The hack of an NSA malware staging server is not unprecedented, but the publication of the take is. Here's what you need to know: (1/x)
1) NSA traces and targets malware C2 servers in a practice called Counter Computer Network Exploitation, or CCNE. So do our rivals.
2) NSA is often lurking undetected for years on the C2 and ORBs (proxy hops) of state hackers. This is how we follow their operations.
3) This is how we steal their rivals' hacking tools and reverse-engineer them to create "fingerprints" to help us detect them in the future.
4) Here's where it gets interesting: the NSA is not made of magic. Our rivals do the same thing to us -- and occasionally succeed.
5) Knowing this, NSA's hackers (TAO) are told not to leave their hack tools ("binaries") on the server after an op. But people get lazy.
6) What's new? NSA malware staging servers getting hacked by a rival is not new. A rival publicly demonstrating they have done so is.
7) Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack.
8) Circumstantial evidence and conventional wisdom indicates Russian responsibility. Here's why that is significant:
9) This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server.
10) That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies.
11) Particularly if any of those operations targeted elections.
12) Accordingly, this may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks.
13) TL;DR: This leak looks like a somebody sending a message that an escalation in the attribution game could get messy fast.
Bonus: When I came forward, NSA would have migrated offensive operations to new servers as a precaution - it's cheap and easy. So? So...
The undetected hacker squatting on this NSA server lost access in June 2013. Rare public data point on the positive results of the leak.
You're welcome, @NSAGov. Lots of love.
(+) "unignorable public fact" is a clunky way of expressing it, but I mean something that you can bring up in a news report and politicians discuss what the appropriate reaction is, rather than challenging the fact itself. This is getting increasingly rare.
We all know the U.S. election system is flawed to a point of being broken and thus democracy as we like to believe it's supposed to work doesn't even exist. But everyone just accepts that's the way it is and carries on with life because "at least it's not North Korea." If you hadn't already lost faith in the U.S. election system years ago, then you've got your head in the sand.
It might be a hard pill to swallow, but I think if Russia's plan is to make the U.S. wake up and smell the coffee, they're actually doing the U.S. people a huge favour.
He also discovered that the Carter administration's justice department had opened a criminal investigation on the NSA, and through FOIA managed to get a copy of the file. It was pretty damning stuff.
This was 1982. What changed because of this?
That was the point I was trying to make with "unignorable public fact" - "we" don't "all" "know" that, for various values of those words. Would you expect TV anchors to say things like "Well, I'm standing outside this polling place, but I'm not really sure what the point is because elections are broken"? Millions of people get involved in fighting elections like they mean it.
Consensus about this kind of thing is a real problem, because the landscape is polluted with lies and delusions.
Edit: I specifically said "lose faith in the US election", not "lose faith in the US [generally]"; it's one thing if the bad policy is the result of legitimate elections, it's quite another if either the vote is widely rigged (hacking voting machines), subject to intimidation. People ending up believing it's rigged when it actually wasn't is just as bad, it's the kind of thing that leads to political violence.
Equally I haven't lost faith in the U.S. - there are millions of amazing Americans. I've just lost faith in the U.S.'s a). ability to elect the person they really want in charge because the voting system is broken and b). the person they _do_ elect doesn't have any meaningful power anyway because the senate is purposely designed to restrict any meaningful power.
It is a Constitutional Republic with the only democratic process being the representatives you elect .... represent you ... sometimes... if they feel like it.... unless they have been bribe^H^H^H^H lobbied to do otherwise.
The only nexus between republic and democracy in this case would be the Constitutional Republican Guarantee clause. Since that has essentially never been adjudicated we can't know for certain whether - at least in Constitutional terms - a Republic does convey democratic rights.
If you elect incompetent, or corrupt, or evil representatives, it's still a democracy.
Democracy is a tyranny of majority. The founders did NOT want a democracy.
A republic is a land where political authority isn't formally heritable personal property (e.g., basically a not-monarchy), a republic can also (like the US) be a representative democracy. It can also be an authoritarian dictatorship. It can also be a direct democracy.
The laws bind it.
I suppose since the constitution is completely ignored you might have valid points.
You clearly are using "democracy" in a very peculiar sense. If you narrowly define "democracy" as "lawless mob rule", then your statement is true, but that's not what the word democracy is generally used to mean when discussing political systems.
So yes, it is a personal definition. Scholars don't use this definition. Pundits don't use this definition. The common man doesn't use this definition. It's a BS definition, and if it weren't, it would be pointless and redundant because "majority rule" captures this already.
That's where you're wrong. A democracy is a state where people have (or nominally should have) equal power to affect society's collective decisions. Not all implementations of "majority rule" meet this criterion.
Political decisions affect everyone, thus everyone should have an equal share in determining which ones we take - at least a priori.
We can cede some power if we decide that a certain class of questions are none of our business (for instance, delegate some decisions to a local level, or give Sharia courts jurisdiction over their adherents to take an uglier example). Or declare that some questions are non-political in nature, and should be decided by some sort of experts. But the decision about what is our own business must always be our own business.
Another way of saying the same is that all legitimate government comes from the people - as opposed to e.g. the divine right of kings, or a "natural" aristocracy.
How can you have that without at least a one line constitution that says, more or less, "The majority rules"? You beg the question, sir.
You very narrow definition of "democracy", majority rule without a constitution, isn't possible. Thus your definition is useless and therefor meaningless.
What matters is what the people want now and for the future of their United States... are you going to live forever more adhering to the rules of dead people? Seems er... pointless.
No. If you democratically elect terrible representatives who eat puppies, it's still democratic.
> Also, what about federal judges? None of those are democratically elected, and they get to interpret all the laws in ways that have great consequence.
You don't have to elect every government official for it to be a representative democracy. Democracy means that the ultimate power is vested in the people. If you elect representatives who appoint judges, the judges are still appointed by the power of the people.
> Hence, America's government is a little more complicated than "democracy", although some parts of it are surely "democratic" (e.g. the house of reps).
No government is simple. America is very clearly not a direct democracy, nor are all officials elected, but it is still a democracy.
 A citizen was considered to be any person born of Greece, white and male.
I doubt that the Athenians had the present-day concept of "white people". Wikipedia says that citizens "had to be descended from citizens", so maybe at least in a certain era nobody known to be descended from people coming from outside of Athens could be a citizen.
Edit: looking at one of the references, it seems that there was a year when explicit citizenship lists were drawn up based on all free men who lived in Athens (maybe with some kind of ethnic exclusion at that time too?). From then on until Pericles, children could be added to the list if their fathers were on the list. After Pericles, children could be added to the list if their mothers and fathers were on the list.
Most importantly, while there were a few questions settled by referendum where all citizens could vote, most were settled by randomly allotted juries. This meant there was little advantage to forming political parties around popular demagogues, or run well-funded propaganda campaigns.
Athenian democracy got knocked down many times and came back every time, except the last. The second-to-last time, a bunch of immigrants had fought for the liberation and restoration of democracy, and some leaders argued forcefully that they should be awarded citizenship for this. But they didn't get it, the existing citizens voted against.
The reason democracy finally failed was probably this. The Athenians knew (especially the poor) just how unusual and lucky they were to have political freedom, so they were fiercely protective of it - and didn't want to dilute it by sharing it. Eventually a large part of their society had so little stake in democracy that they didn't bother to restore it.
Because it is designed as a (representative) democracy. Its also a federal republic whose constituent units are mostly-representative [but some with significant aspects of direct] democracies.
They absolutely do represent you.
What do you think the representatives doing when they're trying to fuel up the corporations in your district? They're representing your interests by making sure that the jobs stay where they are, just not the interest of the American people.
The senators represent the state's interest, the representatives represent the district's interest.
Can someone fill me in?
The only check on this is the separation of powers, and even then, career politicians, special interests, and tons of money have way too much influence. Add in the fact that the press were supposed to be the check on government and now they're firmly in bed with the political parties. All you get is the incredibly slanted, biased, and spun stories to influence you so all you get is their viewpoint. I can't imagine how I would see the world if I only read the New York Times and only watched MSNBC.
If some of the fringe third parties would all come together and find a common platform, it would certainly replace my faith in the current system.
The "establishment" Democrats were the same except they succeeded in placing their candidate ahead of what many believe their base really wanted.
They aren't Brazil either, or even most places in Europe.
Were I an US citizen, I'd be very wary of people trying to fix Democracy¹. They have a pretty good quality of life, and any attempted change can go very badly very easily - the more "let's fix things" is the change, the easier it could go badly.
1 - Hell, I'm wary of them here at Brazil! Because, you know, we aren't North Korea either, nor Venezuela. That said, we recently got a very good and very safe fix applied - the trick is that nobody was claiming it was a fix for Democracy, it was some people "just doing their work" on unforeseen ways.
Far too many voting machines are still insecure, and one of the candidates is pre-accusing the other of fixing the election.
And yes, there's also some propaganda for not fixing it at all. That's what support voting machines (at least here). But, again, how do you fix the problem that makes propaganda viable?
For the specific problem of voting machines, candidates accusing others may be the best avenue for moving people in the correct direction.
And they always will be. It's impossible to have a secure voting machine.
rolls eyes, adjust your tinfoil hat.
Look, even if you believe that dark, unseen forces control the world using the US as a conduit - it would appear that the world has been the better for it. Given a choice of world management between Russian and US in this regard, the choice is pretty straightforward.
People who complain about Europe, the US and the general Western alliances management of the world are selling a pretty ugly alternative.
I don't think it's entirely black and white in the other direction either but your comment strikes me as crass and indifferent towards human life, dehumanizing, confusing people with their larger society and government.
It's interesting that you choose to use the word "management" here - we in other countries are not left to make our own decisions, they're "managed".
If you believe all that, you have to consider the results of Putin's Russia: Oligarchy & Nationalization, direct imperialism (Ukraine), the support of extremists/facists in foreign countries...
That doesn't make it OK for the US to do it as well! This is what I meant by "false dichotomy". If anything, the US (and especially UK) use of domestic surveillance and extraterritorial interference makes it harder for us to argue that Russia should not do those things either.
Even within that audience which implicitly accepts the government is more directly engaged in protection of sovereignty via clandestine means against it's own citizens -- that audience should probably consider the goals of the sources.
That assumes that we 'the people' are part of the equation. We aren't. This looks like standard gamesmanship between intelligence agencies. They operate in a world above the cares and needs of the common people. Such messages normally pass quietly through known channels (servers known by both sides). The going public says to me that the message wasn't getting through, or wasn't being taken seriously by the right people. This is about communicating intention to someone who, perhaps, needed to be publicly shamed in order that they take the situation seriously. That would fit the pattern of many 'cold war' spy games.
The 1/n 2/n n/n tweets is a huge indicator of a feature need. Of course, that's going to dilute their original value proposition of short direct messages.
SMS has for ages, thanks to Nokia, had the capability of merging multiple messages into a single large one.
Twitter could just make use of this and save themselves a whole lot of grief.
(Before some smartass replies "I do read over sms", well even without sms merging, twitter could still split a tweet into multiple sms. 99.9999% of their userbase wouldn't care.)
"Value proposition" or stubbornly clinging to something that users do their best to work around?
Why not just cut to the chase and make this thing essentially broadcast email, or more generally yet another blogging platform?
Facebook has a complete "Post" blogging mechanism.
Twitter is soon going to stop counting urls in the 140 characters.
One of these things is not like the others...
edit: well, not everyone knows what an Oh By Code is yet, so for now I suppose the link format is best, but eventually, just the code itself will suffice ...
Then, you can just post a link on your twitter and say "hey, see my new blog post".
Or, given this is Snowden, he could GPG sign his blog posts and post his fingerprint to Twitter or something to verify identity.
I know enough to say that this sentence reveals a lot about what snowden knows, and what he doesn't. Mostly the latter. He doesn't seem to understand the context and meaning of acronyms he uses.
Are you seriously expecting us to believe that your friend is telling you how the NSA is internally structured and how sensitive foreign operation intelligence programs work?
Plus in another comment of yours you claimed to know how General Atomics MQ-1C Gray Eagle worked behind the scenes but when asked to post more info you never did.
So you're seemingly a Linux admin, but know tons about the inner workings of both military contractors, the DoD, and NSA from your single friend? Seems uhh a stretch, let's just say that.
He spelled it "Grey Eagle". It's unlikely one can actually speak "professionally" about a program when they can't spell it correctly.
If you're part of the program, you're seeing/typing/writing the name "Gray Eagle" day in/day out.
To use an analogy this is like someone saying the "US Army" in reference to infantrymen specifically and then someone, such as yourself, coming along throwing their hands up and saying "The US Army is composed of much more than just 'infantrymen,' this comment shows willful ignorance of that fact."
We can all read the Wikipedia article on the TAO. You aren't fooling anyone by acting like you know more than is publically available, and trying to correct someone who provably worked for the NSA seems at best arrogant, at worst ridiculous.
You say acronyms as a plural.
Can you please identify two or more specific usages (hopefully with citation!) of Snowden using acronyms incorrectly?
However, you may want to consider Snowden isn't hostile enough to go through and list ever group in the US that maintains an arsenal of malware for operations in public. That doesn't necessarily mean ignorance, a more generous interpretation is everyone knows about TAO so he calls it TAO.
I realize you probably don't like the guy, but would you really preferred he list off every SigInt group in the US with a malware arsenal just to cover all his bases and all of their component groups that operate in relation to it?
Idk about you, but I don't need him to post org charts of all of that to get the gist.
They apparently don't shy from morally questionable ways to accomplish their goals. So if you are into it.. Snowden actually wasn't and that was one of the reasons why he decided to quit CIA and eventually become a whistleblower.
There was this part, i also tend to think there are more technically interesting problems than circle jerking over the latest js framework for engaging with skinner boxes that more people get the so wonderful opportunity to make decent money for.
>* Snowden actually wasn't and that was one of the reasons why he decided to quit CIA and eventually become a whistleblower.*
I also dont see snowden as a hero like most paint him to be, binney, drake et al. and many others came before (whose opinions get often ignored compared to the latest lord savior). The fact that he tends to get the most paid press offerings and stamp of approval from the media™ tends to make me think lower of him, as with his dubious "service" in the first place… shrugs… his life, not mine.
I just watched an excellent documentary called "Zero Days" (https://weshare.me/823adb83b8e98628) this morning about the whole Stuxnet (aka Olympic Games) debacle. They really are playing with fire.
If you want something technical that is not exaggerated, you better watch something else. If someone have an recommendation, please share.
The last part has some insightful commentary by a number of experts on the new world of so-called "cyber warfare" that we're entering into.
Can you elaborate? I haven't been exposed to any ideas that address this without compromising civil liberties.
That is, "real defence" sounds like the government monitoring internet connections to my company for malicious activity. I don't think that's good for business.
I might be thinking a little close-minded about it though. Please share what you mean.
It is ultimately penned for the masses, but even if you're technical you'll likely enjoy it. And there's plenty of scope for going off and doing your own research about bits and pieces.
"Look, we've put off 99.9% of the fires we started last week. Your complaint about we completely burning 2 cities down is baseless, you can't reasonably expect our fire-control to get any better."
They even reaffirmed it late last year.
(sorry for the google cache link; www.nsa.gov (AkamaiGHost?) is currently returning 503 Service Unavailable)
Society only functions properly when people act ethically. We have laws in place for punishing those who harm others in various ways (financially, physically, etc.), as a means to discourage bad behaviour. In theory there's supposed to be international law, but sadly no-one seems to pay much attention to it.
And I'm not one bit interested in doing what pleases you. I'm only interested in doing what pleases ME (as is every other person on Earth, although most will never admit it out of cowardice).
So no, I don't have ANY obligation at all towards you.
Now, is it in my best interest to treat you nice and contribute to your well-being? Yes, in most circumstances I'd have to admit that it is.
Have a lovely day!
"Pleasing" deals with emotions, so we can drop the facade of hyper-rationality right there. Cooperation is beneficial for an itdividuums' survival, as you rightfully state. It is indeed of such importance that the standards of cooperation have been internalized long ago – for non-sociopaths, altruism is an end in itself and creates positive feelings.
And if you insist on your way of looking at it you actually stopped half-way: what "pleases you" is /also/ just a useful heuristic to maximize you reproductive success. The warm feeling you get from winning the lottery is no more or less real than the warm feeling (other) people get when they see someone happily getting married.
For this whole system the borders between the individual and the group are fluid. While certainly, all else being equal, the individual's need usually trumps the group's, it is anything but clear-cut in most real scenarios. You may be willing to sacrifice someones life to save your own, but that can change if the other person is you daughter, when you get to old age or when it's not a 1:1 sacrifice but merely an assumption of a non-zero risk of death.
> ... but that can change if the other person is you daughter ... old age ...
It isn't as complicated as you're making it out to be, the decision made by the individual depends on the maximization of their goals. So that depends on the weight they assign to the importance of genetic immortality, reproductive years remaining, justice in an afterlife, etc. Sure, not everybody is a perfectly rational actor applying game theory in their daily interactions, but individuals are much more self interested than you're describing - even with family.
I'm mostly taking offense with the characterization of such "feelings" as "not real" or of lesser value than the "pure" thought of rational egoism:
1. If we take altruism as a highly developed extension of egoism, it's worth to consider it an invaluable heuristic trained over thousands of generations to intuitively make good decisions. Where a cold analysis may tell you that giving money to a poor person is wasteful, I'd say that the warm fuzzy feeling we get from giving is an encoding of results gained over millennia of experience.
This also touches another point: I'd suspect that most altruistic behaviors are actually net-negative for the individual but, when practiced by large parts of the population are beneficial for everyone. Here, emotions serve as a prehistoric solution to the tragedy of the commons. It's an idée fixe in some circles, most notably libertarians and the Ayn Rand crowd to replace this with a system of contracts or simply force but that disregards (amongst other things) that almost no idea in psychology has more empirical support than the beneficial effects of helping.
2. If we consider altruism as an emergent behavior, a sort of instinctual moral code, it should be revered as one of the highest achievements of humanity on a level with art or science.
Altruism is by definition a net negative for the individual, and I agree that it is very likely deeply rooted in our gene pool. But I certainly wouldn't hold it up as any kind of great achievement, especially considering how frequently it is exploited as a weakness by those in power ("think of the children"). I don't know if we'll ever get to the point where it can be considered a vestigial adaptation, in the same way we have unused muscles for controlling the orientation of our ears, but I hope that one day we'll be able to survive without the genetic compulsion to self-sacrifice.
It has been a long time since I gave Ayn Rand any thought, but your characterization seems pretty far off the mark to me. Have you read her books? She hated libertarians, the use of force, and she didn't want to replace altruism - she wanted it gone. Her reasoning is pretty well founded, as history is full of well intended and ill-conceived calls for sacrifice - the road to hell is paved with good intentions, etc. As far as contracts... I'd love for the world to have that level of clarity. That is why the US is such an attractive setting for business vs many other well developed economies (Mexico for instance), businesses hate uncertainty.
This simply isn't true. Humans engage in many self sacrificing behaviors for a variety of reasons. We're a social species with complex instincts and tendencies in how we form groups and collaborate. People who understand humanity is not a cartoon of individual self interest are not cowards.
1. The most pressing issue for debates is terrorism response. 
2. Lawmakers and the Executive are elected on this mandate and spend significant resources (estimated $100Bn per year). 
3. The NSA performs all of its functions based off of requirements generated by ODNI, DoD, the Chief Executive, and congress. 
4. Most individuals care deeply about privacy and think there should be greater limits to what the government collects. However, less than 10% have changed their habits to improve their privacy posture. I conjecture that this suggests that privacy is not a priority compared to physical and financial security to most citizens. 
In this case I think it is fair to say that the best interests of American society and its economy are being thwarted by security concerns of a plurality of citizens. The right course of action is for privacy debates to be publicized. The Pew report referenced in #4 shows a far greater skew toward privacy action after being informed of government and commercial surveillance.
Why would they do that? Its more likely they'll be kept for other attacks or sold to nation states for vast profits.
I also suspect there's nothing magical going on at the NSA. Whatever zero days they have are probably had by other intelligence agencies and hacking groups. Whether to report them publicly is a political decision that these groups have zero incentive to make. Ethical researchers and white hats, from my understanding, are a very small part of the scene, or at least the part of the scene that gets real results.
As for it hitting the public like this; I'm not sure we'll see this happening incredibly regularly.
Why use something like 10 tweets where a blog post lets you have as many words as necessary. You can still be concise but 140 char is too short, it's just for people that have uninteresting things to say and Snowden is certainly not one of them (unless he starts to comment about the weather in Russia).
While a blog would be much better quality, quality journalism doesn't sell nearly as well as highly-polarised, bite-sized clips.
If you don't want to wait until it's ready, I recommend tweecha - or install Google Chrome from the Play Store, that should make Twitter automatically use the Chrome webview instead.
While a blog is a better authoring medium, it's still shit for discussion, and loses some of the media impact benefits that Snowden probably intends to leverage here.
How about a screenshot with a link to the text version for those sufficiently motivated? I know most people don't care for accessibility, but sheesh, that simple courtesy would mean the world to those who use screenreaders.
Interesting that he's not afraid to point the finger at Russia while still relying on them for protection. My respect for him just went up.
Edit: I don't know why I'm being downvoted here. Isn't this a plausible explanation until we have more evidence?
Personally I think Snowden is the Lemming Prophet of the Epsilon-Tau Lizard People.
Edit: His "it's time" tweet happened less than 48 hours after the first TheShadowBrokers account (reddit) was created, prior to activity. Those accounts were dormant until the drop.
It's also possible the timestamps on the files match up to Snowden's leaks because the NSA stopped using that server / etc.
But the "it's time" tweet seems to imply Snowden may have known this was coming. It could also be a conincidence, of course.
If it were confirmed, they'd have to switch to "Well if they weren't doing anything wrong they wouldn't have to worry about being interfered with, stop being ridiculous".
FWIW, I personally would be relatively shocked if that(election tampering) did turn out to be legit. I suppose there's motive and means, but it just seems a little too far for the NSA. On the other hand, I can't understand why Snowden would put that in a tweet if he didn't want people to consider the possibility. So either,
1) He's a careless writer(I think this one is the least likely)
2) The NSA interferes with US ally's elections
3) Snowden is a Russian agent or has been coerced into that messaging
Also, like any organization, the NSA is not monolithic. It must have various strata, various different groups making it up. It is possible, for example, that 95% of the NSA operates in ways that are relatively ethical, but that there is also a more-or-less secret pipeline of information and control built into the organization's architecture that enables important figures both inside and outside of the organization to use its databases and tools and to coordinate its operations without the knowledge of most of its employees.
I wonder what more information could he have collected if he had spent a longer time contracting for the NSA. I wonder how much more about the NSA we could know if people who have dedicated their entire careers to the NSA would whistleblow.
It's entirely possible that Snowden is an ongoing CIA op to discredit their rival NSA as part of a turf war.
If Snowden were a CIA deep-cover operative against another US institution, couldn't they have found him a better safe-house than in Russia?
Having no experience with the CIA, maybe I just vastly under-estimate the amenities of Russian safe-houses. ;)
You mean thinking and arriving at conclusions not blared from approved media outlets?
Nah, cynical one-upmanship by a bunch of people who consider Tom Clancy to be a good author.
He comes from a multigenerational military family. That's the kind of background that breeds strong loyalty to the state, and the exact kind of background from which the CIA recruits its top spies.
I find it almost implausible that someone with that kind of loyalty would suddenly resign from the CIA after they invested so much in him, only to jump ship to a private contractor. If his reasons for leaving the CIA were purely moral, why would a private contractor ameliorate any of those concerns? It seems more likely the CIA sent him to Booz Allen.
But hey, it's all a big conspiracy right? Don't believe anything you read on the Internet, except what Ed Snowden tells you.
Besides, the private sector pays a lot better than the CIA, and nobody is free from the gravitas of wealth.
That's the thing about conspiracies, when there is no proof or reasonable cause you're free to just make up whatever you want.
It's a shame that snowden's CIA background isn't talked about very often.
(According to reports; we haven't heard an official account yet.)
I suppose it's not beyond belief that Snowden _could_ have been a CIA operative the entire time he was in the NSA and "blowing his cover" by going public was just the endgame to move scrutiny of CIA projects to NSA projects. Of course, there's a thousand conspiracy theories. What if that wasn't the endgame? What if "defecting" to Russia is still part of a bigger operation?
Just to be clear, I have no evidence supporting this theory, nor do I believe he's any more than he suggests. But we'd all do well to evaluate what and why we trust the things we do from time to time.
However, I did find that one of the autogenerated shellcodes for EXTRABACON contained this DoD-assigned IP: 184.108.40.206 (http://whois.domaintools.com/220.127.116.11). The OrgName is "DoD Network Information Center". This appears to be run by DISA which is also headquartered at Ft. Meade.
The "message to wealthy elites" portion of the auction message is also interesting.
"Do you feel in charge?" in quotes suggests a reference with a pretty relevant top hit (https://www.google.com/search?q="Do+you+feel+in+charge")
That also feels like a pretty thinly-veiled reference to current events in the US election cycle.
It could be someone else taking advantage of the timing but that is definitely the intended frame.
"Better than stuxnet" is also quite the claim.
And the victims cannot even surrender.
The NSA, White House, and State Department currently use Akamai for their public websites, for example.
The URL: http://because.a.tweet.doesnt.fit.lucb1e.com/?text=From%3A+h...
Example tweet: https://twitter.com/lucb1e/status/765544321747718144
This uses a third party site to display, but the data is all in the URL. Anyone could verify that the site (my site in this case) is not tampering with the content.
This is why there is so much hype over what appears at a first glance to be an obvious scam, because there is a lot of potential for civilians to learn a lot about how state-sponsored hacking actually operates. It's very different from how it's portrayed in the movies, and you really wouldn't be any wiser from not having been tainted by the movies anyways just due to the ridiculous amount of stealth involved in day-to-day operations.
If rumors are to be believed, then it means that EG can't possibly be crazy enough to make such a (relatively) rudimentary mistake like leaving behind binaries to tools that they KNOW only they have access to. These binaries don't seem like such a big deal, but the real situation is this: these binaries are the ONE thing that can tie all the dots together about all the different attacks that have happened. IRATEMONK, Stuxnet, Flame, etc. All these crazy "unprecedented" hacks that have just popped up out of nowhere could potentially be linked together with these binaries that may or may not exist. On top of that, with enough analysis, it's possible to even identify different programmers just from their stylometry, even through code, so if these binaries are detailed enough there could be the potential for correlation of the author(s).
That auction is really interesting.
Struxnet was used against a foreign adversary to disable nuclear bomb-making capabilities. That sounds pretty useful to me.
What would be interesting is learning where these came from and how they were used. If Ed's musing is right and there's evidence these exploits were used in democratic elections here in the US then there's going to be hell to pay.
Anyways, I don't "know" anything that isn't out there to be found. It's a reasonable assumption to assume that you've already assumed that I work in/around the intelligence industry/community, but this is hardly the reason I'm so interested in all of this.
Anyways, to your remark, yes absolutely Stuxnet was contracted or engineered by the US. We're completely positive that our hands are dirty in that aspect, but the real question is whodunnit. The beauty of all these state-sponsored hacks is that they can be waved away as some """rogue""" like Snowden from the outside-looking-in.
What we really want to know is how deep the roots of the tree go, and how many of these cells actually exist. How many contractors are there? Where did they come from? What are their backgrounds? What are their ethnic backgrounds? How were they recruited? What changes in their online presence can we observe around the time that they were recruited?
To be perfectly, brutally honest, I could give half a shit what happens in the election. The clinton mafia has been writing on the wall for literally decades at this point, what's another snippets?
On the other hand, somebody is out there issuing commands to potentially DOZENS of the most elite, sought-after, highly-educated, intelligence-savvy hackers. Maybe they report to a secret committee that controls them, and that committee is composed of only perfect operators. People who wouldn't fuck up and let slip that it even exists. That seems unlikely, and just from a logistical standpoint, it's complex to organize that kind of effort. In the IT world, there are project managers that went to university to learn how manage teams effectively, there's a huge science behind it and I can't bring myself to believe that a committee is capable of the watertight operations that would be necessary for this.
That leads me to believe that one of several scenarios is the truth:
A) EG doesn't exist. It's another smoke-and-mirrors trick, and there are many squads like mine that use the same name to avoid correlation, and "play characters." There is no secret mastermind, just some intel-oriented director issuing objectives, and that's it.
B) EG does exist, and is controlled by one single person, probably well-guarded, and he/she manages other smaller splinter groups, and are doing their own thing. Maybe they made a dirty deal with some USG official, and whomever that was managed to not fuck it up.
C) EG doesn't exist, and the entire thing is carefully organized by some special-purpose squad within the NSA or some such branch that we don't know about. I think this is the most likely option given some of the tactics we've seen so far, and the level of caution and just the overall "flavor" of how these hacks seem to happen. Stuxnet for example, was ALL about collecting information and guerilla operation within "hostile" nuclear environments. Prevent danger and gather as much actionable intelligence as possible.
IRATEMONK, for example, was all about spreading through networks, through USB, that sort of thing. Imagine a secure facility, guarded by soldiers, operated by intelligence professionals or nuclear scientists, or some such "high-value" people. IM was capable of spreading quickly, persistently, flexibly, etc. Just digs in and gathers it all up.
That's how modern US intelligence work is done. It's how most government work is done, period. OODA is as relevant today as it ever has been, and people like me, people like snowden that have seen those environments and those sorts of people, just recognize right out of the gate that something is a bit too familiar about it all.
I don't know very much about the election side of things. I'm certain some sneaky shit is going on, but it always has been. Nothing new.
What I really want to know, and what I think these binaries can tell us all, is who is behind these hacks. Where the power is coming from. If even just a single author is identified and correlated with something on the inside of the intelligence universe, then this whole thing is blown wide open.
These guys know how close they're cutting it, that's why this auction is so interesting because if it's real, if they're taking these risks to make money, or just to get the binaries out somehow, then there are some HEAVY implications that they might realize that they're in danger. If the auction proves to be real, it'll speak VOLUMES over something that has been previously unobservable. I'm assuming of course that the secret mastermind behind EG doesn't want the binaries out to the public, and so if they somehow make it out, then someone who had access to them did, maybe as a call for help, as revenge, whatever. Regardless, it's a sign of unrest, and that the cat's claws are indeed tearing the bag.
My handles are always snips from the Mary Poppins films. There's multiple people, but you'll get the idea. It's going to be a very interesting couple weeks!
It sounds like you're someone who knows a little more than average about what's happening.