Thursday, March 08, 2018

How the NSA Tracks Hackers, and Hacks Other Countries

When the NSA hacks machines in Iran, Russia, China, and elsewhere, its operators want to know if foreign spies are in the same machines because these hackers can steal NSA tools or spy on NSA activity in the machines. If the other hackers are noisy and reckless, they can also cause the NSA's own operations to get exposed. So based on who else is on a machine, the NSA might decide to withdraw or proceed with extra caution.


In fact, it's not uncommon to find multiple advanced persistent threat groups on high-value systems. In March 2014, Kaspersky Lab discovered multiple groups on a machine at a research institute in the Middle East that Kaspersky dubbed the "Magnet of Threats"; in addition to Regin, believed to be a British spy kit, they found the NSA's Equation Group malware, as well as modules belonging to Flame, believed to be an Israeli operation; Animal Farm, believed to belong to French intelligence; Careto (or Mask), believed to be a Spanish-speaking nation-state group; and Turla, a Russian-speaking group.

In the case of hacking tools belonging to the close U.S. allies in the "Five Eyes" group that includes the United Kingdom, Canada, Australia, and New Zealand, it's likely looking for these for deconfliction purposes, so that parties with mutual interests aren't running into each other on the same machines. But in the case of Stuxnet, one of the former intelligence officials said that signatures were added by the Territorial Dispute team in 2010 after Stuxnet had begun to spread uncontrollably -- spreading that led to its discovery and public exposure.

"There were cleanup efforts," the official said.


Drudge Retort Headlines

Report: Mueller Focusing on Obstruction; Not Collusion (72 comments)

Trump Analysts Discussed Stolen Facebook Data with Russia (29 comments)

Your Facebook Likes Were Used to Manipulate You (29 comments)

Trump Throws a Morning Tantrum Against Mueller (26 comments)

Decision to Invade Iraq Cost Millions Their Lives (26 comments)

Congressman Offers McCabe Job to Save Pension (23 comments)

Trump Consultants Exploited Facebook Data of Millions (23 comments)

Green Party in Montana Has Bigot on Ballot (23 comments)

Some Officials Wanted Parkland Shooter Committed (22 comments)