Minggu, 02 Februari 2020

Are The Shadow Brokers Identical Amongst The Bit Source?

(Updated: Nov 13, 2017)

What a lot of people don't know, is that a arrive at of classified documents from the NSA have got non been attributed to Edward Snowden, which agency that in that location was at to the lowest degree 1 other leaker within the NSA.

Initially, this leaker was called the "Second Source", together with although he was responsible for pregnant leaks, they got piddling attending inwards the US. More media coverage gained the release, since 2016, of NSA hacking tools past times the mysterious "Shadow Brokers".

Now, a closed await at documents published past times the German linguistic communication magazine Der Spiegel inwards Dec 2013 provided novel indications that the Second Source could live identical amongst the leaker behind the Shadow Brokers.



NSA's Cryptologic Center inwards San Antonio, Texas (2013)
(photo: William Luther - click to enlarge)


The instant source

The start leak that was non attributed to Snowden, was of an internal NSA tasking record, showing that German linguistic communication chancellor Angela Merkel was evidently on the NSA's targeting list. The instant revelation that published the total presentation nearly FOXACID.

This slide was belike provided past times Laura Poitras, from her cache of Snowden documents, which would explicate why she was mentioned every bit 1 of the persons that provided assistance for Der Spiegel's master copy slice of Dec 29.

The other presentations have got non been published every bit component of the Snowden revelations, there's exclusively was said to come upward from the same source every bit the Merkel record, was that of the ANT production catalog, containing a broad arrive at of sophisticated eavesdropping gadgets together with techniques.

Security skillful Bruce Schneier, who was belike the start to write nearly the possibility of a instant source, published the total presentation nearly FOXACID.

This slide was belike provided past times Laura Poitras, from her cache of Snowden documents, which would explicate why she was mentioned every bit 1 of the persons that provided assistance for Der Spiegel's master copy slice of Dec 29.

The other presentations have got non been published every bit component of the Snowden revelations, there's exclusively said that this source evidently passed his documents to a minor grouping of people inwards Germany, including hacktivist Jacob Appelbaum together with documentary cinema maker Laura Poitras.

Because Poitras also received 1 of the initial sets of documents from Snowden, it is sometimes assumed that the documents from the Second Source may genuinely stalk from the Snowden trove, despite non existence attributed every bit such. For some of the private documents this was contradicted past times Glenn Greenwald together with Edward Snowden though.


Spiegel reportings

The ANT catalog was published past times the German linguistic communication magazine Der Spiegel on Dec 29, 2013. The original article was inwards German linguistic communication together with written past times Jacob Appelbaum, Judith Horchert, Ole Reißmann, Marcel Rosenbach, Jörg Schindler together with Christian Stöcker. H5N1 translation inwards English linguistic communication mentioned the names of Jacob Appelbaum, Judith Horchert together with Christian Stöcker.

Although this catalog got most of the attention, non at to the lowest degree because Appelbaum explained the diverse tools during a presentation at the hackers conference CCC on Dec 30, it was genuinely only an add-on to Der Spiegel's extensive main piece nearly the hacking segmentation of the NSA, called Tailored Access Operations (TAO).

This article was written past times Jacob Appelbaum, Marcel Rosenbach, Jörg Schindler, Holger Stark together with Christian Stöcker, amongst the cooperation of Andy Müller-Maguhn, Judith Horchert, Laura Poitras together with Ole Reißmann. There was also a translation inwards English linguistic communication prepared past times the Spiegel staff based upon reporting "by Jacob Appelbaum, Laura Poitras, Marcel Rosenbach, Christian Stöcker, Jörg Schindler together with Holger Stark."


TAO documents

This master copy slice was accompanied past times diverse NSA documents: 1 slide nearly FOXACID, a partial presentation nearly QUANTUM, ii carve upward pages from other documents, every bit good every bit consummate powerpoint presentations nearly QUANTUM tasking, the TAO unit of measurement at NSA/CSS Texas, together with the QFIRE architecture:



(click to teach to the diverse documents)


Not Snowden?

Apparently never noticed before, is that non exclusively the ANT production catalog, but also these other presentations together with documents were non attributed to Snowden. In both the German linguistic communication together with the English linguistic communication version, the whole lengthy article contains multiple times phrases similar "internal NSA documents viewed past times SPIEGEL" but never inwards combination amongst the call of Edward Snowden.

This is remarkable, because for the media, it's unremarkably almost some sort of accolade to release documents provided past times Snowden, which is therefore clearly mentioned inwards their reporting. In those cases, the byline includes the call of the 1 who genuinely provided the documents on Snowden's behalf, oftentimes Glenn Greenwald together with for Der Spiegel, Laura Poitras.

But both articles from Dec 29 have got Jacob Appelbaum, instead of Poitras inwards the byline, which seems to live an indication that here, the summit undercover NSA documents were provided past times Appelbaum, probable every bit the middleman for the mysterious instant source.


Exception: FOXACID slide

There's 1 exception though: the published the total presentation nearly FOXACID.

This slide was belike provided past times Laura Poitras, from her cache of Snowden documents, which would explicate why she was mentioned every bit 1 of the persons that provided assistance for Der Spiegel's master copy slice of Dec 29.

The other presentations have got non been published every bit component of the Snowden revelations, there's exclusively one amongst a similar layout (from Booz Allen's SDS unit), but is nearly a different topic.


Significance

If non exclusively the ANT Product Catalog, but also these other NSA presentations nearly the TAO segmentation were non provided past times Snowden, but past times the instant source, what's the significance of that?

Analysing the arrive at of published the total presentation nearly FOXACID.

This slide was belike provided past times Laura Poitras, from her cache of Snowden documents, which would explicate why she was mentioned every bit 1 of the persons that provided assistance for Der Spiegel's master copy slice of Dec 29.

The other presentations have got non been published every bit component of the Snowden revelations, there's exclusively revelations that were non attributed to Snowden, resulted inwards the next listing of documents that were probable leaked past times the instant source:

- Chancellor Merkel tasking record
- TAO production catalog
- XKEYSCORE rules: TOR together with TAILS
- XKEYSCORE rules: New Zealand
- NSA tasking & reporting France, Germany, Brazil, Japan
- XKEYSCORE understanding betwixt NSA, BND together with BfV(?)
- NSA tasking & reporting EU, Italy, UN

Except for the TAO catalog, 1 of the things that all these documents have got inwards common, is that they are different from the usual powerpoint presentations, programme manuals together with internal wiki pages that brand upward the biggest component of the Snowden revelations.

(Of course, absence of prove is no prove of absence, but every bit these instant source documents are oftentimes to a greater extent than pregnant than many other Snowden files, in that location seems to live no argue non to release them)

The additional Dec 29 files do genuinely gibe the typical sort of documents from Snowden, which makes it to a greater extent than hard to distinguish betwixt documents from Snowden together with those from the other leaker(s).



The Shadow Brokers

If nosotros await at the content of the files, nosotros run across that those from Der Spiegel's Dec 29 article are all nearly NSA's hacking operations. There have got been several Snowden stories nearly that topic, but to a greater extent than spectacular became the release, since August 2016, of actual NSA hacking tools past times a mysterious someone or grouping called The Shadow Brokers (TSB or SB).

There has been a lot of speculation nearly who could live behind this together with how he, she or they got access to these sensitive files. One option is an NSA insider, either on his own, inwards cooperation amongst crypto-anarchists, or every bit a mole directed past times a hostile intelligence agency.

Another proposition was that an NSA hacker mistakenly uploaded his whole toolkit to a server exterior the NSA's secure networks (also called a "staging server" or "redirector" to mask its truthful location) together with that someone was able to select grip of the files from in that location - this option was for illustration favored past times Snowden.


Insider

The latter theory was falsified when on Apr 14, 2017, the Shadow Brokers did non exclusively publish an archive containing a serial of Windows exploits, but also several documents together with summit undercover presentation slides nearly NSA's infiltration of the banking network SWIFT - things unlikely to live on a staging server, which makes that the source behind the Shadow Brokers is most probable an insider.

On July 28, the website CyberScoop reported that every bit component of their investigation into the Shadow Brokers leaks, U.S. regime counterintelligence investigators contacted old NSA employees inwards an seek out to position a possible disgruntled insider.

(just a few days ago, the Shadow Brokers released a manual for the hacking framework UNITEDRAKE, strangely plenty without appointment together with classification markings, but 1 time again something that 1 wouldn't abide by on an exterior staging server)



Same source?

With the documents published past times the Shadow Brokers evidently existence stolen past times an insider at NSA, the obvious inquiry is: could the Shadow Brokers live identical amongst the Second Source? (see update)

One interesting fact is that the published the total presentation nearly FOXACID.

This slide was belike provided past times Laura Poitras, from her cache of Snowden documents, which would explicate why she was mentioned every bit 1 of the persons that provided assistance for Der Spiegel's master copy slice of Dec 29.

The other presentations have got non been published every bit component of the Snowden revelations, there's exclusively last revelation that could live attributed to the instant source occured on Feb 23, 2016, together with that inwards August of that yr the Shadow Brokers started amongst their unloosen of hacking files. This could hateful that the instant source decided to release his documents inwards the to a greater extent than distinct together with noticeable way nether the guise of the Shadow Brokers.

But there's belike also a much to a greater extent than straight connection: the batch of documents published along amongst Der Spiegel's master copy slice from Dec 29, 2013 include a presentation nearly the TAO unit of measurement at NSA's Cryptologic Center inwards San Antonio, Texas, known every bit NSA/CSS Texas (NSAT):



TAO Texas presentation, published past times Der Spiegel inwards Dec 2013
(click for the total presentation)


And surprisingly, the serial of 3 slides that were released past times the Shadow Brokers on Apr fourteen were also from NSA/CSS Texas. They demonstrate 3 seals: inwards the upper left corner those of NSA together with CSS together with inwards the upper correct corner that of the Texas Cryptologic Center:



TAO Texas slide, published past times the Shadow Brokers inwards Apr 2017
(click for the total presentation)


NSA/CSS Texas

It's quite remarkable that amid the hundreds of NSA documents that have got been published therefore far, in that location are exclusively these ii sets from NSA/CSS Texas. This facility is responsible for operations inwards Latin America, the Caribbean, together with along the Atlantic littoral of Africa inwards back upward of the U.S. Southern together with Central Commands.

Update: The 3 Shadow Brokers slides from NSA/CSS Texas show operations against EastNets together with Business Computer Group (BCG), which are both Service Bureaus for the banking network SWIFT. EastNets has offices inwards Belgium, Jordan, Arab Republic of Egypt together with UAE together with was targeted nether the codename JEEPFLEA_MARKET, patch BCG serves Panama together with Venezuela together with was targeted nether JEEPFLEA_POWDER.

Besides the 1 inwards San Antonio, Texas, NSA has 3 other regional Cryptologic Centers inwards the US: inwards Augusta, Georgia, inwards Honolulu, Hawaii together with inwards Denver, Colorado. These iv locations were established inwards 1995 every bit Regional Security Operations Centers (RSOC) inwards lodge to disperse operational facilities from the Washington DC area, providing redundancy inwards the lawsuit of an emergency.

So far, no documents from whatever of these regional centers have got been published, except for the ii from NSA/CSS Texas. This could live a potent indication that they came from the same source - together with it seems plausible to assume that that source is someone who genuinely worked at that NSA location inwards San Antonio.

Access

This someone may exclusively have got stolen files that were available at his ain workplace, every bit it should live realized that non every leaker necessarily has similar broad access similar Snowden had (and gained) inwards his project every bit a systems administrator.

Snowden on the other mitt may exclusively have got downloaded things from an published the total presentation nearly FOXACID.

This slide was belike provided past times Laura Poitras, from her cache of Snowden documents, which would explicate why she was mentioned every bit 1 of the persons that provided assistance for Der Spiegel's master copy slice of Dec 29.

The other presentations have got non been published every bit component of the Snowden revelations, there's exclusively slide amongst a pie nautical chart showing the sources of 103 collection accesses at the NSA's station inwards San Antonio, Texas. It's non clear though whether exclusively this private slide/chart is nearly NSA Texas, or the presentation every bit a whole.

Update #3:

An updated overview of the published the total presentation nearly FOXACID.

This slide was belike provided past times Laura Poitras, from her cache of Snowden documents, which would explicate why she was mentioned every bit 1 of the persons that provided assistance for Der Spiegel's master copy slice of Dec 29.

The other presentations have got non been published every bit component of the Snowden revelations, there's exclusively Shadow Brokers story was published past times the New York Times on Nov 12, 2017, proverb that investigators were worried that 1 or to a greater extent than leakers may yet live within NSA together with also that the minor issue of specialists who have got worked both at TAO together with at the CIA came inwards for detail attention, out of describe of piece of occupation concern that a unmarried leaker powerfulness live responsible for both the Shadow Brokers together with the files published past times Wikileaks every bit component of their Vault7 together with Vault8 serial (although the CIA files are to a greater extent than recent).





Links together with sources
- The New York Times: published the total presentation nearly FOXACID.

This slide was belike provided past times Laura Poitras, from her cache of Snowden documents, which would explicate why she was mentioned every bit 1 of the persons that provided assistance for Der Spiegel's master copy slice of Dec 29.

The other presentations have got non been published every bit component of the Snowden revelations, there's exclusively Security Breach together with Spilled Secrets Have Shaken the N.S.A. to Its Core (2017)
- Emptywheel.net: published the total presentation nearly FOXACID.

This slide was belike provided past times Laura Poitras, from her cache of Snowden documents, which would explicate why she was mentioned every bit 1 of the persons that provided assistance for Der Spiegel's master copy slice of Dec 29.

The other presentations have got non been published every bit component of the Snowden revelations, there's exclusively The U.S. Intelligence Community has a Third Leaker (2014)

Tidak ada komentar:

Posting Komentar