from Hacker News

Snowden: NSA just lost control of its Top Secret arsenal of digital weapons

by Yrlec on 4/8/17, 6:36 PM with 297 comments

  • by cyphunk on 4/8/17, 9:52 PM

    A good time to remember the official US Intelligence Community statement and policy/lie on 0days, as given post-heartbleed:

        When Federal agencies discover a new vulnerability in commercial 
    and open source software – a so-called “Zero day” vulnerability
    because the developers of the vulnerable software have had zero days
    to fix it –  it is in the national interest to responsibly
    disclose the vulnerability rather than to hold it for an investigative
    or intelligence purpose.
    https://icontherecord.tumblr.com/post/82416436703/statement-...

    https://news.ycombinator.com/item?id=7575802

  • by spydum on 4/9/17, 12:12 AM

    Why is everybody posting/curious about the language of the blog post and not the contents of the file?

    I've looked through some of the contents.. Some look incredibly old, but others target odd things.. lots of cPanel. My only guess is take the low hanging fruit to build "jump box" type systems?

    Some odd examples: ElegantEagle/toffeehammer.. focuses on cgiecho for RCE. The thing is, a CVE was just released for this case maybe a month ago?: http://www.cvedetails.com/cve/CVE-2017-5613/

    So if this dump was from 2013, why did the CVE recently pop up? Or is that coincidence?

  • by sillysaurus3 on 4/8/17, 7:57 PM

    It's pretty fascinating to read the Shadow Broker's posts. They have to write something, since they can't just say "I work for Russia and we're reminding America that they're not invulnerable." So they have to come up with all sorts of contrived reasons about why they're doing this, complete with broken english to fool stylometry detection that walks the fine line between being believable and preposterous. Someone spent a lot of work getting it to look so terrible.

  • by tenaciousJk on 4/8/17, 7:08 PM

    He goes on to further state:

    "Quick review of the #ShadowBrokers leak of Top Secret NSA tools reveals it's nowhere near the full library, but there's still so much here that NSA should be able to instantly identify where this set came from and how they lost it. If they can't, it's a scandal."

  • by itchyjunk on 4/8/17, 7:27 PM

    Asking a president to do x,y or z by making this type of public statement probably implies it's geared towards the immediate readers and not some leader that might read it.

    The security agencies might have made a lot of enemy over the years so it's not clear who benefits from this. Either financially or as ego boost.

    The internet is definitely bigger that what most people might have predicted 20 years ago. So its not really a big surprising to see as much or even more power struggle than in real world battle fields.

    Since every side has a propaganda to peddle, I, personally can draw no reasonable or coherent conclusions on what type of decisions are shaping the world I live in. But I am nonetheless curious to see how this all plays out in the coming years.

    There is a related post on HN about this. [0]

    ---------------------------------

    [0] https://news.ycombinator.com/item?id=14066596

  • by iandanforth on 4/8/17, 7:04 PM

    Can someone remind me why Snowden would be in a position to comment on if this release comprises a full or partial set of hacking tools? Specifically, does this imply that his cache of data included a list of these tools, or was his day to day job one such that he would have been normally in contact with this toolset?

  • by hl5 on 4/8/17, 8:14 PM

    Obviously, Perl is the NSA top language choice due to it's built in support for obfuscation and job security.

  • by akud on 4/8/17, 8:35 PM

    The content reads pretty clearly like a native English speaker imitating immature hacker-speak. It comes across as if it were written by a script-kiddy; that may be intentional.

  • by theocean154 on 4/8/17, 7:23 PM

    Looking through some of the code and some of the docs, these look old. In absence of a lot of time or some missing docs, not sure how usable these things are.

  • by r721 on 4/8/17, 11:26 PM

    Nicholas Weaver‏: "Overall, though, it looks like the auction file from Shadow Brokers is mostly a bust, better stuff in the free file."

    https://twitter.com/ncweaver/status/850797548717481984

    the grugq: "Calling it now: the first ShadowBrokers dump was an expensive signal. This latest one was not (expensive, that is.)"

    https://twitter.com/thegrugq/status/850825305845399552

  • by mcintyre1994 on 4/8/17, 8:32 PM

    From the Medium post linked (https://medium.com/@shadowbrokerss/dont-forget-your-base-867...)

    - Don’t care if you swapped wives with Mr Putin, double down on it, “Putin is not just my firend he is my BFF”.

    - Don’t care if the election was hacked or rigged, celebrate it “so what if I did, what are you going to do about it”.

    This has got to be a fake group trying to discredit Trump right? I don't like him or what he's doing, but surely surely his supporters don't subscribe to at least the latter view there?

  • by tyingq on 4/8/17, 7:05 PM

  • by codezero on 4/8/17, 8:35 PM

    A lot of the scripts appear to have been written by the same person, or is that just me reading into it? They have a distinct comment style in both Python and Perl.

    Also, a lot of the tools appear to instruct people to paste various things in to them. I find it unlikely that a single person wrote all the tooling for the NSA, but, who knows.

  • by strictnein on 4/9/17, 4:33 AM

    > "NSA just lost control of its Top Secret arsenal of digital weapons"

    This is just inaccurate, or at least purposefully misleading. The NSA did not just lose control of its "Top Secret arsenal of digital weapons".

    They "lost control" of mainly a bunch of old exploits whose release will not matter because anyone who is running this old junk won't be updating their servers because of this news.

  • by fixxer on 4/8/17, 7:58 PM

    I don't know anything about the value of this crap, but I do find it interesting to grep through looking at the IPs (which I presume are compromised machines from which they are initiating attacks). See `./bin/pyside/targets.py`

  • by remarkEon on 4/8/17, 7:11 PM

    I haven't read enough broken English to take a gander at what the native language is for the authors of that...manifesto. Anyone have a good guess? There's some pretty common mistakes throughout ("peoples" for people, "Americans' having" for "Americans have").

  • by Animats on 4/8/17, 8:18 PM

    This stuff looks old. There are versions for Solaris and SCO Unix.

  • by jasonhansel on 4/8/17, 10:00 PM

    I wonder what this is for: https://github.com/x0rz/EQGRP/blob/master/Linux/bin/strangeF...

    It looks like it's searching for files/directories with unusual names (like ". ") that system administrators wouldn't normally notice.

  • by znfi on 4/9/17, 1:27 PM

    I have a bit of a hard time understanding why so many people think this is written by Russians. Obviously the grammar is not correct, but it would seem very strange to think this has any significance, and it seems more plausible that it was done in an attempt to hide the authors identity. (My spontaneous feeling was that it was written by Jar Jar Binks, and not Russians, for whatever that's worth.)

    I'm not from the US and have not followed the news from there recently, but from what little I have seen much of the actual contents of the message does seem to reflect the feelings of Trumps "base"? Or would people more familiar with US politics say this is incorrect?

  • by jorblumesea on 4/8/17, 10:53 PM

    Is there any doubt the Shadow Brokers are Russian and working for Russian interests? The timing of releases, international events concerning both countries and pointed measures are far too suspicious to be considered circumstantial.

  • by eps on 4/8/17, 10:25 PM

    Likely a response to the Syrian airbase tomahawking from a couple of days ago?

    Russians are known for what they themselves call "asymetrical answers", so this seems to fit the pattern.

  • by 0x38B on 4/8/17, 11:03 PM

    Like others are saying, there's a mismatch between the overall sentence structure and progression - which strikes me as more native - and the mistakes. I don't buy the verb misconjugation especially, a Russian ESL learner at that level would get that right more often than not.

    Source: many conversations with Russians learning English (also near-native Russian)

  • by i336_ on 4/10/17, 5:32 AM

    Excuse me while I just...

    ALLL RIIIIGHT!!

    Not because I'm especially interested in the tools (although, granted, I have not had a look at any of them yet), but because I always wished this could be given to everyone.

    Also, for a moment there, I was concerned 7z was insecure and that the passphrase had been bruteforced. Apparently not! Very nice.

  • by hl5 on 4/9/17, 1:23 AM

    Regardless of the source, full disclosure works. Whomever is responsible for releasing this material is also improving computer security for everyone. Thank you.

  • by zengid on 4/8/17, 9:55 PM

    All of this spy vs spy intrigue makes my head hurt

  • by mavdi on 4/8/17, 9:30 PM

    Given the latest world events, I've personally come to realise that security agencies play an important role in keeping us safe, from external entities or from ourselves.

    This is disaster in my (current) opinion. We tend to dismiss the work the likes of NSA do, not thinking much about what would happen if they didn't do it. Snowden categorically dismissing anything that NSA does, just means he's a deluded idealist, much like I used to be.

  • by shitgoose on 4/9/17, 2:05 AM

    shadowbrokerss remind me of this guy:

    https://www.youtube.com/user/FPSRussia

    100% American from Georgia, sometimes loses Russian accent and slips into perfect English:)

  • by Harken on 4/8/17, 8:50 PM

    "We voted for you, comrade. Here is old malware from deepnet kiddy porn site post for to confuse."

    Could be Russia pissed about puppet twitching without permission, or could be Bannon (via Cambridge Analytics?) pissed about puppet twitching without permission.

    Twitch, puppet, twitch!

  • by theocean154 on 4/8/17, 7:03 PM

    ElegantEagle. nice

  • by elastic_church on 4/8/17, 7:19 PM

    ShadowBroker's blog posts always crack me up

  • by oculusthrift on 4/8/17, 10:32 PM

    remember that 1000s of paid russians were used to interrupt our election on sites like reddit. wouldn't be surprised if a few leaked to this site. especially with green accounts.

  • by lngnmn on 4/9/17, 4:23 AM

    Looks like bullshit. It does not match the vault7 leak, which is supposed to be from the very same NSA.

    It is Russians. The classic example of Dunning Kruger effect. In a generally low IQ environment and primitive criminalized cultural environment they truly believe that what is enough to fool everyone around them, including the bosses (who are supposed to be really smart), will surely fool everyone else.

    This is the phenomenon of negative selection of a cancer-like corrupted society (which ran for a three decades already) at work. They are literally decades behind of the technological progress and culture of the modern civilization.

    They simply have no idea of what possible level of intelligence and sophistication could be found in places with decades of consistent high-IQ-based selection, like companies staffed with top 5% of MIT/Standford/Caltech/Berkeley graduates and what this kind of organization could do (think of Apple, Google, etc).

    A high-tech US govt agency would never had such a crap in their folders. They are not a bunch of disconnected from reality, overconfident, self-deluded with their own primitive propaganda Russian punks.