialized sophisticated cyber tools designed to burrow through firewalls to steal data. What The Shadow Brokers has, which it claims it stole from an alleged NSA front organization termed the Equation Group, appears to be legitimate.

Here we are, three years after Snowden, dealing with the consequences of allowing Russian moles to run amok inside NSA.

These exploits—or at least some of them—appear to come from NSA’s elite office of Tailored Access Operations, which is the agency’s hacking group. Arguably the world’s most proficient cyber-warriors, the shadowy TAO excels at gaining access to the computer systems of foreign adversaries. TAO veterans have confirmed that, from what they’ve seen of what The Shadow Brokers has revealed, they’re bona fide NSA exploits.

This represents a security disaster for an agency that really didn’t need another one. How this happened, given the enormous security that’s placed on all NSA Top Secret computer systems, raises troubling questions about what’s going on, since the agency instituted much more strenuous online security after Snowden’s defection, which revealed how slipshod NSA counterintelligence really was.

However, significant questions loom over this new scandal.  In the first place, what really is The Shadow Brokers? They appear to be a transparent front for Russian intelligence. Indeed, they’re not really hiding that fact, given the broken English they used in their online auction notice asking for bitcoin in exchange for NSA information. From his Russian exile, even Snowden admitted on Twitter that this was pretty obviously a Kremlin spy game.

hacker-hacking-ddos-keyboard

Pro-Russian sources have pointed to the Equation Group as an NSA front for more than a year. In early 2015, Kaspersky Labs, one of the world’s leading cybersecurity firms, announced the discovery of the Equation Group and fingers were quickly pointed at NSA as being the culprit behind those hackers. It should be noted that Kaspersky Labs has a very cozy relationship with the Kremlin and is viewed by most espionage experts in the West as an extended arm of Russian intelligence. The firm’s founder, Eugene Kaspersky, was trained in codes and ciphers by the KGB in the waning days of the Soviet Union, even meeting his first wife at a KGB resort. Read the rest of this entry »

Advertisements

In NSA-Intercepted Data, Those Not targeted Far Outnumber the Foreigners Who Are

FISAdocs_promo

This is one of those big WaPo investigations that few traditional newspapers have the resources to do anymore. I recommend it, read the whole thing here.

For The Washington PostBarton GellmanJulie Tate, and Ashkan Soltani report:

Ordinary Internet users, American and non-American alike, far outnumber legally targeted foreigners in the communications intercepted by the National Security Agency from U.S. digital networks, according to a four-month investigation by The Washington Post.

[Also see: History lesson: The crucial differences between Bush and Obama’s NSA phone surveillance programs]

Nine of 10 account holders found in a large cache of intercepted conversations, which former NSA contractor Edward Snowden provided in full to The Post, were not the intended surveillance targets but were caught in a net the agency had cast for somebody else.

The Post reviewed roughly 160,000 intercepted e-mail and instant-message conversations, some of them hundreds of pages long, and 7,900 documents taken from more than 11,000 online accounts.

Many of them were Americans. Nearly half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents. NSA analysts masked, or “minimized,” more than 65,000 such references to protect Americans’ privacy, but The Post found nearly 900 additional e-mail addresses, unmasked in the files, that could be strongly linked to U.S. citizens or U.S.residents.

The material spans President Obama’s first term, from 2009 to 2012, a period of exponential growth for the NSA’s domestic collection.

The surveillance files highlight a policy dilemma that has been aired only abstractly in public. There are discoveries of considerable intelligence value in the intercepted messages — and collateral harm to privacy on a scale that the Obama administration has not been willing to address.

Among the most valuable contents — which The Post will not describe in detail, to avoid interfering with ongoing operations — are fresh revelations about a secret overseas nuclear project, double-dealing by an ostensible ally, a military calamity that befell an unfriendly power, and the identities of aggressive intruders into U.S. computer networks. Read the rest of this entry »


EVEN BAMBI ISN’T SAFE! Snowden: Hey, I could have wiretapped anyone’s e-mails, including the president’s personal account

Snowden: I could have wiretapped anyone’s e-mails, including the president’s personal account « Hot Air

Snowden suggests he could have accessed the president’s personal e-mails. Is that crazy? I hope so. I don’t know. via  Hot Air

He says he was granted broad “wiretapping” authorities. In a video interview with The Guardian, Snowden claims to have had incredibly broad authority to wiretap Americans, saying “I, sitting at my desk, certainly had the authorities to wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal e-mail.”

He also told WaPo reporter Bart Gellman that national intelligence wouldn’t stop at killing a reporter in the name of protecting especially sensitive information. Is that crazy? I hope so. Ithink so, simply because reporters who break big national-security stories aren’t known to disappear or meet with accidents. But I don’t know.

“I understand that I will be made to suffer for my actions, and that the return of this information to the public marks my end,” [Snowden] wrote in early May, before we had our first direct contact. He warned that even journalists who pursued his story were at risk until they published.

The U.S. intelligence community, he wrote, “will most certainly kill you if they think you are the single point of failure that could stop this disclosure and make them the sole owner of this information.”

On the one hand, that sounds like a Ron Paul fan muttering under his breath. On the other hand, this guy’s scoop about PRISM has in fact been borne out as other government sources have confirmed the program’s existence. It’s hard to sneer at someone for being paranoid after he’s just exposed massive data-mining of Americans’ electronic communications. The one question to which I keep returning is how Snowden could have gotten hold of all this information. Could he really have done it all himself given his place in the natsec food chain? CIA officials are confused too:

For instance, Snowden said he did not have a high school diploma. One former CIA official said that it was extremely unusual for the agency to have hired someone with such thin academic credentials, particularly for a technical job, and that the terms Snowden used to describe his agency positions did not match internal job descriptions.

Snowden’s claim to have been placed under diplomatic cover for a position in Switzerland after an apparently brief stint at the CIA as a systems administrator also raised suspicion. “I just have never heard of anyone being hired with so little academic credentials,” the former CIA official said. The agency does employ technical specialists in overseas stations, the former official said, “but their breadth of experience is huge, and they tend not to start out as systems administrators.”

A former senior U.S. intelligence official cited other puzzling aspects of Snowden’s account, questioning why a contractor for Booz Allen at an NSA facility in Hawaii would have access to something as sensitive as a court order from the Foreign Intelligence Surveillance Court.

“I don’t know why he would have had access to those . . . orders out in Hawaii,” the former official said.

Snowden: I could have wiretapped anyone’s e-mails, including the president’s personal account « Hot Air

Could this guy really have done it all himself or did he have an accomplice further up the chain who wanted this to come out but wasn’t prepared to suffer for the disclosure? Snowden is a perfect leaker: He’s young and idealistic, which makes him more sympathetic to the public, and he’s unmarried and without children, so he has less to lose than someone older with more family obligations might. He may have agreed to take the fall in the name of exposing a government program to which he objected, and his accomplice may have agreed to provide him with the documents in return. (If you think it’s unlikely that a veteran analyst might suffer a crisis of conscience, meet William Binney.) I take it right now the FBI’s sifting through Snowden’s communications over the past year or so with NSA officials to see if he had any unusual recurring communications with anyone higher up. Or maybe I’m talking straight out of my ass and Snowden really did pull this off himself. That was my point up top — as a layman, there’s simply no way to know what’s likely or unlikely. Most conspiracy theorists latch on to outlandish explanations because, deep down, the conspiracy makes them feel better than the reality. I’m doing that too here. I’d rather believe Snowden was working with someone than that one rogue midlevel IT operative could tap the president’s secret GMail account or break open the inner sanctum of U.S. national security. We’ll see.

Exit question one: A guy with access to one of the NSA’s most sensitive tools tells them he needs a few weeks off to get treatment for his epilepsy, then hops a plane to Hong Kong(!) — and no one at the agency suspects anything until it’s too late? A point oft-repeated on Twitter yesterday after he outed himself is that the fact that he was able to pull this off at all kinda sorta explodes the NSA’s rationale for massive data-mining in the first place. Exit question two: Can we safely assume that, if we’re bugging more or less the entire Internet, we’re not in fact at China’s mercy when it comes to cyberespionage? Every week brings a new story about Beijing rifling through American businesses’ records; last week came news that the Obama and McCain campaigns were hacked by China in 2008. Why are they able to do that if the feds are so far ahead technologically that they can track a person’s movements virtually moment to moment from their data footprint? I realize the technology in data mining and hacker defense is different, but it’s weird to think the feds have all but mastered the former and yet trail in the latter to an almost catastrophic degree.

BY ALLAHPUNDIT

 via  Hot Air

Rational Paranoid thought for the Day: What If China Hacks the NSAs Massive Data Trove?

By Conor Friedersdorfsafe full full.jpg

Reuters

Bradley Manning proved that massive amounts of the government’s most secret data was vulnerable to being dumped on the open Internet. A single individual achieved that unprecedented leak. According to the Washington Post, “An estimated 854,000 people, nearly 1.5 times as many people as live in Washington, D.C., hold top-secret security clearances.” And this week, we learned that the FBI, CIA and NSA were unable to protect some of their most closely held secrets from Glenn Greenwald,Richard EngelRobert WindremBarton Gellman,  and Laura Poitras. Those journalists, talented as they are, possess somewhat fewer resources than foreign governments! So I naturally started to think about all the data the NSA is storing.

In the wrong hands, it could enable blackmail on a massive scale, widespread manipulation of U.S. politics, industrial espionage against American businesses;,and other mischief I can’t even imagine.

The plan is apparently to store the data indefinitely, just in case the government needs it for future investigations. Don’t worry, national security officials tell us, we won’t ever look at most of it.

Do you trust the government to keep it secure, forever, if others try to look?

If so, why?

Here are 5 terrifying scenarios:

1) China manages to get the NSA data.

2) Russia manages to get the NSA data. (It isn’t like they never succeeded in placing spies in our government before.)

3) Pakistan manages to get the NSA data. (They pulled off stealing the West’s nuclear secrets.)

4) Iran manages to get the NSA data.

5) Saudi Arabia manages to get the NSA data.

Of course, it could be a non-state actor that gets ahold of the data too. Perhaps a successor to Al Qaeda.

What if one of these entities breached the database’s security without our even knowing?

Even assuming the U.S. government never abuses this data — and there is no reason to assume that! — why isn’t the burgeoning trove more dangerous to keep than it is to foreswear? Can anyone persuasively argue that it’s virtually impossible for a foreign power to ever gain access to it? Can anyone persuasively argue that if they did gain access to years of private phone records, email, private files, and other data on millions of Americans, it wouldn’t be hugely damaging?

Think of all the things the ruling class never thought we’d find out about the War on Terrorism that we now know. Why isn’t the creation of this data trove just the latest shortsighted action by national security officials who constantly overestimate how much of what they do can be kept secret? Suggested rule of thumb: Don’t create a dataset of choice that you can’t bear to have breached.

 

via  The Atlantic.