Category Archives: NSA

Former members of Team Espionage recently expressed their concern that the Shadow Brokers' dump of NSA Windows exploits had done serious damage to the security of the nation. The unwanted exposure of NSA power tools supposedly harmed intelligence gathering efforts, even though the tools targeted outdated operating systems and network software.

However, there are still plenty of computers and networks online using outmoded software. This makes the released exploits a threat (especially those targeting XP users, as that version will never be patched). But not much of a threat to national security, despite the comments of anonymous former Intelligence Community members. It makes them a threat to personal security, as Chris Bing at CyberScoop points out:

One of these hacking tools, a backdoor implant codenamed DOUBLEPULSAR which is used to run malicious code on an already compromised box has already been installed on 30,000 to 50,000 hosts, according to Phobos Group founder Dan Tentler. Other researchers have also engineered different detection scripts to quickly scan the internet for infected computers.

John Matherly, the CEO of internet scanning-tool maker Shodan.io, said that upwards of 100,000 computers could be affected.

Rather surprisingly, data gathered by security researchers shows a majority of the infected computers are in the United States. This shows Microsoft's steady updating push still faces a sizable resistance right here at home. What it also shows is how fast exploits can be repurposed and redeployed once they're made public. The scans for DOUBLEPULSAR have turned up thousands of hits worldwide.

DOUBLEPULSAR is simply a backdoor, but an extremely handy one. Once installed, it makes targeted computers extremely receptive to further malware payloads.

The presence of DOUBLEPULSAR doesnt mean theyre infected by the NSA, it means there is a loading dock ready and waiting for whatever malware anyone wants to give it, Tentler said. The chances are none that all theses hosts [were hacked by] the NSA.

So, there's that small bit of comfort. It's not the NSA nosing around the innards of your Windows box, but a bunch of script kiddies playing with new toys adding them to the normal rolls of malware purveyors seeking to zombify your device and/or make off with whatever information is needed to open fraudulent credit card accounts or whatever.

The NSA certainly could have informed Microsoft of these exploits before it ended support for certain platforms, thus ensuring late- (or never-) adopters were slightly more protected from malware merchants and state agencies. But that's the Vulnerabilities Equity Process for you: no forewarning until a third party threatens to turn your computing weapons over to the general public.

Originally posted here:
Personal Security Takes A Hit With Public Release Of NSA's Hacking Toolkit - Techdirt

FBI Director James Comey and National Security Agency Director Admiral Michael Rogers will testify again before lawmakers on Thursday about Russian interference in the 2016 presidential election, according to a congressional aide.

Thursdays House Permanent Select Committee on Intelligence hearing will be the first since March 20, when Comey testified that the FBI is investigating Russias tampering with the presidential election and possible collusion with associates of President Donald Trump. The hearing will also be the first since Representative Devin Nunes, chairman of the committee, recused himself from the Russia probe after the House Committee on Ethics said it was investigating accusations against him.

Related: Can James Comey untangle the Trump-Russia allegations?

Subscribe to Newsweek from $1 per week

The House Intelligence Committee, the Senate Select Committee on Intelligence and the FBI are each pursuing investigations into Russias election tampering. In January, the U.S. intelligence community published a declassified report detailing the Russian interference, and last October, the Department of Homeland Security and the Office of the Director of National Intelligence issued a statementconfirmingthe subject. Newsweek learned that Comey had tried to go public earlier about Russias tampering and proposed writing an op-ed on the topic prior to the October statement.

Comey took the unusual step of corroborating the existence of the ongoing investigationto the House Intelligence Committee. I have been authorized by the Department of Justice to confirm that the FBI, as part of our counterintelligence mission, is investigating the Russian governments efforts to interfere in the 2016 presidential election, Comey said on March 20. That includes investigating the nature of any links between individuals associated with the Trump campaign and the Russian government, and whether there was any coordination between the campaign and Russias efforts. Unlike the open March 20 hearing, the May 4 hearing will be closed.

FBI Director James Comey, left, and NSA Director Admiral Michael Rogers, right, testified on March 20 before the House Permanent Select Committee on Intelligence. They are scheduled to testify again before the committee on May 4. Joshua Roberts/REUTERS

The FBI investigation falls under its counterintelligence program, which aims to protect American secrets and foil foreign spies. Such investigations are among the most challenging, especially when politics are involved, Frank MontoyaJr., the bureaus former national counterintelligence executive, has told Newsweek. The investigation could take years and may result in intelligence gathering, not criminal charges, according to Montoya.

The House Intelligence Committee probe will look at whether Russia directed cyber efforts against the U.S., whether Russia colluded with people involved with U.S. political campaigns, whether the U.S. governments response to Russian efforts was adequate and what leaks took place related to intelligence.

Since the March 20 hearing, the House Intelligence Committee has faced a shake-up. On April 6, Nunes recused himself from the Russia probe after opponents alleged he had shared investigation information with the White House, leading to the ethics investigation. The charges are entirely false and politically motivated, and are being leveled just as the American people are beginning to learn the truth about the improper unmasking of the identities of U.S. citizens and other abuses of power, Nunes said in a statement. He added that he would seek to end the ethics investigation.

The House Intelligence Committee had first invited Comey and Rogers in April to appear on Tuesday. The committee also invited former CIA Director John Brennan, former Director of National Intelligence James Clapper and former Deputy Attorney General Sally Yates to testify. They are not scheduled to appear on Thursday, according to the congressional aide.

Comey is also scheduled to attendtwo upcoming Senate Committee on the Judiciary hearings. On Wednesday, he is scheduled to take part in a full committee hearing on oversight of the FBI. Then, on May 8, he will speak before the Subcommittee on Crime and Terrorism about Russias election tampering.

Here is the original post:
FBI Director James Comey, NSA Director Michael Rogers to Testify May 4 on Russia - Newsweek

The NSA has stopped collecting messages sent from US citizens that cross international borders and mention foreign intelligence targets, according to a new report in The New York Times. The controversial practice, made public by Edward Snowden in 2013, allowed the agency to collect emails and other messages that mention a foreign intelligence target, even if neither party is subject to surveillance and one of the parties is a US citizen (and thus subject to constitutional protections against unwarranted searches).

The NSA confirmed the change in a subsequent announcement, writing that the Agency will stop the practice to reduce the chance that it would acquire communications of U.S. persons or others who are not in direct contact with a foreign intelligence target.

The truth changed everything.

In practical terms, this meant that including an email or phone number associated with a surveillance target (say, osamabinladen@gmail.com) in the body of an email could lead to the message being surfaced to NSA analysts.

According to the Times, the change came about last year after the NSA discovered analysts querying databases in violation of court guidelines set forth in 2011. Those violations triggered a broader review of NSA practices, which ultimately forced the NSA to discontinue the practice.

The move comes amid a broader debate over Section 702 of the FISA Amendments Act, the legal authority used by the NSA to justify this collection. Signed into law in 2008, the laws authorities are scheduled to expire at the end of this year unless renewed by Congress. Surveillance critics are hoping to significantly curtail those authorities, leading to significant debate in Congress.

Speaking on Twitter, Edward Snowden applauded the change, saying simply, The truth changed everything.

Update 3:09PM ET: Updated with NSA announcement.

Go here to see the original:
The NSA will stop reading American emails that mention intelligence ... - The Verge

WIAT 42

NSA to stop collecting some internet communications WIAT 42 FILE - In this June 6, 2013 file photo, the sign outside the National Security Agency (NSA) campus in Fort Meade, Md. on Friday, April 28, 2017, The NSA said it will no longer collect certain communications moving on the internet for simply mentioning ... NSA Halts Collection of Americans' Emails About Foreign TargetsNew York Times NSA Halts Controversial Spy ProgramYahoo News NSA halts controversial email collection practice to preserve larger surveillance programWashington Post The Intercept -CBS News -KTOO -NSA.gov all 118 news articles »

Follow this link:
NSA to stop collecting some internet communications - WIAT 42

The NSA Says It Is Ending One of Its Most Controversial Spying Practices, But It Could Be Resurrected if Congress ... Common Dreams The NSA indicated Friday that it will halt one of its most controversial spying practices, related to its surveillance of virtually all text-based communications entering or exiting the United States. If true, this is a significant step forward in the ...

Read more:
The NSA Says It Is Ending One of Its Most Controversial Spying Practices, But It Could Be Resurrected if Congress ... - Common Dreams

There's something going on inside the intelligence communities in at least two countries, and we have no idea what it is.

Consider these three data points. One: someone, probably a country's intelligence organization, is dumping massive amounts of cyberattack tools belonging to the NSA onto the Internet. Two: someone else, or maybe the same someone, is doing the same thing to the CIA.

Three: in March, NSA Deputy Director Richard Ledgett describedhow the NSA penetrated the computer networks of a Russian intelligence agency and was able to monitor them as they attacked the U.S. State Department in 2014. Even more explicitly, a U.S.allymy guess is the U.K.was not only hacking the Russian intelligence agency's computers, but also the surveillance cameras inside their building. "They [the U.S. ally] monitored the [Russian] hackers as they maneuvered inside the U.S. systems and as they walked in and out of the workspace, and were able to see faces, the officials said."

Countries don't often reveal intelligence capabilities: "sources and methods." Because it gives their adversaries important information about what to fix, it's a deliberate decision done with good reason. And it's not just the target country who learns from a reveal. When the U.S. announces that it can see through the cameras inside the buildings of Russia's cyber warriors, other countries immediately check the security of their own cameras.

With all this in mind, let's talk about the recent leaks at NSA and the CIA.

Last year, a previously unknown group called the Shadow Brokers started releasing NSA hacking tools and documents from about three years ago. They continued to do so this yearfive sets of files in alland have implied that more classified documents are to come. We don't know how they got the files. When the Shadow Brokers first emerged, the general consensus was that someone had found and hacked an external NSA staging server. These are third-party computers that the NSA's TAO hackers use to launch attacks from. Those servers are necessarily stocked with TAO attack tools. This matched the leaks, which included a "script" directory and working attack notes. We're not sure if someone inside the NSA made a mistake that left these files exposed, or if the hackers that found the cache got lucky.

That explanation stopped making sense after the latest Shadow Brokers release, which included attack tools against Windows, PowerPoint presentations, and operational notesdocuments that are definitely not going to be on an external NSA staging server. A credible theory, which I first heard from Nicholas Weaver, is that the Shadow Brokers are publishing NSA data from multiple sources. The first leaks were from an external staging server, but the more recent leaks are from inside the NSA itself.

So what happened? Did someone inside the NSA accidentally mount the wrong server on some external network? That's possible, but seems very unlikely. Did someone hack the NSA itself? Could there be a mole inside the NSA, as Kevin Poulsen speculated?

If it is a mole, my guess is that he's already been arrested. There are enough individualities in the files to pinpoint exactly where and when they came from. Surely the NSA knows who could have taken the files. No country would burn a mole working for it by publishing what he delivered. Intelligence agencies know that if they betray a source this severely, they'll never get another one.

That points to two options. The first is that the files came from Hal Martin. He's the NSA contractor who was arrested in August for hoarding agency secrets in his house for two years. He can't be the publisher, because the Shadow Brokers are in business even though he is in prison. But maybe the leaker got the documents from his stash: either because Martin gave the documents to them or because he himself was hacked. The dates line up, so it's theoretically possible, but the contents of the documents speak to someone with a different sort of access. There's also nothing in the public indictment against Martin that speaks to his selling secrets to a foreign power, and I think it's exactly the sort of thing that the NSA would leak. But maybe I'm wrong about all of this; Occam's Razor suggests that it's him.

The other option is a mysterious second NSA leak of cyberattack tools. The only thing I have ever heard about this is from a Washington Post story about Martin: "But there was a second, previously undisclosed breach of cybertools, discovered in the summer of 2015, which was also carried out by a TAO employee, one official said. That individual also has been arrested, but his case has not been made public. The individual is not thought to have shared the material with another country, the official said." But "not thought to have" is not the same as not having done so.

On the other hand, it's possible that someone penetrated the internal NSA network. We've already seen NSA tools that can do that kind of thing to other networks. That would be huge, and explain why there were calls to fire NSA Director Mike Rogerslast year.

The CIA leak is both similar and different. It consists of a series of attack tools from about a year ago. The most educated guess amongst people who know stuff is that the data is from an almost-certainly air-gapped internal development wikia Confluence serverand either someone on the inside was somehow coerced into giving up a copy of it, or someone on the outside hacked into the CIA and got themselves a copy. They turned the documents over to WikiLeaks, which continues to publish it.

This is also a really big deal, and hugely damaging for the CIA. Those tools were new, and they're impressive. I have been told that the CIA is desperately trying to hire coders to replace what was lost.

For both of these leaks, one big question is attribution: who did this? A whistleblower wouldn't sit on attack tools for years before publishing. A whistleblower would act more like Snowden or Manning, publishing immediatelyand publishing documents that discuss what the U.S. is doing to whom, not simply a bunch of attack tools. It just doesn't make sense. Neither does random hackers. Or cybercriminals. I think it's being done by a country or countries.

My guess was, and is still, Russia in both cases. Here's my reasoning. Whoever got this information years before and is leaking it now has to 1) be capable of hacking the NSA and/or the CIA, and 2) willing to publish it all. Countries like Israel and France are certainly capable, but wouldn't ever publish. Countrieslike North Korea or Iran probably aren't capable. The list of countries who fit both criteria is small: Russia, China, and ... and ... and I'm out of ideas. And China is currently trying to make nice with the US.

Last August, Edward Snowden guessed Russia, too.

So Russiaor someone elsesteals these secrets, and presumably uses themto both defend its own networks and hack other countries while deflecting blame for a couple of years. For it to publish now means that the intelligence value of the information is now lower than the embarrassment value to the NSA and CIA. This could be because the US figured out that its tools were hacked, and maybe even by whom; which would make the tools less valuable against U.S. government targets, although still valuable against third parties.

The message that comes with publishing seems clear to me: "We are so deep into your business that we don't care if we burn these few-years-old capabilities, as well as the fact that we have them. There's just nothing you can do about it." It's bragging.

Which is exactly the same thing Ledgett is doing to the Russians. Maybe the capabilities he talked about are long gone, so there's nothing lost in exposing sources and methods. Or maybe he too is bragging: saying to the Russians that he doesn't care if they know. He's certainly bragging to every other country that is paying attention to his remarks. (He may be bluffing, of course, hoping to convince others that the U.S. has intelligence capabilities it doesn't.)

What happens when intelligence agencies go to war with each other and don't tell the rest of us? I think there's something going on between the US and Russia that the public is just seeing pieces of. We have no idea why, or where it will go next, and can only speculate.

See the original post:
Who Is Publishing NSA and CIA Secrets, and Why? - Lawfare (blog)

Mashable

Snowden takes a bow for whistleblowing after NSA pulls back surveillance Mashable Before Friday, the NSA had a policy of sucking up texts and emails exchanged between Americans and people outside the U.S., with impunity, if those communications even mentioned non-American targets of NSA surveillance. The agency did not require a ...

Read more from the original source:
Snowden takes a bow for whistleblowing after NSA pulls back surveillance - Mashable

New York Times

NSA Halts Collection of Americans' Emails About Foreign Targets New York Times WASHINGTON The National Security Agency is stopping one of the most disputed forms of its warrantless surveillance program, one in which it collects Americans' emails and texts to and from people overseas and that mention a foreigner under ... The NSA will stop reading American emails that mention intelligence targetsThe Verge NSA ends a controversial part of its warrantless spyingAlaska Dispatch News NSA Halts Controversial Surveillance Tactic of Collecting American Emails About Foreign TargetsDaily Beast Techdirt all 6 news articles »

Read this article:
NSA Halts Collection of Americans' Emails About Foreign Targets - New York Times

The National Security Agency will no longer use a controversial surveillance tactic that lets the spy agency sift through electronic communications to find communications about its surveillance targets, according to an official who has been briefed on a pending ruling from the secretive Foreign Intelligence Surveillance Court (FISC).

The FISC ruling is expected to be publicized soon, and to indicate that the NSA has stopped using this surveillance tactic because it couldnt fully comply with procedures designed to protect Americans constitutional rights.

The New York Times first reported that the NSA will stop engaging in this particular surveillance tactic, known as about colletion.

Its a significant change in how the U.S. government surveils people, which will cheer civil liberties advocates and worry conservatives who argue muscular surveillance is necessary to stop terrorism.

The surveillance tactic at issue is known as about collection, and allowed under Section 702 of the FISA Amendments Act. Section 702 lets the NSA store and read internet communications pertaining to foreign targets that move through American companies. About collection is the process by which the NSA searches through those electronic communications it collects as theyre in traffic in transit across the Internet backbone. Civil liberties advocates believe about collection may result in the NSA reading emails between Americans without a warrant.

This process is now going to stop.

The NSA has secretly spied on Americans internet communications for years, continuously searching through the contents of emails and web-browsing activities in bulk, said Patrick Toomey, an ACLU attorney who works on surveillance issues. This kind of warrant-free, suspicion-free surveillance is exactly what the Fourth Amendment prohibits. Putting an end to this spying is an important step, but it is only a start to the broader reforms of Section 702 that are badly needed to safeguard Americans' privacy.

The official who spoke with The Daily Beast said the intelligence community will stop doing about collection because its analysts couldnt fully comply with minimization procedures designed to keep them from violating Americans Fourth Amendment privacy rights.

NSA analysts conduct about collection when they spy on foreigners who they believe are outside the United States. Section 702 of the FISA Amendments Act lets the NSA read the emails and listen to the phone calls of people who arent U.S. citizens and arent in America.

When the NSA engages in about collection, it searches through internet communications (without a warrant, of course) for references to a person it is surveilling. And that means NSA analysts may sometimes look at emails sent by American citizens without first getting a warrant.

To try to protect Americans Constitutional rights, the highly secretive Foreign Intelligence Surveillance Court has required that NSA analysts take certain steps to minimize how much their spyingincluding about collectionimpacts Americans rights. Those steps are called minimization procedures. Civil liberties advocates worry they dont sufficiently protect Americans constitutional rights.

The NSAs apparent struggles to comply with minimization procedures may be the reason the FISC it didnt authorize any surveillance under Section 702, as indicated by a report on the court released last week.

Get The Beast In Your Inbox!

Start and finish your day with the top stories from The Daily Beast.

A speedy, smart summary of all the news you need to know (and nothing you don't).

Subscribe

Thank You!

You are now subscribed to the Daily Digest and Cheat Sheet. We will not share your email with anyone for any reason.

The NSAs decision to end about collection is also significant because the agency previously told the Privacy and Civil Liberties Oversight Board (PCLOB)a bipartisan watchdog agencythat it would be difficult to stop about collection without stopping all upstream surveillance. The term upstream surveillance refers to the NSAs practice of scanning communications in bulk as they pass over the Internet backbone, and saving copies of any that contained a term on the agencys list of selectors.

This new ruling could mean one of two things: that either the NSA misinformed the PCLOB when it said it probably couldnt stop doing about collection without stopping all upstream surveillance, or it found a way to do the former without doing the latter.

Regardless, this is a major change in how the U.S. government spies on foreigners its trying to surveil. And its the rare restriction in surveillance that has happened without Congressional involvement.

There is a short list of things that civil liberties advocates honed in on as the biggest problems with 702, said Julian Sanchez, who follows surveillance issues for the libertarian Cato Institute. The other major one is the backdoor search loophole. But about collection was probably the second on the list.

I think this is a useful narrowing of this very broad collections program, he added, something thats at least a little bit closer to the traditional concept of surveillance, where the target is a person or account and not everything in the universe of communications that refers to that person or account.

Read the original here:
NSA Halts Collecting Americans Emails About Foreign Targets - Daily Beast

There's something going on inside the intelligence communities in at least two countries, and we have no idea what it is.

Consider these three data points. One: someone, probably a country's intelligence organization, is dumping massive amounts of cyberattack tools belonging to the NSA onto the Internet. Two: someone else, or maybe the same someone, is doing the same thing to the CIA.

Three: in March, NSA Deputy Director Richard Ledgett describedhow the NSA penetrated the computer networks of a Russian intelligence agency and was able to monitor them as they attacked the U.S. State Department in 2014. Even more explicitly, a U.S.allymy guess is the U.K.was not only hacking the Russian intelligence agency's computers, but also the surveillance cameras inside their building. "They [the U.S. ally] monitored the [Russian] hackers as they maneuvered inside the U.S. systems and as they walked in and out of the workspace, and were able to see faces, the officials said."

Countries don't often reveal intelligence capabilities: "sources and methods." Because it gives their adversaries important information about what to fix, it's a deliberate decision done with good reason. And it's not just the target country who learns from a reveal. When the U.S. announces that it can see through the cameras inside the buildings of Russia's cyber warriors, other countries immediately check the security of their own cameras.

With all this in mind, let's talk about the recent leaks at NSA and the CIA.

Last year, a previously unknown group called the Shadow Brokers started releasing NSA hacking tools and documents from about three years ago. They continued to do so this yearfive sets of files in alland have implied that more classified documents are to come. We don't know how they got the files. When the Shadow Brokers first emerged, the general consensus was that someone had found and hacked an external NSA staging server. These are third-party computers that the NSA's TAO hackers use to launch attacks from. Those servers are necessarily stocked with TAO attack tools. This matched the leaks, which included a "script" directory and working attack notes. We're not sure if someone inside the NSA made a mistake that left these files exposed, or if the hackers that found the cache got lucky.

That explanation stopped making sense after the latest Shadow Brokers release, which included attack tools against Windows, PowerPoint presentations, and operational notesdocuments that are definitely not going to be on an external NSA staging server. A credible theory, which I first heard from Nicholas Weaver, is that the Shadow Brokers are publishing NSA data from multiple sources. The first leaks were from an external staging server, but the more recent leaks are from inside the NSA itself.

So what happened? Did someone inside the NSA accidentally mount the wrong server on some external network? That's possible, but seems very unlikely. Did someone hack the NSA itself? Could there be a mole inside the NSA, as Kevin Poulsen speculated?

If it is a mole, my guess is that he's already been arrested. There are enough individualities in the files to pinpoint exactly where and when they came from. Surely the NSA knows who could have taken the files. No country would burn a mole working for it by publishing what he delivered. Intelligence agencies know that if they betray a source this severely, they'll never get another one.

That points to two options. The first is that the files came from Hal Martin. He's the NSA contractor who was arrested in August for hoarding agency secrets in his house for two years. He can't be the publisher, because the Shadow Brokers are in business even though he is in prison. But maybe the leaker got the documents from his stash: either because Martin gave the documents to them or because he himself was hacked. The dates line up, so it's theoretically possible, but the contents of the documents speak to someone with a different sort of access. There's also nothing in the public indictment against Martin that speaks to his selling secrets to a foreign power, and I think it's exactly the sort of thing that the NSA would leak. But maybe I'm wrong about all of this; Occam's Razor suggests that it's him.

The other option is a mysterious second NSA leak of cyberattack tools. The only thing I have ever heard about this is from a Washington Post story about Martin: "But there was a second, previously undisclosed breach of cybertools, discovered in the summer of 2015, which was also carried out by a TAO employee, one official said. That individual also has been arrested, but his case has not been made public. The individual is not thought to have shared the material with another country, the official said." But "not thought to have" is not the same as not having done so.

On the other hand, it's possible that someone penetrated the internal NSA network. We've already seen NSA tools that can do that kind of thing to other networks. That would be huge, and explain why there were calls to fire NSA Director Mike Rogerslast year.

The CIA leak is both similar and different. It consists of a series of attack tools from about a year ago. The most educated guess amongst people who know stuff is that the data is from an almost-certainly air-gapped internal development wikia Confluence serverand either someone on the inside was somehow coerced into giving up a copy of it, or someone on the outside hacked into the CIA and got themselves a copy. They turned the documents over to WikiLeaks, which continues to publish it.

This is also a really big deal, and hugely damaging for the CIA. Those tools were new, and they're impressive. I have been told that the CIA is desperately trying to hire coders to replace what was lost.

For both of these leaks, one big question is attribution: who did this? A whistleblower wouldn't sit on attack tools for years before publishing. A whistleblower would act more like Snowden or Manning, publishing immediatelyand publishing documents that discuss what the U.S. is doing to whom, not simply a bunch of attack tools. It just doesn't make sense. Neither does random hackers. Or cybercriminals. I think it's being done by a country or countries.

My guess was, and is still, Russia in both cases. Here's my reasoning. Whoever got this information years before and is leaking it now has to 1) be capable of hacking the NSA and/or the CIA, and 2) willing to publish it all. Countries like Israel and France are certainly capable, but wouldn't ever publish. Country like North Korea or Iran probably aren't capable. The list of countries who fit both criteria is small: Russia, China, and ... and ... and I'm out of ideas. And China is currently trying to make nice with the US.

Last August, Edward Snowden guessed Russia, too.

So Russiaor someone elsesteals these secrets, and presumably uses themto both defend its own networks and hack other countries while deflecting blame for a couple of years. For it to publish now means that the intelligence value of the information is now lower than the embarrassment value to the NSA and CIA. This could be because the US figured out that its tools were hacked, and maybe even by whom; which would make the tools less valuable against U.S. government targets, although still valuable against third parties.

The message that comes with publishing seems clear to me: "We are so deep into your business that we don't care if we burn these few-years-old capabilities, as well as the fact that we have them. There's just nothing you can do about it." It's bragging.

Which is exactly the same thing Ledgett is doing to the Russians. Maybe the capabilities he talked about are long gone, so there's nothing lost in exposing sources and methods. Or maybe he too is bragging: saying to the Russians that he doesn't care if they know. He's certainly bragging to every other country that is paying attention to his remarks. (He may be bluffing, of course, hoping to convince others that the U.S. has intelligence capabilities it doesn't.)

What happens when intelligence agencies go to war with each other and don't tell the rest of us? I think there's something going on between the US and Russia that the public is just seeing pieces of. We have no idea why, or where it will go next, and can only speculate.

Read more:
Who Is Publishing NSA and CIA Secrets, and Why? - Lawfare - Lawfare (blog)