Category Archives: NSA

The Office of Tailored Access Operations (TAO) is a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA). It has been active since at least circa 1998.[1][2] TAO identifies, monitors, infiltrates, and gathers intelligence on computer systems being used by entities foreign to the United States.[3][4][5][6] The NSA terms these activities "computer network exploitation".

TAO is reportedly "now the largest and arguably the most important component of the NSA's huge Signals Intelligence Directorate (SID)[7] (SIGINT), consisting of more than 1,000 military and civilian computer hackers, intelligence analysts, targeting specialists, computer hardware and software designers, and electrical engineers."[1]

A document leaked by former NSA contractor Edward Snowden describing the unit's work says[not in citation given] TAO has software templates allowing it to break into commonly used hardware, including routers, switches, and firewalls from multiple product vendor lines".[8] According to The Washington Post, TAO engineers prefer to tap networks rather than isolated computers, because there are typically many devices on a single network.[8]

TAO's headquarters are termed the Remote Operations Center (ROC) and are based at the NSA headquarters at Fort Meade, Maryland. TAO also has expanded to NSA Hawaii (Wahiawa, Oahu), NSA Georgia (Fort Gordon, Georgia), NSA Texas (San Antonio, Texas), and NSA Colorado (Buckley Air Force Base, Denver).[1]

Since 2013, the head of TAO is Rob Joyce, a 25-plus year employee who previously worked in the NSA's Information Assurance Directorate (IAD). In January 2016, Joyce had a rare public appearance when he gave a presentation at the Usenixs Enigma conference. [9]

In the Remote Operations Center, 600 employees gather information from around the world.[10][11] Their motto is "Your data is our data, your equipment is our equipment - anytime, any place, by any legal means."

Details[citation needed] on a program titled QUANTUMSQUIRREL indicate NSA ability to masquerade as any routable IPv4 or IPv6 host. This enables an NSA computer to generate false geological location and personal identification credentials when accessing the Internet utilizing QUANTUMSQUIRREL.[15]

The NSA ANT catalog is a 50-page classified document listing technology available to the United States National Security Agency (NSA) Tailored Access Operations (TAO) by the Advanced Network Technology (ANT) Division to aid in cyber surveillance. Most devices are described as already operational and available to US nationals and members of the Five Eyes alliance. According to Der Spiegel, which released the catalog to the public on December 30, 2013, "The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets' data." The document was created in 2008.[16] Security researcher Jacob Appelbaum gave a speech at the Chaos Communications Congress in Hamburg, Germany, in which he detailed techniques that the simultaneously published Der Spiegel article he coauthored disclosed from the catalog.[16]

The TAO has developed an attack suite they call QUANTUM. It relies on a compromised router that duplicates internet traffic, typically HTTP requests, so that they go both to the intended target and to an NSA site (indirectly). The NSA site runs FOXACID software which sends back exploits that load in the background in the target web browser before the intended destination has had a chance to respond (it's unclear if the compromised router facilitates this race on the return trip). Prior to the development of this technology, FOXACID software made spear-phishing attacks the NSA referred to as spam. If the browser is exploitable, further permanent "implants" (rootkits etc.) are deployed in the target computer, e.g. OLYMPUSFIRE for Windows, which give complete remote access to the infected machine.[17] This type of attack is part of the man-in-the-middle attack family, though more specifically it is called man-on-the-side attack. It is difficult to pull off without controlling some of the Internet backbone.[18]

There are numerous services that FOXACID can exploit this way. The names of some FOXACID modules are given below:[19]

By collaboration with the British Government Communications Headquarters (GCHQ) (MUSCULAR), Google services could be attacked too, including Gmail.[20]

Finding machines that are exploitable and worth attacking is done using analytic databases such as XKeyscore.[21] A specific method of finding vulnerable machines is interception of Windows Error Reporting traffic, which is logged into XKeyscore.[22]

QUANTUM attacks launched from NSA sites can be too slow for some combinations of targets and services as they essentially try to exploit a race condition, i.e. the NSA server is trying to beat the legitimate server with its response.[23] As of mid-2011, the NSA was prototyping a capability codenamed QFIRE, which involved embedding their exploit-dispensing servers in virtual machines (running on VMware ESX) hosted closer to the target, in the so-called Special Collection Sites (SCS) network worldwide. The goal of QFIRE was to lower the latency of the spoofed response, thus increasing the probability of success.[24][25][26]

COMMENDEER [sic] is used to commandeer (i.e. compromise) untargeted computer systems. The software is used as a part of QUANTUMNATION, which also includes the software vulnerability scanner VALIDATOR. The tool was first described at the 2014 Chaos Communication Congress by Jacob Appelbaum, who characterized it as tyrannical.[27][28][29]

QUANTUMCOOKIE is a more complex form of attack which can be used against Tor users.[30]

According to a 2013 article in Foreign Policy, "TAO has become increasingly accomplished at its mission, thanks in part to the high-level cooperation it secretly receives from the 'big three' American telecom companies (AT&T, Verizon and Sprint), most of the large US-based Internet service providers, and many of the top computer security software manufactures and consulting companies."[36] A 2012 TAO budget document claims that these companies, on TAO's behest, "insert vulnerabilities into commercial encryption systems, IT systems, networks and endpoint communications devices used by targets".[36] A number of US companies, including Cisco and Dell, have subsequently made public statements denying that they insert such back doors into their products.[37]Microsoft provides advance warning to the NSA of vulnerabilities it knows about, before fixes or information about these vulnerabilities is available to the public; this enables TAO to execute so-called zero-day attacks.[38] A Microsoft official who declined to be identified in the press confirmed that this is indeed the case, but said that Microsoft can't be held responsible for how the NSA uses this advance information.[39]

Visit link:
Tailored Access Operations - Wikipedia, the free encyclopedia

Director of National Intelligence (DNI) James Clapper testifies before a Senate Intelligence Committee hearing on "Worldwide threats to America and our allies" in Washington on February 9, 2016. REUTERS/Carlos Barria

"There is a pressing need to clarify the distinction between the combat and intelligence collection missionsBecause the two roles are complementary but distinct, the Director of NSA and the Commander of US Cyber Command in the future should not be the same person, the panel concluded.

But Obama decided against doing that.

"Following a thorough interagency review, the administration has decided that keeping the positions of NSA Director and Cyber Command commander together as one, dual-hatted position is the most effective approach to accomplishing both agencies' missions," White House spokeswoman Caitlin Hayden told the Washington Post at the time.

Now, officials have decided that separating the two agencies would be more efficient and better enable cyber command's mission, officials said.

See the original post here:
Top Officials Want to Split Cyber Command From NSA

Sept 10 One Day Shootout September 11-2016 Greensboro/Carolyn Allen 3 $175.00 Howard Edwards Sept 10-11 Fall Super Bash September 10-11 2016 Salisbury Community Park 4 $225.00 Howard Edwards Sept 10-11 Fall 6 Game Eden High School September 10-11 2016 Eden Freedom Park 6 $250.00 Howard Edwards Sept 10-11 Fall 10U Super Girl September 10-11 2016 Statesville/Saratoma 5 $225.00 Howard Edwards Sept 17-18 College Connection 16U/18U September 17-18 2016 Salisbury Community Park 4 $350.00 Howard Edwards Sept 17-18 Fall Championship 10,12,14 September 17-18 2016 Huntersville/Bradford 4 $225.00 Chuck Laney Sept 17-18 NSA Six Game Super Bash September 17-18 2016 Tyger River Spartanburg 6 $350.00 Howard Edwards Sept 24-25 Fall Cheerwine 10U-12U-14U September 24-25 2016 Salisbury/Mooresville 5 $250.00 Howard Edwards Sept 24-25 Dudley Sports Elite 6GG 14U-HS September 24-25 2016 Rock Hill 6 $325.00 Chuck Laney Oct 1-2 NC/VA Fall Championship October 1-2 2016 Greensboro/Carolyn Allen 5 $300.00 Howard Edwards Oct 1-2 Winthrop Gold Cup 1 October 1-2 2016 Winthrop College Rock Hill 4 $300.00 Jim Allen October 8-9 Winthrop Gold Cup 2 October 1-2 2016 Winthrop College Rock Hill 4 $300.00 Jim Allen Oct 1-2 Think Pink October 1-2 2016 Concord/Frank Lisk 4 $300.00 Colt Butler Oct 8-9 10U Special Weekend October 8-9 2016 Thomasville/East Davidsion complex 4 $250.00 Howard Edwards Oct 8-9 Fall Class B Championship 12U-14U October 8-9 2016 Salisbury Community Park 5 $250.00 Howard Edwards Oct 8-9 NSA Gold Cup 6GG 12U-14U October 8-9 2016 Rock Hill Cherry Park 6 $325.00 Chuck Laney Oct 8-9 Fall Beach Blast Myrtle Beach October 8-9 2016 Myrtle Beach Georgetown 4 $325.00 Howard Edwards Oct 15-16 The Thriller October 15-16 2016 Huntersville-Bradford 4 $250.00 Colt Butler Oct 15 Out of the Park 14U October 15-2016 Reidsville 4 $195.00 Doyle OBryant Oct 15-16 Fall Talent Search October 15-16 2016 Burlington/Springwood 4 $375.00 Howard Edwards

Read the original:
NC NSA Softball - Tournament

The NSA OIG is committed to promoting effectiveness, efficiency, and accountability within the Agency. We have the following vision, mission, and values:

Professional People Professional Products Cryptologic Integrity

The NSA/CSS Office of the Inspector General is the independent agent for individual and organizational integrity within the Agency. Through professional inspections, audits, and investigations, we work to ensure that the Agency respects Constitutional rights, obeys laws and regulations, treats its employees and affiliates fairly, and uses public resources wisely to accomplish its mission. We also work with other IGs in the Defense and Intelligence Communities to advance these common goals.

We value dedication, courtesy, teamwork, productivity, accountability, objectivity, and independence while adhering to professional standards.

Our products and services will be timely, thorough, reliable, constructive, clear and technically sound. We recognize and promote excellence, and we seek to maintain a workplace that allows our people to develop and exhibit these qualities in their work.

The OIG has the authority to conduct inspections, audits, investigations, special inquiries, and other reviews of the programs and operations of NSA/CSS. This oversight authority promotes effectiveness, efficiency, and accountability within the Agency; ensures compliance with laws and regulations; and assists in detecting and preventing fraud, waste, and mismanagement in NSA/CSS programs and operations.

If you observe or are aware of fraud, waste, and mismanagement in NSA/CSS programs or operations, please report your concern to the NSA OIG. Click here for information on reporting complaints, anonymity, and the OIG hotline.

Telephone: 301-688-6327

Read this article:
Office of the Inspector General (OIG) - NSA.gov

2016 Allstar Rules

IF RULE IS NOT COVERED WITHIN, REVERT BACK TO THE NSA 2016

RULEBOOK

Directors;

State Director Wayne Hughes (205) 602-3429

League Director .......Dane Urban (334) 651-9587

Executive Board Ruling for 2015 All-Stars:

If a coach or player is ejected from a game, for any reason, the coach or player will be suspended for the remainder of the current game and the next game the coach or player are scheduled to participate.If a coach or player is ejected in an elimination game then the coach or player will be suspended for the first game of the next tournament they are scheduled to participate.

The youth fast pitch program will be divided into the following classifications:

A players age on December 31, of the previous calendar year determines the age classification in which the player is eligible to participate.

The recreation/league fast pitch program is designed for girls age 18 & under.The fast pitch sanction will run from August 1 until July 31.

Age Divisions Offered:

Girls 6 & Under

Girls 8 & Under

Girls 10 & Under

Girls 12 & Under

High School Division

A player shall not compete in any sanctioned tournament of the association with more than one team during the same tournament.

Divisions Coach Pitch/Girl Pitch

AGE

Pitcher's Rubber (ft)

Base Path (ft)

Pitching Circle

6U

30

60

40

8U

35

60

40

10U

35

60

35

12U

40

60

40

15U

43

60

43

18U

43

60

43

2016 ALL-STAR RULES

(b) Every Player on the Roster must bat if present.

(c) Each half inning will end when the defense records three (3) outs or the offense scores seven (7) runs, whichever comes first.

(d) Each batter will get 5 pitches to put the ball in play. If the Batter fouls the 5th pitch she will get another pitch until she hits the ball in fair territory or swings and misses the pitch.

(e) No stealing. If a player leaves the base before the ball reaches Home Plate she will be called out.

(f) Play 10 in the field.

(g) There are NO automatic two outs with the last batter. There must be an out on the lead runner. Touching home plate constitutes getting the lead runner out.

(i) The defensive team shall have no more than 6 infielders. Up to four (4) players shall be positioned in the outfield at least 10 feet behind the baselines until the ball is batted. Only 10 players will play on defense at one time, however, each team may substitute freely at any time.

(j) A 10" poly-core Level 5 softball ball will be used for all 6U competition. Made by A.D. Starr

Read more:
LEAGUE PLAY - Alabama NSA Fastpitch Softball

SIGN UP FOR OUR NEWSLETTER PHILADELPHIA The National Security Agency (NSA) has all of Hillary Clintons deleted emails and the FBI could gain access to them if they so desired, William Binney, a former highly placed NSA official, declared in a radio interview broadcast on Sunday.

Speaking as an analyst, Binney raised the possibility that the hack of the Democratic National Committees server was done not by Russia but by a disgruntled U.S. intelligence worker concerned about Clintons compromise of national security secrets via her personal email use.

Binney was an architect of the NSAs surveillance program. He became a famed whistleblower when he resigned on October 31, 2001, after spending more than 30 years with the agency.

He was speaking on this reporters Sunday radio program, Aaron Klein Investigative Radio, broadcast on New Yorks AM 970 The Answer and Philadelphias NewsTalk 990 AM.

Binney referenced testimony before the Senate Judiciary Committee in March 2011 by then-FBI Director Robert S. Mueller in which Meuller spoke of the FBIs ability to access various secretive databases to track down known and suspected terrorists.

Stated Binney: Now what he (Mueller) is talking about is going into the NSA database, which is shown of course in the (Edward) Snowden material released, which shows a direct access into the NSA database by the FBI and the CIA. Which there is no oversight of by the way. So that means that NSA and a number of agencies in the U.S. government also have those emails.

So if the FBI really wanted them they can go into that database and get them right now, he stated of Clintons emails as well as DNC emails.

Asked point blank if he believed the NSA has copies of all of Clintons emails, including the deleted correspondence, Binney replied in the affirmative.

Yes, he responded. That would be my point. They have them all and the FBI can get them right there.

Listen to the full interview here:

Binney surmised that the hack of the DNC could have been coordinated by someone inside the U.S. intelligence community angry over Clintons compromise of national security data with her email use.

And the other point is that Hillary, according to an article published by the Observer in March of this year, has a problem with NSA because she compromised Gamma material. Now that is the most sensitive material at NSA. And so there were a number of NSA officials complaining to the press or to the people who wrote the article that she did that. She lifted the material that was in her emails directly out of Gamma reporting. That is a direct compromise of the most sensitive material at the NSA. So shes got a real problem there. So there are many people who have problems with what she has done in the past. So I dont necessarily look at the Russians as the only one(s) who got into those emails.

The Observer defined the GAMMA classification:

GAMMA compartment, which is an NSA handling caveat that is applied to extraordinarily sensitive information (for instance, decrypted conversations between top foreign leadership, as this was).

Aaron Klein is Breitbarts Jerusalem bureau chief and senior investigative reporter. He is a New York Times bestselling author and hosts the popular weekend talk radio program, Aaron Klein Investigative Radio. Follow him onTwitter @AaronKleinShow.Follow him onFacebook.

More:
NSA Architect: Agency Has ALL of Clintons Deleted Emails - breitbart.com

National Security Agency

Earlier this week, a group calling itself the "Shadow Brokers" announced that it was selling a number of cyber weapons auction-style that it claimed were hacked and stolen from an alleged NSA hacking group dubbed "The Equation Group."

Beside the fact that the National Security Agency getting hacked is eyebrow-raising in itself, the leak of the data and the claim from this mystery group that it's just trying to make money doesn't seem to add up.

Here's why.

According to ex-NSA insiders who spoke with Business Insider, the agency's hackers don't just put their exploits and toolkits online where they can potentially be pilfered. The more likely scenario for where the data came from, says ex-NSA research scientist Dave Aitel, is an insider who downloaded it onto a USB stick.

Instead of a "hack," Aitel believes, it's much more likely that this was a more classic spy operation that involved human intelligence.

"This idea that a group of unknown hackers are going to take on the NSA seems unlikely as well," Aitel told Business Insider. "There's a long arm and a long memory to the US intelligence community, and I don't think anyone wants to be on the other end of that without good reason. I don't necessarily think a million bitcoin is a good-enough reason."

Paul Szoldra/Business Insider

One of the many strange things about this incident is the very public nature of what transpired. When a hacker takes over your computer, they don't start activating your webcam or running weird programs because you'd figure out pretty quickly that something was up and you'd try to get rid of them.

The same is true for the NSA.

If the Shadow Brokers owned the NSA's command and control server, then it would probably be a much better approach to just sit back, watch, and try to pivot to other interesting things that they might be able to find.

Instead, the group wrote on Pastebin, a website where you can store text, that "we follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons," which immediately signals to this alleged NSA hacker group that they have a big problem.

Though this seems problematic, it's probable that the group no longer has access to the server, so it no longer cares about getting back on it. Since the files are years old, this could be the case. But it's still out of the ordinary since any claim like this can be later investigated by the victim, which will be going through everything trying to figure out who they are.

If this was some random hacking group, then it would've been better to keep their mouth shut, especially when their victim is the NSA.

Software exploits are digital gold for hackers, since they often give a key inside a system or network that no one has ever noticed before, and thus, hasn't fixed. Which is why the marketplace for these "zero-day" exploits is so lucrative. We're talking hundreds of thousands to millions of dollars for this kind of code.

Most of the time, an exploit is either found by a security research firm, which then writes about it and reports it to the company so it can fix the problem. Or, a hacker looking for cash will take that found exploit and sell it on the black market.

So it would make sense for a group like Shadow Brokers to want to sell their treasure trove, but going public with it is beyond strange.

"From my perspective, its extremely bizarre behavior," an ex-NSA hacker who spoke on condition of anonymity told Business Insider. "Most groups who either identify or trade in exploits do one of two things. If you identify, like a security research firm [does] ... they'll typically publish their findings. They're really in the best interest of the companies and users who use these products."

The source added: "In the other scenarios, folks who sort of deal in the exploit markets. They quietly sell these things. To come out with this public auction is the more bizarre variance of that that I've ever seen. So it's not clear what the intent here is."

screenshot/The BBC

If you ask ex-NSA contractor Edward Snowden, the public leak and claims of the Shadow Brokers seem to have Russian fingerprints all over them, and it serves as a warning from Moscow to Washington. The message: If your policymakers keep blaming us for the DNC hack, then we can use this hack to implicate you in much more.

"That could have significant foreign policy consequences," Snowden wrote on Twitter. "Particularly if any of those operations targeted US allies. Particularly if any of those operations targeted elections."

Aitel seems to agree, though he criticized Snowden as being, at some level, a "voice piece" for Russian intelligence now, since he lives in asylum in Moscow.

"He has the same theory the DNC hack happened. The US political people got upset. They probably made the NSA do a covert response," Aitel speculated. "This is another response to the NSA's covert response. There's a lot of sort of very public messages here going back and forth, which is interesting to look at."

Aitel also doesn't think that anyone is going to actually pony up the money required to win the auction. And that prediction is probably going to be right, since WikiLeaks claims that it already has the archive.

"We had already obtained the archive of NSA cyber weapons released earlier today," its official Twitter account wrote, "and will release our own pristine copy in due course."

The Shadow Brokers did not respond to an emailed request for comment.

Read more from the original source:
The Shadow Brokers' NSA hack is extremely weird - Business ...

Documents stolen from the National Security Agency by former contractor Edward Snowden support the claim that the cyberweapons apparently pilfered from the espionage agency and put up for auction online this week are the real deal, according to a report in The Intercept.

The Intercept, whose reporters have access to the trove of information Snowden took from the NSA in 2013, wrote today that a top secret NSA manual that has never been made publicly available contains the same 16-character alphanumeric string that appears throughout a portion of the code released online earlier this week by the mysterious group calling themselves the Shadow Brokers. The relevant code was part of a program dubbed SECONDDATE that was used to spy on Pakistan and a computer system in Lebanon, The Intercept reported.

Chris Inglis, former deputy director of the NSA until 2014, told ABC News he wouldn't have visibility into specific cyber toolkits used by the NSA, but he said it would be "unfortunate" if the ones published online belonged to the elite hackers at his former longtime employer.

"It's an investment that's hard-won, intellectual capital and real money. But is it a reality of present circumstances? Absolutely. So NSA needs to figure out how to recover and move on," said Inglis, now a professor at the U.S. Naval Academy and on the advisory board at the cybersecurity firm Securonix. "I'm not sure that that's the case here, that this is NSA, but if it were, I would say NSA is probably just saying, 'Got it. We've got to move on more quickly than we thought we needed to.'"

Inglis said he doubted that the NSA itself was hacked and suggested the Shadow Brokers obtained the code possibly from an external server -- a theory floated by Snowden on Twitter -- or through some other means. A former member of the NSA's hacking squad Tailored Access Operations, Oren Falkowitz, told ABC News Thursday he could think of "a dozen ways" the powerful malware could've fallen into the wrong hands.

Inglis said one thing the NSA will be doing now is attempting to find out if any of the exposed code -- or the still-hidden code the Shadow Brokers claim is more sophisticated -- could affect ongoing operations, whether it's a matter of "current capability". Researchers who have analyzed the released code have said date references end on the fall of 2013, indicating that's when the code was stolen or when hackers' access to the data was cut off.

"NSA lives in a world where whatever capabilities it brings to bear necessarily age off, either because the technology moves on or because the operational practices of the adversaries -- whether it's terrorists or rogue nations, I mean all of the things we are legitimately authorized to go after -- they change," Inglis said. "The notion of a static capability that you can preserve over years' time, that's gone. You simply cannot do that."

"Three years is a very long time," he said. "Just think about how quickly technology turns over."

While initially split on whether the Shadow Brokers hack was real when it was announced earlier this week, consensus has grown among security experts and former U.S. officials that at least the teaser code that has been released in full is legitimate -- especially after two major cybersecurity firms publicly acknowledged that some of the code would have affected their legacy firewall products and, in one case, was still a threat to current users.

The Shadow Brokers, who are unknown to the cybersecurity community and whose name could be a reference to a popular videogame, claimed to have hacked systems used by the Equation Group, a high-level hacking team that a Russian cybersecurity firm said had links to cyberattacks that were separately attributed in media reports to the NSA. The Russian firm, Kaspersky Lab, reported this week they found a "strong connection" between the cyberweapons exposed by the Shadow Brokers and their previous work on the Equation Group, which they called the "apex predator" of the cyber world.

Inglis declined to say whether Equation Group was a secret NSA hacking squad. He said they "seem to be quite capable and disciplined, and if you're going to unleash a group of people in this space, you need to make sure that they're both."

"Whoever they are, I hope that they're on our side," he said.

The Shadow Brokers claim to have taken a whole host of cyberweapons from the Equation Group and are hosting an online auction in bitcoin in order to sell off the most valuable ones.

As for who the Shadow Brokers are, there's only speculation, which runs the gamut from a disgruntled insider to a sophisticated nation-state like Russia. But the group's public posturing has thrown observers for a loop.

"Revealing the results [of a major hack] in this way is extremely atypical," former NSA hacker Falkowitz told ABC News Thursday. "To do something as childish as hold a public auction with bitcoin ... just seems like not consistent with the way really sophisticated government groups would operate."

"It's really bizarre," he said.

More here:
Snowden Docs Support Claim NSA Cyberweapons Stolen, Report ...

Strings of code were released to the Internet by a group calling themselves "the Shadow Brokers". They claim the code is a tool that can be used to hack into any computer. (Jhaan Elker/The Washington Post)

Some of the most powerful espionage tools created by the National Security Agencys elite group of hackers have been revealed in recent days, a development that could pose severe consequences for the spy agencys operations and the security of government and corporate computers.

A cache of hacking tools with code names such as Epicbanana, Buzzdirection and Egregiousblunder appeared mysteriously online over the weekend, setting the security world abuzz with speculation over whether the material was legitimate.

The file appeared to be real, according to former NSA personnel who worked in the agencys hacking division, known as Tailored Access Operations (TAO).

Without a doubt, theyre the keys to the kingdom, said one former TAO employee, who spoke on the condition of anonymity to discuss sensitive internal operations. The stuff youre talking about would undermine the security of a lot of major government and corporate networks both here and abroad.

Said a second former TAO hacker who saw the file: From what I saw, there was no doubt in my mind that it was legitimate.

[National Security Agency plans major reorganization]

The file contained 300 megabytes of information, including several exploits, or tools for taking control of firewalls in order to control a network, and a number of implants that might, for instance, exfiltrate or modify information.

The exploits are not run-of-the-mill tools to target everyday individuals. They are expensive software used to take over firewalls, such as Cisco and Fortinet, that are used in the largest and most critical commercial, educational and government agencies around the world, said Blake Darche, another former TAO operator and now head of security research at Area 1 Security.

The software apparently dates back to 2013 and appears to have been taken then, experts said, citing file creation dates, among other things.

Whats clear is that these are highly sophisticated and authentic hacking tools, said Oren Falkowitz, chief executive of Area 1 Security and another former TAO employee.

Several of the exploits were pieces of computer code that took advantage of zero-day or previously unknown flaws or vulnerabilities in firewalls, which appear to be unfixed to this day, said one of the former hackers.

The disclosure of the file means that at least one other party possibly another countrys spy agency has had access to the same hacking tools used by the NSA and could deploy them against organizations that are using vulnerable routers and firewalls. It might also see what the NSA is targeting and spying on. And now that the tools are public, as long as the flaws remain unpatched, other hackers can take advantage of them, too.

[Russian government hackers penetrated DNC, stole opposition research on Trump]

The NSA did not respond to requests for comment.

Faking this information would be monumentally difficult, there is just such a sheer volume of meaningful stuff, Nicholas Weaver, a computer security researcher at the University of California at Berkeley, said in an interview. Much of this code should never leave the NSA.

The tools were posted by a group calling itself the Shadow Brokers using file-sharing sites such as BitTorrent and DropBox.

As is typical in such cases, the true identity of whoever put the tools online remains hidden. Attached to the cache was an auction note that purported to be selling a second set of tools to the highest bidder: !!! Attention government sponsors of cyber warfare and those who profit from it !!!! How much you pay for enemies cyber weapons?

The group also said that if the auction raised 1 million bitcoins equivalent to roughly $500million it would release the second file to the world.

The auction is a joke, Weaver said. Its designed to distract. Its total nonsense. He said that bitcoin is so traceable that a Doctor Evil scheme of laundering $1 million, let alone $500 million, is frankly lunacy.

One of the former TAO operators said he suspected that whoever found the tools doesnt have everything. The stuff they have there is super-duper interesting, but it is by far not the most interesting stuff in the tool set, he said. If you had the rest of it, youd be leading off with that, because youd be commanding a much higher rate.

TAO, a secretive unit that helped craft the digital weapon known as Stuxnet, has grown in the past decade or so from several hundred to more than 2,000 personnel at the NSAs Fort Meade, Md., headquarters. The group dates to the early 1990s. Its moniker, Tailored Access Organization, suggests a precision of technique that some officials have likened to brain surgery. Its name also reflects how coding whizzes create exquisite tools from scratch, in the same way a fine tailor takes a bolt of wool and fashions a bespoke suit only the computer geeks more often work in jeans and T-shirts. We break out the Nerf guns and have epic Nerf gun fights, one of the former hackers said.

Some former agency employees suspect that the leak was the result of a mistake by an NSA operator, rather than a successful hack by a foreign government of the agencys infrastructure.

When NSA personnel hack foreign computers, they dont move directly from their own covert systems to the targets, fearing that the attack would be too easy to trace. They use a form of proxy server called a redirector that masks the hackers origin. They use one or more such servers to make it difficult to trace a hack.

NSA is often lurking undetected for years on the ... [proxy hops] of state hackers, former agency contractor Edward Snowden tweeted Tuesday. This is how we follow their operations.

[Edward Snowden, the brand]

At the same time, other spy services, like Russias, are doing the same thing to the United States.

It is not unprecedented for a TAO operator to accidentally upload a large file of tools to a redirector, one of the former employees said. Whats unprecedented is to not realize you made a mistake, he said. You would recognize, Oops, I uploaded that set and delete it.

Critics of the NSA have suspected that the agency, when it discovers a software vulnerability, frequently does not disclose it, thereby putting at risk the cybersecurity of anyone using that product. The file disclosure shows why its important to tell software-makers when flaws are detected, rather than keeping them secret, one of the former agency employees said, because now the information is public, available for anyone to employ to hack widely used Internet infrastructure.

Snowden, Weaver and some of the former NSA hackers say they suspect Russian involvement in the release of the cache, though no one has offered hard evidence. They say the timing in the wake of high-profile disclosures of Russian government hacking of the Democratic National Committee and other party organizations is notable.

Tweeted Snowden: Circumstantial evidence and conventional wisdom indicates Russian responsibility. He said that the disclosure is likely a warning that someone can prove U.S. responsibility for any attacks that originated from this redirector or malware server by linking it to the NSA.

This could have significant foreign policy consequences, he said in another tweet. Particularly if any of those operations targeted U.S. allies or their elections.

Accordingly, he tweeted, this may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks.

In other words, he tweeted, it looks like somebody sending a message that retaliating against Russia for its hacks of the political organizations could get messy fast.

Read more:

WikiLeaks, NSA leaker Edward Snowden clash on Twitter

The NSAs phone records program is over. That doesnt mean the data it collected is gone.

In a major cyber-hack, whom do you call? The White House spells it out.

Follow this link:
Powerful NSA hacking tools have been revealed online - The ...

Over the weekend, a mysterious group called "The Shadow Brokers" leaked what appear to be hacking tools that the U.S. National Security Agency uses to spy on people.

This bundle of computer code is about three years old. But it's still dangerous, since it puts a high-tech military arsenal online within reach of all kinds of criminals. They can use these tools to rob banks, steal government secrets or expose personal lives.

And on Tuesday morning, in a series of tweets, ex-NSA whistleblower Edward Snowden pointed out yet another potential repercussion from the leak.

If these digital weapons are found on a computer, that's evidence of an attack -- similar to finding fragments of a blown up missile.

Computer security researchers around the world are now reviewing computer networks for these tools. And wherever they find this leaked code, they'll know the NSA was spying.

The United States currently claims the moral high ground and censures China, Iran, North Korea and Russia for hacking Americans. But it could soon be caught doing the same to others.

Here's an easy-to-understand explanation of Snowden's technical commentary on Twitter this morning, in which he describes how modern-day computer spying works.

Modern day spying 101

Ever wonder how the U.S. government can accuse China of hacking the United States?

To launch an attack, an enemy government wouldn't hit American targets directly. That's too easy to trace back. Instead, foreign hackers find a dummy spot to launch their attack.

For example, Chinese hackers might slip into a computer server at a company in Peru. Then they'll use that server as a launchpad, sending commands from that computer to break into a U.S. target.

It's like China launching a missile at the United States from Peru.

The job of NSA hackers is sneak into those enemy launchpad computer servers and scrape off computer code evidence of a breach. Next time that same code is used in an attack, the NSA can trace it back to the bad guys.

But the NSA's job is also to spy on foreign governments, so it too launches hacking missions from unsuspecting servers. And foreign governments try to collect evidence of NSA tools to identify the NSA in the future.

The NSA's elite hacking team, called Tailored Access Operations, is instructed to always wipe evidence of its presence after a mission. It's like a Navy SEAL team picking up its spent ammunition shells. But sometimes evidence gets left behind.

Typically, enemy governments keep the evidence they find of an NSA hack a secret. What's new this time around is that someone is actually calling out the United States in a way that will help other countries detect American spy activity.

Here, Snowden is referring to recent veiled accusations by the United States that Russia hacked the Democratic National Committee. The U.S. government hasn't formally pointed the finger, but officials are hinting to reporters that Russia is messing with American politics.

Snowden thinks this NSA tool leak could be a message to the United States: You toy with foreign politics too -- don't be hypocritical.

Snowden ended his screed by pointing out an interesting tidbit. Even though these NSA tools have just been leaked, it appears that they were stolen back in 2013 -- a short time after Snowden blew the whistle on NSA spying on Americans. At that point, the NSA went into lockdown mode and ramped up security.

So, ironically, the NSA's response to Snowden's alleged treachery might have actually prevented enemy hackers from continuing to steal NSA tools.

CNNMoney (New York) First published August 16, 2016: 1:36 PM ET

More:
Snowden: NSA hack might reveal ugly side of US spying