Rabu, 27 Maret 2019

Leaked Documents That Were Non Attributed To Snowden

(Latest UPDATE: June 22, 2018)

Since June 2013, numerous meridian hush-hush documents from the American signals intelligence agency NSA as well as its British counterpart GCHQ have got been disclosed. The overwhelming bulk of them came from the one-time NSA contractor Edward Snowden.

But what many people likely didn't notice, is that some of these documents (some beingness real compromising as well as embarrassing for NSA) were non provided past times Snowden, but past times other leakers.

Often, the press reports didn't get upwards that real clear, as well as it was just past times not attributing such documents to Snowden, that it became clear they patently came from someone else.

NSA study nearly an intercepted conversation of French president Hollande.
From an unknown source, published past times Wikileaks inward 2015
(click to enlarge)

So far, the next classified documents have got been disclosed without having been attributed to Snowden:

2013:
- Chancellor Merkel tasking record
- TAO's ANT production catalog

2014:
- XKEYSCORE rules: TOR as well as TAILS
- NCTC watchlisting guidance
- NCTC terrorist watchlist report

2015:
- XKEYSCORE rules: New Zealand
- Ramstein AFB supporting drone operations
- NSA tasking & reporting: France
- NSA tasking & reporting: Germany
- NSA tasking & reporting: Brazil
- NSA tasking & reporting: Japan
- Chinese cyber espionage against the US
- XKEYSCORE understanding betwixt NSA, BND as well as BfV
- The Drone Papers
- Cellphone surveillance catalogue

2016:
- US armed forces documents: Republic of Iraq as well as Afghanistan
- NSA tasking & reporting: EU, Italy, UN
- TAO hacking tools (The Shadow Brokers)
- FBI & CBP edge intelligence gathering
- TAO IP addresses as well as domain names

2017:
- TAO Windows files
- CIA hacking tools (Vault 7)
- TAO Solaris exploits
- TAO Windows exploits + SWIFT files
- CIA specific hacking projects (Vault 7)
- NSA study nearly Russian hacking
- TAO UNITEDRAKE Manual
- CIA source code (Vault 8)

- Some thoughts on the shape of the documents
- Some thoughts on the motives behind the leaks
- Conclusion

Document collections

The most user-friendly collection of all the leaked documents tin locomote industrial plant life on the website IC Off The Record (which started every bit a parody on IC On The Record, the official US of America authorities website on which declassified documents are published).

Other websites that collect leaked documents related to the Five Eyes agencies, so from Snowden every bit good every bit from other sources, are FVEY Docs as well as Cryptome. The Snowden-documents are also available as well as searchable through the Snowden Surveillance Archive.

Domestic US of America leaks

Here, just leaks related to unusual signals intelligence as well as related armed forces topics volition locomote listed. Not included are thus documents nearly American domestic operations, similar for example:
- about the DEA
- The FBI's intercepted communications of the Russian oligarch Yevgeniy Prigozhin.

- Documents non attributed to Snowden -

Chancellor Merkel tasking record

On October 23, 2013, the High German mag Der Spiegel revealed that the NSA may have got eavesdropped on the jail energy cell telephone of chancellor Merkel. This was based upon "the excerpt from an NSA database nearly Merkel's jail energy cell phone", which the mag received.* Influenza A virus subtype H5N1 journalist from Der Spiegel made a transcription of the database record, as well as afterward on, a re-create of this transcription was printed inward some High German newspapers.
Glenn Greenwald convinced that this came from a mo source.

Reports:
- Kanzler-Handy im US-Visier? Merkel beschwert sich bei Obama
- NSA-Überwachung: Merkels Handy steht seit 2002 auf US-Abhörliste

Document:
- Transcript of an NSA database record

Date of the document: ?

TAO's ANT production catalog

On December 29, 2013, the High German mag Der Spiegel published a 50-page catalog from the ANT-unit of NSA's hacking sectionalization TAO. It contains a broad hit of sophisticated hacking as well as eavesdropping techniques. The adjacent day, Jacob Appelbaum discussed them during his presentation at the CCC inward Berlin.
According to Bruce Schneier this catalog came from the mo source, who also leaked the Merkel tasking tape as well as the XKEYSCORE rules.

Report:
- Shopping for Spy Gear: Catalog Advertises NSA Toolbox

Document:
- ANT Product Catalog (SECRET/COMINT)

Date of the document: 2008?

XKEYSCORE rules: TOR as well as TAILS

On July 3, 2014, the High German regional goggle box mag Reporter disclosed the transcripts of a laid of rules used past times the NSA's XKEYSCORE scheme to automatically execute oftentimes used search terms, including correlating unlike identities of a for certain target.
According to Bruce Schneier, these rules could locomote leaked past times the mo source, which also provided the Merkel tasking tape as well as the TAO catalog.

Report:
- NSA targets the privacy-conscious

Document:
- Transcript of XKeyscore Rules (classification non included)

NCTC watchlisting guidance

On July 23, 2014, the website The Intercept published a manual from the US of America National CounterTerrorism Center (NCTC) amongst rules as well as indications used for putting people inward terrorist databases as well as no-fly lists.
The Intercept says this document was provided past times a "source within the intelligence community".

Report:
- assumes it was leaked past times a tertiary source.

Report:
- other documents that did come upwards from the Snowden cache.

Reports:
- Revealed: The names NZ targeted using NSA's XKeyscore system
- How spy agency homed inward on Groser's rivals

Documents:
- Fingerprint nearly the WTO (TOP SECRET/COMINT)
- Fingerprint nearly the Solomon Islands (TOP SECRET/COMINT)

Date of the documents: Jan half dozen & May 6, 2013

Ramstein AFB supporting drone operations

On April 17, 2015, The Intercept as well as Der Spiegel published a serial of slides showing the infrastructure which is used for operating drones, for which the US of America base of operations inward Ramstein, Germany, acts every bit a relay station.
In the Citizen Four nosotros encounter Glenn Greenwald visiting Snowden inward Moscow, telling him there's a novel source which revealed the role of Ramstein AFB inward the drone program.

Reports:
- Bündnisse: Der Krieg via Ramstein

Document:
- Top French NSA Targets (no classification available)
- Top French NSA Intercepts (up to TOP SECRET/COMINT-GAMMA)
- Economic Spy Order (SECRET/REL)

Timeframe of the documents: 2004 - July 31, 2012

NSA tasking & reporting: Germany

On July 1, 2015, Wikileaks, inward collaboration amongst Libération as well as Mediapart, Süddeutsche Zeitung as well as l'Espresso, published the transcript of entries from an NSA tasking database, every bit good every bit intelligence reports nearly high-level High German targets.

Reports:
- NSA Helped CIA Outmanoeuvre Europe on Torture
- Top High German NSA Targets (no classification available)
- Top High German NSA Intercepts (up to TOP SECRET/COMINT-GAMMA)

Timeframe of the documents: 2005 - August 2011

NSA tasking & reporting: Brazil

On July 4, 2015, Wikileaks published the transcript of entries from an NSA tasking database nearly high-level Brazilian targets. Unlike similar disclosures nearly France, FRG as well as Japan, no intelligence reports nearly Brazil were disclosed.

Report:
- Bugging Brazil

Document:
- Top Brazilian NSA Targets (no classification available)

NSA tasking & reporting: Japan

On July 31, 2015, Wikileaks, inward collaboration amongst Süddeutsche Zeitung, l'Espresso, The Sat Paper from Commonwealth of Australia as well as the Japanese paper Asahi Shimbun, published the transcript of entries from an NSA tasking database, every bit good every bit intelligence reports nearly high-level Japanese targets.

Reports:
- Target Tokyo
- Top Japanese NSA Targets (no classification available)
- Top Japanese NSA Intercepts (TOP SECRET/COMINT)

Timeframe of the documents: 2007 - 2009

Chinese cyber espionage against the US

On July 30 as well as August 10, 2015, NBC News published 2 slides nearly Chinese cyber espionage against over 600 US of America companies as well as authorities agencies, including access to the e-mail of meridian authorities officials since at to the lowest degree 2010.
This leak stands out because the slides are inward digital form, as well as they back upwards a story that shows the neccessity of NSA - which seems to betoken to an authorized leak.

Reports:
- Exclusive: Secret NSA Map Shows PRC Cyber Attacks on U.S. Targets
- China Read Emails of Top U.S. Officials

Documents:
- China: Cyber Exploitation as well as Attack Units (SECRET)
- U.S. Victims of Chinese Cyber Espionage (SECRET)

Date of the document: Feb 2014

XKEYSCORE understanding betwixt NSA, BND as well as BfV

On August 26, 2015, the High German paper Die Zeit published the transcript of the Terms of Reference (ToR) nearly the utilisation of NSA's XKEYSCORE scheme past times the High German safety service BfV.
Being a transcript as well as beingness nearly XKEYSCORE, this could locomote from the same source every bit the XKEYSCORE rules, but it's also possible it came from a source within a High German authorities agency.

Report:
- A Dubious Deal amongst the NSA

Document:
- XKeyscore - the document (SECRET/COMINT)

Date of the document: Apr 2013

The Drone Papers

On October 15, 2015, The Intercept published a serial of documents amongst details nearly drone operations past times the US of America armed forces betwixt 2011 as well as 2013.
In the Citizen Four nosotros encounter Glenn Greenwald visiting Snowden inward Moscow, telling him there's a novel source which revealed the role of Ramstein AFB inward the drone program, including the chain of command diagram which is role of this batch of documents.

Reports:
- The Assassination Complex
- The Kill Chain

Documents:
- U.S. Intelligence Support to Find, Fix, Finish Operations

Cellphone surveillance catalogue

On December 17, 2015, The Intercept published a hit of pages from a classified catalogue containing cellular telephone surveillance equipment, including IMSI-catchers similar Stingrays as well as DRT boxes.
Just similar the NCTC reports, The Intercept obtained this document from a "source within the intelligence community".

Report:
- DRTBOX as well as the DRT surveillance systems

US armed forces documents: Republic of Iraq as well as Afghanistan

On February 14, 2016, the website Cryptome published a batch of give-and-take as well as some pdf-documents containing diverse US of America armed forces manuals as well as policy papers regarding operations as well as activities inward Republic of Iraq as well as Afghanistan.

Documents:
- Is the Shadow Brokers leak the latest inward a series?

FBI & CBP edge intelligence gathering

On October 6, 2016, the website The Intercept published a laid of documents as well as copies of presentation slides nearly how the FBI cooperates amongst US of America Customs as well as Border Protection (CBP) to assemble intelligence from edge controls.
These documents were provided past times an "intelligence community source familiar amongst the procedure who is concerned nearly the FBI’s handling of Muslim communities".

Report:
- Vault 7: CIA Hacking Tools Revealed

Documents:
- Vault 7: Directory (up to SECRET/NOFORN)

Timeframe of the documents: 2013 - 2016

TAO Solaris exploits

On April 8, 2017, the Shadow Brokers were dorsum as well as released the password for an encrypted information laid released when they announced their file auction. The information laid includes a hit of exploits, including for the Unix operating scheme Solaris.

Report:
- They're Back: The Shadow Brokers Release More Alleged Exploits

Documents:
- EQGRP Auction File

Timeframe of the documents: 2004 - ?

TAO Windows exploits + SWIFT files

On April 14, 2017, the Shadow Brokers published an archive containing a serial of Windows exploits as well as documents nearly NSA's infiltration of the banking network SWIFT, for the showtime fourth dimension including several Top Secret NSA powerpoint presentations, similar to those leaked past times Snowden.

Reports:
- Shadow Brokers Dump Alleged Windows Exploits as well as NSA Presentations on Targeting Banks
- The New Shadow Brokers Leak Connects the NSA to the Stuxnet Cyber Weapon Used on Iran

Documents:
- EQGRP Lost inward Translation (up to TOP SECRET/SI/NOFORN)

Timeframe of the documents: until Oct 17, 2013

CIA specific hacking projects (Vault 7)

Since March 23, 2017, Wikileaks publishes internal user guides as well as similar files as well as documents related to private CIA hacking tools every week. Until September 7, 2017 these include: Dark Matter, Marble Framework, Grasshopper, Hive, Weeping Angle, Scribbles, Archimedes, AfterMidnight, Assassin, Athena, Pandemic, Cherry Blossom, Brutal Kangaroo, Elsa, OutlawCountry, BothanSpy, Highrise, Imperial, Dumbo, CouchPotato, ExpressLane, Angelfire, as well as Protego.

Report:
- Vault 7: Releases per project

Documents:
- Vault 7: Projects (up to SECRET/NOFORN/STRAP 2)

Timeframe of the documents: Nov 19, 2004 - March 1, 2016

NSA study nearly Russian hacking

On June 5, 2017, The Intercept published an NSA study nearly a months-long Russian cyber performance against parts of the US of America election as well as voting infrastructure.
Only an hr af this publication, the US of America authorities announced that they volition accuse Reality Leigh Winner, who worked every bit a contractor linguist for NSA, for leaking this report.

Report:
- NSA Report on Russian Federation Spearphishing (TOP SECRET//SI//ORCON/REL/FISA)

Date of the document: May 5, 2017

TAO UNITEDRAKE Manual

On September 6, 2017, the Shadow Brokers came amongst a message on Steemit.com nearly their "subscription service" for alleged TAO hacking tools. As an example, the manual for the UNITEDRAKE "remote collection scheme for Windows targets" was released inward full.

Report:
- The Shadowbrokers - September 2017 proclamation reveals UNITEDRAKE (and many other NSA code names)

Document:
- UNITEDRAKE Manual (pdf)

Date of the document: ?

CIA source code (Vault 8)

Since November 9, 2017, Wikileaks publishes the source code as well as evolution logs for CIA hacking tools, including those described inward the Vault seven series. These include: Hive

Report:
- Vault 8

Documents:
- Vault 8 (up to SECRET/NOFORN)

Timeframe of the documents: August 2013 - Oct 2015

It is hard to tell just from how many unlike leakers these documents come. The journalists involved volition of course of teaching exercise everything to enshroud their source's identity, including creating distraction as well as confusion, but also creating the impression that many other leakers followed the illustration of Edward Snowden.

Some thoughts on the shape of the documents

Content-wise the documents from the alleged other sources are non real unlike from the ones from Snowden. But what seems to distinguish them most, is their form, which is either digital, a transcript or scanned from paper.

Digital

Almost all documents that were attributed to Snowden came inward their master copy digital shape (with some real few exceptions that were scanned from paper). This makes it remarkable that just 2 documents from the other sources are inward a similar digital form.

The showtime 1 is the famous TAO Product Catalog amongst hacking as well as eavesdropping techniques, which also given its content comes closest to the Snowden documents. Despite that, this catalog was never attributed to him.

The other leak inward digital shape are the 2 slides nearly Chinese cyber espionage, but these likely come upwards from a source inward back upwards of the US of America government.

Transcripts

Influenza A virus subtype H5N1 issue of other leaks didn't furnish documents inward their master copy form, but just transcripts thereof. This is the instance for the next revelations:

- Chancellor Merkel tasking record
- XKEYSCORE rules: TOR as well as TAILS
- XKEYSCORE rules: New Zealand
- XKEYSCORE understanding betwixt NSA, BND as well as BfV

The lists from an NSA tasking database amongst targets for France, Germany, Brazil as well as Nihon are also transcripts, but for the intelligence reports, which Wikileaks published simultaneously, nosotros have got at to the lowest degree one example that is inward its master copy format. All other ones came every bit transcripts.

Scanned from paper

All other documents that didn't came from Snowden await similar they were printed out (some were fifty-fifty recognized every bit beingness double-sided) as well as scanned again. This is the instance for:

- NCTC watchlisting guidance
- NCTC terrorist watchlist report
- Ramstein AFB supporting drone operations
- The Drone Papers
- Cellphone surveillance catalogue
- FBI & CBP edge intelligence gathering

This doesn't automatically hateful they are all from the same source, every bit 2 of them are from the civilian NCTC as well as the other 3 are clearly from a armed forces context.

We don't know when or where these documents were printed out: perhaps it was done past times the leaker, for whom it could have got been easier to exfiltrate them every bit hard copy, than on a detectable pollex drive.

It's also possible that they were printed out past times the press contact inward lodge to brand them await unlike from the Snowden documents. But on the other hand, publishing them inward digital shape would have got made it to a greater extent than hard to testify they were not from the Snowden cache.

Some thoughts on the motives behind the leaks

We tin also have got a await at the motives that could have got been behind these leaks. Interestingly, these seem to check quite good amongst the unlike forms the documents have.

A mo source

The disclosures of the transcriptions of the XKEYSCORE rules as well as the tasking database lists are quite far from beingness inward the populace interest. They are nearly legitimate targets of unusual intelligence as well as publishing them seems alone meant to discredit the NSA and/or harm US of America unusual relationships.

The same applies to the TAO Product Catalog, which contains devices as well as methods that are just used against "hard targets" that cannot locomote reached past times other means, so this is non nearly spying on ordinary citizens, but does compromise valid US of America intelligence operations.

At showtime sight, 1 would assume that these documents were from the Snowden cache, but published past times people similar Appelbaum as well as an organization similar Wikileaks, who have got a to a greater extent than radical approach than Snowden himself, as well as perhaps thus could have got pretended they came from some other source.

However, both Greenwald as well as safety skilful Bruce Schneier said these documents were actually provided past times some other leaker. Because a issue of them were published past times High German media, Schneier guesses it mightiness locomote "either an NSA employee or contractor working inward Germany, or someone from High German intelligence who has access to NSA documents".

If that's the case, so it's non just remarkable that there's a mo source from within or unopen to NSA, but also that this source is patently fine amongst leaking documents that demonstrate no abuses, but just seriously harm US of America interests - which is either treason, or the operate of a hostile intelligence agency. Snowden at to the lowest degree acted from his trace of piece of job nearly increasing bulk surveillance on innocent civilians.

Update:
So far, the terminal publication that tin locomote attributed to the Second Source were the NSA tasking & reporting files inward Feb 2016. Then inward August of that year, someone or a grouping who called themselves The Shadow Brokers, started a serial of leaks, mainly of TAO hacking tools. They are published without an intermediary similar media outlets or Wikileaks (although already inward August 2016, Wikileaks Thousands of documents nearly NSA as well as the v Eyes

Source nr. 2 (NSA insider and/or hostile intelligence?)

- Chancellor Merkel tasking record
- TAO's ANT production catalog
- XKEYSCORE rules: TOR as well as TAILS
- XKEYSCORE rules: New Zealand
- NSA tasking & reporting: France, Germany, Brazil, Japan
- XKEYSCORE understanding betwixt NSA, BND as well as BfV
- NSA tasking & reporting: EU, Italy, UN

Source nr. 3 (someone from US of America armed forces intelligence?)

- NCTC watchlisting guidance
- NCTC terrorist watchlist report
- Ramstein AFB supporting drone operations
- The Drone Papers
- Cellphone surveillance catalogue
- FBI & CBP edge intelligence gathering

Source nr. 4 (on behalf of the US of America government?)

- Chinese cyber espionage

Source nr. 5 (low-level armed forces person)

- US armed forces documents: Republic of Iraq as well as Afghanistan

Source nr. 6 ("The Shadow Brokers")

- TAO hacking tools
- TAO IP addresses as well as domain names
- TAO Windows files
- TAO Solaris exploits
- TAO Windows exploits + SWIFT files
- TAO UNITEDRAKE Manual

Source nr. 7 (Joshua A. Schulte)

- CIA hacking tools (Vault 7)
- CIA specific hacking projects (Vault 7)
- CIA source code (Vault 8)

Source nr. 8 (Reality L. Winner)

- NSA study nearly Russian hacking

UPDATES:

On Oct 6, 2016, The New York Times reported that on August 27, 2016, the FBI arrested 51-year old Harold T. Martin III, who worked at NSA every bit a contractor for Booz Allen Hamilton. He was described every bit a hoarder as well as on Feb 8, 2017 he was just indicted on charges of stealing as well as retaining the largest heist of classified information inward US of America history: from the 1990s until 2016, he took documents from US of America Cyber Command, CIA, National Reconnaissance Office (NRO) as well as NSA. Martin was non defendant of passing information to foreigners, nor of beingness the source for the Shadow Brokers publications.

> See also: With NSA contractor Martin arrested, other leakers may yet locomote at large

On Nov 19, 2016, it was reported past times the Washington Post that at that topographic point had been yet another, previously undisclosed breach of cybertools, which was discovered inward the summertime of 2015. This was also carried out past times a TAO employee, who had also been arrested, but his instance was non made public. An official said that it is non believed that this private shared the cloth amongst some other country.

In Oct 2017, the Washington Post revealed that this anonymous TAO employee had taken hacking tools domicile to operate on it on his private laptop, which ran Kaspersky antivirus software. This computer program detected the hacking files after which Russian hackers targeted his laptop. The TAO employee was removed from his task inward 2015, but was non idea to have got taken the files to furnish them to a unusual spy agency.

From the courtroom documents, nosotros learn that this TAO employee is 67-year old Nghia H. Pho from Ellicott City, Maryland, who was born inward Vietnam as well as naturalized every bit a US of America citizen. From 2006 to 2016, he worked every bit a software developer at NSA's TAO division, as well as from 2010 till March 2015, he took classified documents home, both digital as well as hard copy.

On Apr 20, 2017, CBS News reported that CIA as well as FBI started a articulation investigation into the leak of the CIA hacking tools that were published past times Wikileaks nether the call "Vault 7". Investigators are patently looking for an insider, either a CIA employee or contractor, who had physical access to the material.

An updated overview of the Shadow Brokers story was published past times the New York Times on Nov 12, 2017, maxim that investigators were worried that 1 or to a greater extent than leakers may yet locomote within NSA as well as also that the small-scale issue of specialists who have got worked both at TAO as well as at the CIA came inward for especial attention, out of trace of piece of job that a unmarried leaker mightiness locomote responsible for both the Shadow Brokers as well as the files published past times Wikileaks every bit role of their Vault7 as well as Vault8 serial (although the CIA files are to a greater extent than recent).

In May 2018 it was charged for stealing the hacking files as well as providing them to Wikileaks.

So, also the diverse sources who stole classified cloth that was leaked to the public, at that topographic point are at to the lowest degree the next leaks from which (so far, as well as every bit far every bit nosotros know) no documents have got been published:

Leak nr. 9 (Harold T. Martin III)

- Classified documents from multiple agencies

Leak nr. 10 (via Kaspersky AV from Nghia H. Pho's computer)

- TAO documents as well as hacking tools