Recently I've heard Edward Snowden talk about his working at the NSA in Hawaii as being "under a pineapple field." CBS News recently ran a segment on that NSA listening post on Oahu.
Not a whole lot of actual information. "We're in office building, in a pineapple field, on Oahu...." And part of it is underground -- we see a tunnel. We didn't get to see any pineapples, though.
Yesterday, I visited the NSA. It was Cyber Command's birthday, but that's not why I was there. I visited as part of the Berklett Cybersecurity Project, run out of the Berkman Klein Center and funded by the Hewlett Foundation. (BERKman hewLETT -- get it? We have a web page, but it's badly out of date.)
It was a full day of meetings, all unclassified but under the Chatham House Rule. Gen. Nakasone welcomed us and took questions at the start. Various senior officials spoke with us on a variety of topics, but mostly focused on three areas:
- Russian influence operations, both what the NSA and US Cyber Command did during the 2018 election and what they can do in the future;
- China and the threats to critical infrastructure from untrusted computer hardware, both the 5G network and more broadly;
- Machine learning, both how to ensure a ML system is compliant with all laws, and how ML can help with other compliance tasks.
It was all interesting. Those first two topics are ones that I am thinking and writing about, and it was good to hear their perspective. I find that I am much more closely aligned with the NSA about cybersecurity than I am about privacy, which made the meeting much less fraught than it would have been if we were discussing Section 702 of the FISA Amendments Act, Section 215 the USA Freedom Act (up for renewal next year), or any 4th Amendment violations. I don't think we're past those issues by any means, but they make up less of what I am working on.
A weird paper was posted on the Cryptology ePrint Archive (working link is via the Wayback Machine), claiming an attack against the NSA-designed cipher SIMON. You can read some commentary about it here. Basically, the authors claimed an attack so devastating that they would only publish a zero-knowledge proof of their attack. Which they didn't. Nor did they publish anything else of interest, near as I can tell.
The paper has since been deleted from the ePrint Archive, which feels like the correct decision on someone's part.
In 2015, the Intercept started publishing "The Drone Papers," based on classified documents leaked by an unknown whistleblower. Today, someone who worked at the NSA, and then at the National Geospatial-Intelligence Agency, was charged with the crime. It is unclear how he was initially identified. It might have been this: "At the agency, prosecutors said, Mr. Hale printed 36 documents from his Top Secret computer."
The article talks about evidence collected after he was identified and searched:
According to the indictment, in August 2014, Mr. Hale's cellphone contact list included information for the reporter, and he possessed two thumb drives. One thumb drive contained a page marked "secret" from a classified document that Mr. Hale had printed in February 2014. Prosecutors said Mr. Hale had tried to delete the document from the thumb drive.
The other thumb drive contained Tor software and the Tails operating system, which were recommended by the reporter's online news outlet in an article published on its website regarding how to anonymously leak documents.
In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government. Since, then the vulnerabilities and tools have been used by both government and criminals, and put the NSA's ability to secure its own cyberweapons seriously into question.
Now we have learned that the Chinese used the tools fourteen months before the Shadow Brokers released them.
Does this mean that both the Chinese and the Russians stole the same set of NSA tools? Did the Russians steal them from the Chinese, who stole them from us? Did it work the other way? I don't think anyone has any idea. But this certainly illustrates how dangerous it is for the NSA -- or US Cyber Command -- to hoard zero-day vulnerabilities.
EDITED TO ADD (5/16): Symantec report.