NSA Using Hacker Research and Results

In the latest article based on the Snowden documents, the Intercept is reporting that the NSA and GCHQ are piggy-backing on the work of hackers:

In some cases, the surveillance agencies are obtaining the content of emails by monitoring hackers as they breach email accounts, often without notifying the hacking victims of these breaches. "Hackers are stealing the emails of some of our targets...by collecting the hackers' 'take,' we...get access to the emails themselves," reads one top secret 2010 National Security Agency document.

Not surprising.

Posted on February 6, 2015 at 9:39 AM • 26 Comments


AndrewFebruary 6, 2015 10:24 AM

Do I remember someone saying something about the public-private surveillance and how the spooks piggyback on the existing user tracking technologies on the internet?

Also in recent talk between Mr. Schneier and Mr. Snowden it was mentioned how the government hackers would use intermediary when hacking someone in order to cover their tracks.

So this is hardly an earth-shattering surprise. Rather an evolution along the same line of behavior.

And it kinda makes sense for a secretive government agency - why expose themselves hacking a target if someone else is up to the task already. Let the freelance hackers do the dirty work and take what you need from them. Added benefit - the freelancers take the fall for the whole digi-shindig.

Nicholas WeaverFebruary 6, 2015 10:49 AM

At this point, I think Greenwald is down to the stems and seeds on his "5EYES abusive data collecting" kick. (There are still interesting technical nuggets coming from der Spiegel reporting.)

The program in question is basically following, on twitter, people who's public statements on twitter are those you should follow if you care about information security.

Bob S.February 6, 2015 11:38 AM

There's been occasional talk of need for a world wide Electronic Magna Carta.

There was a time when you would have thought the USA would take the lead in creating it. Not any more of course. The Europeans seem willing at times, but just like in the USA the military rulers simply say "No" and that's that.

I have suspected for a long time some of the mysterious data dumps of personnel, medical and corporate records is nothing more than a NSA data collection scam. I think I am right, but of course cannot prove it, and no one else can either. However, this reports supports my theory somewhat.

Why is it if the government does these things it's legal, but if anyone else does it it's illegal and they get 20 years in prison?

I realize my opinion is decidedly in the minority. Most people literally don't care about their personal privacy or security at all. The polls consistently show it.

One day they might, then it will be too late.

AnuraFebruary 6, 2015 12:21 PM

@Bob S.

Why is it if the government does these things it's legal, but if anyone else does it it's illegal and they get 20 years in prison?

Why is it when a civillian pepper sprays someone who is doing nothing more but walking and talking on their cell phone they are charged with assault, but when a police officer does it they get paid vacation (err... excuse me, suspension).

Why is it when a civillian shoots a man in the back for carving wood, they get charged with manslaughter, but when a police officer does it they simply lose their job.

You can't expect the police to police themselves; the only people with the power to go after the NSA benefit from their activities.

John MacdonaldFebruary 6, 2015 12:33 PM

There have been speculations in newspaper reports on reported "Chinese" hacking activities, wondering (in each particular instance) whether it was being done by the Chinese state itself, by state-sponsored independent agents, or by private individuals.

This shows that a fourth possibility exists - state (tolerated and monitored) agents who probably think they are private/independent individuals are doing the work but the state still collects the results.

albertFebruary 6, 2015 4:49 PM

This 'cyber' stuff has been a godsend to gov/mil apparatchiks everywhere. Virtual e-bogeymen can be created instantly, at will. "China did it", "North Korea did it", "Russia did it". It's even possible for a TLA to 'frame' non-governmental actors for doing stuff they never actually did.
Do get me wrong, I have no sympathy for folks who hack into citizens personal data. They deserve whatever they get. Folks like Snowden and Manning are a different breed, though. They I _do_ have sympathy for.
_All_ state actors are bogeymen; there are no 'sides'; it's us against them.
"Cyber this, and cyber that; cyber everything, just ain't where it's at.." - apologies to Boz Scaggs, Lowdown .
I gotta go...

GodelFebruary 6, 2015 5:17 PM

Just to make it clear, these hackers seem to be other nation states, not Anonymous or the other "private" operators.

"To the analyst using SIGINT databases, collected INTOLERANT data looks like Simple Mail Transfer Protocol (SMTP) mail. In this case, though, the traffic fairy has been hard at work... To hide the traffic, the hackers' programs split a victim's email into pieces. Each piece is then obfuscated, given a different, spoofed, source IP address and sent to a different destination IP address. Having different destination IP addresses serves to route the pieces across separate channels1 of a satellite signal. The channels being used carry large amounts of traffic, allowing INTOLERANT data to hide as background noise. Much collaboration between CSE, MHS,
GCHQ and NSAW has brought about the transformation of INTOLERANT data we collect into "readable" SMTP mail."

My name is not importantFebruary 7, 2015 11:15 AM

@st37: "Security services capable of bypassing encryption, draft code reveals"

From the article itself: "Britain’s security services have acknowledged they have the worldwide capability to bypass the growing use of encryption by internet companies by attacking the computers themselves."

So... are they attacking cryptography or the computer themselves?

Seriously, if we value privacy we must learn as soon as possible that it is tightly related to security. This is the reason I would choose OpenBSD instead of tails even if only privacy is wanted. But journalists will continue ignoring OpenBSD while their mouths are filling up with praises to unsecure operating systems and software projects. At same time money and awards will be directed to unsecure computing platforms.

Sadly PGP is "more secure" to most people than OpenSSH, even if the former does not support perfect forward secrecy and the latter can only be attacked by replacing the server process with a vulnerable trojan (something that again requires exploting vulnerabilities in the operating system where the server is running). But, who cares?

MFFebruary 7, 2015 12:44 PM

@My name is not important:

So...how do you encrypt email with OpenSSH? I'd say that people who want encrypted e-mail would prefer PGP over OpenSSH because PGP solves their problem, not because they think PGP is better designed. (Maybe it is, maybe not, I'm not the right person to judge that.)

Nick PFebruary 7, 2015 3:04 PM

@ my name is not important

OpenBSD is not secure if using apps they didn't develop. You're better off using a BSD or Linux with a solid MAC implementation, micro-virtualization (eg OKL4 + OK Linux), or both. This lets you have stronger separation of trusted and untrusted software. So unfortunate that Theo is a true believer against building such protections in the kernel: his implementation would be more trustworthy than most.

FreeBSD w/ Capsicum or Linux w/ MAC (pick one) are the best choice. Various academics and security companies are constantly building more assurance into those platforms. Many activities aim at protecting the kernel from attack. A well-defended kernel plus kernel-enforced mandatory policy is a strong combination against malicious apps.

Note: You can also always remove system calls from the kernel that your apps don't use by changing the function body to eg return 0. The whole thing can compile thinking it's all in there and yet the attackers can't do squat with the syscalls.

65535February 7, 2015 3:18 PM

The “Piggybacking off of Hackers” reminds me of the dirty cop who allows a certain amount of drug dealing – as long as he gets his cut of the loot.

The NSA and GCHQ seem to have no scruples with dealing with criminals. I can only assume there is some criminal elements within said “Agencies.” I can guess that there is some sort of Quid pro quo agreement between these “Agencies” and the hackers – which might explain why there are numerous unsolved credit card skimming cases and other successful attacks on US companies.

I can also see why countries like Russia and China appear to protect and nurture their hackers. In “Agency” language the hackers would be considered “National Assets” or the like. I can only see this criminal trend rapidly increasing.

'In response to The Intercept‘s questions, an agency spokesperson… noted that NSA “defends the nation and our allies from foreign threats while going to great lengths to safeguard privacy and civil liberties.”' –Intercept


This statement would seem to translate into:

“We are keeping you secure, by weakening security, monitoring all of your conversations, capturing five billion GPS cell phone locations each day, logging all of your financial transactions, photo-coping all of your mail and putting you in long stupefied search lines at airports. We spare no expense. In fact, we charge you $52 billion each year to keep you safe.”

Gee, what a bargain for the average Joe. /

SkepticalFebruary 7, 2015 5:45 PM

@Nick P: Obviously I lack all technical expertise, but from a position of great ignorance, I must ask whether Qubes wouldn't fit your reasoning as well, if not better, than the alternatives you mention, unless there are project-specific weaknesses and not concept-specific weaknesses.

Re Glenn Greenwald's latest opus:

A nicely done article, in which he helpfully tells the Chinese that particular intelligence operation(s) of theirs was/were compromised while revealing absolutely nothing of importance or relevance to the public. And not only was the article merely informative, but it was entertaining as well, marked by a comedic straining throughout the piece to add a malicious tone to completely innocuous actions (for example, GCHQ's following of public Twitter accounts is repeatedly referred to by Greenwald as "monitoring" - in coming weeks I expect an expose of The White House monitoring The New York Times... by having a subscription).

Really I should have stopped reading GG when I read his article in response to ISIL's murder of the Jordanian pilot. But, frankly, his embrace of his persona is sufficiently earnest to render even the silliest and most unreasonable of his articles too human to earn hostility to him. The essential characteristic of his arguments is that of a kernel of a legitimate reason, encrusted with exaggerated implications and doubtful deductions, gilded again with language more argumentative than accurate, and delivered with a verbosity designed to clog even the hardiest of GCHQ taps.

Though a strong streak of contrarianism may simply be symptomatic of a laudable desire to stand up for the weak, I wonder whether he realizes just how far from some of (what must be) his underlying values his current fight has led him. He's allowed himself to become defined merely by the institutions he opposes, which means that when those institutions act and choose reasonably and justly, as they sometimes do, his instinctive reaction may not be the correct one.

One can be a champion for the protection of liberty while taking seriously the importance of the foreign intelligence capabilities of liberal democracies, especially when they touch upon governments that are avowedly illiberal. One can be an intellectual gadfly in the furtherance of critical thought and humane policies without being too dismissive of the importance of recognizing the sheer barbarity that one too often confronts.

GweihirFebruary 7, 2015 10:17 PM


These people have no honor whatsoever, and "the law" is only something to be used against their enemies to them. Calling them "rogue" would be too kind. If there ever was a clear and present danger to the freedom of the world, it is these people.

GweihirFebruary 7, 2015 10:35 PM

@Bob S.:

Most people cheered Hitler onwards, and the certainly present voices that considered him extremely dangerous and did so with good evidence to back them up were ignored. The general population is unaware of history and only hears what it wants to hear. Catastrophes like the one currently brewing can only be averted if enough of those that actually get it continue to draw attention to the problem, and even then it is not a sure thing at all. Given what is at stake, it is eminently worthwhile trying though.

BoppingAroundFebruary 8, 2015 4:23 PM

Nick, that's someone bearded. Wearing some sort of a hat, I think. Does this make any sense now?

Clive RobinsonFebruary 8, 2015 5:04 PM

@ BoppingAround, Nick P,

If you turn the curly bracket / brace around then it becomes a "happy devil" or a "Guido Fawkes Mask" depending on who you ask.

@ Nick P,

I guess now you claim to have an impersonator with a gas problem, we have to ask you to authenticate yourself... now the question is how? as you know we could all claim to be Sparticus.

BlueLightMemoryFebruary 8, 2015 5:58 PM


You mean the all seeing and all knowing eye of the NSA has to steal from hackers to get results?

Say it aint so NSA..say it aint so.

No, but seriously, it's not really that hard to evade you NSA office sitting toads anyway. So it really doesn't surprise me that you have to leach off others even though you have a beyond huge budget. Simply put, you guys are not that good. You've gotten slack and soft. That's what happens when you choose treason over the Constitution.

albertFebruary 8, 2015 6:27 PM

@Nick P, guys,
You're over thinking it. I have seen only a few of those listed on your wiki page. Is there an ISO standard being developed now? :) Some blogs actually insert the graphic (often animated) for you. I hate that!
It's curly hair, eyes, nose, smile, and goatee. That's me, although I'll eventually lose most of the hair on top!
Good guesses though.

Nick PFebruary 8, 2015 10:56 PM

@ albert

You do see that directing a picture of yourself at a guy out of the blue without context could lead to confusion, right? At least the resulting discussion was kind of funny.

DBFebruary 10, 2015 11:31 AM

Schneier wrote:

Not surprising.

How about if every time a criminal broke into your house, ransacked the place, and stole your valuables, your government was in fact conducting a search to make sure you were not doing something they didn't like!! I.e. essentially your own government deputising every criminal to check you out on their behalf to keep you in line.

Would that even be surprising anymore?? Sounds like the Chinese Cultural Revolution to me...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.