Former U.S. National Security Agency contractor Edward Snowden. (photo: Mark Blinch/Reuters)
Evidence
Points to Another Snowden at the NSA
By James Bamford, Reuters
22 August 16
In
the summer of 1972, state-of-the-art campaign spying consisted of amateur
burglars, armed with duct tape and microphones, penetrating the headquarters of
the Democratic National Committee.
Today, amateur burglars have been replaced by cyberspies, who penetrated the
DNC armed with computers and sophisticated hacking tools.
Where
the Watergate burglars came away empty-handed and in handcuffs, the modern- day
cyber thieves walked away with tens of thousands of sensitive political
documents and are still unidentified.
Now,
in the latest twist, hacking tools themselves, likely stolen from the National
Security Agency, are on the digital auction block. Once again, the usual
suspects start withRussia - though
there seems little evidence backing up the accusation.
In
addition, if Russia had stolen the
hacking tools, it would be senseless to publicize the theft, let alone put them
up for sale. It would be like a safecracker stealing the combination to a bank
vault and putting it on Facebook. Once revealed, companies and governments
would patch their firewalls, just as the bank would change its
combination.
A more
logical explanation could also be insider theft. If that's the case, it's one
more reason to question the usefulness of an agency that secretly collects
private information on millions of Americans but can't keep its most valuable
data from being stolen, or as it appears in this case, being used against us.
In
what appeared more like a Saturday Night Live skit than an act
of cybercrime, a group calling itself the Shadow Brokers put up for bid on the
Internet what it called a "full state-sponsored toolset" of
"cyberweapons." "!!! Attention government sponsors of
cyberwarfare and those who profit from it !!!! How much would you pay for
enemies cyberweapons?" said the announcement.
The
group said it was releasing some NSA files for "free" and promised
"better" ones to the highest bidder. However, those with loosing bids
"Lose Lose," it said, because they would not receive their money
back. And should the total sum of the bids, in bitcoins, reach the equivalent
of half a billion dollars, the group would make the whole lot public.
While
the "auction" seemed tongue in cheek, more like hacktivists than
Russian high command, the sample documents were almost certainly real. The
draft of a top-secret NSA manual for implanting offensive malware, released by
Edward Snowden, contains code for a program codenamed SECOND22 August 16. That
same 16-character string of numbers and characters is in the code released by
the Shadow Brokers. The details from the manual were
first released by The Intercept last Friday.
The
authenticity of the NSA hacking tools were also confirmed by several ex-NSA
officials who spoke to the media, including former members of the agency's
Tailored Access Operations (TAO) unit, the home of hacking specialists.
"Without
a doubt, they're the keys to the kingdom,"
one former TAO employee told theWashington Post. "The stuff you're
talking about would undermine the security of a lot of major government and
corporate networks both here and abroad." Another added, "From what I
saw, there was no doubt in my mind that it was legitimate."
Like a
bank robber's tool kit for breaking into a vault, cyber exploitation tools,
with codenames like EPICBANANA and BUZZDIRECTION, are designed to break into
computer systems and networks. Just as the bank robber hopes to find a crack in
the vault that has never been discovered, hackers search for digital cracks, or
"exploits," in computer programs like Windows.
The
most valuable are "zero day" exploits, meaning there have been zero
days since Windows has discovered the "crack" in their programs. Through
this crack, the hacker would be able to get into a system and exploit it, by
stealing information, until the breach is eventually discovered and patched.
According to the former NSA officials who viewed the Shadow Broker files, they
contained a number of exploits, including zero-day exploits that the NSA often
pays thousands of dollars for to private hacking groups.
The
reasons given for laying the blame on Russia appear less convincing, however.
"This is probably some Russian mind game,
down to the bogus accent," James A. Lewis, a computer expert at the Center
for Strategic and International Studies, a Washington think tank, told theNew
York Times. Why the Russians would engage in such a mind game, he never
explained.
Rather
than the NSA hacking tools being snatched as a result of a sophisticated cyber
operation by Russia or some other nation, it seems more likely that an employee
stole them. Experts who have analyzed the files suspect that they date to
October 2013, five months after Edward Snowden left his contractor position
with the NSA and fled to Hong Kong carrying flash drives containing hundreds of
thousands of pages of NSA documents.
So, if
Snowden could not have stolen the hacking tools, there are indications that
after he departed in May 2013, someone else did, possibly someone assigned to
the agency's highly sensitive Tailored Access Operations.
In
December 2013, another highly secret NSA document quietly became public. It was
a top secret TAO catalog of NSA hacking tools. Known as the Advanced Network
Technology (ANT) catalog, it consisted of 50 pages of extensive pictures,
diagrams and descriptions of tools for every kind of hack, mostly targeted at
devices manufactured by U.S. companies, including Apple, Cisco, Dell and many
others.
Like
the hacking tools, the catalog used similar codenames. Among the tools
targeting Apple was one codenamed DROPOUTJEEP, which gives NSA total control of
iPhones. "A software implant for the Apple iPhone," says the ANT
catalog, "includes the ability to remotely push/pull files from the
device. SMS retrieval, contact-list retrieval, voicemail, geolocation, hot mic,
camera capture, cell-tower location, etc."
Another,
codenamed IRATEMONK, is,
"Technology that can infiltrate the firmware of hard drives manufactured
by Maxtor, Samsung, Seagate and Western Digital."
In
2014, I spent three days in Moscow with Snowden for a magazine assignment and a
PBS documentary. During our on-the-record conversations, he would not talk
about the ANT catalog, perhaps not wanting to bring attention to another
possible NSA whistleblower.
I was,
however, given unrestricted access to his cache of documents. These included
both the entire British, or GCHQ, files and the entire NSA files.
But
going through this archive using a sophisticated digital search tool, I could
not find a single reference to the ANT catalog. This confirmed for me that it
had likely been released by a second leaker. And if that person could have
downloaded and removed the catalog of hacking tools, it's also likely he or she
could have also downloaded and removed the digital tools now being leaked.
In
fact, a number of the same hacking implants and tools released by the Shadow
Brokers are also in the ANT catalog, including those with codenames BANANAGLEE
and JETPLOW. These can be used to create "a persistent back-door
capability" into widely used Cisco firewalls, says the catalog.
Consisting
of about 300 megabytes of code, the tools could easily and quickly be
transferred to a flash drive. But unlike the catalog, the tools themselves -
thousands of ones and zeros - would have been useless if leaked to a
publication. This could be one reason why they have not emerged until now.
Enter
WikiLeaks. Just two days after the first Shadow Brokers message, Julian
Assange, the founder of WikiLeaks, sent out a Twitter message. "We had
already obtained the archive of NSA cyberweapons released earlier today,"
Assange wrote, "and will release our own pristine copy in due
course."
The
month before, Assange was responsible for releasing the tens of thousands of
hacked DNC emails that led to the resignation of the four top committee
officials.
There
also seems to be a link between Assange and the leaker who stole the ANT
catalog, and the possible hacking tools. Among Assange's close associates is
Jacob Appelbaum, a celebrated hacktivist and the only publicly known WikiLeaks
staffer in the United States - until he moved to Berlin in 2013 in what he
called a "political exile" because of what he said was repeated
harassment by U.S. law enforcement personnel. In 2010, a Rolling Stonemagazine
profile labeled him "the most dangerous man in cyberspace."
In
December 2013, Appelbaum was the first person to reveal the existence of the
ANT catalog, at a conference in Berlin, without identifying the source. That
same month he said he suspected the U.S. government of breaking into his Berlin
apartment. He also co-wrote an article about the catalog in Der
Spiegel. But again, he never named a source, which led many to assume,
mistakenly, that it was Snowden.
In
addition to WikiLeaks, for years Appelbaum worked for Tor, an organization
focused on providing its customers anonymity on
the Internet. But last May, he stepped down as a result of "serious, public allegations of sexual
mistreatment" made by unnamed victims, according to a statement
put out by Tor. Appelbaum has denied the charges.
Shortly
thereafter, he turned his attention to Hillary Clinton. At a screening of a
documentary about Assange in Cannes, France, Appelbaum accused her of having a
grudge against him and Assange, and that if she were elected president, she
would make their lives difficult. "It's a situation that will possibly get
worse" if she is elected to the White House, he said, according to Yahoo
News.
It was
only a few months later that Assange released the 20,000 DNC emails.
Intelligence agencies have again pointed the finger at Russia for
hacking into these emails.
Yet
there has been no explanation as to how Assange obtained them. He told NBC
News, "There is no proof whatsoever"
that he obtained the emails from Russian intelligence. Moscow has also denied
involvement.
There
are, of course, many sophisticated hackers in Russia, some with close
government ties and some without. And planting false and misleading
indicators in messages is an old trick. Now Assange has promised to release
many more emails before the election, while apparently ignoring email involving
Trump. (Trump opposition research was also
stolen.)
In
hacktivist style, and in what appears to be phony broken English, this new
release of cyberweapons also seems to be targeting Clinton. It ends with a long
and angry "final message" against "Wealthy Elites . . . breaking
laws" but "Elites top friends announce, no law broken, no crime
commit[ed]. . . Then Elites run for president. Why run for president when
already control country like dictatorship?"
Then
after what they call the "fun Cyber Weapons Auction" comes the real
message, a serious threat. "We want make sure Wealthy Elite recognizes the
danger [of] cyberweapons. Let us spell out for Elites. Your wealth and control
depends on electronic data." Now, they warned,they have
control of the NSA's cyber hacking tools that can take that wealth away.
"You see attacks on banks and SWIFT [a worldwide network for financial
services] in news. If electronic data go bye-bye where leave Wealthy Elites?
Maybe with dumb cattle?"
Snowden's
leaks served a public good. He alerted Americans to illegal eavesdropping on
their telephone records and other privacy violations, and Congress changed the
law as a result. The DNC leaks exposed corrupt policies within the Democratic
Party.
But we
now have entered a period many have warned about, when NSA's cyber weapons
could be stolen like loose nukes and used against us. It opens the door to
criminal hackers, cyber anarchists and hostile foreign governments that can use
the tools to gain access to thousands of computers in order to steal data,
plant malware and cause chaos.
It's
one more reason why NSA may prove to be one of Washington's greatest
liabilities rather than assets.
C 2015 Reader Supported News
Donations can be sent
to the Baltimore Nonviolence Center, 325 E. 25th St., Baltimore, MD
21218. Ph: 410-323-1607; Email: mobuszewski [at] verizon.net. Go to http://baltimorenonviolencecenter.blogspot.com/
"The master class
has always declared the wars; the subject class has always fought the battles.
The master class has had all to gain and nothing to lose, while the subject
class has had nothing to gain and everything to lose--especially their
lives." Eugene Victor Debs
No comments:
Post a Comment