James Bamford: Evidence points to another Snowden at the NSA

[MikeWB]

This is by far the best explanation of NSA intrigue so far.



By James Bamford

In the summer of 1972, state-of-the-art campaign spying consisted of amateur burglars, armed with duct tape and microphones, penetrating the headquarters of the Democratic National Committee. Today, amateur burglars have been replaced by cyberspies, who penetrated the DNC armed with computers and sophisticated hacking tools.

Where the Watergate burglars came away empty-handed and in handcuffs, the modern- day cyber thieves walked away with tens of thousands of sensitive political documents and are still unidentified.

Now, in the latest twist, hacking tools themselves, likely stolen from the National Security Agency, are on the digital auction block. Once again, the usual suspects start with Russia – though there seems little evidence backing up the accusation.


In addition, if Russia had stolen the hacking tools, it would be senseless to publicize the theft, let alone put them up for sale. It would be like a safecracker stealing the combination to a bank vault and putting it on Facebook. Once revealed, companies and governments would patch their firewalls, just as the bank would change its combination.

A more logical explanation could also be insider theft. If that's the case, it's one more reason to question the usefulness of an agency that secretly collects private information on millions of Americans but can't keep its most valuable data from being stolen, or as it appears in this case, being used against us.

In what appeared more like a Saturday Night Live skit than an act of cybercrime, a group calling itself the Shadow Brokers put up for bid on the Internet what it called a "full state-sponsored toolset" of "cyberweapons." "!!! Attention government sponsors of cyberwarfare and those who profit from it !!!! How much would you pay for enemies cyberweapons?" said the announcement.

The group said it was releasing some NSA files for "free" and promised "better" ones to the highest bidder. However, those with loosing bids "Lose Lose," it said, because they would not receive their money back. And should the total sum of the bids, in bitcoins, reach the equivalent of half a billion dollars, the group would make the whole lot public.

While the "auction" seemed tongue in cheek, more like hacktivists than Russian high command, the sample documents were almost certainly real. The draft of a top-secret NSA manual for implanting offensive malware, released by Edward Snowden, contains code for a program codenamed SECONDDATE. That same 16-character string of numbers and characters is in the code released by the Shadow Brokers. The details from the manual were first released by The Intercept last Friday.

The authenticity of the NSA hacking tools were also confirmed by several ex-NSA officials who spoke to the media, including former members of the agency's Tailored Access Operations (TAO) unit, the home of hacking specialists. 

"Without a doubt, they're the keys to the kingdom," one former TAO employee told the Washington Post. "The stuff you're talking about would undermine the security of a lot of major government and corporate networks both here and abroad." Another added, "From what I saw, there was no doubt in my mind that it was legitimate."

Like a bank robber's tool kit for breaking into a vault, cyber exploitation tools, with codenames like EPICBANANA and BUZZDIRECTION, are designed to break into computer systems and networks. Just as the bank robber hopes to find a crack in the vault that has never been discovered, hackers search for digital cracks, or "exploits," in computer programs like Windows.

The most valuable are "zero day" exploits, meaning there have been zero days since Windows has discovered the "crack" in their programs. Through this crack, the hacker would be able to get into a system and exploit it, by stealing information, until the breach is eventually discovered and patched. According to the former NSA officials who viewed the Shadow Broker files, they contained a number of exploits, including zero-day exploits that the NSA often pays thousands of dollars for to private hacking groups.

The reasons given for laying the blame on Russia appear less convincing, however. "This is probably some Russian mind game, down to the bogus accent," James A. Lewis, a computer expert at the Center for Strategic and International Studies, a Washington think tank, told the New York Times. Why the Russians would engage in such a mind game, he never explained.

Rather than the NSA hacking tools being snatched as a result of a sophisticated cyber operation by Russia or some other nation, it seems more likely that an employee stole them. Experts who have analyzed the files suspect that they date to October 2013, five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents.

So, if Snowden could not have stolen the hacking tools, there are indications that after he departed in May 2013, someone else did, possibly someone assigned to the agency's highly sensitive Tailored Access Operations.

In December 2013, another highly secret NSA document quietly became public. It was a top secret TAO catalog of NSA hacking tools. Known as the Advanced Network Technology (ANT) catalog, it consisted of 50 pages of extensive pictures, diagrams and descriptions of tools for every kind of hack, mostly targeted at devices manufactured by U.S. companies, including Apple, Cisco, Dell and many others.

Like the hacking tools, the catalog used similar codenames. Among the tools targeting Apple was one codenamed DROPOUTJEEP, which gives NSA total control of iPhones. "A software implant for the Apple iPhone," says the ANT catalog, "includes the ability to remotely push/pull files from the device. SMS retrieval, contact-list retrieval, voicemail, geolocation, hot mic, camera capture, cell-tower location, etc."

Another, codenamed IRATEMONK, is, "Technology that can infiltrate the firmware of hard drives manufactured by Maxtor, Samsung, Seagate and Western Digital."

In 2014, I spent three days in Moscow with Snowden for a magazine assignment and a PBS documentary. During our on-the-record conversations, he would not talk about the ANT catalog, perhaps not wanting to bring attention to another possible NSA whistleblower.

I was, however, given unrestricted access to his cache of documents. These included both the entire British, or GCHQ, files and the entire NSA files.

But going through this archive using a sophisticated digital search tool, I could not find a single reference to the ANT catalog. This confirmed for me that it had likely been released by a second leaker. And if that person could have downloaded and removed the catalog of hacking tools, it's also likely he or she could have also downloaded and removed the digital tools now being leaked.

In fact, a number of the same hacking implants and tools released by the Shadow Brokers are also in the ANT catalog, including those with codenames BANANAGLEE and JETPLOW. These can be used to create "a persistent back-door capability" into widely used Cisco firewalls, says the catalog.

Consisting of about 300 megabytes of code, the tools could easily and quickly be transferred to a flash drive. But unlike the catalog, the tools themselves – thousands of ones and zeros – would have been useless if leaked to a publication. This could be one reason why they have not emerged until now.

Enter WikiLeaks. Just two days after the first Shadow Brokers message, Julian Assange, the founder of WikiLeaks, sent out a Twitter message. "We had already obtained the archive of NSA cyberweapons released earlier today," Assange wrote, "and will release our own pristine copy in due course."


   

The month before, Assange was responsible for releasing the tens of thousands of hacked DNC emails that led to the resignation of the four top committee officials.

There also seems to be a link between Assange and the leaker who stole the ANT catalog, and the possible hacking tools. Among Assange's close associates is Jacob Appelbaum, a celebrated hacktivist and the only publicly known WikiLeaks staffer in the United States – until he moved to Berlin in 2013 in what he called a "political exile" because of what he said was repeated harassment by U.S. law enforcement personnel. In 2010, a Rolling Stone magazine profile labeled him "the most dangerous man in cyberspace."

In December 2013, Appelbaum was the first person to reveal the existence of the ANT catalog, at a conference in Berlin, without identifying the source. That same month he said he suspected the U.S. government of breaking into his Berlin apartment. He also co-wrote an article about the catalog in Der Spiegel. But again, he never named a source, which led many to assume, mistakenly, that it was Snowden.

In addition to WikiLeaks, for years Appelbaum worked for Tor, an organization focused on providing its customers anonymity on the Internet. But last May, he stepped down as a result of "serious, public allegations of sexual mistreatment" made by unnamed victims, according to a statement put out by Tor. Appelbaum has denied the charges.

Shortly thereafter, he turned his attention to Hillary Clinton. At a screening of a documentary about Assange in Cannes, France, Appelbaum accused her of having a grudge against him and Assange, and that if she were elected president, she would make their lives difficult. "It's a situation that will possibly get worse" if she is elected to the White House, he said, according to Yahoo News.

It was only a few months later that Assange released the 20,000 DNC emails. Intelligence agencies have again pointed the finger at Russia for hacking into these emails.

Yet there has been no explanation as to how Assange obtained them. He told NBC News, "There is no proof whatsoever" that he obtained the emails from Russian intelligence. Moscow has also denied involvement. 

There are, of course, many sophisticated hackers in Russia, some with close government ties and some without. And planting false and misleading indicators in messages is an old trick. Now Assange has promised to release many more emails before the election, while apparently ignoring email involving Trump. (Trump opposition research was also stolen.) 

In hacktivist style, and in what appears to be phony broken English, this new release of cyberweapons also seems to be targeting Clinton. It ends with a long and angry "final message" against "Wealthy Elites . . . breaking laws" but "Elites top friends announce, no law broken, no crime commit[ed]. . . Then Elites run for president. Why run for president when already control country like dictatorship?"

Then after what they call the "fun Cyber Weapons Auction" comes the real message, a serious threat. "We want make sure Wealthy Elite recognizes the danger [of] cyberweapons. Let us spell out for Elites. Your wealth and control depends on electronic data." Now, they warned, they have control of the NSA's cyber hacking tools that can take that wealth away. "You see attacks on banks and SWIFT [a worldwide network for financial services] in news. If electronic data go bye-bye where leave Wealthy Elites? Maybe with dumb cattle?"

Snowden's leaks served a public good. He alerted Americans to illegal eavesdropping on their telephone records and other privacy violations, and Congress changed the law as a result. The DNC leaks exposed corrupt policies within the Democratic Party. 

But we now have entered a period many have warned about, when NSA's cyber weapons could be stolen like loose nukes and used against us. It opens the door to criminal hackers, cyber anarchists and hostile foreign governments that can use the tools to gain access to thousands of computers in order to steal data, plant malware and cause chaos.

It's one more reason why NSA may prove to be one of Washington's greatest liabilities rather than assets.


About the Author
James Bamford is the author of The Shadow Factory: The Ultra-Secret NSA From 9/11 to the Eavesdropping on America. He is a columnist for Foreign Policy magazine.

[rmstock]

Reuters is being used as some Commentary Magazine ?
Wasn't supposedly Snowden dead  or something like that last week ?


Commentary | Mon Aug 22, 2016 8:04am EDT
Commentary: Evidence points to another Snowden at the NSA
http://www.reuters.com/article/us-intelligence-nsa-commentary-idUSKCN10X01P


Credit: MATT MAHURIN [sixties version of SkyFall poster]

  "By James Bamford
   
   In the summer of 1972, state-of-the-art campaign spying consisted of
   amateur burglars, armed with duct tape and microphones, penetrating the
   headquarters of the Democratic National Committee. Today, amateur
   burglars have been replaced by cyberspies, who penetrated the DNC armed
   with computers and sophisticated hacking tools.
   
   Where the Watergate burglars came away empty-handed and in handcuffs,
   the modern- day cyber thieves walked away with tens of thousands of
   sensitive political documents and are still unidentified.
   
   Now, in the latest twist, hacking tools themselves, likely stolen from
   the National Security Agency, are on the digital auction block. Once
   again, the usual suspects start with Russia – though there seems little
   evidence backing up the accusation.
   
   BEST OF COMMENTARY
   
   Putin's latest moves show we're back in the U.S.S.R.
   
   Trump doubles down on Trumpiness
   
   Who's afraid of the lady in the burkini?

   
   DL : War College - The Kremlin may be more involved in U.S. politics than you realize

   In addition, if Russia had stolen the hacking tools, it would be               
   senseless to publicize the theft, let alone put them up for sale. It
   would be like a safecracker stealing the combination to a bank vault
   and putting it on Facebook. Once revealed, companies and governments
   would patch their firewalls, just as the bank would change its
   combination.
   
   A more logical explanation could also be insider theft. If that's the
   case, it's one more reason to question the usefulness of an agency that
   secretly collects private information on millions of Americans but
   can't keep its most valuable data from being stolen, or as it appears
   in this case, being used against us.
   
   In what appeared more like a Saturday Night Live skit than an act of
   cybercrime, a group calling itself the Shadow Brokers put up for bid on
   the Internet what it called a "full state-sponsored toolset" of
   "cyberweapons." "!!! Attention government sponsors of cyberwarfare and
   those who profit from it !!!! How much would you pay for enemies
   cyberweapons?" said the announcement.
   
   The group said it was releasing some NSA files for "free" and promised
   "better" ones to the highest bidder. However, those with loosing bids
   "Lose Lose," it said, because they would not receive their money back.
   And should the total sum of the bids, in bitcoins, reach the equivalent
   of half a billion dollars, the group would make the whole lot public.
   
   While the "auction" seemed tongue in cheek, more like hacktivists than
   Russian high command, the sample documents were almost certainly real.
   The draft of a top-secret NSA manual for implanting offensive malware,
   released by Edward Snowden, contains code for a program codenamed
   SECONDDATE. That same 16-character string of numbers and characters is
   in the code released by the Shadow Brokers. The details from the manual
   were first released by The Intercept last Friday.
   
   The authenticity of the NSA hacking tools were also confirmed by
   several ex-NSA officials who spoke to the media, including former
   members of the agency's Tailored Access Operations (TAO) unit, the home
   of hacking specialists. 
   
   "Without a doubt, they're the keys to the kingdom," one former TAO
   employee told the Washington Post. "The stuff you're talking about
   would undermine the security of a lot of major government and corporate
   networks both here and abroad." Another added, "From what I saw, there
   was no doubt in my mind that it was legitimate."
   
   Like a bank robber's tool kit for breaking into a vault, cyber
   exploitation tools, with codenames like EPICBANANA and BUZZDIRECTION,
   are designed to break into computer systems and networks. Just as the
   bank robber hopes to find a crack in the vault that has never been
   discovered, hackers search for digital cracks, or "exploits," in
   computer programs like Windows.
   
   The most valuable are "zero day" exploits, meaning there have been zero
   days since Windows has discovered the "crack" in their programs.
   Through this crack, the hacker would be able to get into a system and
   exploit it, by stealing information, until the breach is eventually
   discovered and patched. According to the former NSA officials who
   viewed the Shadow Broker files, they contained a number of exploits,
   including zero-day exploits that the NSA often pays thousands of
   dollars for to private hacking groups.
   
   The reasons given for laying the blame on Russia appear less
   convincing, however. "This is probably some Russian mind game, down to
   the bogus accent," James A. Lewis, a computer expert at the Center for
   Strategic and International Studies, a Washington think tank, told the
   New York Times. Why the Russians would engage in such a mind game, he
   never explained.
   
   Rather than the NSA hacking tools being snatched as a result of a
   sophisticated cyber operation by Russia or some other nation, it seems
   more likely that an employee stole them. Experts who have analyzed the
   files suspect that they date to October 2013, five months after Edward
   Snowden left his contractor position with the NSA and fled to Hong Kong
   carrying flash drives containing hundreds of thousands of pages of NSA
   documents.
   
   So, if Snowden could not have stolen the hacking tools, there are
   indications that after he departed in May 2013, someone else did,
   possibly someone assigned to the agency's highly sensitive Tailored
   Access Operations.
   
   In December 2013, another highly secret NSA document quietly became
   public. It was a top secret TAO catalog of NSA hacking tools. Known as
   the Advanced Network Technology (ANT) catalog, it consisted of 50 pages
   of extensive pictures, diagrams and descriptions of tools for every
   kind of hack, mostly targeted at devices manufactured by U.S.
   companies, including Apple, Cisco, Dell and many others.
   
   Like the hacking tools, the catalog used similar codenames. Among the
   tools targeting Apple was one codenamed DROPOUTJEEP, which gives NSA
   total control of iPhones. "A software implant for the Apple iPhone,"
   says the ANT catalog, "includes the ability to remotely push/pull files
   from the device. SMS retrieval, contact-list retrieval, voicemail,
   geolocation, hot mic, camera capture, cell-tower location, etc."
   
   Another, codenamed IRATEMONK, is, "Technology that can infiltrate the
   firmware of hard drives manufactured by Maxtor, Samsung, Seagate and
   Western Digital."
   
   In 2014, I spent three days in Moscow with Snowden for a magazine
   assignment and a PBS documentary. During our on-the-record
   conversations, he would not talk about the ANT catalog, perhaps not
   wanting to bring attention to another possible NSA whistleblower.
   
   I was, however, given unrestricted access to his cache of documents.
   These included both the entire British, or GCHQ, files and the entire
   NSA files.
   
   But going through this archive using a sophisticated digital search
   tool, I could not find a single reference to the ANT catalog. This
   confirmed for me that it had likely been released by a second leaker.
   And if that person could have downloaded and removed the catalog of
   hacking tools, it's also likely he or she could have also downloaded
   and removed the digital tools now being leaked.
   
   In fact, a number of the same hacking implants and tools released by
   the Shadow Brokers are also in the ANT catalog, including those with
   codenames BANANAGLEE and JETPLOW. These can be used to create "a
   persistent back-door capability" into widely used Cisco firewalls, says
   the catalog.
   
   Consisting of about 300 megabytes of code, the tools could easily and
   quickly be transferred to a flash drive. But unlike the catalog, the
   tools themselves – thousands of ones and zeros – would have been
   useless if leaked to a publication. This could be one reason why they
   have not emerged until now.
   
   Enter WikiLeaks. Just two days after the first Shadow Brokers message,
   Julian Assange, the founder of WikiLeaks, sent out a Twitter message.
   "We had already obtained the archive of NSA cyberweapons released
   earlier today," Assange wrote, "and will release our own pristine copy
   in due course."
   
   The month before, Assange was responsible for releasing the tens of
   thousands of hacked DNC emails that led to the resignation of the four
   top committee officials.
   
   There also seems to be a link between Assange and the leaker who stole
   the ANT catalog, and the possible hacking tools. Among Assange's close
   associates is Jacob Appelbaum, a celebrated hacktivist and the only
   publicly known WikiLeaks staffer in the United States – until he moved
   to Berlin in 2013 in what he called a "political exile" because of what
   he said was repeated harassment by U.S. law enforcement personnel. In
   2010, a Rolling Stone magazine profile labeled him "the most dangerous
   man in cyberspace."
   
   In December 2013, Appelbaum was the first person to reveal the
   existence of the ANT catalog, at a conference in Berlin, without
   identifying the source. That same month he said he suspected the U.S.
   government of breaking into his Berlin apartment. He also co-wrote an
   article about the catalog in Der Spiegel. But again, he never named a
   source, which led many to assume, mistakenly, that it was Snowden.
   
   In addition to WikiLeaks, for years Appelbaum worked for Tor, an
   organization focused on providing its customers anonymity on the
   Internet. But last May, he stepped down as a result of "serious, public
   allegations of sexual mistreatment" made by unnamed victims, according
   to a statement put out by Tor. Appelbaum has denied the charges.
   
   Shortly thereafter, he turned his attention to Hillary Clinton. At a
   screening of a documentary about Assange in Cannes, France, Appelbaum
   accused her of having a grudge against him and Assange, and that if she
   were elected president, she would make their lives difficult. "It's a
   situation that will possibly get worse" if she is elected to the White
   House, he said, according to Yahoo News.
   
   It was only a few months later that Assange released the 20,000 DNC
   emails. Intelligence agencies have again pointed the finger at Russia
   for hacking into these emails.
   
   Yet there has been no explanation as to how Assange obtained them. He
   told NBC News, "There is no proof whatsoever" that he obtained the
   emails from Russian intelligence. Moscow has also denied involvement. 
   
   There are, of course, many sophisticated hackers in Russia, some with
   close government ties and some without. And planting false and
   misleading indicators in messages is an old trick. Now Assange has
   promised to release many more emails before the election, while
   apparently ignoring email involving Trump. (Trump opposition research
   was also stolen.) 
   
   In hacktivist style, and in what appears to be phony broken English,
   this new release of cyberweapons also seems to be targeting Clinton. It
   ends with a long and angry "final message" against "Wealthy Elites . .
   . breaking laws" but "Elites top friends announce, no law broken, no
   crime commit[ed]. . . Then Elites run for president. Why run for
   president when already control country like dictatorship?"
   
   Then after what they call the "fun Cyber Weapons Auction" comes the
   real message, a serious threat. "We want make sure Wealthy Elite
   recognizes the danger [of] cyberweapons. Let us spell out for Elites.
   Your wealth and control depends on electronic data." Now, they warned,
   they have control of the NSA's cyber hacking tools that can take that
   wealth away. "You see attacks on banks and SWIFT [a worldwide network
   for financial services] in news. If electronic data go bye-bye where
   leave Wealthy Elites? Maybe with dumb cattle?"
   
   Snowden's leaks served a public good. He alerted Americans to illegal
   eavesdropping on their telephone records and other privacy violations,
   and Congress changed the law as a result. The DNC leaks exposed corrupt
   policies within the Democratic Party. 
   
   But we now have entered a period many have warned about, when NSA's
   cyber weapons could be stolen like loose nukes and used against us. It
   opens the door to criminal hackers, cyber anarchists and hostile
   foreign governments that can use the tools to gain access to thousands
   of computers in order to steal data, plant malware and cause chaos.
   
   It's one more reason why NSA may prove to be one of Washington's
   greatest liabilities rather than assets.
   
   ABOUT THE AUTHOR
   James Bamford is the author of The Shadow Factory: The Ultra-Secret NSA
   From 9/11 to the Eavesdropping on America. He is a columnist for
   Foreign Policy magazine.
   
   The views expressed in this article are not those of Reuters News."


  NSA Codenames - Cryptome
  https://cryptome.org/2014/01/nsa-codenames.htm
  1 Jan 2014 ... Subject: List of NSA/GCHQ codemanes affiliated with
  hacking and ... for the use  of others who have been maintaining
  similar lists. ... Codename for a 4200 sq. ft.  facility in Texas,
  holding TAO. .... DROPOUTJEEP, Apple iPhone malware. ...  GCHQ SSL/TLS
  exploitation knowledgebase and tool, used for ...

DROPOUTJEEP and IRATEMONK .... what the hell would that be or stand for
in an area where the most covert and dangerous stuff is going on ? :

DROPOUTJEEP : a free of charge Toyota Truck in the Middle East
IRATEMONK : a covert asset wearing a beard and reading the Koran

eh ?

[rmstock]

     A week or so ago Reuters, as quoted by a Nation wide renowned Demoratic
   Poll Specialist, was NOT tweaking the Polls, but actually COOKING the
   POLLS in favor of Hillary. This week Reuters implicitly declares
   the Death of Edward Snowden through the above article. A despicable means
   of calling your bluff. But thats actually the only thing Reuters has
   left. That is, in my perception, Reuters has been overtaken since
   2015 by a bunch of Jew scum blobs who have literally thrown out all of
   the last hallmarks of ethics inside Journalism -- or what was left of it
   -- hallmarks of ethics which a News Organization like Reuters had made
   famous around the world.
      Listen to the soundcloud interview of War College's Jason Fields,
   apparently a Reuters Editor as well, interviewing Strategist for the
   New America Foundation and a contributing editor for Popular Science
   Peter W. Singer. Singer claims with 100% certainty that Russia has done
   the DNC hack, but not before Reuters has vomited all over Assange,
   Snowden and not the least RT. What stands out of the wikipage of this
   American political scientist hack :

https://en.wikipedia.org/wiki/P._W._Singer
  "[ ... ]
   See also[edit]
   * The Brookings Institution
   * Military use of children
   [ ... ]"