Conspiracy Theater

THE NSA-SHADOW BROKERS HACKS: MORE RECONNAISSANCE?

Mr. T.M. shared this story, and it's quite revealing, especially as I have entertained the idea, in previous blogs and in some interviews, that the massive amount of hacking occurring against major western institutions might represent an activity being conducted by more than the usual suspects (i.e., Russia and China), and might represent a non-territorial actor or actors. Additionally, I've also advanced the high octane hypothesis that this "entity" or these "entities" might actually be doing something rather different than just conventional hacking, namely, that the activities appear to be a kind of "internet reconnaissance activity," mapping the actual "architecture" of the internet. Consider just the scale of the activity that we've seen over the years: Sony, various major banking institutions including Chase Manhattan and a few others, the Federal Reserve. Add to this the patterns of "information leaks" of various natures, from the Panama Papers to the Snowden affair, to the mysterious sources for Wikileaks, the advent - and "disappearance" - of the hacking group Anonymous, and you get the picture: there is a definite and large pattern of covert internet and hacking activity, and it all at least seems to be connected.

Which brings me to this story shared by Mr. T.M.:

The US's most secretive intelligence agency was embarrassingly robbed and mocked by hackers

With respect to my "high octane hypothesis" that some entity or entities appears to be "mapping the architecture" of the Internet, there is a statement in this article that caught my attention:

The NSA, which compiles massive troves of data on US citizens and organizes cyberoffensives against the US's enemies, was deeply compromised by a group known as the Shadow Brokers, which has made headlines in the past year in connection to the breach, whose source remains unclear.

The group now posts cryptic, mocking messages pointed toward the NSA as it sells the cyberweapons, created at huge cost to US taxpayers, to any and all buyers, including US adversaries like North Korea and Russia.

...

Furthermore, a wave of cybercrime has been linked to the release of the NSA's leaked cyberweapons.

A glance at the original NY Times article here

Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core

reveals some even more intriguing tidbits:

Mr. Williams had written on his company blog about the Shadow Brokers, a mysterious group that had somehow obtained many of the hacking tools the United States used to spy on other countries. Now the group had replied in an angry screed on Twitter. It identified him — correctly — as a former member of the National Security Agency’s hacking group, Tailored Access Operations, or T.A.O., a job he had not publicly disclosed. Then the Shadow Brokers astonished him by dropping technical details that made clear they knew about highly classified hacking operations that he had conducted.

America’s largest and most secretive intelligence agency had been deeply infiltrated.

“They had operational insight that even most of my fellow operators at T.A.O. did not have,” said Mr. Williams, now with Rendition Infosec, a cybersecurity firm he founded. “I felt like I’d been kicked in the gut. Whoever wrote this either was a well-placed insider or had stolen a lot of operational data.”

(Emphasis added)

There you have it: the NSA has either (1) been hacked, or (2) has a mole or moles inside the agency, or (3) both.  If (3) sounds implausible, recall only the case of Edward Snowden. But there is an additional bread crumb of information in the Times article, and for all those following the bizarre story of "Q" and his, her, or their anonymous postings about an ongoing hidden factional war in the deep state, there is this:

Fifteen months into a wide-ranging investigation by the agency’s counterintelligence arm, known as Q Group, and the F.B.I., officials still do not know whether the N.S.A. is the victim of a brilliantly executed hack, with Russia as the most likely perpetrator, an insider’s leak, or both. Three employees have been arrested since 2015 for taking classified files, but there is fear that one or more leakers may still be in place. And there is broad agreement that the damage from the Shadow Brokers already far exceeds the harm to American intelligence done by Edward J. Snowden, the former N.S.A. contractor who fled with four laptops of classified material in 2013. (Emphasis added)

Adding fuel to the flames of the "Q bread crumbs" drop, there's this interesting bit of information as well:

Then there are the Shadow Brokers’ writings, which betray a seeming immersion in American culture. Last April, about the time Mr. Williams was discovering their inside knowledge of T.A.O. operations, the Shadow Brokers posted an appeal to President Trump: “Don’t Forget Your Base.” With the ease of a seasoned pundit, they tossed around details about Stephen K. Bannon, the president’s now departed adviser; the Freedom Caucus in Congress; the “deep state”; the Alien and Sedition Acts; and white privilege.

“TheShadowBrokers is wanting (sic) to see you succeed,” the post said, addressing Mr. Trump. “TheShadowBrokers is wanting America to be great again.”

So how does any of this support the speculation that someone may be "reconnoitering" the internet's architecture? Consider this article on "The Shadow Brokers":

Who Are the Shadow Brokers?

where we find this intriguing and highly suggestive paragraph:

The Shadow Brokers suddenly appeared last August, when they published a series of hacking tools and computer exploits—vulnerabilities in common software—from the NSA. The material was from autumn 2013, and seems to have been collected from an external NSA staging server, a machine that is owned, leased, or otherwise controlled by the U.S., but with no connection to the agency. NSA hackers find obscure corners of the internet to hide the tools they need as they go about their work, and it seems the Shadow Brokers successfully hacked one of those caches. (Emphasis added)

This would seem to suggest once again that either there are some highly placed moles inside the agency who "know" or at least "strongly suspect" where to look, or that the hackers have, already, gained enough information about internet architecture to be able to search for, and target, such information caches. If the latter, then this implies something else, one heavy with implications if one considers this activity to be that of an extra-territorial group, rather than the activity of a state or state-sponsored group: it has access to significant computing power and sophisticated programming capability. But how might one disguise this?

In my typical hack-from-South-Dakota form, I want to advance a bit of (very) high octane speculation: what if this group is sophisticated enough to co-opt computer networks in a kind of "block chain" of hacking technology, a "block chain hacking" tool? What if they have harnessed block chain techniques to access, and then squirrel away, the data they steal? Mind you, I know next to nothing about this sort of stuff, but it seems to me that the idea (or at least something like it) would seem to be suggested by the NSA's inability, thus far, to identify and locate the threats to national security. (And if this scenario or speculation has any merit, then it certainly has significant implications for the security of block chain and crypto-currency technologies.)

In any event, the entire story - with its rumblings of some sort of connection to the "Q" breadcrumb story now circulating on the internet - seems to suggest a group with some very sophisticated techniques at its disposal, and I strongly suspect that this connection may, in fact, be one of the overlooked bread crumbs in the whole affair.

See you on the flip side...

19 thoughts on “THE NSA-SHADOW BROKERS HACKS: MORE RECONNAISSANCE?”

  1. Hang on a sec. What’s the evidence for extraterritorial actors here? Is there any?
    I would agree that an inside job is more likely, unless there is evidence to the contrary.

  2. What if the NSA know very well who the Shadow Brokers are and actually let the Shadow Brokers have what they have as justification for coming Cyberwar, more NSA resources, and online restrictions for citizens?

  3. I had been noting that “our government” was urging(!) companies and individuals to drop Kaspersky Lab’s anti-virus and anti-malware software, implying that – since it was a Russian firm – it could somehow be a security ‘concern’. Now, we know why the push. From the NYTimes article:

    “Kaspersky hunted for the spying malware planted by N.S.A. hackers, guided in part by the keywords and code names in the files taken by Mr. Snowden and published by journalists, officials said.

    The T.A.O. [N.S.A. ‘Tailored Access Operations’] hackers knew that when Kaspersky updated its popular antivirus software to find and block the N.S.A. malware, it could thwart spying operations around the world.

    [Kaspersky] updated its antivirus software to uproot the N.S.A. malware wherever it had not been replaced. The agency temporarily lost access to a considerable flow of intelligence.”

    (There are also internet reports that Kaspersky developed code to ‘plug’ M$ Windows built-in backdoors, which are carefully NOT being talked-about in MSM articles, and incorporated them into software updates. Bad company!)

  4. Ive heard talk that Q is an AI based on the White rabbit project.. network syncronisation.. its certainly what would be needed for nodes to work together.. otherwise the left hand part of the brain will be at 13h00 whilst the right hand side is at 21h00 .. That’s usually what my brain feels like.. anyway..
    I think that something, somewhere is hideously wrong with the human race if its an artificial intelligence that is showing us where all the horror and corruption (and all the rest…) is.. that we couldnt even see it ourselves.. and I supopse we’ll have to end up thanking an AI for cleaning up planet Earth.. as humans.. once again.. proved that they are incapable.. because.. money.

  5. Honestly, this makes me think of Bix Weir’s Road To Roota Theory….Greenspan was a computer whiz in the 60’s…and a follower of Ayn Rand. If it’s true an alliance has been hiding within the deep state for decades…I would have to think Greenspan would have one of their most important assets… with a hand in designing the whole system of digitization especially as it pertains to the monetary system…so he and the alliance were years ahead of the clueless banking dynasties…still making the money the old fashioned way….stealing it through manipulated markets, debt, and wars based on lies. Satoshi Nakimoto may be Greenspan.

  6. This would indeed be “good news”
    if this “savvy interloper”
    was exploiting closed, monopolized systems –
    via open-sources.
    A coming showdown storm in cyberspace –
    to see which system can faster-than-light out-draw; while, adjusting on-the-fly –
    replacing current, showcased horse & buggy façade$ by sundown.
    About time the “enclosure” clown$ were hood-winked out-of-business;
    literally,
    once,
    and of course,
    for ALL living beings.

    1. As a reborn Reagan might say,
      Break Down These Corporatized-Robotic Paywalls!
      [I’m speaking of the current paradigm
      of money as our masters
      instead of the other way around]…
      Where information is a free flowing currency
      designed to better life on Earth for all beings.

      In other words,
      the opposite pole of
      “their” current diode.

  7. Let’s hope that the alphabet agencies (and present company) are not using current Apple software:

    http://82.221.129.208/.zq9.html
    Beyond Hackable: OSX 10.13 “High Sierra” hackable just by typing “root”

    “This proves Mac OS is just a linux distro (something the tech saavy have known for years). This flaw is possible to circumvent by setting a root password, but the fact that it was out in the open, never mentioned and easily executed for two and a half months is inexcusable. It had to have been done on purpose.

    From Wired magazine: https://www.wired.com/story/macos-high-sierra-hack-root/

    There are hackable security flaws in software. And then there are those that don’t even require hacking at all – just a knock on the door, and asking to be let in. Apple’s macOS High Sierra has the second kind.

    On Tuesday, security researchers disclosed a bug that allows anyone a blindingly easy method of breaking that operating system’s security protections. Anyone who hits a prompt in High Sierra asking for a username and password before logging into a machine with multiple users, they can simply type ‘root’ as a username, leave the password field blank, click ‘unlock’ twice, and immediately gain full access.

    In other words, the bug allows any rogue user that gets the slightest foothold on a target computer to gain the deepest level of access to a computer, known as ‘root’ privileges. Malware designed to exploit the trick could also fully install itself deep within the computer, no password required.

    ‘We always see malware trying to escalate privileges and get root access,’ says Patrick Wardle, a security researcher with Synack. ‘This is best, easiest way ever to get root, and Apple has handed it to them on a silver platter.’

    As word of the security vulnerability rippled across Twitter and other social media, a few security researchers found they couldn’t replicate the issue, but others captured and posted video demonstrations of the attack, like Wardle’s GIF below, and another that shows security researcher Amit Serper logging into logged-out account. WIRED also independently confirmed the bug.

    The fact that the attack could be used on a logged-out account raises the possibility that someone with physical access could exploit it just as easily as malware, points out Thomas Reed, an Apple-focused security researcher with MalwareBytes. They could, for instance, use the attack to gain root access to a logged-out machine, set a root password, and then regain access to a machine at any time. ‘Oooh, boy, this is a doozy,’ says Reed. ‘So, if someone did this to a Mac sitting on a desk in an office, they could come back later and do whatever they wanted.’

    Reed also notes, however – and other researchers confirm – that it’s possible to block the attack simply by setting a password for the root user. If you’ve installed High Sierra and haven’t set a root password, you should do it now. In a statement, Apple confirmed the problem, reiterated that short-term fix, and promised a longer-term software patch: ‘We are working on a software update to address this issue,’ an Apple spokesperson wrote.”

    1. “This proves Mac OS is just a linux distro (something the tech saavy have known for years). ” – ah no. No, not at all. It came from NextStep which was Steve Jobs company that Apple paid him $400 million for when he returned to Apple.

      https://en.wikipedia.org/wiki/NeXTSTEP

      NextStep was developed way before Linux. 1988 was the first release of it.

      1. TRM: Interesting. I am old enough to remember NextStep, how revolutionary it was claimed to be, and the non-acceptance or freeze-out of it.

        JS seems to be very computer-savvy – even to coding his own site – so he should be aware of this (unless he is too young). JS has a message-window on his main page. Why don’t you message him, inform him of the above, and see what happens? (A good test case of character.)

        Be aware that the message window is allegedly messed-with; so – if you do not see an acknowledgement – you may have to re-send it several times.

    1. The phrasing “TheShadowBrokers is wanting…” is suggestive of an AI or someone trying to mimic an AI. The growth of an AI towards the Singularity would be consistent with Dr. Farrell’s hunch “that some entity or entities appears to be “mapping the architecture” of the Internet…”.

  8. Well I know how much one likes shadowy extraterritorial actors to explain just about everything, but given the depth and obscurity of the knowledge, the profound knowledge of obscure inside players and the Snowden precedent, Occam’s razor says that this was an inside job.

    Now whether it was an insider or group fed up with the deep state and the paranoia-surveillance complex or whether it was moles is up for grabs, but I do not think it at all likely that all that came from outside penetration. Just look at how easy it is to infiltrate the clown show that is the ostensible US government — Huma Abedin, the Muslim Brotherhood’s point girl, and the Awan brothers literally running the IT systems for the DNC and the Democratic congressional caucus and shipping the best of it to Pakistani ISI and selling the rest of it on the black market.

    The NSA is still a government agency (last I checked) and so you can never rule out institutional stupid.

    1. There is also the confirmed fact that the NSA sends a direct copy of all its raw intelligence directly to Israel (unfiltered). That implies a profound data-pipe connection. Wonder if the ‘leak’ could be on-the-way (i.e., someone hacking the pipe), or after it gets to the Israeli destination?

      1. How is that a confirmed fact? If anything Israel is being put in its place via the moves made in “The Kingdom.” They sponsor terror just as much as SA

Comments are closed.