"Evidence Points To Another Snowden At The NSA"

Tyler Durden's picture

Last week, following the news that a previously unknown hacker collective, "The Shadow Brokers" had hacked and released legitimate hacking tools from the NSA's own special-ops entity, the "Equation Group", initial speculation that Russians may have penetrated the US spy agency - suggested by none other than Edward Snowden - shifted to the suggestion that the agency may be housing another "mole" insider. As we noted on Thursday, a former NSA source told Motherboard, that “it’s plausible” that the leakers are actually a disgruntled insider, claiming that it’s easier to walk out of the NSA with a USB drive or a CD than hack its servers. Michael Adams, an information security expert who served more than two decades in the US Special Operations Command, agreed that it’s a viable theory.

“It’s Snowden junior,” Adams told Motherboard. “Except he doesn’t want to end up in virtual prison in Russia. He’s smart enough to rip off shit, but also smart enough to be unidentifiable.”

Today, in an op-ed by cybersecurity expert, James Bamford, author of The Shadow Factory: The Ultra-Secret NSA From 9/11 to the Eavesdropping on America, and columnist for Foreign Policy magazine, writes that this is increasingly looking as the most probable explanation, and that Russia had nothing to do with this latest - and most provocative yet - hack.

This is what he think is really going on behind the scenes, courtesy of Reuters.

Evidence points to another Snowden at the NSA

In the summer of 1972, state-of-the-art campaign spying consisted of amateur burglars, armed with duct tape and microphones, penetrating the headquarters of the Democratic National Committee. Today, amateur burglars have been replaced by cyberspies, who penetrated the DNC armed with computers and sophisticated hacking tools. 

Where the Watergate burglars came away empty-handed and in handcuffs, the modern- day cyber thieves walked away with tens of thousands of sensitive political documents and are still unidentified.

Now, in the latest twist, hacking tools themselves, likely stolen from the National Security Agency, are on the digital auction block. Once again, the usual suspects start with Russia – though there seems little evidence backing up the accusation. 

In addition, if Russia had stolen the hacking tools, it would be senseless to publicize the theft, let alone put them up for sale. It would be like a safecracker stealing the combination to a bank vault and putting it on Facebook. Once revealed, companies and governments would patch their firewalls, just as the bank would change its combination. 

A more logical explanation could also be insider theft. If that’s the case, it’s one more reason to question the usefulness of an agency that secretly collects private information on millions of Americans but can’t keep its most valuable data from being stolen, or as it appears in this case, being used against us.

In what appeared more like a Saturday Night Live skit than an act of cybercrime, a group calling itself the Shadow Brokers put up for bid on the Internet what it called a “full state-sponsored toolset” of “cyberweapons.” “!!! Attention government sponsors of cyberwarfare and those who profit from it !!!! How much would you pay for enemies cyberweapons?” said the announcement. 

The group said it was releasing some NSA files for “free” and promised “better” ones to the highest bidder. However, those with loosing bids “Lose Lose,” it said, because they would not receive their money back. And should the total sum of the bids, in bitcoins, reach the equivalent of half a billion dollars, the group would make the whole lot public. 

While the “auction” seemed tongue in cheek, more like hacktivists than Russian high command, the sample documents were almost certainly real. The draft of a top-secret NSA manual for implanting offensive malware, released by Edward Snowden, contains code for a program codenamed SECONDDATE. That same 16-character string of numbers and characters is in the code released by the Shadow Brokers. The details from the manual were first released by The Intercept last Friday.

The authenticity of the NSA hacking tools were also confirmed by several ex-NSA officials who spoke to the media, including former members of the agency’s Tailored Access Operations (TAO) unit, the home of hacking specialists.  

“Without a doubt, they’re the keys to the kingdom,” one former TAO employee told the Washington Post. “The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.” Another added, “From what I saw, there was no doubt in my mind that it was legitimate.”

Like a bank robber’s tool kit for breaking into a vault, cyber exploitation tools, with codenames like EPICBANANA and BUZZDIRECTION, are designed to break into computer systems and networks. Just as the bank robber hopes to find a crack in the vault that has never been discovered, hackers search for digital cracks, or “exploits,” in computer programs like Windows. 

The most valuable are “zero day” exploits, meaning there have been zero days since Windows has discovered the “crack” in their programs. Through this crack, the hacker would be able to get into a system and exploit it, by stealing information, until the breach is eventually discovered and patched. According to the former NSA officials who viewed the Shadow Broker files, they contained a number of exploits, including zero-day exploits that the NSA often pays thousands of dollars for to private hacking groups.

The reasons given for laying the blame on Russia appear less convincing, however. “This is probably some Russian mind game, down to the bogus accent,” James A. Lewis, a computer expert at the Center for Strategic and International Studies, a Washington think tank, told the New York Times. Why the Russians would engage in such a mind game, he never explained.

Rather than the NSA hacking tools being snatched as a result of a sophisticated cyber operation by Russia or some other nation, it seems more likely that an employee stole them. Experts who have analyzed the files suspect that they date to October 2013, five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents. 

So, if Snowden could not have stolen the hacking tools, there are indications that after he departed in May 2013, someone else did, possibly someone assigned to the agency’s highly sensitive Tailored Access Operations.

In December 2013, another highly secret NSA document quietly became public. It was a top secret TAO catalog of NSA hacking tools. Known as the Advanced Network Technology (ANT) catalog, it consisted of 50 pages of extensive pictures, diagrams and descriptions of tools for every kind of hack, mostly targeted at devices manufactured by U.S. companies, including Apple, Cisco, Dell and many others. 

Like the hacking tools, the catalog used similar codenames. Among the tools targeting Apple was one codenamed DROPOUTJEEP, which gives NSA total control of iPhones. "A software implant for the Apple iPhone,” says the ANT catalog, “includes the ability to remotely push/pull files from the device. SMS retrieval, contact-list retrieval, voicemail, geolocation, hot mic, camera capture, cell-tower location, etc.” 

Another, codenamed IRATEMONK, is, “Technology that can infiltrate the firmware of hard drives manufactured by Maxtor, Samsung, Seagate and Western Digital.” 

In 2014, I spent three days in Moscow with Snowden for a magazine assignment and a PBS documentary. During our on-the-record conversations, he would not talk about the ANT catalog, perhaps not wanting to bring attention to another possible NSA whistleblower.

I was, however, given unrestricted access to his cache of documents. These included both the entire British, or GCHQ, files and the entire NSA files.

But going through this archive using a sophisticated digital search tool, I could not find a single reference to the ANT catalog. This confirmed for me that it had likely been released by a second leaker. And if that person could have downloaded and removed the catalog of hacking tools, it’s also likely he or she could have also downloaded and removed the digital tools now being leaked.

In fact, a number of the same hacking implants and tools released by the Shadow Brokers are also in the ANT catalog, including those with codenames BANANAGLEE and JETPLOW. These can be used to create “a persistent back-door capability” into widely used Cisco firewalls, says the catalog. 

Consisting of about 300 megabytes of code, the tools could easily and quickly be transferred to a flash drive. But unlike the catalog, the tools themselves – thousands of ones and zeros – would have been useless if leaked to a publication. This could be one reason why they have not emerged until now.

Enter WikiLeaks. Just two days after the first Shadow Brokers message, Julian Assange, the founder of WikiLeaks, sent out a Twitter message. “We had already obtained the archive of NSA cyberweapons released earlier today,” Assange wrote, “and will release our own pristine copy in due course.” 

The month before, Assange was responsible for releasing the tens of thousands of hacked DNC emails that led to the resignation of the four top committee officials. 

There also seems to be a link between Assange and the leaker who stole the ANT catalog, and the possible hacking tools. Among Assange’s close associates is Jacob Appelbaum, a celebrated hacktivist and the only publicly known WikiLeaks staffer in the United States – until he moved to Berlin in 2013 in what he called a “political exile” because of what he said was repeated harassment by U.S. law enforcement personnel. In 2010, a Rolling Stone magazine profile labeled him “the most dangerous man in cyberspace.” 

In December 2013, Appelbaum was the first person to reveal the existence of the ANT catalog, at a conference in Berlin, without identifying the source. That same month he said he suspected the U.S. government of breaking into his Berlin apartment. He also co-wrote an article about the catalog in Der Spiegel. But again, he never named a source, which led many to assume, mistakenly, that it was Snowden.

In addition to WikiLeaks, for years Appelbaum worked for Tor, an organization focused on providing its customers anonymity on the Internet. But last May, he stepped down as a result of “serious, public allegations of sexual mistreatment” made by unnamed victims, according to a statement put out by Tor. Appelbaum has denied the charges.

Shortly thereafter, he turned his attention to Hillary Clinton. At a screening of a documentary about Assange in Cannes, France, Appelbaum accused her of having a grudge against him and Assange, and that if she were elected president, she would make their lives difficult. “It's a situation that will possibly get worse” if she is elected to the White House, he said, according to Yahoo News.

It was only a few months later that Assange released the 20,000 DNC emails. Intelligence agencies have again pointed the finger at Russia for hacking into these emails. 

Yet there has been no explanation as to how Assange obtained them. He told NBC News, "There is no proof whatsoever" that he obtained the emails from Russian intelligence. Moscow has also denied involvement.  

There are, of course, many sophisticated hackers in Russia, some with close government ties and some without. And planting false and misleading indicators in messages is an old trick. Now Assange has promised to release many more emails before the election, while apparently ignoring email involving Trump. (Trump opposition research was also stolen.)  

In hacktivist style, and in what appears to be phony broken English, this new release of cyberweapons also seems to be targeting Clinton. It ends with a long and angry “final message” against “Wealthy Elites . . . breaking laws” but “Elites top friends announce, no law broken, no crime commit[ed]. . . Then Elites run for president. Why run for president when already control country like dictatorship?”

Then after what they call the “fun Cyber Weapons Auction” comes the real message, a serious threat. “We want make sure Wealthy Elite recognizes the danger [of] cyberweapons. Let us spell out for Elites. Your wealth and control depends on electronic data.” Now, they warned, they have control of the NSA’s cyber hacking tools that can take that wealth away. “You see attacks on banks and SWIFT [a worldwide network for financial services] in news. If electronic data go bye-bye where leave Wealthy Elites? Maybe with dumb cattle?”

Snowden’s leaks served a public good. He alerted Americans to illegal eavesdropping on their telephone records and other privacy violations, and Congress changed the law as a result. The DNC leaks exposed corrupt policies within the Democratic Party.  

But we now have entered a period many have warned about, when NSA’s cyber weapons could be stolen like loose nukes and used against us. It opens the door to criminal hackers, cyber anarchists and hostile foreign governments that can use the tools to gain access to thousands of computers in order to steal data, plant malware and cause chaos.

It’s one more reason why NSA may prove to be one of Washington’s greatest liabilities rather than assets.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
wildbad's picture

this makes sense

hedgeless_horseman's picture

 

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

 

His name was James Otis, Jr.

During what scholar William Cuddihy called the "colonial epidemic of general searches", the authorities possessed almost unlimited power to search for anything at any time, with very little oversight

 

 

Massachusetts lawyer James Otis protested British use of general warrants in the American colonies.

 

 

In 1756, the colony of Massachusetts enacted legislation that barred the use of general warrants. This represented the first law in American history curtailing the use of seizure power. Its creation largely stemmed from the great public outcry over the Excise Act of 1754, which gave tax collectors unlimited powers to interrogate colonists concerning their use of goods subject to customs. The act also permitted the use of a general warrant known as a writ of assistance, allowing tax collectors to search the homes of colonists and seize "prohibited and uncustomed" goods.

 

 

https://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Cons...

booboo's picture

"Jethro Clampett, Double OTT spy at your service"

Kirk2NCC1701's picture

But Big Brother does not like to be watched himself.

That would make society a democratic society, where government does the bidding of the people who elected them and pay their salaries.

The NSA -- and the entire surveillance state -- must die. Die, you filthy pig fuckers!

Tarzan's picture

Anyone paying attention knew these "hacks" were leaks!

The whole of the Constitution was written to safe guard the people, to neuter the historic tools of Tyrants!

What was revealed in the NSA leak is nothing short of criminal!  These are tools made to break through fire walls of private systems, To rob intellectual PRIVATE PROPERTY!

It revealed they are criminal, it revealed they're not accountable to any over sight, Congress has no grip on them, nor does the President.  They are a rouge institution and non of our Congressmen or Prosecutors have the power to stop them!

There is NO HOPE to fix this corrupt system!

All that's left is to burn down DC and start over.  Our Federal Government has been taken over by an international cabal of thugs, it's been hopelessly lost.

Fuck DC and the elite bastards who sold it down the river, it's long past time the States rise up and save our land!

Sincerely, Bobby McKay!

Lumberjack's picture

Moving along to 2016...

 

New Mass. gantries can send authorities alerts

https://www.bostonglobe.com/metro/2016/08/21/new-mass-gantries-can-alert...

 

State transportation officials confirmed the installation of the “hot list” feature in Massachusetts after the Globe found that the “hot list” provision was included in the 2014 contract MassDOT and Raytheon Co. agreed to when the company was hired to install all-electronic tolling on the Turnpike.

That contract also said that Raytheon had included a hot list feature in tolling systems it installed on Virginia’s Interstates 495 and 95, and on the Florida Turnpike. The contract was procured by MuckRock, a nonprofit research organization that specializes in obtaining government documents through records requests.

Officials from Raytheon declined to comment.

 

I am sure this is to look for illegal immigrants..../s

rejected's picture

"Shall not be Violated' LOL The u.s Supremo's made mincemeat out of that one in short order

Sorta sounds like "Shall not be infringed" ,,, doesn't it........

Government needs you to pay taxes's picture

The SCrOTUS, just like real life, is most comfortably viewed swinging . . . low.

wombats's picture

EPICBANANA, etc. sound like names of cheezy 3rd rate porn films.

NeedtoSecede's picture

EPICBANANA Republic is exactly what this corrupt government and society have become.

 

A stupid swimmer, doing stupid stuff in Rio and that is dominating "the news" 24/7, while John Corzine and Cankles are still above the law.  We are doomed...

wildbad's picture

i always loved the fawth.  totally gone now of course.

Silver Bug's picture

Sadly, the government has become so corrupt, that we need these types of people to keep them in check. It is the only thing making them think about what they are doing, and believe me, they think very little.

 

http://silverliberationarmy.blogspot.com/2016/08/breaking-secret-service...

NumNutt's picture

Funny how the NSA is all ok when they are hacking US citizens accounts and spying on everyone else, but put the shoe on the other foot and "oh shit! Stop the bus! that can't happen!" fuck all those assholes.

Slave's picture

And they don't even have a right to not be spied upon.

detached.amusement's picture

the more snowdens the merrier

 

in fact, it'd simply be best if they brought down the whole place with a simple office fire.  I hear that works as good as jewish lightning.

Kirk2NCC1701's picture

I hear that an office fire can cause the whole building to collapse into its own footprint, at Free-fall speed, and leave only rubble and ashes.

Especially when stored Kerosene (for space heaters and jet engines) burns -- at 900 feg.F.

nightwish's picture

It can't be a mole. NSA tools like key score have determined that the Russians fingerprints are all over the hack. Putin has every motivation to influence elections in ways that help Trump, and blah blah blah blah blah blah [INSERT MORE OFFICIAL NARRATIVE HERE] BLAH BLAH.

Uncertain T's picture

[INSERT MORE OFFICIAL NARRATIVE HERE]

The hack was officially tied to Boris and Natasha Baddinoff and aided by insiders Moose and Squirrel, from secret NSA center in Frostbite Falls

nightwish's picture

...and that Natasha chick has proven herself wily over the years and somewhat prone to mischief. Her character has been a source of intrigue for quite some time.

cognitive dissident's picture

US relinquishing "control" of the interweb:   https://www.fas.org/sgp/crs/misc/R44022.pdf

wonder why...? Batten down the hatches folks, whatever is coming is almost here.

JailBanksters's picture

I've going to take a leaf out of the US Governments Book of Foreign Government Takeovers and Acquisitions.

The Enemy of my Enemy, is my friend. If you need a safe-house call me.

Truth Eater's picture

In a government that is thoroughly corrupt and run by devils, those they accuse of being traitors are really the patriots seeking a return to lawful and civilized operations.  The devils are mad because they have been exposed for what they are.

spanish inquisition's picture

Figured it was an insider/ex insider. Should not be too hard to figure out who it is.

This will be taken care of with a toaster, a bag of fertilizer a Tesla.

E.F. Mutton's picture

The NSA needs an enema.  Firehose style.

Kirk2NCC1701's picture

[1] If the NSA is my enema,

[2] And if the NSA has enemies that give it enemas, then

[3] The enemies of my enema are my allies, but not bum chums.

Jugdish's picture

The LGBTQQNRT community faction within the CIA is mad at the black  gender queen socialist faction in the NSA so they leaked this. Norrmal infighting between the various marxists that run our .gov

Things that go bump's picture

I love it when they fight among themselves because we win.

Atomizer's picture

Thanks Tyler. He is a fraud. Gave him 72 hours to clean up the NSA bullshit hack. Nothing has surfaced. I can't release the file. This motherfucker is a fraud. I don't want to go to jail. Don't have Hillary Clinton privileged clearance. 

Wait until this cluster is hatched. Coming soon. 

ack's picture

Where is Snowden? Anyone actually SEE him lately? Any more skyped-presentation appearances to support his lifestyle with the pole-dancer in RU? Those long tweets of his were not consistent with past commentary in tone, activity and energy. Perhaps his limited-hang-out value-proposition had expired. Tick-tock. 

WTFUD's picture

Most Open Administration EVER. Openly Deceitful, YES?

The Air is thick with treason abound. Must nail those whistle-blowhards hard.

Surely surely someone's can get all the codes and home addresses to fly a batch of drones and take out a bunch of those filthy scumbag politicians. Any collateral damage, hey-ho,whistle on this. Anyone running to assist gets same treatment, when the drone doubles back.

Am i being too harsh? Don't be silly! Yes, it was rhetorical.

Son of Captain Nemo's picture

Well gee?... No F-ing shit!!!

I'll say it again. Edward "Snowman" is a pseudonym for a gaggle of NSA people that didn't take seriously the warnings from people like Binney, Tice and Drake back in 2002 of what was coming and instead you took the money for as long as you could up until 2011 when budgets were being slashed and your jobs were on the line!

Sorry Ed but you're no Bill Binney and never... ever... will be!... Especially when you showed your ingratitude towards your host ?!!!... And probably with support from the withering '5th column" inside Moscow?!!!

Looks like there are still plenty of NSA and DISA folks coming up with new ways to keep us preoccupied and distracted.  Perhaps Eddie didn't make the "cut" for the Pokemon GO operation and had to opt for other duties when money got tight at the agency?!!!

To Eddie & "friends"... A word of advice. 

Try taking yourself out of the matrix completely and worry less about the paycheck and more about subverting the government you support that is attempting to devour everything including itself!!!

Things that go bump's picture

How can they get info if they aren't actually still employed there and collecting said paycheck?

Son of Captain Nemo's picture

Who said they still arent working for them OCONUS?...

Last I checked Sberbank is a "holdout" for setting up shop in Crimea...  I wonder why?!!!

It's the preferred bank of DOS/CIA types when they are traveling "in-country"!!!

jakesdad's picture

I didn't realize that another pita of tptb had been accused of "serious, public allegations of sexual mistreatment"?  well, that's convenient, isn't it?

PoasterToaster's picture

It's their go to isn't it?  They destroyed Facebook's competition by allegations of sexual predation too, so it isn't limited to individuals.

Herdee's picture

Either that or it was done on purpose by the agency.

cheech_wizard's picture

I read this article on Reuters (author: James Bamford)

>Today, amateur burglars have been replaced by cyberspies, who penetrated the DNC armed with computers and sophisticated hacking tools. 

Sophisticated hacking tools? Is the author smoking crack? A simple dictionary search hacking tool written two decades ago could have retrieved those passwords. Was I the only person to look through Guccifer 2.0's files to see the utter simplicity of the passwords used by the DNC?

Other than that, the author makes a few good points.

>Snowden’s leaks served a public good. He alerted Americans to illegal eavesdropping on their telephone records and other privacy violations, and Congress changed the law as a result. The DNC leaks exposed corrupt policies within the Democratic Party.  

Although everyone knew this already, it's always good to have a hard copy. 

PoasterToaster's picture

These break ins and other nefarious activities towards enemies of the state are labeled as coming from the US Government.  At some point we turn a corner and a critical mass of people understand that the US Government is actually a tool of a mafia, and does not have the moral authority that they were brought up to believe in. 

That's when traitors become patriots, and politicians are seen for the treasonous swine that they are.

BigCumulusClouds's picture

Since Snowden never says anything about the WTC demolition, it is difficult to take the man seriously.  Makes you think he is just another government plant.

HowdyDoody's picture

He also says nothing about the JFK assassination so he must be a double plant. Then there is silence over the USS Liberty coverup, so that is triple plant. He also doesn't mention how Israel acquired its nukes (the ones it doesn't have so it can scam the USG for more USD). In short there are many more things he doesn't talk about than he does so let's just call him the infinite plant.

RogerMud's picture

perhaps.. or he knows that fingering the 9/11 perps would take him to a whole new level of persona non grata.

Things that go bump's picture

He can never come home unless Jill Stein gets elected - she would pardon him, though I think giving him a medal would be even more suitable. Otherwise, how much more of a persona non grata could he be and still live?

Seeing Red's picture

Or it might mean he is capable of critical reasoning and can detect bad science hokum/hysteria.

Swamidon's picture

Gosh, I hope there are a hundred more like Snowdon  Closet subversion from the guy with conscience and integrity willing to act against the machine to benefit the people.   All of them are HEROES and the smart ones remain unknown as Quiet Patriots

Oldrepublic's picture

type the following phrase into your favorite search engine:

snowden does not add up

 

Publicus's picture

We are all Snowden now.