The hack of an NSA malware staging server is not unprecedented, but the publication of the take is. Here's what you need to know: (1/x)
-
-
2) NSA is often lurking undetected for years on the C2 and ORBs (proxy hops) of state hackers. This is how we follow their operations.
-
3) This is how we steal their rivals' hacking tools and reverse-engineer them to create "fingerprints" to help us detect them in the future.
-
4) Here's where it gets interesting: the NSA is not made of magic. Our rivals do the same thing to us -- and occasionally succeed.
-
5) Knowing this, NSA's hackers (TAO) are told not to leave their hack tools ("binaries") on the server after an op. But people get lazy.
-
6) What's new? NSA malware staging servers getting hacked by a rival is not new. A rival publicly demonstrating they have done so is.
-
7) Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack.
-
8) Circumstantial evidence and conventional wisdom indicates Russian responsibility. Here's why that is significant:
-
9) This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server.
-
10) That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies.
-
11) Particularly if any of those operations targeted elections.
-
12) Accordingly, this may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks.
-
13) TL;DR: This leak looks like a somebody sending a message that an escalation in the attribution game could get messy fast.
-
Bonus: When I came forward, NSA would have migrated offensive operations to new servers as a precaution - it's cheap and easy. So? So...
-
The undetected hacker squatting on this NSA server lost access in June 2013. Rare public data point on the positive results of the leak.
-
You're welcome,
@NSAGov. Lots of love. - 6 more replies
New conversation -
-
-
Please open a blog and stop tweeting like that
-
Quite a common practice to tweet like this, especially experts in fields.
#nothingnew -
doesn't mean it makes sense or it's a good way to communicate clearly
-
Works for Twitter Q&As, & seasoned users know clicking on a numbered Tweet will produce full thread in order for context.
-
-
.
@Vainzou@Snowden Because you are doing it wrong or don't know what you're doing. It is ok, here to help. Cheers.pic.twitter.com/CIY0dtUEx1
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.