Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Who Is Publishing NSA and CIA Secrets, and Why? - Lawfare

From: "Dave Farber" <farber () gmail com>
Date: Sat, 29 Apr 2017 10:14:03 -0400

https://www.lawfareblog.com/who-publishing-nsa-and-cia-secrets-and-why

There's something going on inside the intelligence communities in at least two countries, and we have no idea what it 
is.

Consider these three data points. One: someone, probably a country's intelligence organization, is dumping massive 
amounts of cyberattack tools belonging to the NSA onto the Internet. Two: someone else, or maybe the same someone, is 
doing the same thing to the CIA.

Three: in March, NSA Deputy Director Richard Ledgett described how the NSA penetrated the computer networks of a 
Russian intelligence agency and was able to monitor them as they attacked the U.S. State Department in 2014. Even more 
explicitly, a U.S. ally—my guess is the U.K.—was not only hacking the Russian intelligence agency's computers, but also 
the surveillance cameras inside their building. "They [the U.S. ally]  monitored the [Russian] hackers as they 
maneuvered inside the U.S. systems and as they walked in and out of the workspace, and were able to see faces, the 
officials said."

  
Countries don't often reveal intelligence capabilities: "sources and methods."  Because it gives their adversaries 
important information about what to fix, it's a deliberate decision done with good reason.  And it's not just the 
target country who learns from a reveal. When the U.S. announces that it can see through the cameras inside the 
buildings of Russia's cyber warriors, other countries immediately check the security of their own cameras.

With all this in mind, let's talk about the recent leaks at NSA and the CIA.

Last year, a previously unknown group called the Shadow Brokers started releasing NSA hacking toolsand documents from 
about three years ago. They continued to do sothis year—five sets of files in all—and have implied that more classified 
documents are to come. We don't know how they got the files. When the Shadow Brokers first emerged, the general 
consensus was that someone had found and hacked an external NSA staging server. These are third-party computers that 
the NSA's TAO hackers use to launch attacks from. Those servers are necessarily stocked with TAO attack tools. This 
matched the leaks, which included a "script" directory and working attack notes. We're not sure if someone inside the 
NSA made a mistake that left these files exposed, or if the hackers that found the cache got lucky.



...,




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170429101413:1C48A09A-2CE6-11E7-961A-F73C22A91CAE
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: