Baddecision

Edward Snowden is right. The NSA got hacked. The question is, who are the ShadowBrokers as the dataset extracted was intense, legitimate and potentially dangerous as the purloined tool kits can be used against us in ways the NSA can never imagine.

ON MONDAY, A HACKING group calling itself the “ShadowBrokers” announced an auction for what it claimed were “cyber weapons” made by the NSA. Based on never-before-published documents provided by the whistleblower Edward Snowden, The Intercept can confirm that the arsenal contains authentic NSA software, part of a powerful constellation of tools used to covertly infect computers worldwide.

The provenance of the code has been a matter of heated debate this week among cybersecurity experts, and while it remains unclear how the software leaked, one thing is now beyond speculation: The malware is covered with the NSA’s virtual fingerprints and clearly originates from the agency.

It gets better.

Rather than the NSA hacking tools being snatched as a result of a sophisticated cyber operation by Russia or some other nation, it seems more likely that an employee stole them. Experts who have analyzed the files suspect that they date to October 2013, five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents. 

So, if Snowden could not have stolen the hacking tools, there are indications that after he departed in May 2013, someone else did, possibly someone assigned to the agency’s highly sensitive Tailored Access Operations.

In December 2013, another highly secret NSA document quietly became public. It was a top secret TAO catalog of NSA hacking tools. Known as the Advanced Network Technology (ANT) catalog, it consisted of 50 pages of extensive pictures, diagrams and descriptions of tools for every kind of hack, mostly targeted at devices manufactured by U.S. companies, including Apple, Cisco, Dell and many others. 

Like the hacking tools, the catalog used similar codenames. Among the tools targeting Apple was one codenamed DROPOUTJEEP, which gives NSA total control of iPhones. "A software implant for the Apple iPhone,” says the ANT catalog, “includes the ability to remotely push/pull files from the device. SMS retrieval, contact-list retrieval, voicemail, geolocation, hot mic, camera capture, cell-tower location, etc.” 

Blowback's a bitch - Robert E. 

Addendum

THESE DAYS IT seems like every government has a far-reaching and well-developed digital surveillance operation, complete with defense, international espionage, and offensive components. Smaller nations even join spy alliances to pool resources. But there are still many nation-states that for various reasons prefer not to handle their cyber intelligence development in-house. So they do what we all do when we need software: They buy it from a vendor.

On Thursday, researchers published evidence that an established private cyberarms dealer called NSO Group, whose clientele primarily comprises governments, has been selling masterful spyware that is delivered to mobile devices through a series of critical vulnerabilities in Apple’s iOS mobile operating system. Once established on a device, this tool, known as Pegasus, can surveil virtually anything, relaying phone calls, messages, emails, calendar data, contacts, keystrokes, audio and video feeds, and more back to whomever is controlling the attack. Apple says it has fully patched the three vulnerabilities, collectively called Trident, as part of today’s iOS 9.3.5 update.

To the highest bidder so it seems.