Your Source for Leaks Around the World!

Posts Tagged ‘NSA’

UNITEDRAKE: The Shadow Brokers Leak NSA Malware Manual from August Dump

In Archive, Hacking, NSA, Shadow Brokers on September 7, 2017 at 12:11 PM

PDF (2MB)

The Shadow Brokers – the hacker group behind the ongoing leaks of NSA tools and exploits – released their September 2017 communique yesterday. In it they detail upcoming prices and changes to their monthly dump service, stating the leaks will now be semi-monthly continuing until at least November 15, and that September’s will contain exploits.

More interestingly for non-subscribers, at the bottom of the post is a MEGA link containing “Files, Signed Message, Manual to August Dump.” The manual – titled “UNITEDRAKE Version 4.6.1” – appears to have been altered by an open source graphics program and then re-saved as a PDF. Classification markings have been removed and the company listed on the manual is fake.

UNITEDRAKE is a modular malware described as a “fully extensible remote collection system designed for Windows targets.”

Able to compromise Windows PCs running on XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack tool acts as a service to capture information, with clients planted on target machines that send information to a server over the internet.

The existence of UNITEDRAKE first came to light in 2013 as part of a series of classified NSA documents leaked by Edward Snowden and in a catalog of NSA hacking tools leaked by a second source, which revealed it was used by the NSA alongside other pieces of malware to infect millions of computers around the world.

By using “plugins”, UNITEDRAKE can perform tasks including listening in and monitoring communication, capturing keystrokes and both webcam and microphone usage, the impersonation users, stealing diagnostics information and self-destructing once tasks are completed.

via emptywheel:

The way in which UNITEDRAKE is used with FISA is problematic. Note that it doesn’t include a start date. So the NSA could collect data from before the period when the court permitted the government to spy on them. If an American were targeted only under Title I (permitting collection of data in motion, therefore prospective data), they’d automatically qualify for 705(b) targeting with Attorney General approval if they traveled overseas. Using UNITEDRAKE on — say, the laptop they brought with them — would allow the NSA to exfiltrate historic data, effectively collecting on a person from a time when they weren’t targeted under FISA. I believe this kind of temporal problem explains a lot of the recent problems NSA has had complying with 704/705(b) collection.

In 2015 cybersecurity and anti-virus provider Kaspersky released a report on the “Equation Group”, who The Shadow Brokers originally attributed the leak to and has been tied to NSA’s Tailored Access Operations (TAO) elite hacking unit. Kaspersky discovered UNITEDRAKE malware – which they dub EQUATIONDRUG and GRAYFISH in their report – on customer machines in over 30 countries including Iran, Russia, China, US, and UK, in sectors ranging from government, military, finance, energy, and media.

OTHER CODENAMES IN UNITEDRAKE MANUAL:

FOXACID

PUZZLECUBE

BLUISHDEFER

SOLARTIME
JUSTVISITING
FOGGYBOTTOM
SALVAGERABBIT
WISTFULTOLL (ANT Catalog)
INFOSPYDER
KILLSUIT
SQUASHCHUNKY
THERMALDIFFUSION
WHITESPYDER

BEIGETHICKET
DAYTONSUNDAY
GROK
KRISPYKREME
NETPSPYDER
STOWAGEWINK
SULPHURWRITE

FLEWAVENUE

HEAVENSLEW

FELONYCROWBAR

DOGROUND

DICEDEALER

MSNBC’s Maddow Receives Forged NSA Document Alleging Trump/Russia Collusion

In Archive, NSA, Russia, Trump on July 7, 2017 at 1:04 PM

07/06/2017

On Thursday MSNBC host Rachel Maddow reported that her show was sent what she believes is a forged National Security Agency document alleging collusion between a member of the Trump campaign and Russian government.

“Somebody, for some reason, appears to be shopping a fairly convincing fake NSA document that purports to directly implicate somebody from the Trump campaign in working with the Russians in their attack in the election,” Maddow said.

On June 7, an unidentified person sent the document to “Send it to Rachel!“, an online tip line for Maddow’s show.

That was two days after The Intercept published legitimate NSA documents leaked by Reality Winner, a contractor for the agency.

The documents Maddow received appeared legitimate at first glance, she said, but several clues suggested that they were forgeries.

Typos and spacing issues raised eyebrows, but it was secret markings on the documents as well as their contents that convinced Maddow and her staff that the records were fakes.

Maddow said that the document sent to her show appeared to have used The Intercept’s as a template. Printer tracking dots on The Intercept’s files appeared on the document passed to Maddow.

The Maddow document also appears to show remnants from the crease clearly visible on the original copy, created when Reality Winner folded it after printing.

Maddow said that metadata from the documents sent to her show preceded the publication of the documents published in The Intercept. She suggested that it was possible that whoever sent her the forgeries had access to The Intercept documents. But she also theorized that whoever sent her the fake documents could have changed the metadata.

But Maddow said that that “the big red flag” for her and her team was that the document she was given named an American citizen, a specific person from the Trump campaign, who allegedly cooperated with the Russians during the presidential campaign.

“We believe that a U.S. citizen’s name would not appear in a document like this … An American citizen’s name would not have snuck through, not at this level of an NSA report,” asserted Maddow, who said that her team consulted national security experts on the matter.

“It is a forgery … let me caveat that. It is either a forgery, or every single national security official we consulted about this story is wrong about it,” she said.

Maddow went on to point out two recent retractions, one at CNN and the other at Vice News, suggesting that they were the result of a similar scheme to undermine news outlets covering the Trump/Russia conspiracy theory.

It comes as no surprise that MSNBC is running with this narrative. But the opposite could be just as plausible. An anti-Trump democrat trying to get Maddow to report the forged document as fact, since there has been no real evidence thus far to support the Trump/Russia collusion story.

Maddow did not provide details about who sent her team the faked NSA documents, but she concluded her segment saying, “We don’t know who’s doing it, but we’re working on it.”

***

07/07/2017

via Glenn Greenwald:

If you look at the time-stamp on the metadata on the document which the Intercept published, it reads “June 5, 12:17:15 pm” — exactly the same time and date, to the second, as the one on the document received by Maddow:

That’s because time-stamp on the documents published by the Intercept designate the creation date included in the PDF we publish on DocumentCloud: in this case, that occurred just over three hours prior to publication of our article. Both versions – the one we published and the one Maddow received – reflect the same time to the second: literally the exact moment when we created and uploaded the document.

***

via BuzzFeed’s Chris McDaniel:

***

UPDATE 07/12/2017

via TheIntercept:

Glenn Greenwald spoke to the person who claimed to have forged the document Rachel Maddow spent 20 minutes talking about on her primetime MSNBC show last Thursday. The alleged forger also said they sent the document to BuzzFeed News, which confirmed it to The Intercept. Maddow told Greenwald she would not comment, but the person claiming to have done the forgery said there was one small difference between the versions he sent to Maddow and BuzzFeed — one that only the forger would know. That difference was confirmed to The Intercept by BuzzFeed.

“All I did was white out your text. Put in my own and some black bars then ran it through the Photoshop ‘photocopy’ filter. Took me a whole 10 mins,” the alleged forger wrote. “I did it because I want to make sure the media is held accountable to check their sources before they post rather” than “run with anonymous sources only to backtrack months later.”

***

And some additional Twitter beef:

Contractor Reality Winner Arrested for Leaking NSA Docs Assessing Russian Attempts to Hack US Voting Systems (w/ Updates)

In Archive, NSA, Reality Winner, Russia on June 5, 2017 at 9:48 PM

PAGE 1: THE LEAK
PAGE 2: THE SOURCE
PAGE 3: REALITY WINNER
PAGE 4: THE ARREST

06/05/2017

THE LEAK

TheIntercept:

Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.

The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.

While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.

The report indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood. It states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks described in the document:

The NSA analysis does not draw conclusions about whether the interference had any effect on the election’s outcome and concedes that much remains unknown about the extent of the hackers’ accomplishments. However, the report raises the possibility that Russian hacking may have breached at least some elements of the voting system, with disconcertingly uncertain results.

The NSA and the Office of the Director of National Intelligence were both contacted for this article. Officials requested that we not publish or report on the top secret document and declined to comment on it. When informed that we intended to go ahead with this story, the NSA requested a number of redactions. The Intercept agreed to some of the redaction requests after determining that the disclosure of that material was not clearly in the public interest.

More…

Click to Enlarge

CONTINUE READING: THE SOURCE

 

Pages: 1 2 3 4

The War on Whistleblowers and Their Publishers: Greenwald, Assange, O’Brien, Coombs at Sydney Opera House

In Archive, Assange, Manning, NSA, Snowden, WikiLeaks on September 22, 2013 at 10:25 AM

The War on Whistleblowers & Their Publishers

09/16/2013

IdeasAtTheHouse:

US Journalist and activist Alexa O’Brien and Australian commentator Robert Manne are joined by video conference with Wikileaks founder Julian Assange, Guardian Journalist Glenn Greenwald and Chelsea Manning’s Lawyer David Coombs on stage at the Sydney Opera House (moderated by Bernard Keane of Crikey).

Powerful governments are waging a war on whistleblowers and those involved in publishing their material. Edward Snowden has been granted temporary asylum in Russia, Manning has been convicted of espionage and is awaiting sentencing, and Julian Assange has been granted asylum by Ecuador but cannot step outside its London Embassy. It’s clear that the actions of whistleblowers and their publishers – ‘traitors’ as they are known to some – have come at a significant personal cost, and while the human drama of these stories is engrossing, the focus should be on the very real issues they’ve raised: surveillance, press freedom, privacy, secrecy, and accountability.

The roles of governments and corporations in the future of the internet, and their use and abuse of data, have been put under the global spotlight. In the wake of Manning, Snowden and Wikileaks, we finally have the scope to properly debate the need for government transparency and the trade-off between privacy and security.

Watch our expert panel discuss the implications of the war on whistleblowers for the main actors, and the consequences if that war is lost for the rest of us.

Appelbaum, Rusbridger, Schmid, Campbell @ LIBE Committee Inquiry on Electronic Mass Surveillance of EU Citizens

In Appelbaum, Archive, GCHQ, LIBE, NSA on September 7, 2013 at 3:28 AM

09/05/2013

In its resolution of 4 July 2013 the European Parliament set the mandate of the LIBE Committee Inquiry:

Instructs its Committee on Civil Liberties, Justice and Home Affairs to conduct an in-depth inquiry into the matter in collaboration with national parliaments and the EU-US expert group set up by the Commission and to report back by the end of the year, by:

  • gathering all relevant information and evidence from both US and EU sources (fact-finding)
  • investigating the alleged surveillance activities of US authorities as well as any carried out by certain Member States (mapping of responsibilities)
  • assessing the impact of surveillance programmes as regards: the fundamental rights of EU citizens (in particular the right to respect for private life and communications, freedom of expression, the presumption of innocence and the right to an effective remedy); actual data protection both within the EU and for EU citizens outside the EU, focusing in particular on the effectiveness of EU law in respect of extraterritoriality mechanisms; the safety of the EU in the era of cloud computing; the added value and proportionality of such programmes with regard to the fight against terrorism; the external dimension of the area of freedom, security and justice (assessing the validity of adequacy decisions for EU transfers to third countries, such as those carried out under the Safe Harbour Agreement, international agreements and other legal instruments providing for legal assistance and cooperation) (damage and risk analysis)
  • exploring the most appropriate mechanisms for redress in the event of confirmed violations (administrative and judicial redress and compensation schemes)
  • putting forward recommendations aimed at preventing further violations, and ensuring credible, high-level protection of EU citizens’ personal data via adequate means, in particular the adoption of a fully-fledged data protection package (policy recommendations and lawmaking)
  • issuing recommendations aimed at strengthening IT security in the EU’s institutions, bodies and agencies by means of proper internal security rules for communication systems, in order to prevent and remedy unauthorised access and the disclosure or loss of information and personal data (remedying of security breaches)

So far the actors who seem to be best able to provide the Committee with adequate information, besides the US and EU Authorities which will be invited later, are the media which unveiled these facts and the participants of the EU-US expert groups.

Their testimony and intervention before the LIBE Committee will enable the LIBE Committee to identify those aspects that will deserve closer investigation and thus need clarification in the following meetings.

Given the obvious similarities with the investigation into the Echelon system the then Chair of the temporary committee, Mr Coelho, and its rapporteur, Mr Schmid, have been invited to share their experiences.

Schedule

Introductory remarks by Juan Fernando LÓPEZ AGUILAR, Chair of the LIBE Committee

Statements by:

  • Jacques FOLLOROU, Le Monde
  • Jacob APPELBAUM, investigative journalist, software developer and computer security researcher with the Tor Project

Presentations by:

  • Gerhard SCHMID (former MEP and Rapporteur of the ECHELON report 2001)
  • Carlos COELHO (MEP), former Chair of the Temporary Committee on the ECHELON Interception System
  • Duncan CAMPBELL, investigative journalist and author of the STOA report “Interception Capabilities 2000”

More LIBE Committee Mass Surveillance Inquiry Coverage

%d bloggers like this: