Interesting People mailing list archives
Who Is Publishing NSA and CIA Secrets, and Why? - Lawfare
From: "Dave Farber" <farber () gmail com>
Date: Sat, 29 Apr 2017 10:14:03 -0400
https://www.lawfareblog.com/who-publishing-nsa-and-cia-secrets-and-why There's something going on inside the intelligence communities in at least two countries, and we have no idea what it is. Consider these three data points. One: someone, probably a country's intelligence organization, is dumping massive amounts of cyberattack tools belonging to the NSA onto the Internet. Two: someone else, or maybe the same someone, is doing the same thing to the CIA. Three: in March, NSA Deputy Director Richard Ledgett described how the NSA penetrated the computer networks of a Russian intelligence agency and was able to monitor them as they attacked the U.S. State Department in 2014. Even more explicitly, a U.S. ally—my guess is the U.K.—was not only hacking the Russian intelligence agency's computers, but also the surveillance cameras inside their building. "They [the U.S. ally] monitored the [Russian] hackers as they maneuvered inside the U.S. systems and as they walked in and out of the workspace, and were able to see faces, the officials said." Countries don't often reveal intelligence capabilities: "sources and methods." Because it gives their adversaries important information about what to fix, it's a deliberate decision done with good reason. And it's not just the target country who learns from a reveal. When the U.S. announces that it can see through the cameras inside the buildings of Russia's cyber warriors, other countries immediately check the security of their own cameras. With all this in mind, let's talk about the recent leaks at NSA and the CIA. Last year, a previously unknown group called the Shadow Brokers started releasing NSA hacking toolsand documents from about three years ago. They continued to do sothis year—five sets of files in all—and have implied that more classified documents are to come. We don't know how they got the files. When the Shadow Brokers first emerged, the general consensus was that someone had found and hacked an external NSA staging server. These are third-party computers that the NSA's TAO hackers use to launch attacks from. Those servers are necessarily stocked with TAO attack tools. This matched the leaks, which included a "script" directory and working attack notes. We're not sure if someone inside the NSA made a mistake that left these files exposed, or if the hackers that found the cache got lucky. ..., ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580 Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170429101413:1C48A09A-2CE6-11E7-961A-F73C22A91CAE Powered by Listbox: http://www.listbox.com
Current thread:
- Who Is Publishing NSA and CIA Secrets, and Why? - Lawfare Dave Farber (Apr 29)