#nsa hacking

By Nicole Perlroth, NY Times, April 15, 2017

For the past few months, an elite hacking group calling itself the Shadow Brokers has sporadically leaked sensitive data from the National Security Agency. On Friday, just when its leaks had appeared to slow, the group released what appears to be its most damaging leak so far: a trove of highly classified hacking tools used to break into various Microsoft systems, along with what it said was evidence that the N.S.A. had infiltrated the backbone of the Middle East’s banking infrastructure.

Among the leaks on Friday was an extensive list of PowerPoint and Excel documents that, if authentic, indicate that the N.S.A. has successfully infiltrated EastNets, a company based in Dubai that helps to manage transactions in the international bank messaging system called Swift.

Swift, short for the Society for Worldwide Interbank Financial Telecommunication, is used by about 11,000 banks to transfer money from one country to another. The vast majority of those banks rely on Swift service bureaus, like EastNets, the largest bureau in the Middle East, to handle their transactions. The latest leaks suggest that, by hacking EastNets, the N.S.A. may have successfully hacked, or at minimum targeted, computers inside some of the biggest banks in the Middle East, including ones in Abu Dhabi and Dubai in the United Arab Emirates; Kuwait; Qatar; Syria; Yemen; and the Palestinian territories. Among the leaked documents was a now-patched N.S.A. road map to hacking Swift’s back-end infrastructure, which could be used by cybercriminals in the future.

This would not be the first time that United States intelligence agencies have been accused of hacking into Middle Eastern banks. In 2012, security researchers discovered that a computer virus had infiltrated thousands of computers, many inside Lebanese banks. Unlike cybercriminals, who target banks to maximize financial profit, the attackers had monitored the financial transactions of a targeted list of clients of Lebanese banks, which experts said had been used as financial conduits for the Syrian government and Hezbollah, the Lebanese militant group and political party.

The digital crumbs from that attack suggested, cybersecurity experts said, that the virus was the work of the same attackers behind Stuxnet, the computer attack that destroyed the centrifuges in an Iranian nuclear facility and that has been attributed to the United States and Israel.

The N.S.A. did not respond to requests for comment.

On Friday, EastNets denied that it had been hacked. In a statement, the company said its Swift service bureau runs on a separate secure network that cannot be reached over the public internet. The company said the leaked documents that claimed its computers had been compromised referred to an old server that the bureau had retired in 2013.

But the latest Shadow Brokers leak claims otherwise. One Excel spreadsheet lists what appears to be thousands of stolen credentials belonging to compromised employees and technology administrators at EastNets offices around the globe. Another shows a list of what the group said was computer addresses that have been hacked or targeted by N.S.A. analysts, with the corresponding bank they belong to. Among those listed as having been successfully “implanted,” or infected with spyware, are Noor Bank, Tadhamon International Islamic Bank, Al Quds Bank for Development and Investment, Arcapita Bank and the Kuwait Fund for Arab Economic Development.

None of the documents suggest that the N.S.A. used its access to steal funds. Instead, it appears that the agency was seeking to track the financial movements of certain Middle Eastern bank clients, ostensibly to gain insight into potential terrorist groups or government officials.

The Shadow Brokers’ latest data release also includes a listing of what seemed to be N.S.A. hacking tools, so-called exploits, that allowed the agency to invisibly break into computers and servers running Microsoft Windows. The exploits appear to affect every recent version of Microsoft Windows except its Microsoft 10 software.

Up-to-date Microsoft customers are safe from the purported National Security Agency spying tools dumped online, the software company said Saturday, tamping down fears that the digital arsenal was poised to wreak havoc across the Internet .

In a blog post, Microsoft Corp. security manager Phillip Misner said that the software giant had already built defenses against nine of the 12 tools disclosed by TheShadowBrokers, a mysterious group that has repeatedly published NSA code. The three others affected old, unsupported products.

"Most of the exploits are already patched," Misner said.

The post tamped down fears expressed by some researchers that the digital espionage toolkit made public by TheShadowBrokers took advantage of undisclosed vulnerabilities in Microsoft's code. That would have been a potentially damaging development because such tools could swiftly be repurposed to strike across the company's massive customer base.

Those fears appear to have been prompted by experts using even slightly out-of-date versions of Windows in their labs. One of Microsoft's fixes, also called a patch, was only released last month .

"I missed the patch," said British security architect Kevin Beaumont, jokingly adding, "I'm thinking about going to live in the woods now."

Beaumont wasn't alone. Matthew Hickey, of cyber-security firm Hacker House, also ran the code against earlier versions of Windows on Friday. But he noted that many organizations put patches off, meaning "many servers will still be affected by these flaws."

Everyone involved recommended keeping up with software updates.

New Post has been published on http://conspiracytalk.info/nsa-hacking-exposed/

NSA Hacking Exposed

NSA WHISTLEBLOWERS: NSA HACK WAS LIKELY AN INSIDE JOB

SOURCE: WASHINGTON’S BLOG

The mainstream press is accusing Russia of being behind the release of information on NSA hacking tools.

Washington’s Blog asked the highest-level NSA whistleblower in history, William Binney – the NSA executive who created the agency’s mass surveillance program for digital information, who served as the senior technical director within the agency, who managed six thousand NSA employees, the 36-year NSA veteran widely regarded as a “legend” within the agency and the NSA’s best-ever analyst and code-breaker, who mapped out the Soviet command-and-control structure before anyone else knew how, and so predicted Soviet invasions before they happened (“in the 1970s, he decrypted the Soviet Union’s command system, which provided the US and its allies with real-time surveillance of all Soviet troop movements and Russian atomic weapons”) – what he thinks of such claims.

Binney told us:

The probability is that an insider provided the data.

I say this because the NSA net is a closed net that is continuously encrypted.  Which would mean, that if someone wanted to hack into the NSA network they would not only have to know weaknesses in the network/firewalls/tables and passwords but also be able to penetrate the encryption.

So, my bet is that it is an insider.  In my opinion, if the Russians had these files, they would use them not leak them or any part of them to the world.

Similarly, former NSA employee, producer for ABC’s World News Tonight, and long-time reporter on the NSA James Bamford notes:

If Russia had stolen the hacking tools, it would be senseless to publicize the theft, let alone put them up for sale. It would be like a safecracker stealing the combination to a bank vault and putting it on Facebook. Once revealed, companies and governments would patch their firewalls, just as the bank would change its combination.

A more logical explanation could also be insider theft. If that’s the case, it’s one more reason to question the usefulness of an agency that secretly collects private information on millions of Americans but can’t keep its most valuable data from being stolen, or as it appears in this case, being used against us.

***

The reasons given for laying the blame on Russia appear less convincing, however. “This is probably some Russian mind game, down to the bogus accent,” James A. Lewis, a computer expert at the Center for Strategic and International Studies, a Washington think tank, told the New York Times. Why the Russians would engage in such a mind game, he never explained.

Rather than the NSA hacking tools being snatched as a result of a sophisticated cyber operation by Russia or some other nation, it seems more likely that an employee stole them. Experts who have analyzed the files suspect that they date to October 2013, five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents.

So, if Snowden could not have stolen the hacking tools, there are indications that after he departed in May 2013, someone else did, possibly someone assigned to the agency’s highly sensitive Tailored Access Operations.

In December 2013, another highly secret NSA document quietly became public. It was a top secret TAO catalog of NSA hacking tools. Known as the Advanced Network Technology (ANT) catalog, it consisted of 50 pages of extensive pictures, diagrams and descriptions of tools for every kind of hack, mostly targeted at devices manufactured by U.S. companies, including Apple, Cisco, Dell and many others.

Like the hacking tools, the catalog used similar codenames.

***

In 2014, I spent three days in Moscow with Snowden for a magazine assignment and a PBS documentary. During our on-the-record conversations, he would not talk about the ANT catalog, perhaps not wanting to bring attention to another possible NSA whistleblower.

I was, however, given unrestricted access to his cache of documents. These included both the entire British, or GCHQ, files and the entire NSA files.

But going through this archive using a sophisticated digital search tool, I could not find a single reference to the ANT catalog. This confirmed for me that it had likely been released by a second leaker. And if that person could have downloaded and removed the catalog of hacking tools, it’s also likely he or she could have also downloaded and removed the digital tools now being leaked.

And Motherboard reports:

“My colleagues and I are fairly certain that this was no hack, or group for that matter,” the former NSA employee told Motherboard. “This ‘Shadow Brokers’ character is one guy, an insider employee.”

The source, who asked to remain anonymous, said that it’d be much easier for an insider to obtain the data that The Shadow Brokers put online rather than someone else, even Russia, remotely stealing it. He argued that “naming convention of the file directories, as well as some of the scripts in the dump are only accessible internally,” and that “there is no reason” for those files to be on a server someone could hack. He claimed that these sorts of files are on a physically separated network that doesn’t touch the internet; an air-gap.

***

“We are 99.9 percent sure that Russia has nothing to do with this and even though all this speculation is more sensational in the media, the insider theory should not be dismissed,” the source added. “We think it is the most plausible.”

***

Another former NSA source, who was contacted independently and spoke on condition of anonymity, said that “it’s plausible” that the leakers are actually a disgruntled insider, claiming that it’s easier to walk out of the NSA with a USB drive or a CD than hack its servers.

Michael Adams, an information security expert who served more than two decades in the US Special Operations Command, agreed that it’s a viable theory.

“It’s Snowden junior,” Adams told Motherboard. “Except he doesn’t want to end up in virtual prison in Russia. He’s smart enough to rip off shit, but also smart enough to be unidentifiable.”

This wouldn’t be the first time Russia has been framed for hacking.

New Post has been published on http://conspiracytalk.info/nsa-hacking-exposed/

NSA Hacking Exposed

NSA WHISTLEBLOWERS: NSA HACK WAS LIKELY AN INSIDE JOB

SOURCE: WASHINGTON’S BLOG

The mainstream press is accusing Russia of being behind the release of information on NSA hacking tools.

Washington’s Blog asked the highest-level NSA whistleblower in history, William Binney – the NSA executive who created the agency’s mass surveillance program for digital information, who served as the senior technical director within the agency, who managed six thousand NSA employees, the 36-year NSA veteran widely regarded as a “legend” within the agency and the NSA’s best-ever analyst and code-breaker, who mapped out the Soviet command-and-control structure before anyone else knew how, and so predicted Soviet invasions before they happened (“in the 1970s, he decrypted the Soviet Union’s command system, which provided the US and its allies with real-time surveillance of all Soviet troop movements and Russian atomic weapons”) – what he thinks of such claims.

Binney told us:

The probability is that an insider provided the data.

I say this because the NSA net is a closed net that is continuously encrypted.  Which would mean, that if someone wanted to hack into the NSA network they would not only have to know weaknesses in the network/firewalls/tables and passwords but also be able to penetrate the encryption.

So, my bet is that it is an insider.  In my opinion, if the Russians had these files, they would use them not leak them or any part of them to the world.

Similarly, former NSA employee, producer for ABC’s World News Tonight, and long-time reporter on the NSA James Bamford notes:

If Russia had stolen the hacking tools, it would be senseless to publicize the theft, let alone put them up for sale. It would be like a safecracker stealing the combination to a bank vault and putting it on Facebook. Once revealed, companies and governments would patch their firewalls, just as the bank would change its combination.

A more logical explanation could also be insider theft. If that’s the case, it’s one more reason to question the usefulness of an agency that secretly collects private information on millions of Americans but can’t keep its most valuable data from being stolen, or as it appears in this case, being used against us.

***

The reasons given for laying the blame on Russia appear less convincing, however. “This is probably some Russian mind game, down to the bogus accent,” James A. Lewis, a computer expert at the Center for Strategic and International Studies, a Washington think tank, told the New York Times. Why the Russians would engage in such a mind game, he never explained.

Rather than the NSA hacking tools being snatched as a result of a sophisticated cyber operation by Russia or some other nation, it seems more likely that an employee stole them. Experts who have analyzed the files suspect that they date to October 2013, five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents.

So, if Snowden could not have stolen the hacking tools, there are indications that after he departed in May 2013, someone else did, possibly someone assigned to the agency’s highly sensitive Tailored Access Operations.

In December 2013, another highly secret NSA document quietly became public. It was a top secret TAO catalog of NSA hacking tools. Known as the Advanced Network Technology (ANT) catalog, it consisted of 50 pages of extensive pictures, diagrams and descriptions of tools for every kind of hack, mostly targeted at devices manufactured by U.S. companies, including Apple, Cisco, Dell and many others.

Like the hacking tools, the catalog used similar codenames.

***

In 2014, I spent three days in Moscow with Snowden for a magazine assignment and a PBS documentary. During our on-the-record conversations, he would not talk about the ANT catalog, perhaps not wanting to bring attention to another possible NSA whistleblower.

I was, however, given unrestricted access to his cache of documents. These included both the entire British, or GCHQ, files and the entire NSA files.

But going through this archive using a sophisticated digital search tool, I could not find a single reference to the ANT catalog. This confirmed for me that it had likely been released by a second leaker. And if that person could have downloaded and removed the catalog of hacking tools, it’s also likely he or she could have also downloaded and removed the digital tools now being leaked.

And Motherboard reports:

“My colleagues and I are fairly certain that this was no hack, or group for that matter,” the former NSA employee told Motherboard. “This ‘Shadow Brokers’ character is one guy, an insider employee.”

The source, who asked to remain anonymous, said that it’d be much easier for an insider to obtain the data that The Shadow Brokers put online rather than someone else, even Russia, remotely stealing it. He argued that “naming convention of the file directories, as well as some of the scripts in the dump are only accessible internally,” and that “there is no reason” for those files to be on a server someone could hack. He claimed that these sorts of files are on a physically separated network that doesn’t touch the internet; an air-gap.

***

“We are 99.9 percent sure that Russia has nothing to do with this and even though all this speculation is more sensational in the media, the insider theory should not be dismissed,” the source added. “We think it is the most plausible.”

***

Another former NSA source, who was contacted independently and spoke on condition of anonymity, said that “it’s plausible” that the leakers are actually a disgruntled insider, claiming that it’s easier to walk out of the NSA with a USB drive or a CD than hack its servers.

Michael Adams, an information security expert who served more than two decades in the US Special Operations Command, agreed that it’s a viable theory.

“It’s Snowden junior,” Adams told Motherboard. “Except he doesn’t want to end up in virtual prison in Russia. He’s smart enough to rip off shit, but also smart enough to be unidentifiable.”

This wouldn’t be the first time Russia has been framed for hacking.

How NSA successfully Broke Trillions of Encrypted Connections

Yes, it seems like the mystery has been solved. We are aware of the United States National Security Agency (NSA) powers to break almost unbreakable encryption used on the Internet and intercept nearly Trillions of Internet connections – thanks to the revelations made by whistleblower Edward Snowden in 2013. However, what we are not aware of is exactly how did the NSA apparently intercept VPN connections, and decrypt SSH and HTTPS, allowing the agency to read hundreds of Millions of personal, private emails from persons around the globe.

Now, computer scientists Alex Halderman and Nadia Heninger have presented a paper at the ACM Conference on Computer and Communications Security that advances the most plausible theory as to how the NSA broke some of the most widespread encryption used on the Internet. According to the paper, the NSA has exploited common implementations of the Diffie-Hellman key exchange algorithm – a common means of exchanging cryptographic keys over untrusted channels – to decrypt a large number of HTTPS, SSH, and VPN connections.

Diffie-Hellman – the encryption used for HTTPS, SSH, and VPNs – helps users communicate by swapping cryptographic keys and running them through an algorithm that nobody else knows except the sender and receiver. 

It is described as secure against surveillance from the NSA and other state-sponsored spies, as it would take hundreds or thousands of years and by them and a nearly unimaginable amount of money to decrypt directly. However, a serious vulnerability in the way the Diffie-Hellman key exchange is implemented is allowing the intelligence agencies and spies to break and eavesdrop on trillions of encrypted connections. To crack just one of the extremely large prime numbers of a Diffie-Hellman in the most commonly used 1024-bit Diffie-Hellman keys would take about a year and cost a few hundred Million dollars.

However, according to researchers, only a few prime numbers are commonly used that might have fit well within the agency's $11 Billion-per-year budget dedicated to "groundbreaking cryptanalytic capabilities."

"Since a handful of primes are so widely reused, the payoff, in terms of connections they could decrypt, would be enormous," said Alex Halderman and Nadia Heninger in a blog post published Wednesday.

"Breaking a single, 1024-bit prime would allow the NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections."

Around 92% of the top 1 Million Alexa HTTPS domains make use of the same two primes for Diffie-Hellman, possibly enabling the agency to pre-compute a crack on those two prime numbers and read nearly all Internet traffic through those servers.

The Plan A Brazilian hacktivist vandalized 13 U.S. government websites last week, posting messages condemning the NSA for, amongst other things, secretly monitoring the Brazilian president's phone conversations. (Sample message: "Stop spy on us! The Brazilian population do not support your attitude!")

The Backfire "BMPoCWe," the hacker responsible, actually hacked NASA's websites, not the NSA's. Whoops.