First public awareness of massive NSA code breach was August 2016 with Shadow Brokers announcement though the theft may have occurred months earlier. Theft includes NSA code that enables malware to stay on systems for years undetected. The code can be used against US targets, political parties, etc.
8/16/2016, "Shadow Brokers’ Leak Raises Alarming Question: Was the N.S.A. Hacked?" NY Times, David E. Sanger
Print ed. August 17, 2016, Page A1 of New York ed. with the headline: Top-Secret Code Released by Hackers Points to Breach at N.S.A.
"The release on websites this week of what appears to be top-secret computer code that the National Security Agency has used to break into the networks of foreign governments and other espionage targets has caused deep concern inside American intelligence agencies, raising the question of whether America’s own elite operatives have been hacked and their methods revealed.
Most
outside experts who examined the posts, by a group calling itself the
Shadow Brokers, said they contained what appeared to be genuine samples
of the code--though somewhat outdated--used in the production of the
N.S.A.’s custom-built malware.
Most
of the code was designed to break through network firewalls and get
inside the computer systems of competitors like Russia, China and Iran.
That, in turn, allows the N.S.A. to place “implants” in the system,
which can lurk unseen for years and be used to monitor network traffic
or enable a debilitating computer attack.
According
to these experts, the coding resembled a series of “products” developed
inside the N.S.A.’s highly classified Tailored Access Operations unit,
some of which were described in general terms in documents stolen three
years ago by Edward J. Snowden, the former N.S.A. contractor now living
in Russia.
But the code does not appear to have come from Mr. Snowden’s archive, which was mostly composed of PowerPoint files and other documents that described N.S.A. programs. The documents released by Mr. Snowden and his associates contained no actual source code used to break into the networks of foreign powers.
Whoever obtained the source code apparently broke into either the top-secret, highly compartmentalized computer servers of the N.S.A. or other servers around the world that the agency would have used to store the files. The code that was published on Monday dates to mid-2013, when, after Mr. Snowden’s disclosures, the agency shuttered many of its existing servers and moved code to new ones as a security measure....
Around the same time, WikiLeaks declared that it had a full set of the files — it did not say how it had obtained them — and would release them all in the future. The “Shadow Brokers” had said they would auction them off to the highest bidder....
But the code does not appear to have come from Mr. Snowden’s archive, which was mostly composed of PowerPoint files and other documents that described N.S.A. programs. The documents released by Mr. Snowden and his associates contained no actual source code used to break into the networks of foreign powers.
Whoever obtained the source code apparently broke into either the top-secret, highly compartmentalized computer servers of the N.S.A. or other servers around the world that the agency would have used to store the files. The code that was published on Monday dates to mid-2013, when, after Mr. Snowden’s disclosures, the agency shuttered many of its existing servers and moved code to new ones as a security measure....
Around the same time, WikiLeaks declared that it had a full set of the files — it did not say how it had obtained them — and would release them all in the future. The “Shadow Brokers” had said they would auction them off to the highest bidder....
The
N.S.A. would say nothing on Tuesday about whether the coding released
was real or where it came from. Its public affairs office did not
respond to inquiries....
There
are other theories, including one that some unknown group was trying to
impersonate hackers working for Russian or other intelligence agencies.
Impersonation is relatively easy on the internet, and it could take
considerable time to determine who is behind the release of the code.
The Shadow Brokers first emerged online on Saturday, creating accounts on sites like Twitter and Tumblr and announcing plans for an auction. The group said that “we give you some Equation Group files free” and that it would auction the best ones. The Equation Group is a code name that Kaspersky Labs, a Russian cybersecurity firm, has given to the N.S.A.
The Shadow Brokers first emerged online on Saturday, creating accounts on sites like Twitter and Tumblr and announcing plans for an auction. The group said that “we give you some Equation Group files free” and that it would auction the best ones. The Equation Group is a code name that Kaspersky Labs, a Russian cybersecurity firm, has given to the N.S.A.
While
still widely considered the most talented group of state-sponsored
hackers in the world, the N.S.A. is still recovering from Mr. Snowden’s
disclosures; it has spent hundreds of millions of dollars reconfiguring
and locking down its systems.
Mr.
Snowden revealed plans, code names and some operations, including
against targets like China. The Shadow Brokers disclosures are much more
detailed, the actual code and instructions for breaking into foreign
systems as of three summers ago.
“From an operational standpoint, this is not a catastrophic leak,”
Nicholas Weaver, a researcher at the International Computer Science
Institute in Berkeley, Calif., wrote on the Lawfare blog on Tuesday.
But he added that “the big picture is a far scarier one.” In the weeks after Mr. Snowden fled Hawaii, landing in Hong Kong before ultimately going to Russia, it appears that someone obtained that source code. That, he suggested, would be an even bigger security breach for the N.S.A. than Mr. Snowden’s departure with his trove of files.
But he added that “the big picture is a far scarier one.” In the weeks after Mr. Snowden fled Hawaii, landing in Hong Kong before ultimately going to Russia, it appears that someone obtained that source code. That, he suggested, would be an even bigger security breach for the N.S.A. than Mr. Snowden’s departure with his trove of files.
However, the fact that the code is dated from 2013 suggests that the hackers’ access was cut off around then, perhaps because the agency imposed new security measures."...
===================
Added: An NSA employee, Harold T. Martin III, apparently not connected to Shadow Brokers removed classified NSA material, took it home for 16 years, and no one noticed. His home was finally raided on August 27, 2016:
5/16/2017, "Malware Case Is Major Blow for the N.S.A.," NY Times, Scott Shane
"He
has long held a high-level clearance and for a time worked with the
N.S.A.’s premier hacking unit, called Tailored Access Operations, which
breaks into the computer networks of foreign countries and which
developed the hacking tools later obtained by the Shadow Brokers.
According to one person briefed on the investigation, Mr. Martin was
able to obtain some of the hacking tools by accessing a digital library
of such material at the N.S.A....
Mr. Martin, an enigmatic loner who according to acquaintances frequently expressed his excitement about his role in the growing realm of cyberwarfare, has insisted that he got in the habit of taking material home so he could improve his skills and be better at his job, according to these officials. He has explained how he took the classified material but denied having knowingly passed it to anyone else....
The material the F.B.I. found in his possession added up to “many terabytes” of information, according to court papers, which would make it by far the largest unauthorized leak of classified material from the classified sector. That volume dwarfs the hundreds of thousands of N.S.A. documents taken by Edward J. Snowden in 2013 and exceeds even the more voluminous Panama Papers, leaked records of offshore companies obtained by a German newspaper in 2015, which totaled 2.6 terabytes. One terabyte of data is equal to the contents of about one million books.
F.B.I. agents on the case, advised by N.S.A. technical experts, do not believe Mr. Martin is fully cooperating, the officials say. He has spoken mainly through his lawyers, James Wyda and Deborah Boardman of the federal public defender’s office in Baltimore....
In interviews, officials described how the Martin case has deeply shaken the secret world of intelligence, from the N.S.A.’s sprawling campus at Fort Meade, Md., to the [Obama] White House. They expressed astonishment that Mr. Martin managed to take home such a vast collection of classified material over at least 16 years, undetected by security officers at his workplaces, including the N.S.A., the Office of the Director of National Intelligence and Pentagon offices. And they are deeply concerned that some of the mountain of material may, by whatever route, have reached hackers or hostile intelligence services.
Investigators discovered the hacking tools, consisting of computer code and instructions on how to use it, in the thousands of pages and dozens of computers and data storage devices that the F.B.I. seized during an Aug. 27 [2016] raid on Mr. Martin’s modest house in suburban Glen Burnie, Md. More secret material was found in a shed in his yard and in his car, officials said.
The search came after the Shadow Brokers leak set off a panicked hunt at the N.S.A. Mr. Martin attracted the F.B.I.’s attention by posting something on the internet that was brought to the attention of the N.S.A. Whatever it was — officials are not saying exactly what — it finally set off an alarm.
The release of the N.S.A.’s hacking tools, even though they dated to 2013, is extraordinarily damaging, said Dave Aitel, a former agency employee who now runs Immunity Inc., an information security company.
“The damage from this release is huge, both to our ability to protect ourselves on the internet and our ability to provide intelligence to policy makers and the military,” Mr. Aitel said.
The N.S.A.’s hacking into other countries’ networks can be for defensive purposes: By identifying rivals’ own hacking methods, the agency can recognize and defend against them, he said. And other countries, with some of the N.S.A.’s tools now in hand, can study past hacks and identify the attacker as the N.S.A., learn how to block similar intrusions, or even decide to retaliate, Mr. Aitel said.
Mr. Martin, 51, a Navy veteran who was completing a Ph.D. in information systems at the University of Maryland, Baltimore County, has worked for several of the contracting companies that help staff the nation's security establishment. After stints at the Computer Sciences Corporation and Tenacity Solutions, where he was assigned to the Office of the Director of National Intelligence, he joined Booz Allen Hamilton in 2009. He worked on that firm’s N.S.A. contract until 2015, when he was moved to a different Pentagon contract in the area of offensive cyberwarfare."...image from NY Times
Added: An NSA employee, Harold T. Martin III, apparently not connected to Shadow Brokers removed classified NSA material, took it home for 16 years, and no one noticed. His home was finally raided on August 27, 2016:
5/16/2017, "Malware Case Is Major Blow for the N.S.A.," NY Times, Scott Shane
Martin |
Mr. Martin, an enigmatic loner who according to acquaintances frequently expressed his excitement about his role in the growing realm of cyberwarfare, has insisted that he got in the habit of taking material home so he could improve his skills and be better at his job, according to these officials. He has explained how he took the classified material but denied having knowingly passed it to anyone else....
The material the F.B.I. found in his possession added up to “many terabytes” of information, according to court papers, which would make it by far the largest unauthorized leak of classified material from the classified sector. That volume dwarfs the hundreds of thousands of N.S.A. documents taken by Edward J. Snowden in 2013 and exceeds even the more voluminous Panama Papers, leaked records of offshore companies obtained by a German newspaper in 2015, which totaled 2.6 terabytes. One terabyte of data is equal to the contents of about one million books.
F.B.I. agents on the case, advised by N.S.A. technical experts, do not believe Mr. Martin is fully cooperating, the officials say. He has spoken mainly through his lawyers, James Wyda and Deborah Boardman of the federal public defender’s office in Baltimore....
In interviews, officials described how the Martin case has deeply shaken the secret world of intelligence, from the N.S.A.’s sprawling campus at Fort Meade, Md., to the [Obama] White House. They expressed astonishment that Mr. Martin managed to take home such a vast collection of classified material over at least 16 years, undetected by security officers at his workplaces, including the N.S.A., the Office of the Director of National Intelligence and Pentagon offices. And they are deeply concerned that some of the mountain of material may, by whatever route, have reached hackers or hostile intelligence services.
Investigators discovered the hacking tools, consisting of computer code and instructions on how to use it, in the thousands of pages and dozens of computers and data storage devices that the F.B.I. seized during an Aug. 27 [2016] raid on Mr. Martin’s modest house in suburban Glen Burnie, Md. More secret material was found in a shed in his yard and in his car, officials said.
The search came after the Shadow Brokers leak set off a panicked hunt at the N.S.A. Mr. Martin attracted the F.B.I.’s attention by posting something on the internet that was brought to the attention of the N.S.A. Whatever it was — officials are not saying exactly what — it finally set off an alarm.
The release of the N.S.A.’s hacking tools, even though they dated to 2013, is extraordinarily damaging, said Dave Aitel, a former agency employee who now runs Immunity Inc., an information security company.
“The damage from this release is huge, both to our ability to protect ourselves on the internet and our ability to provide intelligence to policy makers and the military,” Mr. Aitel said.
The N.S.A.’s hacking into other countries’ networks can be for defensive purposes: By identifying rivals’ own hacking methods, the agency can recognize and defend against them, he said. And other countries, with some of the N.S.A.’s tools now in hand, can study past hacks and identify the attacker as the N.S.A., learn how to block similar intrusions, or even decide to retaliate, Mr. Aitel said.
Mr. Martin, 51, a Navy veteran who was completing a Ph.D. in information systems at the University of Maryland, Baltimore County, has worked for several of the contracting companies that help staff the nation's security establishment. After stints at the Computer Sciences Corporation and Tenacity Solutions, where he was assigned to the Office of the Director of National Intelligence, he joined Booz Allen Hamilton in 2009. He worked on that firm’s N.S.A. contract until 2015, when he was moved to a different Pentagon contract in the area of offensive cyberwarfare."...image from NY Times
...........
.....................
No comments:
Post a Comment