Don't click or your IP will be banned


Hittin' The Web with the Allman Brothers Band Forum
You are not logged in

< Last Thread   Next Thread >Ascending sortDescending sorting  
Author: Subject: Did the NSA Do More Than Spy on Pakistan?

Zen Peach





Posts: 19844
(20310 all sites)
Registered: 1/19/2002
Status: Offline

  posted on 8/22/2016 at 06:21 PM

The United States’ clandestine National Security Agency (NSA) allegedly spied on top civil-military leadership in Pakistan using malware, The Intercept reported. Malware SECONDDATE allegedly built by the NSA was used by agency hackers to breach “targets in Pakistan’s National Telecommunications Corporation’s (NTC) VIP Division”, which contained documents pertaining to “the backbone of Pakistan’s Green Line communications network” used by “civilian and military leadership”, according to an April 2013 presentation document obtained by The Intercept.

The file appears to be a ‘top secret’ presentation originating from the NSA’s SigDev division.

SECONDDATE is described as a tool that intercepts web requests and redirects browsers on target computers to an NSA web server. The server then infects the web requests with malware. The malware server, also known as FOXACID, has been described in earlier leaks made by former NSA contractor Edward Snowden.

SECONDDATE, however, is just one method the NSA allegedly uses to redirect a target’s browser to the FOXACID server. Others involve exploiting bugs in commonly used email providers by sending spam or malicious links that lead to the server, The Intercept said. Another document obtained by The Intercept, an NSA Special Source Operations division newsletter describes how agency software other than SECONDDATE was used to repeatedly direct targets in Pakistan to the FOXACID servers to infect target computers.

The Intercept confirmed the “authenticity” of the SECONDDATE malware by means of a data leak reportedly made by Snowden.

Snowden released a classified top-secret agency draft manual for implanting malware which instructs NSA operators to track their use of a malware programme through a 16-character string – the same string which appears in the SECONDDATE code leaked by a group called ShadowBrokers. ShadowBrokers last week announced that SECONDDATE was part of a group of NSA-built ‘cyber weapons’ that it was auctioning off.

Although it is unclear how the code for the software leaked and was obtained by ShadowBrokers, The Intercept claims “the malware is covered with NSA’s virtual fingerprints and clearly originates from the agency”. The ShadowBrokers auction of SECONDDATE is the first time any full copies of NSA software have been made available to the public.

“The person or persons who stole this information might have used them against us,” Johns Hopkins University cryptographer Matthew Green said on the dangers of such software becoming available to the public. Speaking to The Intercept, Green said that such exploits could be used to target anyone using a vulnerable router. “This is the equivalent of leaving lockpicking tools lying around a high school cafeteria. It’s worse, in fact, because many of these exploits are not available through any other means, so they’re just now coming to the attention of the firewall and router manufacturers that need to fix them, as well as the customers that are vulnerable.” The Intercept has in the past published a number of reports from documents released by Snowden. The site’s editors include Glenn Greenwald, who won a Pulitzer Prize for his work in reporting on the whistleblower’s revelations.

From International News sources.


Remarks: Seconddate is auctioniong off spying malware created by the NSA to spy on people. NSA software in the hands of the people to do whatever they want, boy it is that a scary scenario. Which should we fear more geeks with NSA software? Or what if it falls into the hands of terrorists who are also geeks? Oh boy, then they can take down the internet including the financial and banking systems or hack into nuclear missile deployment systems? The NSA developed software that can be used for nefarious purposes and now that software is being auctioned off. Spying is bad.


[Edited on 8/24/2016 by gina]

 

____________________
"Mankind is a single nation" "Allah did not make you a single people so he could try you in what he gave you, to him you will all return, he will inform you where you differed". Quran Chapter 2 Sura 213

 
Replies:

Zen Peach



Karma:
Posts: 19844
(20310 all sites)
Registered: 1/19/2002
Status: Offline

  posted on 8/26/2016 at 07:37 PM
https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-co nfirm/

One slide points out that the attack works on users with an encrypted wireless connection to the internet.

That trick, it seems, often involves BADDECISION and SECONDDATE, with the latter described as a “component” for the former. A series of diagrams in the “Introduction to BADDECISION” presentation show how an NSA operator “uses SECONDDATE to inject a redirection payload at [a] Target Client,” invisibly hijacking a user’s web browser as the user attempts to visit a benign website (in the example given, it’s CNN.com). Executed correctly, the file explains, a “Target Client continues normal webpage browsing, completely unaware,” lands on a malware-filled NSA server, and becomes infected with as much of that malware as possible — or as the presentation puts it, the user will be left “WHACKED!” In the other top-secret presentations, it’s put plainly: “How do we redirect the target to the FOXACID server without being noticed”? Simple: “Use NIGHTSTAND or BADDECISION.”

To position themselves within range of a vulnerable wireless network, NSA operators can use a mobile antenna system running software code-named BLINDDATE, depicted in the field in what appears to be Kabul. The software can even be attached to a drone. BLINDDATE in turn can run BADDECISION, which allows for a SECONDDATE attack:

Elsewhere in these files, there are at least two documented cases of SECONDDATE being used to successfully infect computers overseas: An April 2013 presentation boasts of successful attacks against computer systems in both Pakistan and Lebanon. In the first, NSA hackers used SECONDDATE to breach “targets in Pakistan’s National Telecommunications Corporation’s (NTC) VIP Division,” which contained documents pertaining to “the backbone of Pakistan’s Green Line communications network” used by “civilian and military leadership.”

In the latter, the NSA used SECONDDATE to pull off a man-in-the-middle attack in Lebanon “for the first time ever,” infecting a Lebanese ISP to extract “100+ MB of Hizballah Unit 1800 data,” a special subset of the terrorist group dedicated to aiding Palestinian militants.

Documents published with this story:
•NSA Central Security Service: FOXACID SOP for Operational Management of FOXACID Infrastructure (Draft)
•Wireless LAN / CNE Tool Training Course and Evaluation &#9702;Course introduction
&#9702;Introduction to WLAN / 802.11 Active CNE Operations
&#9702;Introduction to BADDECISION

•NSA: Expeditionary Access Operations: NSA’s Close Access Network Exploitation Program (“CNO Course – EAO”)
•NSA Remote Operations Center: FOXACID Overall Briefing
•NSA SIGINT Development (SIGDEV): SIGINT Development Support II Program Management Review, 24 April 2013 (select slides)

Contact the author:

Sam Biddle

email sam.biddle@theintercept.com

his twitter handle is @sambiddle





[Edited on 8/27/2016 by gina]

 

____________________
"Mankind is a single nation" "Allah did not make you a single people so he could try you in what he gave you, to him you will all return, he will inform you where you differed". Quran Chapter 2 Sura 213

 
 


Powered by XForum 1.81.1 by Trollix Software

Privacy | Terms of Service | Report Infringement | Personal Data Management | Contact Us
The ALLMAN BROTHERS BAND name, The ALLMAN BROTHERS name, likenesses, logos, mushroom design and peach truck are all registered trademarks of THE ABB MERCHANDISING CO., INC. whose rights are specifically reserved. Any artwork, visual, or audio representations used on this web site CONTAINING ANY REGISTERED TRADEMARKS are under license from The ABB MERCHANDISING CO., INC. A REVOCABLE, GRATIS LICENSE IS GRANTED TO ALL REGISTERED PEACH CORP MEMBERS FOR The DOWNLOADING OF ONE COPY FOR PERSONAL USE ONLY. ANY DISTRIBUTION OR REPRODUCTION OF THE TRADEMARKS CONTAINED HEREIN ARE PROHIBITED AND ARE SPECIFICALLY RESERVED BY THE ABB MERCHANDISING CO.,INC.
site by Hittin' the Web Group with www.experiencewasabi3d.com