[Cryptography] Shadow Brokers :: powerful NSA hacking tools leaked

Ray Dillinger bear at sonic.net
Thu Aug 18 16:25:36 EDT 2016



On 08/16/2016 11:36 PM, Jerry Leichter wrote:

> Of course, in the wilderness of mirrors that is the NSA and spycraft, you can always imagine a deeper level:  

If we're talking favorite conspiracy theories, I have a couple to share.

Some actor has been hacking the DNC in what is apparently an effort to
either influence the outcome of the US election or cast doubt on the
legitimacy of the result.  Russia and China have both been mentioned -
Russia more often and loudly - as the probable actor behind these hacks.

Clearly whoever stole this cache of malware three years ago has had
plenty of time to develop tools to detect and track its use.  It is
likely that they now have LOTS of dirt on US intel operations during the
last, say, 2 1/2 years.  An implied threat that this dirt might be
released, could be considered as an implied warning to the US that
attempts to loudly blame anyone, or impose sanctions against anyone, for
the election hacks could be responded to via further and more sensitive
releases.

Russia and China have both again been mentioned as the probable source
of the NSA malware release.  Russia, as with the DNC hacks, has been
mentioned more often and loudly.

Interestingly, Snowden at most recent update is residing in Moscow.

The most recent dates in the cache are from some months AFTER Snowden's
departure from the NSA's data center, so they clearly didn't come out
with him.  It is at least dimly possible that knowledge of how to
acquire them did, although the idea that such knowledge might still be
relevant after the inevitable revamp of security following the leaks
buggers the imagination. However, it is *extremely* likely that
knowledge of someone able to execute such an acquisition was already
present in Moscow.

Of course it is also possible, as Jerry says, that this release is a
deliberate and calculated decision by the NSA.  I seriously doubt this
possibility, because the NSA, which used to be extremely secret, is now
extremely reputation-conscious. They would be very unlikely to
voluntarily pretend that their own security had been compromised.

Still, there are reasons for them to do it.  They must have been
furiously developing new malware since the Snowden leaks three years ago
and may now have an effective new suite of tools.  There is
circumstantial evidence that other nation states have been using this
malware or the security flaws it exploits in hacks against the US.  A
release can motivate people to fix security flaws that were once seen as
assets but which have now become an active vulnerability. Simultaneously
a release from an anonymous source creates a pretext for which Snowden
and/or Russia can be blamed to people in the US at various levels, at
least in covert, implied, or unofficial ways.  Or they may be trying to
motivate intended targets to buy a new set of routers, switches, and
servers that have been compromised in new and interesting ways as yet
unknown to other actors.

History teaches that organizations with more than two or three
employees, operating on a more than occasional basis, cannot keep
secrets.  They can, however, distribute misinformation in hopes of
confusing people about which of the discovered secrets are real.  They
can deliberately lie to each other in order to try to get others to make
mistakes giving their secrets away.  And they can exchange threats,
blackmail, extortion, and warnings of varying degrees of implied,
covert, and overt, in an effort to deter unintended parties to those
secrets from disclosing them.

A wilderness of mirrors, indeed.  Working in security, even
occasionally, already turns me into a screaming hair-triggered paranoid.
 As someone prone to thinking too much, the environment in which they
live would likely drive me insane. If the ability to spin this much
speculation and conspiracy theory within a half-hour or so of hearing
the news is any indication, maybe I should have said "even more insane."

I would probably be less paranoid, overall, if my most paranoid
fantasies turned out to be wrong more often.

				Bear

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160818/04dc10eb/attachment.sig>


More information about the cryptography mailing list