Skip to content

Snowden: Leak Of NSA Hacking Tools Are Russia’s ‘Warning’ To The US Government

Posted in Journalism, and MintPress News

Originally published at MintPress News.

AUSTIN, Texas — According to whistleblower Edward Snowden, a recent leak of secret NSA hacking tools reflects an escalation in tensions between Russia and the United States. For others, though, it highlights concerns about what, if any, privacy is afforded to the general public.

The NSA whistleblower lit up Twitter on Tuesday with suggestions of “Russian responsibility” in the recent release of the NSA tools, noting that it could be a response to accusations by the Hillary Clinton campaign that Russian hackers leaked internal Democratic National Convention emails.

The suite of hacking tools, which were leaked by a group calling themselves the Shadow Brokers, consists of complex “malware” programs, malicious software designed to secretly take over targeted networks by exploiting security vulnerabilities in commercially available, widely used internet software.

Snowden, who leaked classified NSA documents which revealed the agency’s surveillance of millions of people around the world, was forced to take asylum in Russia in 2013 after the U.S. government canceled his passport.

Though Snowden and other computer security experts have pointed toward Russia as the originator of the NSA malware leak, some former NSA staffers disagree. On Wednesday, Motherboard interviewed a former NSA staffer who speculated that the leak could be the result of another insider — in effect, another Snowden.

“My colleagues and I are fairly certain that this was no hack, or group for that matter,” the former NSA employee told Motherboard. “This ‘Shadow Brokers’ character is one guy, an insider employee.”

Regardless of the source of the NSA leak, the files reveal a growing reliance on high-tech tools and government hackers from all sides of what some have deemed a “new Cold War.”

‘The keys to the kingdom’

Along with Snowden’s string of tweets, two former NSA employees contacted by The Washington Post on Tuesday also confirmed that the leaked hacking tools are genuine NSA software.

“Without a doubt, they’re the keys to the kingdom,” said one unnamed former member of the Tailored Access Operations, the NSA’s euphemism for its hacking division, in an interview with the Post’s national security reporter, Ellen Nakashima.

“The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad,” the TAO hacker added.

On Friday, The Intercept published a selection of newly released files from Snowden’s original leak which seemed to further confirm their authenticity.

“[W]hile it remains unclear how the software leaked,” Sam Biddle reported, “one thing is now beyond speculation: The malware is covered with the NSA’s virtual fingerprints and clearly originates from the agency.”

According to Biddle, a manual for NSA hackers instructs operatives to use a 16-digit code to track their use of a particular malware program, codenamed SECONDDATE. That code also appears in the Shadow Brokers’ leak of SECONDDATE.

“SECONDDATE plays a specialized role inside a complex global system built by the U.S. government to infect and monitor what one document estimated to be millions of computers around the world,” Biddle wrote.

Snowden explains ‘what’s new’ about the latest NSA hack

Under Snowden’s theory of the NSA hack, the agency’s secret hacking tools were released in retaliation for Clinton’s accusations of Russian involvement in the leak of 20,000 internal DNC emails published by WikiLeaks. The “DNC Leaks” damaged the reputation of Clinton’s campaign and forced the resignation of several Democratic Party leaders, including former DNC chair Debbie Wasserman Schultz.

But the Clinton campaign’s accusations were based largely on circumstantial evidence provided by Tom Kellerman, a computer expert with ties to the NSA, according to a July 25 analysis by MintPress News’ editor-in-chief Mnar Muhawesh. Muhawesh wrote:

Kellerman, CEO of Strategic Cyber Ventures, alleges that the WikiLeaks’ DNC email leak is tied to Putin. It’s worth noting, though, that his own firm is made up of former executives from the U.S. Computer Emergency Readiness Team and Booz Allen Hamilton, where NSA whistleblower Edward Snowden once worked. Indeed, many private cyber security jobs are held by people who used to work in or close to the government.

Snowden speculated that the Shadow Brokers did not breach the NSA’s internal servers, but rather accessed an external system used to launch a cyber attack. Agency operatives are warned to clean up their traces. “But,” Snowden tweeted, “people get lazy.”

Not only did this security error allow the leak of the tools themselves, but it also means that any hacks carried out by that server could be definitively linked to the U.S. government.

The link between NSA tools and a particular server has the potential to spark an international incident, particularly if any of that server was used to target U.S. allies or their elections, the whistleblower added.

“Snowden believes Russia is sending a warning on the dangers of attributing cyberattacks,” Thomas Fox-Brewster, a staff writer at Forbes, wrote on Tuesday in response to Snowden’s tweets.

A growing US cyber war

Writing for The Atlantic on Friday, Kaveh Waddell explained that SECONDDATE “allows the NSA to execute ‘man-in-the-middle’ attacks, which intercept traffic on a network as it’s traveling from its origin to its destination. The agency used it to redirect users who think they’re browsing safe websites to NSA-run servers that infect their computers with malware—and then back to their destination before they know what happened.”

And SECONDDATE is just one of many tools that the U.S. government hopes to use to commit espionage and fight warfare online. To this end, the U.S. government is spending big and leaving no rock unturned. The annual Red Flag military exercises, which ended last week in the Nevada desert, included training in hacking enemy computer systems and GPS satellites.

However, this digital focus is far from new. Surveillance experts says it’s likely that the U.S. has spent years quietly boosting its capabilities, including infecting thousands of computers with malware “implants.” The Intercept’s Ryan Gallagher and Glenn Greenwald wrote in March 2014:

The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secretinternal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands.

In 2013, The Washington Post revealed that the NSA spends millions of dollars purchasing security holes on the black market. According to a report from Computerworld on Friday, the NSA claims that it reveals 91 percent of those vulnerabilities so they can be fixed, but there’s no way to be sure if the agency is telling the truth — or how serious it would be if the remaining vulnerabilities were exploited.

A loss of privacy ‘in the name of national security or whatever’

Experts suggest it was inevitable that the NSA’s toolbox would eventually be revealed for other hackers to use, potentially maliciously against the general public.

“This is the risk when you have an increasingly large vulnerability repository that’s been around for a while,” Jeremiah Grossman, chief of security strategy at SentinelOne, told Computerworld’s Michael Kan. “You got to expect this will happen.”

As both government and criminal hacking activity increases, everyday citizens are becoming increasingly vulnerable, as Alice Donovan noted Wednesday on MyMPN, the MintPress News reader submission blog. She continued:

Nearly 1 in 3 Americans deals with some kind of health record compromise, and most of the time they are completely unaware it happened. This means that criminals gain huge amounts of information about people, including their social security numbers, phone numbers, addresses, and even their personal health information.

Indeed, some would argue the NSA leak vindicates Apple’s refusal to open a backdoor into the company’s phones earlier this year, citing the risk that if the government could access it, malicious hackers could, too.

On Friday, the Editorial Board of the Pittsburgh Post-Gazette suggested Americans, as well as the U.S. government, are ill-equipped to deal with this new loss of privacy and security. The DNC leaks, while “alarming,” are “peanuts compared to the loss of privacy of however many Americans and others the NSA may have been bugging, in the name of national security or whatever.”

With the agency’s secret tools now compromised, the Board warned of “the potential of an enemy, or even a madman, hacking America’s electrical grid, or its water supply controls, or its airport tower computers.”
They concluded:

All we can say is, first, that the NSA really needs to stay ahead of these people in its technology. Second, the pieces of America’s vital infrastructure need to have gold-plated protection and backup. Third, no American should imagine for one second that what he or she thinks are private communications are, in fact, private anymore.

If you enjoyed this post, please support Kit on Patreon!
Become a patron at Patreon!