Hacker News new | comments | show | ask | jobs | submit login
Snowden: NSA just lost control of its Top Secret arsenal of digital weapons (twitter.com)
657 points by Yrlec 17 days ago | hide | past | web | 296 comments | favorite

A good time to remember the official US Intelligence Community statement and policy/lie on 0days, as given post-heartbleed:

    When Federal agencies discover a new vulnerability in commercial 
    and open source software – a so-called “Zero day” vulnerability
    because the developers of the vulnerable software have had zero days
    to fix it –  it is in the national interest to responsibly
    disclose the vulnerability rather than to hold it for an investigative
    or intelligence purpose.


A nice "gotcha" but probably more fair to include this portion:

> Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.

...due to the fact that most of the EQG vulnerabilities appear to be crafted for specific collection targets, not stumbled upon and held onto for fun.

Could this problem be fixed by splitting the NSA into two competing agencies, one handling offensive signals intelligence, and one handling cryptography research and disclosures?

Intuitively it seems when the same agency performs both roles it creates a conflict of interest and bias against disclosure.

But then your second branch ends up looking(to the government at least) a lot like a research program instead of anything meaningful in terms of intelligence.

Research can be counter-intelligence, and thus intelligence.

How about a third agency that focuses on securing our digital infrastructure?

Then we'd need a fourth agency to coordinate between them, and don't forget the fifth agency in charge of oversight.

And don't forget to give all the money and power to the offensive agency, while keeping the oversight agency to an intern in a broom closet somewhere.

I actually approve of your plans to keep the oversight agency really minimal.

That government is best which governs least.

Sounds good to me

How about NSA just does this, per its name, and the offensive signals intelligence gets handled by the CIA?

CIA is primarily HUMINT (and intel triage, covert operations, etc) so their focus is going to be on the end points for individual targets. SIGINT is a gigantic field and a shift like this would essentially just a merger of NSA's SID into CIA while leaving NSA with just IAD.

Genuinely curious, what would be the gain in doing that?

I've wondered how "zero day" mutated from its original meaning of "pirated software cracked and released on the day of its commercial release" to "a software vulnerability of which the software's maintainers are not yet aware". There doesn't seem to be any connection aside from illicit cracking.

This is part of the evolution of w0rdz. Now, it just means "fresh". The l33t-speak mutated once it went from warez to expl0itz. This should be obvious. If not, i'm pretty sure they teach this in l33t 101 or even l33t 95.

Zero day has been used in this context for at least 15 years and means that the vulnerability has been publicly known for zero days, or rather it is an undisclosed vulnerability.

The nomenclature of pirated "zero day" cracked (or usually just copied) software releases is at least twenty five years old, but likely older.

Wish "1day" would somehow make a comeback. "0day" sounds cooler, of course, but it was a lot easier to find 1day FTP warez sites in the wild than 0day sites.

Around the time of the end of my swapping of floppies back in the day, it was getting frustrating as none of the "cool" swappers accepted anything but 0day, and most would be annoyed if you couldn't regularly supply -7 to -14 day releases so they had a week or two to spread things to their downstream contacts before it'd be too stale. In other words a lot of them depended to a large extent on internal leaks... I remember receiving the occasional C64 game that was not even finished by the time it was spread.

That's pretty hilarious that they were doing that even before widespread internet. I think a lot of crackers got so caught up in building and maintaining face in their tiny community that they forgot the actual reason they were doing it, i.e. "people want to play video games without paying for them".

I think that to a lot of them, this was no different than a sports team or similar - it was a competition, and the games were just a tool.

I did some minor research in the past..

The origin of 0-day (zero-day) in hacking (etymology of zero-day): http://bjorn.kuiper.nu/tag/zero-day/

A good time to remember the actual policy of the US government on 0-days (the so-called VEP), which is more nuanced than the tinfoil hat crowd is willing to understand. https://epic.org/privacy/cybersecurity/vep/

Interesting read. Anyone know where the vulns disclosed under so-called VEP are listed? Effectiveness the VEP policy, which the FBI directory calls "informal", would be measurable now when comparing disclosed via VEP vs undisclosed/disclosed via leak.

Why is everybody posting/curious about the language of the blog post and not the contents of the file?

I've looked through some of the contents.. Some look incredibly old, but others target odd things.. lots of cPanel. My only guess is take the low hanging fruit to build "jump box" type systems?

Some odd examples: ElegantEagle/toffeehammer.. focuses on cgiecho for RCE. The thing is, a CVE was just released for this case maybe a month ago?: http://www.cvedetails.com/cve/CVE-2017-5613/

So if this dump was from 2013, why did the CVE recently pop up? Or is that coincidence?

Many people may not be technically savvy enough to understand the contents of the file, but everyone is interested in who the author is. In fact, these exploits are rather old, but the identity of ShadowBrokers is fresh.

And the idea that you can figure out where someone is from by analyzing their written text is as fascinating as doing the same to their code.

> the idea that you can figure out where someone is from by analyzing their written text

That idea is quite well known, so it's likely that the post was written like that deliberately. I was just wondering if you could create a similar sounding post with a chain of people rewriting the original in their own words.

It's pretty fascinating to read the Shadow Broker's posts. They have to write something, since they can't just say "I work for Russia and we're reminding America that they're not invulnerable." So they have to come up with all sorts of contrived reasons about why they're doing this, complete with broken english to fool stylometry detection that walks the fine line between being believable and preposterous. Someone spent a lot of work getting it to look so terrible.

As a Russian myself, I can tell you with certainty that there are mistakes in that text that a Russian ESL speaker would never make, and verb tenses are a bit too good for an unskilled speaker. Due to the combination of these two factors, I bet this was written by a native English speaker who thinks he/she knows the mistakes a Russian would make. They're wrong.

"Actually it's probably a false flag to make Russia look bad." - throwaway71958, created 8 days ago

2017 in a nutshell right there.

For a pro-Russian shill I seem to be doing a bad job, seeing how I'm actually Russian and made no attempt to conceal this fact.

Eh, new account, and a throwaway, don't get offended at people not taking you seriously. You could just as easily be a 14 year old in North Dakota.

Hi. I live in North Dakota! I get hacker news RSS feeds to my phone and made this account to reply to your comment.

Probably from Alaska. I know you can "See Russia from there"...

You can actually, barely see it.

Just not from the mansion in Juneau

Good thing then that it's from an SNL skit and not something Palin actually said. This seems lost on many, many people.

Yes she said, "you can actually see Russia, from land, here in Alaska." (And not "from my house"). Why this was ripe for satire was that it was the response to "What insight into Russian actions particularly in the last couple of weeks, does the proximity of this state give you?" IMO she repeated part of the question as her answer and it didn't go anywhere near the seriousness of the questions before about Ossetia.

Indeed. Most people forget that the response was to "Why do you know about Russia's foreign actions"... 'Because I can see Russia' is effectively what was said.

It really harkens back to much of the Republicans' desire for anti-scientific thoughts, and lack of critical thought. It also explains the overly simplistic thought of "Well, the weather is nice, this climate change must be bullshit".

Don't get me wrong, I think the Democrats have significant problems of their own. For example, they're not able to properly convey scientific thought to the masses, and instead rely on shaming and insulting. That's not exactly a way to engender people to your view.

No, you're doing a great job; claiming that you are Russian is essential to the particular doubt you are here to sow.

Full circle irony: I find the argument of the dubious throwaway more beliveable than OP.

Count us both.

The BS one hears today (against Russia, etc) are the "WMD"s of 2017.

There's a single superpower the last 2+ decades (Russia is no USSR) and it has a long history of pushing for its "interests" all over the world, starting wars, grabbing resources, overthrowing governments, supporting all kinds of lunatics and dictators.

And covering the whole damage they do with holier than though finger pointing, made up stories, and generally BS they serve a docile and mostly ignorant on anything happening outside their home state, much less worldwide, population. Or, actually, worse than ignorant: mostly informed from mainstream tv news presenting them the "enemy du jour", but with a complete lack of context and history, and with any nuance and details jumbled up in their minds (in a "Go to Austria, see the kangaroos" fashion).

Whether its a Joe Sixpack or a college educated person, in the majority of cases they equally lack context and perspective, and have no real reason to even try to get one, since they have no skin in the game: some other poor suckers will go and fight (e.g. literally poor whites, blacks and latinos going into service) and some remote countries will pay the toll, so no big deal.

I can't say I agree with all of the foreign policy decisions made on my behalf in the last few decades. But Russia reaps what it sows. And it sows corruption much worse than ours.

Also it's remarkably unfair for you to cherry pick our foreign policy misdeeds while leaving out all of the good we've done over that same time frame.

I wish we cultivated a better interest in world news and culture here. Our natural borders play some (small) role in our isolation. But, yes, the population at large also ignores much of the global news.

> Also it's remarkably unfair for you to cherry pick our foreign policy misdeeds while leaving out all of the good we've done over that same time frame.

Considering the US government and it's MSM propaganda machine tell only one side of the story, I'd think you'd be comfortable with someone telling the other side of that story, if it's fairness you're seeking of course.

Who cares who's leaders are worse? Both countries are ruled by people without the population's best interest at heart.

Do not trust the people telling you Russia is behind all of these problems for the US. Even if it's true, it's a fraction of Russians that are guilty, and if you judge the whole population by what they've done Americans are guilty of a whole hell of a lot too.

Russia is no USSR, but Putin is ex-KGB. On one hand I agree with you that it's overdramatised to some extent, and that it's likely that a lot of the claims about Russia are made up. On the other hand, Putin seems like exactly the type who would see intelligence and manipulation as a way for Russia to punch above its weight and is likely to be engaging in it.

The problem with trying to unravel the truth about Russian hacking is that both sides have similar incentives to play up the drama: For the West to paint Russia as a threat plays straight into an agenda of making Russia seem relevant and powerful. Because of that, there's no reason for Putin to try particularly hard to squash allegations whether they're true or false.

>On the other hand, Putin seems like exactly the type who would see intelligence and manipulation as a way for Russia to punch above its weight and is likely to be engaging in it.

Sure, but at the level Russia can afford, and "puppeteering the US president" is a BS claim way above that, tailor-made for a nation spoon-fed with shows like 24 and Homeland and endless claims about how all the world "plots against it" while itself does exactly that globally (and nobody bats an eyelid).

And while Russia/Putin will use such tactics for their country's (and/or his own) immediate interests/survival (e.g. in Crimea, a place with a huge majority of ethnic Russians, or the middle east), they don't have neither the means or the history of meddling and plundering all over the world.

The claims are mostly a way to invent a present-day Bond villain, an easily identifiable target, like it has been played out tons of times in the past. Russia has too many natural resources and wants to control its periphery, something that goes against the general "interests" and plundering intentions of outside players, hence the pressure, combined with the constant post-Cold-War expansion of Nato to suffocate them.

If instead of Putin there was some friendly dolt selling Russia wholesale to foreign corporate interests (instead to national players that the country can somewhat control -- something which is labeled "cronyism"), like e.g. Yeltsin, it would be all love and hugs with EU and the US, even if they did ten times worse in freedom internally. You know, like those lovable Saudis.


Just seems like general obfuscation to me. It would be very weird for anyone to make assumptions about their identity based on broken english.

While I get your wider point, I find the different types of mistakes that ESL'ers with different mother tongues make absolutely fascinating.

I've noticed, say, that in Poland, where the native tongue lacks articles, people regularly mess up "the" and "a," or miss them altogether. I've never met a French person with the same issue, for obvious reasons.

When I started looking into people's mistakes with tenses in English - dear god, so much about my native tongue that I had no idea about, and yet made particular nationality error combinations really stand out. It's crazy fun.

Edit: and I love my eldest's progress with English. While she's basically a bilingual preschooler, she tends to speak English with polish word order: I like cars red. Her natural instinct is to also use the polish rules for nouns when choosing he/she/it. It's an absolutely fascinating process I feel privileged to observe.

> I like cars red

Interestingly, that word order is also valid English, though it has a slightly different meaning than "I like red cars".

Example: "I like [my] soup warm".

"I like soup warm, but you can eat it cold and left over if you want."

"I like having soup warm"

"I like my cookies freshly baked"

"I like men muscular and toned"

"I like my women blonde, so you can go for the brunette"

"I like cars red" doesn't quite work as well but doesn't seem wrong. Add a little context and it seems more normal. "As a buyer of many sports cars, I like my cars red, even despite the speeding tickets I get".

Perhaps a linguist could explain how this phrasing works.

(That said, of course I advocate teaching her to speak fluently and to use that word order only when she intends its subtlety of meaning.)

I think this form puts the emphasis on "how?" instead of "what?".

What do you want? - I want tea. How do you want your tea? - I want my tea hot with sugar.

I think it is a short hand slang for "I like cars painted red." or "I like cars colored red."

I think it's short for "I like for cars to be red."

No, in Polish adjectives normally go before nouns, just like in English.

I assumed he was facetiously referring to Reverse Polish Notation[1].

[1]: https://en.wikipedia.org/wiki/Reverse_Polish_notation

No, it seems to me more like Polish is actually one of his daughter's native languages.

Ehhhh... not often quite set in stone enough that you can rely on it, especially for spoken language. Emphasis and a whole host of other situations lean towards - but by no means demand - order in the example given.

Another angle I haven't heard is that they are just having a bit of fun for the lulz: They know their adversaries can (fabricate) attribute with or without obfuscation (cyber war signalling style). So they bring it over the top with some cold war 80s action movie dialogue. It serves no other function than to taunt and confuse and hear some American housewives on Twitter go: I dunno, sounds Russian to me!

By halfway through I was kinda surprised they weren't going the full hog and throwing in a good Da, or Nyet, the people's... for full effect.

The full effect seems to be a thread of 200+ comments talking about the language in the release, sentence-for-sentence, and many (un)witting agents pouring over the contents of the files.

Perhaps, besides the fun of imagining someone having to explain to McCain what a "double dutch rudder" is, the language serves a higher purpose of increasing virality and impact.

> It would be very weird for anyone to make assumptions about their identity based on broken english.

They could be haven trying to disguise themselves, maybe fearing a grammatical analysis or somehow exposing some fingerprint in how they construct sentences.

And as throwaway claimed, if you speak both English and Russian (I do), and have heard many others who speak both English and Russian for a many years you start to pick up patterns and understand when someone is speaking with a fake-make-it-sound-Russian style.

Due to the combination of these two factors, I bet this was written by a native English speaker who thinks he/she knows the mistakes a Russian would make.

Or it is Russian and they intentionally formulated this as cartoonesque Russian, so that everyone says "this can't possibly be Russian, it's someone who tries to put the blame on Russia".

The problem is that if this comes from a government power, it is likely that they have the resources to use some professional translators and/or linguists to make it look whatever they want it to look like.

Anything here that is not backed by other data is just pure speculation.

Quite. If this was actually designed by a state actor, they have access to professional linguists who specialise in this sort of stuff. You're not going to figure out who it is unless they want you to, and it certainly won't be obvious enough for a cursory browse to identify provenance.

Why do people keep saying it's Russian or someone faking Russian? Clearly it was written to avoid identification by text analysis or whatever it's called.

I'm also Russian, and I have to concur with this assessment after looking at the text (while noting that I do generally believe that Russian government was actively involved in cyberattacks against US, including, among other things, to affect election results last year). It does sound very much like a native or near-native English speaker trying to fake Russian accent.

This text structure is from the poem "America" by Ginsberg. They're playing with it. Particularly first second third person stuff.

I'm pretty sure that was GP's point. The text is intentionally garbled with no identifiable first-language bias.

Not really. The GP is implying that they are Russian with this

>since they can't just say "I work for Russia and we're reminding America that they're not invulnerable."

But the person who replied is saying how the grammatical obfuscation doesn't look like something that's done by a Russian but by an English speaker who is trying to sound like a Russian with bad English. Because a Russian with bad English wouldn't make those mistakes.

To my ear, this obfuscation sounds Middle Eastern, due to the frequent use of "-ing" in verbs whether it belongs there or not. I know an Iranian guy who does this a lot.

The whole point is to feed it through translation services dozens of times until the meaning remains but the actual word selection is super poor and completely unidentifiable.

It's weird to me that you're trying to push this to blame another group so quickly, especially with an 8 day old account.

Yes, that's what I do sometimes, using offline apps with local dictionaries.

> I work for Russia ...

does not imply it was done by a Russian.

Well, there's no Russian first-language bias in that text for sure. Another argument in favor of the opinion that this was written by an American: the author seems to be well versed in the memes of the US political discourse. Someone from outside the US is unlikely to even know or care about Trump's "movement", or who "Bannon" is, or "drain the swamp", or "white privilege" etc. They're also unlikely to abbreviate "New York Times" as "NYT". The telltale signs are all over the text.

That's a terrible analysis, I'm not from the US and know all of the above and would abbreviate NYT. I'm not hugely into US politics but I'm not ignorant of it either. Hell the BBC, Der Spiegel and Le Monde all covered Bannon losing his NSC seat.

> the author seems to be well versed in the memes of the US political discourse

that's not exactly hard for anyone that payed even a little attention during the very controversial US political season in 2016. Same with Brexit. The terminologies and crux issues have been widely debated on the social web. I would say it has actually been very difficult to escape

Right. However, things like "caucus" and "SCOTUS" are really unlikely to be written by a Russian, on any English knowledge level. We do make mistakes, but our mistakes are different. In this text, there are too few common mistakes, and too many strange things.

> things like "caucus" and "SCOTUS" are really unlikely to be written by a Russian, on any English knowledge level

What a weird thing to say. Even the most native of idioms can be learned, and there are plenty of fully bi-tri lingual people in the world.

Mining the text for cultural clues is a fool's errand.

I've observed the whole Brexit thing with great interest, but I don't feel well versed in the vernacular. And for someone well versed, it'd be difficult to know what the person who's not well versed wouldn't know. Which is what we're observing here.

You won't be well versed in the vernacular of any political event unless you follow the news. But that's just as true for native speakers. You seem to imply that people who learn tens of thousands of words to communicate in a foreign language would be unlikely to learn the additional vocabulary of the current events. Especially the big events. Could anyone with a British friend in Twitter never hear of the NHS bus, for example? Unlikely.

Unfortunately, as with any form of communication, the only way to know where something really came from is to find the source, whether an individual or a collaboration. Facts are still being discovered about decisions, choices and actions relating to Benghazi, years ago. Obfuscation of the source is intended to delay. It works. Masking the source behind fingers pointing to cultures is a "cheat", and cheaters do not like to be discovered. Personally, we have been presented with evidence of tools and techniques of Alinsky in the 2016 U. S. election.

Yes, exactly. While those are still somewhat plausible (I am Russian, and I might have occasionally used all of these ironically), it was "POTUS" and "SCOTUS" that made me 99% sure that this text was written by an American (or at least a US insider). You guys love your acronyms.

Yup, I've been living in England for over 20 years and my English language proficiency is well above that of most of the locals, but I still had to look up SCOTUS and POTUS a few years ago (probably when I started reading HN actually). Now that I know them I still would never consider using them in writing (the former is actually reminiscent of something offensive).

British native here. Do you not watch much TV or many movies?

I don't own a TV. :) I do watch some movies now and again though, especially when flying long haul but I never had one that mentioned those. Off the top of my head I can only think of 24 as a candidate but I never watched that.

Anyone who's spent any significant amount of time in political threads in reddit (just for example) would know those acronyms.

I think it's not a matter of knowing the acronyms but rather using them in your writing. Even though I'm aware of POTUS, I would simply write "The President" or "The US President" - it comes much more natural, from all the times its been used in local media to refer to our own/foreign presidents. Same reasoning for the US Supreme Court.

I honestly don't know why you guys are trying to divine identity based on textual clues like this. It's safe to assume every stylistic and linguistic choice is deliberate.

Sure. But if that's what you really think, then you don't get to assume that the DNC was hacked "by the Russians". Agreed?

Are you able to elaborate on how this case is related to the DNC hacks? ShadowBrokers was never accused of being the same as Guccifer2, as far as I understand.

I'm not saying he/she was. But do consider that in one case the most cursory circumstantial evidence is enough to convict, but in this case the same level of "evidence" is not enough to exonerate. Double standard, anyone?

> the same level of evidence

Whatever's written in that blog post, and how it's written, is neither enough to convict nor exonerate.

No, as a fellow Russian I am fine to admit that the DNC hacks were probably done by us. When the leak happened, there was a little too much enthusiasm in Russian hacking circles. Guccifer2.0's style was also consistent with Russian writing.

But when the Shadowbrokers leak appeared, the community response was more like "wat."

> if that's what you really think, then you don't get to assume that the DNC was hacked "by the Russians". Agreed?

Are you saying there's some letter written in broken english that's being used as proof of Russian involvement in the DNC hacks?

Now that we know the "tools used" "proof" is worthless because CIA uses those tools too, is there anything else?

What does that have to do with my point about inferring identity based on textual clues in this blog post?

'doktrin perhaps you have confused this subthread with a different one; it would be understandable since you've seen fit to post on this page sixteen times already. (Bonus points: you've used the phrase "paid shills" twice!) Unless you're willing to admit now that you are the DNC staffer who leaked all their dirty laundry to Wikileaks, you've got to admit that this tawdry hermeneutical argument no longer suffices to prove The Russians Did It.

> perhaps you have confused this subthread with a different one

No, but since you're obviously confused let me explain which thread we're in. The common topic, stretching back to the top comment, is armchair linguistic "analysis" :

>> (throwaway71958) Well, there's no Russian first-language bias in that text for sure. Another argument in favor of the opinion that this was written by an American: the author seems to be well versed in the memes of the US political discourse. Someone from outside the US is unlikely to even know or care about Trump's "movement", or who "Bannon" is, or "drain the swamp", or "white privilege" etc. They're also unlikely to abbreviate "New York Times" as "NYT". The telltale signs are all over the text.

>> (atemerev) Yes, exactly. While those are still somewhat plausible (I am Russian, and I might have occasionally used all of these ironically), it was "POTUS" and "SCOTUS" that made me 99% sure that this text was written by an American (or at least a US insider). You guys love your acronyms.

>> (doktrin) I honestly don't know why you guys are trying to divine identity based on textual clues like this. It's safe to assume every stylistic and linguistic choice is deliberate.

>> (throwaway71958) Sure. But if that's what you really think, then you don't get to assume that the DNC was hacked "by the Russians". Agreed?

>> (doktrin) Are you saying there's some letter written in broken english that's being used as proof of Russian involvement in the DNC hacks?

>> (jessaustin) Now that we know the "tools used" "proof" is worthless because CIA uses those tools too, is there anything else?

>> (doktrin) What does that have to do with my point about inferring identity based on textual clues in this blog post?

Which brings us back to the present - as you can see, it's you and throwaway who are trying to derail the thread at the last minute with red herrings about the DNC hacks. I'm not sure why you feel like it's super relevant here.

> Bonus points: you've used the phrase "paid shills" twice!

Again : you're confused. I used the phrase once (the other "use" you're thinking of was obviously a citation)

Don't feed the trolls, man

Maybe they're a non-American who's trying to look like an American who's trying to look like a Russian.

Possible. Certainly those are not genuine mistakes by native Russian speaker.

Yes, I think that we can agree on that.

That's far from true. Professional propagandists from Russia would definitely know about that stuff because they'd follow the campaign. Other trolls outside USA would see headlines that could give them useful information. I have no idea of nationality of the author but nothing in it precludes them from being Russian. Especially at this level in the game where people might put talent or time into faking things to generate a specific reaction.

While this is true, it doesn't mean that they don't work for Russia or even live outside of the US.

I'd be curious as to which particular "anti-mistakes" you had in mind (that you believe a non-native speaker wouldn't be likely to make). I have some hunches (like the over-use of linking verbs, and certain overly-idiomatic colocations), but I'd be curious as to what stands out in your view.

"The peoples" is unlikely. "-ing" after most verbs is unlikely. "the" is unlikely before "Freedom Caucus" and "NSC". There's no "the" in Russian, and ESL speakers often omit it, or put it where it doesn't really belong. The word "caucus" in itself is unlikely: I've never even heard of it before I moved to the US, it's not in common use abroad. "Whose" is unlikely. "To destroying" is very unlikely. "Will be happening" is unlikely ("will happen" is far more likely). "Be remembering" is very unlikely. "Do you be thinking" is very unlikely. And so on.

'freedom caucus' is a proper noun referring to an organization, they wouldn't need to know the meaning in order to use it. also you seem to ignore the possibility of using some machine translation assistance (eg for short phrases or sentences) which could account both for irregularities and correct verb conjugations.

To this day I don't know what the word "caucus" would even correspond to in Russian. And English/Russian language pair is notoriously bad in machine translation systems. We're talking borderline unreadable, in either direction.

> To this day I don't know what the word "caucus" would even correspond to in Russian.

It would vary depending on the meaning in English, too.

The kind of caucus that nominates candidates would be "выборный съезд".

Congressional caucus is actually trickier, just because there's usually no close equivalent in other parliamentary systems (including the Russian one). It's like a political faction, but 1) its platform is not all-encompassing, and 2) its membership is not exclusive (i.e. people can, and normally do, belong to several different caucuses). For that, I don't think there's any good word other than loaning the English word directly.

It's a proper noun that describes an obscure sub-structure of US Congress. Now, quickly, name some sub-structures of the Russian Duma for us, and tell us what Putin thinks about them.

fascinating. To me, this linguistic analysis is much more interesting than the data dumps.

Very cool. Thanks for the data points.

Sure, but I'm betting that a russian backed attempt to sow chaos could hire someone capable of putting together a decent sentence in english. There could be all sorts of reasons for the broken sentence. Sentence structure can be a sort of fingerprint, I would probably run any message I had through google translate a few times until I had something which was still legible, but didn't sound like my writing. And that has the benefit of making it seem like a non-english speaker wrote the post, its all just misdirection.

People are assuming Russian or someone pretending to be Russian. For me the person is an Iranian living in the West possibly Europe.

If you have a copy of the linguistic analysis written by Shlomo Argamon, please post it.

Can you give us some examples?

CIA got it...

They went even harder at it in an earlier medium post:

"TheShadowBrokers is having special trick or treat for Amerikanskis tonight."


I suppose though, that "Amerikanski" might be used outside Russia. Serbia, Bulgaria? Misdirection seems more likely though.

Amerikanski is used in those languages to indicate ownership (eg. This is an American car) so to someone of slavic speaking origin this would be wrong (they would've said Amerikanci to indicate plural). But even aside from that, this honestly sounds so put on. Even the worst english speakers I know from eastern Europe know that you add an "s" to form plural. We all take English from elementary school and nobody would make that mistake, not to mention that it's a mistake even in a slavic language.

A much more common mistake you will find is not knowing when to use "the" or "a".

Edit: unless it is a Russian pretending to be an American who is pretending to be Russian which, who the hell knows, anything is possible.

Noticed this in the same post:

"Let us be speaking regarding corruption"

That sounds like a common phrasing I hear from Indians who aren't native English speakers.

So maybe Indian pretending to be an American pretending to be Russian? Heh.

I dunno man the whole thing is a mish-mash not resembling anything specific to be honest. Random obfuscation to hide true origin perhaps?

But the correct use of definite and indefinite articles indicates someone with a more than competent knowledge of English (whatever their nationality may be).

Amerikanski also means American language, but I think it would be a little stretch for Amerikanskis to mean people who speak american english.

Implausible, I guess. It feels more like somebody faking a russian person writing in english for obfuscation rather than deception purposes.

This is actually a tell-tale sign that whoever wrote this doesn't speak Russian. Let me explain why.

In English, the noun describing the nationality is also an adjective describing belonging to, or affiliation with, that nationality. E.g. "An American is driving an American car".

In Russian, this is not the case - they are different words, sharing the same root. Some examples (noun - adjective):

US: Amerikanets - Amerikanskiy EN: Anglichanin - Angliyskiy DE: Nemets - Nemetskiy AR: Arab - Arabskiy CN: Kitaets - Kitayskiy

There's one and only one exception, and that, ironically, is the word for "Russian": "russkiy". It's the same for both the noun and the adjective, and, as you can see by comparing it with the list above, morphologically it looks like an adjective. The historic explanation for that is that it originated from the time of the Varangian conquest of Eastern Slavic lands, when the population was referred as "the people of [belonging to] Rus" - "Russkie lyudi" - where Rus was the name of the Varangian tribe in question.

Anyway, what this means is that no native Russian speaker would use the word "Amerikanskiy" to refer to Americans. It only makes sense as an adjective in "American something". However, the addition of "-s" at the end to indicate plural unambiguously tells us that whoever wrote this, treated it as a noun. Which would make perfect sense for a native English speaker, for whom the two are naturally conflated.

And the most obvious explanation for that is that if you put the word "American" by itself into Google Translate, for example, it can't decide whether it's a noun or an adjective without context, so it has to assume one or the other. And it seems to be assuming adjective by default, so you get "Amerikanskiy" back.

Oh, and by the way, writing at as "Amerikanski", without the final "y", is also something that hints strongly that it's not a native speaker. A native speaker would likely transliterate it letter by letter, starting from Russian "Американский", yielding "Amerikanskiy". However, that final "y" is really short when spoken, which is why native English speakers often miss it entirely when transcribing.

On top of that, Polish uses "-ski" for the same words: "polski", "rosyjski", "angielski", "arabski" etc. In Polish, it's also a very common (and ethymologically related - think "of ...") ending for last names - e.g. Piłsudski. There are a lot more Poles, or at least families with Polish ancestry, in US in particular than there are Russians. As a result, Polish last names are pretty common and well-known, as is their spelling. So, that spelling is often applied to vaguely similarly looking and sounding Russian loanwords and transliterations, which also leads to dropping of that final "-y" in "-skiy".

So, definitely not Russian, and overall slightly more probable to be a native English speaker from US.

That's, of course, assuming that the wording wasn't deliberately mangled to look like fake Russian, in a double misdirection...

This has happened before, right down to Snowden being involved:


"This is probably some Russian mind game, down to the bogus accent"

this is a wildly informative post, very glad you chimed in

> is having special trick or treat for Amerikanskis tonight

Sounds like a villian from a 60's Bond flick.

It's way funnier if you read it in the voice of Boris Badenov (of "Rocky and Bullwinkle" fame).

Alternatively, they're someone else trying to look as if they're Russian-affiliated when they're not. "I work for Russia" would be unbelievable, so they sidle around trying to look suspiciously Russian without saying so.

I speak 3 languages including Russian. I agree with the throwaway's post that it sounds like someone was trying to write like a Russian but didn't do a very good job.

Well, they certainly seem to have succeeded in fooling plenty of people around here.

To be fair, you don't have to try very hard to get someone to believe something they already believe.

To quote a Russian poet, Alexander Pushkin: "Oh it is not hard to fool me, for I am willing to be fooled."

Count me in -- I bought it / am buying it. Who has an interest in making it look like Russia?

I thought the folks who were acting concerned about the young throwaway accounts were just being paranoid. Until the next sequential throwaway account showed up and piled on. What gives? Is HN influential enough to deserve astroturfing / propaganda from state intelligence services?

It's not so much about "making it look like Russia" as it is about making the current administration look illegitimate. There are literally trillions of dollars at stake, as well as very affluent lifestyles of some very influential people who have been running things for decades. They might end up being replaced by a different group of people, and they don't like that one bit. And they are fighting it tooth and nail. Just goes to show how little power is really vested in the officials we elect (yes, "we", I am a US citizen), and how much of it is wielded by the amorphous Washington DC apparatus that doesn't change no matter who you vote into office. Explicitly going after them, the way Trump promised in the final months of his campaign, is a suicide mission, if he actually decides to follow through on the threat. But I don't think he actually has the power or indeed the smarts to "drain the swamp" in any kind of meaningful way. This draining is long overdue, but there's no way to accomplish this without some world class statesmanship, and without having the intelligence community on your side, and Trump is at odds with both of those things.

And here's some Russian perspective on "draining the swamp": that's actually one thing Putin did when he came to power. Under Yeltsin, the government was basically run by oligarchs, and they could do whatever the hell they wanted. Putin and Russia's security/intelligence community that installed him laid down the ground rules, and made it clear that from there on out orders would be coming down from the Kremlin, not the other way around. One oligarch rebelled (Khodorkovsky) and was put in prison for a decade. Which, by the way, was entirely deserved. Most Russians were disappointed that other oligarchs didn't follow.

The issue with "draining the swamp" is that this creates voids that other people fill. Which they did under Putin. So even though oligarchs are pretty obedient now, there's a much stronger swamp sub-structure of Putin's pals under the covers which is darn near impossible to remove until he dies, and they're all under his control.

So armed with this perspective, I like two features of the US political system that many other Americans (native and naturalized) intensely dislike: the divided congress and the constant Mexican standoff between the executive and the legislative branch. If those guys could agree on anything, that's when we'd really be in trouble. Case in point is once again Russia, where the executive branch can request whatever laws it wants and be 100% sure they'll pass the Duma. The result is predictable: harebrained laws protecting the incumbent regime.

I think that any agency with the capability to break into the NSA has also the capability to hire a proofreader. That is, any mistakes left in the documents are there intentionally.

This thread is slowly devolving into the linguistics equivalent of the poison scene in the Princess Bride :


Why are you so certain they are Russian?

FWIW Snowden speculates "Circumstantial evidence and conventional wisdom indicates Russian responsibility. Here's why that is significant" - https://twitter.com/Snowden/status/765514891813945344

That 13-point tweet series paints a surprisingly plausible picture. I'm looking forward to getting the full story in about 20 years time.

We'll be very lucky if in 20 years, the world is still so free and functional as it is now... and I'm not trying to talk up the state of the world today.

I try to remain optimistic, because allows me to continue being largely complacent with and complicit in the slow decline of free and civil society.

Slightly tongue in cheek, but only slightly.

It's weird, though. Sure, it could be some kind of tit-for-tat thing, but I wonder more about 3rd party 'allies' in the middle east who have more to gain by pitting the US against Russia.

Then again, I'm sure that there are enough people and intelligence services in play to make everything confusing.

It's the popular thing to assume these days. It's also very insulting to Russian people in my opinion. But I guess it's ok to be prejudice towards some group of people but not others.

This is a discussion about the Russian government, it doesn't really have much to do with Russian people in general.

That sentence is correct however you read it out.

It is "discrimination" to be suspicious of state actors? Was Snowden performing discrimination in exposing the NSA's spying?

Did you reply to the correct person? I never said anything about discrimination, nor did the person I was replying to.

Prejudice and discrimination are close enough to synonyms. You shouldn't be confused by the word swap.

...But neither of us said Prejudice either!

"It's the popular thing to assume these days. It's also very insulting to Russian people in my opinion. But I guess it's ok to be prejudice towards some group of people but not others."

Is that not the comment you were calling correct?

That's what "the person [you] replied to" was talking about, that use of the word prejudice.

This is a discussion about the Russian government, it doesn't really have much to do with Russian people in general.

That is what the person I replied to actually said, and the comment I was clearly referring to; the point being of course, that a discussion of the Russian government has no more to do with the Russian people than the Russian government does.

Two points then:

1. When you made https://news.ycombinator.com/item?id=14069152 you may have thought it "clearly" referred to the sentence by burkaman, but multiple people thought you were refuting burkaman and referring to snowpanda's comment.

2. Even though you were referring to burkaman's comment, he was directly talking about the sentence that used the word prejudice, and arguing that it was not prejudice. Your claim in https://news.ycombinator.com/item?id=14069723 and https://news.ycombinator.com/item?id=14071992 that burkaman was not saying anything about prejudice is untrue. He was directly refuting a claim of prejudice.

Russia uses online trolling as a tool. It's widely documented. This use of trolling leaves Russia open to accusations even when they're not involved.

For a well documented case: http://www.stratcomcoe.org/internet-trolling-hybrid-warfare-...

> Russia uses online trolling as a tool.

So does JTRIG[1][2], and probably many other groups as well. Russia isn't the only suspect for this kind trolling.

[1] https://theintercept.com/2014/02/24/jtrig-manipulation/

[2] https://www.schneier.com/gchq-catalog/

Widely documented by "The NATO Strategic Communications Centre of Excellence", the most obvious enemy of Russia?

Human rights violations in the U.S. are also well documented by China:


The US does legitimately have an imperfect human rights track record, and most Americans who follow the news would agree (while at the same time being aware of China's own hypocrisy in this matter)

Likewise, Russia has a well documented history of sponsoring online propaganda campaigns, and most people who aren't delusional or paid shills would agree.

Two negative things about two different countries can in fact both be based in truth. Weird.

It should be obvious that the USA is not a singular political whole.

So why do we say "the Russians" and "the Chinese" as though they each form a political whole.

I mean, we know the CIA gets up to some pretty nefarious shenanigans, quite possibly without the express approval of The Administration.

It just seems like a lot of pots sitting around talking about how black the kettles are. Sure, some kettles are blacker than some pots.

paradite is saying it's not well documented. It's poorly documented by people highly incentivised to lie.

But hey, if you already wrote off anyone who disagrees as "delusional or paid shills" then you're too far gone to reason with. Literally nothing anybody ever says can make you think twice.

> poorly documented

Uh huh







> if you already wrote off anyone who disagrees as "delusional or paid shills" then you're too far gone to reason with. Literally nothing anybody ever says can make you think twice.

Not true, but it would definitely take more than that hand-wavy uncertainty yarn you're trying to spin

Both the NY Times and the Guardian seem to hate Russia and all things Russian. I constantly read things in those publications that are ludicrously biased or simply wrong. They don't count as credible sources to me anymore.

And as was already pointed out, you stated that "Russia sponsors" but even the first article states that the alleged project is the work of one guy who apparently has money to burn - not the government.

I honestly think HN is the target of some of these trolls as well.

A significant percentage of younger (as well as non-younger for that matter) people have practically no exposure to mainstream media, so naturally one should expect propaganda (from the various players) will be brought to online forums of all kinds.

I feel HN has been specifically targeted as a source of above-average discourse, therefore it must be comprised.

Well documented analysis of a corpus of comments on some Latvian sites, yes. Anything in 100+ pages serving as a proof of Kremlin connections with the "hybrid trolls" (gotta love the newspeak)? Not so much. I don't know whether Russians are xenophobic aggressive bastards or knights in shining armor exposing the wrongdoings of others, it's just that claims along the lines like "Russia uses online trolling" seem exaggerated.

Russian here: Russia very definitely does use online trolling domestically (same as the US I guess). They also use paid "pro-government" rally attendees. That's very well documented, including direct video evidence on Youtube.

I very much doubt they're competent enough to pull something like this convincingly here in the US and avoid early detection and counter-intelligence response. Thus far no evidence whatsoever was presented that any of this was Russian, let alone state sponsored. That's either some truly elite level GRU work, to the standard we have not ever seen before, or there is, in fact, no "paid Russian trolls" on The_Donald. My opinion: there's no way in hell they could pull this off without getting noticed _well before_ the anointed Democratic candidate lost the election.

> They also use paid "pro-government" rally attendees.

Christ, even the Canadian government does this, and we're about as unsophisticated as it gets.

The naivete of people getting their panties in a bunch over the revelation that The Evil Russians participate in hacking and propaganda, how can you be so unaware of how the world works?

> claims along the lines like "Russia uses online trolling" seem exaggerated.


gamergate, /pol, /b, alt-right, the_donald, antifa use online trolling. In context, saying a state actor uses online trolling is an extremely conservative claim. I'm sure there's online trolling in favor of and sponsored by US, Chinese and Macedonian interests (to name a few) too - but Russia's actions are much better documented.

Alacritous state actors more nimble at trolling than 4chan? You decide, I don't care. My problem is that US, Chinese, Russian and Macedonian sponsorships by state actors are equally unproved - if you read into "Trolls from Olgino" reports carefully. US's sponsorship is objectively less probable: English being lingua franca hampers American wannabe "hybrid trolls" [0].

[0] https://www.theatlantic.com/education/archive/2015/05/fillin...

> My problem is that US, Chinese, Russian and Macedonian sponsorships by state actors are equally unproved

Disagree. There's no such thing as perfect certainty, but the only real question about Russian troll sponsorship is one of scale.


> US's sponsorship is objectively less probable: English being lingua franca hampers American wannabe "hybrid trolls"

This is an interesting observation, but I think you either underestimate American resources, or overestimate the logistics of online influence manipulation campaigns.

For illustration : there are about 1m fluent Russian speakers in the US, and about 4m fluent English speakers in Russia. Sure, it's a bigger talent pool : but both countries could rope in bilingual cyber propagandists by the thousands if they felt so inclined.

Honestly I think appeals to emotion like this have no place in dispassionate conversations about international espionage.

Trying to figure out who they are by analyzing the content of these posts is like trying to figure out if a child is lying by asking them repeatedly. Other sources of evidence are necessary.

Anyway, while their nationality isn't obvious, their childishness is. I think that's the only detail that can really be gleaned from the text itself.

Unless the childishness is also intentional to mislead. The whole post is bizarre, I would take it all with a grain of salt.

Shlomo Argamon has reposted his linguistic analysis http://multaverba.blogspot.com/2017/04/initial-linguistic-an...

After reading the analysis, I think the author focused too much on "native speaker". It seems entirely plausible to me that the text was written by a fluent non-native English speaker, who was trying to make the post look like the more common broken English proclamations from Russian hacking groups for whatever reason(blending in and throwing off investigations maybe).

It's mindless drivel. The only thing you are reading is a mirror of your own preconceptions.

He goes on to further state:

"Quick review of the #ShadowBrokers leak of Top Secret NSA tools reveals it's nowhere near the full library, but there's still so much here that NSA should be able to instantly identify where this set came from and how they lost it. If they can't, it's a scandal."

Asking a president to do x,y or z by making this type of public statement probably implies it's geared towards the immediate readers and not some leader that might read it.

The security agencies might have made a lot of enemy over the years so it's not clear who benefits from this. Either financially or as ego boost.

The internet is definitely bigger that what most people might have predicted 20 years ago. So its not really a big surprising to see as much or even more power struggle than in real world battle fields.

Since every side has a propaganda to peddle, I, personally can draw no reasonable or coherent conclusions on what type of decisions are shaping the world I live in. But I am nonetheless curious to see how this all plays out in the coming years.

There is a related post on HN about this. [0]


[0] https://news.ycombinator.com/item?id=14066596

The cynical and conspiracy theory believing person might suspect that regardless of all the reasons stated for the release the last one, namely the attack in Syria, is the only one that actually prompted this.

I don't necessarily subscribe to the whole "Russia is controlling everything" line (there still so much that's unknown for sure), but it sure is easy to see a connection between Trump launching missiles against Syria which is supported by Russia, and with an embarrassing and costly release of secret information belonging to the security apparatus in the U.S. by what many people say is a front for the Russian security apparatus. Whether that connection is really there is another thing, but that narrative sure is easy to follow.

> [..] with an embarrassing and costly release of secret information belonging to the security apparatus in the U.S. by what many people say is a front for the Russian security apparatus.

I have difficulties interpreting your statement. Are you implying US security services are "a front for the rudsian security apparatus"?

No, I'm stating that some people have accused the shadow brokers and other hackers that have released U.S. assets of actually being fronts for Russia.

Can someone remind me why Snowden would be in a position to comment on if this release comprises a full or partial set of hacking tools? Specifically, does this imply that his cache of data included a list of these tools, or was his day to day job one such that he would have been normally in contact with this toolset?

> Can someone remind me why Snowden would be in a position to comment on if this release comprises a full or partial set of hacking tools?

I wouldn't interpret that that tweet as "lost control of its full arsenal". It seems that say that, but then it's a tweet and length-limited. Maybe let's just wait until a more nuanced analysis surfaces?

It's further down in the thread: "Quick review of the #ShadowBrokers leak of Top Secret NSA tools reveals it's nowhere near the full library ..."

Replying to self because I just got around to watching the movie.

In his final days before the leak Snowden was part of the counter espionage cyber division as an NSA contractor. He was actively hacking and preventing hacks from China. These might not be part of the toolset he used, but its reasonable to believe he would have been aware of them and had access to them.

I disagree with this. These tools appear to be for information collection, not offensive cyber operations.

A) Snowden is not making that claim

B) This dump is from 2013, not long after Snowden left, so still relevant to his knowledge on the subject. Although he wasn't trained for TAO.

Obviously, Perl is the NSA top language choice due to it's built in support for obfuscation and job security.


It couldn't be because perl is installed by default on all of the target platforms. Practicality trumps conference talks when there's work to be done, even in the government.

I know it's not the HN norm, but I believe the parent was making a joke

A joke? On my Hacker News?

I can assure you, practicality and job security have no place in the same sentence when discussing government work.

Although you're joking, Perl was invented to make an NSA project easier to develop. That project was first, high-assurance VPN: BLACKER. It was also NSA's attempt to do something secure for once since they lost the argument to INFOSEC co-founder, Roger Schell, where they thought only communications security, not computer security, mattered. They contracted it to TRW who made a lot of secure stuff & government systems in general back then. Larry Walls was a smart, properly-lazy programmer working at TRW who wanted to make irritating parts of his job easier with better tools. The resulting tool, PERL, had much more impact than BLACKER VPN. ;)

Whereas, the NSA's project failed initially because the team couldn't design a security kernel that had great security and acceptable performance. Told NSA they'd have to pick one. Schell told NSA he knew a guy with a design, GEMSOS, with both properties. NSA reluctantly used GEMSOS in BLACKER. The first, highly-secure VPN w/ general-purpose kernel was born. Who knows what the deployment or usability side of it was, though. Classification rules kept them from publishing on it for a decade or so where it then got paywalled. Classification is probably why Larry Walls didn't say much about BLACKER when describing its history. At least ones I read.



Neither article makes any mention of Perl, which isn't terribly surprising, since BLACKER is still highly classified, with very little is publicly known about its design and operation. You'll find some discussion of BLACKER in my recent article: http://ieeexplore.ieee.org/document/7763734/ (Open access/free pre-print version: http://iqdupont.com/assets/documents/DUPONT_FIDLER-2016-Prep...)

A few points of note: it's rather weird to call BLACKER a "VPN"; it's likely much broader than this (it's a network, crypto suite, secure kernel, system architecture, etc), and yet encompasses a very different goal. In fact, the degree to which it originates out of secure kernel research is, we argue in our paper, somewhat unclear, and perhaps this is only a small part of the equation.

If anyone has any additional information about these early architectures, I would love to speak with you, contact me at http://iqdupont.com.

It was here thanks to acqq:


Yeah, BLACKER did quite a bit. It was a network MLS component like many others that came after it. GEMSOS, Boeing SNS Server, and DiamondTek LAN are examples. Modern variant would be an Octeon 2 or 3 PCI card with similarly secure software.

Too much to explain, though. BLACKER's main purpose was securing the connection between dumb terminals and things they connected to. It used crypto, MLS, and TEMPEST-style hardware. It was a network device as well. A VPN is closest term for modern audience to convey its main goals.

The second paper mentions BLACKER and MLS, but nothing about perl. The closest perl comes to MLS is "taint" mode, but that seems a stretch. The first paper is pay-walled. Are you sure you're not thinking of SELinux?

That's the one. Thanks.

I wanted to link it but nothing came up in my bookmark search. As is typical. I think my bookmarks are too packed for search to even work right. So, I just described what I read in the past.

The content reads pretty clearly like a native English speaker imitating immature hacker-speak. It comes across as if it were written by a script-kiddy; that may be intentional.

NONE of you guys read poetry? This is a bend on "America", by Ginsberg. All coding and no poetry makes Jack a dull boy. Read it.

Care to elaborate on this? (No, I don't read poetry but I'm curious about the connection)

This is what everyone has been saying since last year when they first posted the auction...

Looking through some of the code and some of the docs, these look old. In absence of a lot of time or some missing docs, not sure how usable these things are.

In the article pointed out by Snowden: https://www.nytimes.com/2016/08/17/us/shadow-brokers-leak-ra... they state that the stolen code is from 2013 and Snowden was quoted in Wikipedia saying "circumstantial evidence and conventional wisdom indicates Russian responsibility".

To me it seems impossible that non-state-sponsored hackers would have gotten their hands into top secret NSA hacking tools. If I'd have guess it would seem that TheShadowBrokers are "useful idiots" that Russia gives information in the way they did (probably) with Wikileaks. The real question is why would anyone leak these files at this very moment? Did it take this long to get angry at Trump or are there some others factors at play?

> To me it seems impossible that non-state-sponsored hackers would have gotten their hands into top secret NSA hacking tools.

About as impossible as the Snowden exfiltration, so that makes it entirely believable.

All it takes is one rogue employee or plant. And if you don't want to burn an inside asset it would pay off to release files that are several years old.

Releasing several year old files is signalling. "Next time it may include your zero-days". Remember the previous threats?

> What this have do with fun Cyber Weapons Auction? We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what "Equation Group" can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle? "Do you feel in charge?"


These look much older than 2013. So much of this stuff is targeted at sun/sco.. the only thing I can suggest is: most state/government systems are simply ancient.. so their tools will be tailored to their targets.

"conventional wisdom", which means "knowledge of conventions and traditions", in this case means "guessing".

For example, this tool says: https://github.com/x0rz/EQGRP/blob/master/Linux/doc/user.too...

# ELATEDMONKEY is a local privelege escalation exploit against systems running the cPanel Remote Management Web Interface, at least through version 24, and probably future versions too (althogh that should be checked before throwing).

It has been tested explicitly on cPanel 11.23.3 and 11.24.4 running CentOS 5.2 Linux


Those versions are from 2008/2009

I wish I could say I'm unaware of a few thousand c5 machines still currently running prod and internet facing at just one of my previous clients; but I can't. These releases don't make things much worse than they were for those folks but let's not pretend there isnt a lot of unmaintained compute that this still applies to and that his is likely to change anytime soon.

Don't underestimate the ability of failing smbs to dismiss the risks involved with that when they can't pay to fix it.

/u/jvoisin on /r/netsec has a writeup: https://hackmd.io/s/r1gLMUUpx

He notes that though much is targeted at older systems, a few things that look yet-unpatched.

It's usable. If i remember correctly, Cisco have patched few vulnerabilities from their 'free' version of leaked files.

Nicholas Weaver‏: "Overall, though, it looks like the auction file from Shadow Brokers is mostly a bust, better stuff in the free file."


the grugq: "Calling it now: the first ShadowBrokers dump was an expensive signal. This latest one was not (expensive, that is.)"


What does "expensive signal" mean in this context?

He expands in his Medium post from last year, here: https://medium.com/@thegrugq/the-great-cyber-game-commentary...

From the Medium post linked (https://medium.com/@shadowbrokerss/dont-forget-your-base-867...)

- Don’t care if you swapped wives with Mr Putin, double down on it, “Putin is not just my firend he is my BFF”.

- Don’t care if the election was hacked or rigged, celebrate it “so what if I did, what are you going to do about it”.

This has got to be a fake group trying to discredit Trump right? I don't like him or what he's doing, but surely surely his supporters don't subscribe to at least the latter view there?

> surely surely his supporters don't subscribe to at least the latter view there?

You must not have very many conservative friends on Facebook. "Russia didn't write the emails" has to be one of the most popular memes of the last 6 months.

How is that a "meme"?

I don't know any conservatives but every single leftist I know thinks that russophobia is at absolutely deranged levels, as a vehicle for Clinton apologism.

The idea that "Russia decided the election" is absurd, but repeated often enough, is starting to be taken as truth by those who find it palatable.

If Hillary Clinton didn't have such high unfavorables it wouldn't have been a contest. If Bernie hadn't siphoned off some of her support it wouldn't have been a contest. Russian meddling and Comey's last-minute maneuver definitely cost her the election, but only by swinging the vote less than 1% in a few key states.

I don't think Putin seriously believes he can control US elections and probably recognizes this as a one-off lucky break.

The whole point for him is the PR value: having Trump claim elections are rigged is pure PR gold for Putin. Having Trump claim protesters are paid Democratic shills (rather than real people who don't like him) is Putin cover. He gets to point at those words and say "see, it's the same everywhere". It gives Putin supporters cover to believe his lies and it takes the wind out of the sails of Putin's detractors.

My guess is Putin's original plan was to take advantage of Trump claiming he lost due to election rigging but we'll probably never know.

> If Hillary Clinton didn't have such high unfavorables it wouldn't have been a contest. If Bernie hadn't siphoned off some of her support it wouldn't have been a contest.

How about if Hillary simply picked Bernie as VP? Is there anyone here that thinks she wouldn't have won on that decision alone? Don't blame Bernie supporters (I am not one, to be clear), why should they walk a mile to Clinton's positions when Clinton herself won't even make the most modest concessions to their side?

Hillary was pro-war, only half-ass wanted a minimum wage hike, pro free trade agreements, pro fracking, and said Single Payer was never happening. I honestly don't understand why any liberal would have voted for her.

Right, I would have never voted for her, and not saying that she would have been any better with Sanders, but I think it's very likely she would have won.

>having Trump claim elections are rigged is pure PR gold for Putin

The majority of Dems I know saw the election as rigged too. The Dem primary was absolutely disgusting, and then of course CNN got caught giving debate questions to Hillary.

'meme' just means idea/though that gets passed around.

Coined by Dawkins to describe things like; "how to make fire", as a good meme that gets passed along.

A lot of the scripts appear to have been written by the same person, or is that just me reading into it? They have a distinct comment style in both Python and Perl.

Also, a lot of the tools appear to instruct people to paste various things in to them. I find it unlikely that a single person wrote all the tooling for the NSA, but, who knows.

I noticed the same thing. And it's very informal, which surprised me. Would have expected this kind of documentation to be pretty dry.

> "NSA just lost control of its Top Secret arsenal of digital weapons"

This is just inaccurate, or at least purposefully misleading. The NSA did not just lose control of its "Top Secret arsenal of digital weapons".

They "lost control" of mainly a bunch of old exploits whose release will not matter because anyone who is running this old junk won't be updating their servers because of this news.

I don't know anything about the value of this crap, but I do find it interesting to grep through looking at the IPs (which I presume are compromised machines from which they are initiating attacks). See `./bin/pyside/targets.py` - http://ihep.ac.cn/ - Chinese Academy of Sciences High Energy Physics - http://utc21.co.kr - Korea

from: https://github.com/x0rz/EQGRP/blob/master/Linux/etc/opscript...

#### JACKLADDER - triggering IN thru JACKPOP on Linux (FAINTSPIRIT) ####

### Local window, let this sit and wait: ourtn -T -n -I -ue -O 113 -p 443 -C

### on PITCH: set up window for nopen callback -nrtun 113

I haven't read enough broken English to take a gander at what the native language is for the authors of that...manifesto. Anyone have a good guess? There's some pretty common mistakes throughout ("peoples" for people, "Americans' having" for "Americans have").

It's likely to have been run through an author obfuscation tool which mangles the language to avoid stylometry detection.

I hadn't thought of that. Interesting.

There's plenty of omitted articles (which is indicative of Slavic language speakers,) but at one point it devolves into a kind of caveman speak, so it's likely intentional.

Most likely an American trying to write in an Eastern European accent.

Yeah, it's so over the top that it reads like a native English speaker's intentional obfuscation.

I immediately thought of the "Opulence, I has it" commercials from DirecTV.

this. and probably an american that had not lived outside the US long enough to notice how over the top the effort comes off as.

This stuff looks old. There are versions for Solaris and SCO Unix.

Solaris is still a valid target. Samsung have several datacentres running workloads on Solaris to the point where it made sense to buy Joyent. Don't you think finance running exadatas are probably worth targeting also?

> $ua->agent("Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");


There is at least one very large bank (which I won't name) who is unable to move off ie6 for some internal apps which to my knowledge are still using this in some backoffices even today.... At least two years ago they were paying Microsoft less money than a rewrite would cost to support it so it kind of makes sense....

I only found that bad boy out after disabling some ciphers on some loadies which broke a lot of their stuff....

I wonder what this is for: https://github.com/x0rz/EQGRP/blob/master/Linux/bin/strangeF...

It looks like it's searching for files/directories with unusual names (like ". ") that system administrators wouldn't normally notice.

I remember (probably around 10 years ago) of a compromised server with a couple of strange files ". " and ".. ". After looking into it I realized that they were a ftp server and a process name changer. I would say your guess is correct, this script is probably used to spot weird file names which would pass unnoticed with a simple "ls".

I have a bit of a hard time understanding why so many people think this is written by Russians. Obviously the grammar is not correct, but it would seem very strange to think this has any significance, and it seems more plausible that it was done in an attempt to hide the authors identity. (My spontaneous feeling was that it was written by Jar Jar Binks, and not Russians, for whatever that's worth.)

I'm not from the US and have not followed the news from there recently, but from what little I have seen much of the actual contents of the message does seem to reflect the feelings of Trumps "base"? Or would people more familiar with US politics say this is incorrect?

Is there any doubt the Shadow Brokers are Russian and working for Russian interests? The timing of releases, international events concerning both countries and pointed measures are far too suspicious to be considered circumstantial.

Sure, but that's what someone would do if they were trying to implicate Russians.

Maybe they knew we'd think it odd for Russians to speak with a Russian accent so they did it anyway to trick us.

"Are you the sort of man who would put the poison in his own goblet? Now a clever man would put the poison into my goblet, because he would know that only a fool would drink the goblet given to him. I am not a fool, so clearly you wouldn't do that. But you must have known that I was not a great fool, so I mustn't drink from the wine in front of me!" [0]

[0] https://www.youtube.com/watch?v=U_eZmEiyTo0#t=1m20s

Yeah, pretty much. Except no poison drinking was involved here. Unless it was the NSA that did it. And of course, this was all old stuff, so it wasn't really very poisonous.

But really, really, really. There's just no way to know.

Who else, besides Russia, plays these spy games with the US?

North Korea, China and Israel come to mind. Also many independents. And the US probably plays with itself.

Great Princess Bride reference.

However, the moral I derive from this is the fact that the poison was put in both goblets.

Government organizations like the CIA are not just poisoning the other, but themselves and the people they are supposedly protecting as well.

Legacy of Ashes, et-all.

Almost certainly what a Russian disinformation campaign would include. But you cannot easily hide motives and attack patterns. These kind of campaigns scream Russia, no one else in the world operates like them or could operate like them. Almost everyone in the intelligence circles include Snowden agrees they are Russian. Smells like a duck, quacks like a duck...

Well, if it's so obvious to you, then you could easily copy it. And so, why not someone else?

It's not easily copied, that's my point. The MO of this campaign (and others) isn't easily done, which is why it's easy to narrow down suspects. There are only a few possible intelligence agencies that could do something like this and only Russia has the motive.

You can't have it both ways. If it's so easy to spot, it's easy to emulate. And how can you rely on motives? What you have is evidence, from which you infer motives. When there's so much avowed certainty with such subjective evidence, one must suspect an agenda.

I'm not sure that's fair to say, you can recognize patterns, spot and attempt to emulate something, but that doesn't mean you actually are doing it correctly. Lots of militaries try to emulate the US military but cannot. Operational expertise, tempo and other factors are really difficult to nail down and something that's developed over time and with practice.

I think what you're saying is fair, but the only nation state actors with the right combination of evidence, agenda and motives would be Russia. Who else?

Maybe the US, trying to manipulate itself against Russia.

So, you are suggesting that TheShadowBrokers is a CIA effort, right? And that they elected Trump too to destroy Russia?

Maybe I've missed some key evidence here, but how do we know that the same entity is behind both TheShadowBrokers and the efforts to get Trump elected?

I do suspect a new level to the Cold War, where "Russia" was disrupting US society through many channels. Including, for example, Mad Magazine and then The Realist. We also know that "the US" was manipulating the postmodern art scene. Organizing groups, publishing magazines, etc.

But maybe I've been manipulated to think that, by some third party, which has an interest in global disorder. It's very hard to find reliable information, when nothing is what it seems.

Yes. We're in the middle of an information war between America and Russia. I highly recommend doubting everything that involves either of these countries. I'm yet to find a single source of information that doesn't contain bias one way or the other. Even HN seems to have a "of course it's Russia" bias these days.

> America and Russia

Remember that even naming these two countries is a bias unless there is specific evidence. America and Russia are obvious suspects, but other countries (and even non-state actors).

There is very little actual evidence and far too much time spent on useless - and distracting - speculation.

> Even HN seems to have a "of course it's Russia" bias these days.

I suspect a lot of people are still using cold war era standards for how propaganda works. The modern methods[1] are a lot more subtle. A potential example might be this very thread where a lot of people seem to be wasting time speculating about the leak's origins instead of looking at the actual evidence that is available: the software itself.

[1] e.g. Russia's "non-linear warfare" methods that introduce as much confusing/distracting chaos as possible, or the psychological wedges JTRIG (GCHQ) uses to split communities before they grow into larger "problems".

Likely a response to the Syrian airbase tomahawking from a couple of days ago?

Russians are known for what they themselves call "asymetrical answers", so this seems to fit the pattern.

Honestly though, how does leaking tools from the NSA whom Trump was suspicious of just a few weeks ago constitute an attack against him?

Like others are saying, there's a mismatch between the overall sentence structure and progression - which strikes me as more native - and the mistakes. I don't buy the verb misconjugation especially, a Russian ESL learner at that level would get that right more often than not.

Source: many conversations with Russians learning English (also near-native Russian)

Excuse me while I just...


Not because I'm especially interested in the tools (although, granted, I have not had a look at any of them yet), but because I always wished this could be given to everyone.

Also, for a moment there, I was concerned 7z was insecure and that the passphrase had been bruteforced. Apparently not! Very nice.

Regardless of the source, full disclosure works. Whomever is responsible for releasing this material is also improving computer security for everyone. Thank you.

All of this spy vs spy intrigue makes my head hurt

Given the latest world events, I've personally come to realise that security agencies play an important role in keeping us safe, from external entities or from ourselves.

This is disaster in my (current) opinion. We tend to dismiss the work the likes of NSA do, not thinking much about what would happen if they didn't do it. Snowden categorically dismissing anything that NSA does, just means he's a deluded idealist, much like I used to be.

> Snowden categorically dismissing anything that NSA does

That's not representative of Snowden's opinion at all. From the beginning he's always stated he believes in the mission of the intelligence agencies. Heck, he used to work for one.

"I am not trying to bring down the NSA, I am working to improve the NSA" [0]

[0] https://www.washingtonpost.com/world/national-security/edwar...

I don't think he dismissed anything, he simply exposed what is currently happening.

We make a kind of deal with our governments, some things we agree to be kept in the dark about for security reasons (specific intelligence or some clandestine operation or other) but I don't think that deal covers the kind of surveillance snowden exposed and I don't see at all how exposing the actions of our governments is deluded or idealistic: can you elaborate?

Why would you prefer not to know what your government is doing when knowing doesn't break the 'willful ignorance' contract we entrust these people with?

Or maybe we just need more traditional intelligence because focusing on identified threat based on field intelligence is more effective than spying on every communications and hope to somehow filter relevant data point over noise.

If I two terrorists agree to act when a nyan cat is posted on a specific Facebook account no neural network can help you manage the threat. Human based investigation and infiltration on the other hand can lead to real world judiciary actions.

This implies, without evidence, that all of the work that NSA does is directly related to keeping us safe. I wouldn't be so quick to lump it all together like that.

Then, of course, there's also the objection that "keeping us safe" is not an absolute. There are many ways to keep people safe, but they're so extremely onerous that we don't practice them. Totalitarian societies with pervasive open surveillance (think 1984) are very safe, for example, but at what cost? So clearly there's a balance, and one can't just dismiss any concerns about the cost of that safety by saying that it's necessary - it has to be demonstrated that it is (i.e. that the gains from that increased safety justify the losses from intrusiveness).

I agree, to quote Mike from breaking bad.

"Just because you shot Jesse James, don’t make you Jesse James.”

Snowden is skilled at data theft and not a source of wisdom when it comes to surveillance.

The liberal media (hate to use that term) is equally complicit. They have trotted him around as source of wisdom. The leaker of Pentagon Papers had a position that allowed him to asses the subject matter. Snowden on the other hand was a sysadmin.

Indeed we can either believe the world getting irreversibly worse after these leaks, is just a coinsidence, or somewhat related.

A lot of people died, it would be naive to think snowden's actions didn't contribute to it. However noble his intentions might be.

shadowbrokerss remind me of this guy:


100% American from Georgia, sometimes loses Russian accent and slips into perfect English:)

"We voted for you, comrade. Here is old malware from deepnet kiddy porn site post for to confuse."

Could be Russia pissed about puppet twitching without permission, or could be Bannon (via Cambridge Analytics?) pissed about puppet twitching without permission.

Twitch, puppet, twitch!

If it's twitching without permission, it's not a puppet.

ElegantEagle. nice

No code though?

ShadowBroker's blog posts always crack me up

Even if they did this, the content is rather funny. Hilarious that such people possess so much power yet they lack an informed understanding of the world around them. That, or it is propaganda. I'm going to side with the latter.

Yes, I'm aware, or, I speculate that ShadowBrokers are utilizing this to unduly burden Eastern Europeans, Russians and Chinese hackers

but really, asymmetric information is asymmetric. We just don't know.

But now we can speculate that they are American citizens, with their mention of voting for the US President.

They could also just lie to gain support from impressionable readers and/or disgruntled Trump voters.

remember that 1000s of paid russians were used to interrupt our election on sites like reddit. wouldn't be surprised if a few leaked to this site. especially with green accounts.

If you suspect organized behavior like this on Hacker News, please email us at hn@ycombinator.com and flag such comments that violate the guidelines. We take this seriously and we're happy to investigate. But do that instead of comment about it here, because the kinds of discussions we're trying to have always come more easily when we assume good faith.

We've detached this subthread from https://news.ycombinator.com/item?id=14069328 and marked it off-topic.

HN is by now a well known forum, and exerting influence over its participants would be valuable for many parties; including but not necessarily limited to state actors. Hence, it's fair to assume that there are comments made in bad faith - particularly in highly visible political threads like this one.

Identifying specific malicious actors (and their origin) is tricky from a reader's POV, so the best I can personally do is not let ridiculous statements go unanswered. Ignorance is more common than malice, but I'm sure there's a bit of both in here today.

>remember that 1000s of paid russians were used to interrupt our election on sites like reddit.

Or so a 2017 version of the "red scare" goes, so that the military industrial complex can sell more weapons and more "safety", and the fingers can keep being pointed at some enemy or another. That way their budgets get approved, some poor countries pay the toll (who cares anyway), and they might even be able to plunder them afterwards. Worked wonders the last 30+ years.

Not to mention that the US sponsors tons of NGOs, magazines, organizations, events, political parties, etc, with favorable views to its interest all over the world, and has done that none stop since at least WWII, meddling with elections, paying journalists, etc -- and when nothing else works.

ahhh..... whataboutism[0]. classic russian tactic.


Confirmation bias: classical lalala-hands-in-the-ears-denial tactic. Also, not a Russian. Tinfoil much? Besides I'm not the one who opened an account here a mere few months ago. I'm a regular on HN for 5+ years.

Now, regarding the accusation of "whataboutism", I found that it's the stupidest of knee-jerk responses. It makes looking at all sides look like some kind of error.

"Yeah, my side can kill, invade, meddle with others, bully, strong-arm, etc as it sees fit. But if your side does 1/10th of those things even when its justified, or even if I just accuse you falsely of doing them and you dare to point out that it's actually my side doing those things and worse, then I call out your whataboutism".

Instead of putting things into perspective, examining their history, the causes, the role of different players, people point the finger to a single direction (seldom to their own side's and rarely to the biggest offender), and when called out on it and get reminded of the greater state of affairs they go "oh, that's whataboutism".


two green accounts with username number that is 2 away from each other. -__-

Looks like bullshit. It does not match the vault7 leak, which is supposed to be from the very same NSA.

It is Russians. The classic example of Dunning Kruger effect. In a generally low IQ environment and primitive criminalized cultural environment they truly believe that what is enough to fool everyone around them, including the bosses (who are supposed to be really smart), will surely fool everyone else.

This is the phenomenon of negative selection of a cancer-like corrupted society (which ran for a three decades already) at work. They are literally decades behind of the technological progress and culture of the modern civilization.

They simply have no idea of what possible level of intelligence and sophistication could be found in places with decades of consistent high-IQ-based selection, like companies staffed with top 5% of MIT/Standford/Caltech/Berkeley graduates and what this kind of organization could do (think of Apple, Google, etc).

A high-tech US govt agency would never had such a crap in their folders. They are not a bunch of disconnected from reality, overconfident, self-deluded with their own primitive propaganda Russian punks.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact