Does The XKeyscore Source Code Leak Point To Another NSA Leaker?
from the new-goal:-a-leaker-a-year-for-the-next-decade! dept
The recent leak of the XKeyscore source code has raised an interesting question. Is there a second leaker? The report written by Jacob Appelbaum and others for DasErste.de detailed the NSA's targeting of Tor users (and even those who just read about Tor) and the harvesting of their communications, but very explicitly did not state that Snowden was the source of this code snippet.Others noticed this lack of attribution and commented on it. Cory Doctorow at Boing Boing apparently received confirmation that this particular leak was not from Snowden's trove of documents.
Another expert said that s/he believed that this leak may come from a second source, not Edward Snowden, as s/he had not seen this in the original Snowden docs; and had seen other revelations that also appeared independent of the Snowden materials.Cryptologist and security expert Bruce Schneier (who has seen the documents released to journalists by Snowden) concurred with Doctorow's conclusion.
And, since Cory said it, I do not believe that this came from the Snowden documents. I also don't believe the TAO catalog came from the Snowden documents. I think there's a second leaker out there.The TAO catalog was originally revealed by Der Spiegel with reporting by (again) Jacob Appelbaum and Greenwald/Snowden partner Laura Poitras. Nothing in the story explicitly states its origin, although the inclusion of Poitras at least suggests the documents can be traced back to Snowden's stash.
Glenn Greenwald, however, offered his agreement with Schneier's take here:
Seems clear at this point RT @ageis @vruz Bruce Schneier: "I think there's a second [NSA] leaker out there." https://t.co/0iCULZWf0L
— Glenn Greenwald (@ggreenwald) July 4, 2014
At this point, all anyone has is speculation. If there's another leaker, it's doubtful he or she will make his/her identity known any time soon. Snowden revealed himself as a leaker and that hasn't exactly worked out well for him.
But there's also some indications that this snippet of code came from Snowden's leaks. Errata Security (the group of bloggers that exposed the fakery behind NBC's pre-Winter Olympics "report" that all visitors to Sochi would be instantly hacked) has done its own fisking of the code snippet and come to the following conclusions.
1. The signatures are old (2011 to 2012), so it fits within the Snowden timeframe, and is unlikely to be a recent leak.Errata Security notes some of the oddities of the code, pointing out that it looks more like something pulled from a training exercise or manual rather than directly from XKeyscore itself. More investigation by Errata Security and The Grugq (another security expert) apparently uncovered the fact that the text was pulled from a document (pdf, docx, etc.) rather than an actual source file. But the aspect that seems to indicate this is part of Snowden's stash is the timeline.
2. The code is weird, as if they are snippets combined from training manuals rather than operational code. That would mean it is “fake”.
3. The story makes claims about the source that are verifiably false, leading us to believe that they may have falsified the origin of this source code.
4. The code is so domain specific that it probably is, in some fashion, related to real XKeyScore code – if fake, it's not completely so.
As this post to the Tor developer mailing list describes, the signatures in the code are old. The earliest date this file can be valid is 2011-08-08, when the Linux journal reported on TAILS. The latest date might be 2012-09-21, just before a new server was added to Tor that isn't in the XKeyScore list. Since this is shortly before Snowden first tried to contact Greenwald, the dates sync up.If the code is unrecognizable by those who've had access to the documents, that's probably due to it being compiled from various pages and mocked up into a short code excerpt. Rob Graham at Errata Security doesn't feel it's necessarily fake, but believes the origin of the quoted source code may have been obscured -- hence, no citation of Snowden's leaks or any acknowledgment of existing NSA files.
Of course, this could mean another leaker is simply hiding behind Snowden, and has pulled files roughly in the same date range in order to deliver new leaks in order to remain undetected. If there is another leaker, my guess is he/she will be discovered rather than coming out publicly.
New leaker or no, the one-two punch of published leaks by Jacob Appelbaum and Barton Gellman (of the Washington Post) shows that the NSA is doing everything it's been accused of -- namely, hoovering up and holding onto incidental communications (even those originating from "untargeted" American citizens) and viewing anyone with even a passing interest in anonymity or encryption as "suspicious."
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: leaker, nsa, source code, surveillance, training manuals, xkeyscore
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
If it turns out there's more than one leaker, the NSA defenders might have to abandon the "egotistical loner" personal attacks on Snowden.
Then again, they'd probably declare it to be proof of a vast conspiracy of enemy agents among us and justification for more NSA spying on everyone. /pessimism
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I think it comes with oversized bureaus.
As a Sinister Guild of Evil, the NSA seems to suffer from that most common of maledictions, incompetent minions.
Not incompetent in the classic bumbling nincompoop sort of way, but certainly so terrified about covering their own asses that they have little time to do much else.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
No they wouldn't
Given how utterly averse they are to anyone knowing the details of what they're doing, it makes sense from their point of view to structure things so that no such record of their activity exists, so they can always respond to any requests for information with 'No such document exists or can be found.'
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
...shuuuuut uuuuuup!
[ link to this | view in chronology ]
i say if.
[ link to this | view in chronology ]
The single whistle theory.
I even suspect that's a fall he's willing to take at this point.
As of this posting I have not received a US National Security Letter or any classified gag order from an agent of the United States
This post does not contain an encrypted secret message
Monday, July 07, 2014 10:54:03 AM
stretcher picnic Russia license cot flag toothpick x-ray
[ link to this | view in chronology ]
it's as if these reporters don't really care about the underling issue, rather just the newsworthiness of a scoop, regardless of consequence.
I'm with beech above- stfu about it.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Only 1%
[ link to this | view in chronology ]
Re: Only 1%
It's a tall order for most people.
[ link to this | view in chronology ]
Re: Re: Only 1%
And then ol' Adolph had a winning lucky streak at dodging bullets, even through the July 20 Plot.
I only hope that we don't have to wait for all the natural consequences to happen (the proverbial Allies reaching Berlin) before we see the surveillance state dismantled.
[ link to this | view in chronology ]
Re: Re: Re: Only 1%
[ link to this | view in chronology ]
No Surprise there if true
* Security Clearance Process is so Strict.
* The Borders are So Secure
* No Dual Citizens hold Office or can access Classified Data, Vaults or Comms
* No other nations are spying
* All electronics have their 1's and 0's (3VDC-5VDC) audited and monitored, by top secret security feature and won't work right (e.g. 0VDC), when your intent is to Whistleblow
[ link to this | view in chronology ]
Just a thought.
And as we have seen in the past on numerous occasions, the NSA and other federal agencies are 100% OK with disclosing truly sensitive National Security information that actually harms national security and/or endangers field operatives, as long as it can be used to fool the public into believing what they want it to believe.
Just a thought.
---
[ link to this | view in chronology ]
[ link to this | view in chronology ]
FBI/CIA PIMPS
https://sites.google.com/site/ciapimps/home
[ link to this | view in chronology ]