The Guardian sourced information about it to Snowden's leaks in 2013. What makes you think it's from a separate leaker, and that it's the same leaker as the "shadow brokers"? All I see is conjecture in those links.
Multiple people who have seen the entire Snowden dump claim that various files leaked by specific sources were not contained within the Snowden dump.
Yes, the idea that the "second source" and TSB are the one and the same is necessarily based on conjecture. Nobody is presenting it as a fact, but as a rather likely option based on analysis of data released by TSB and NSA leaks which cannot be attributed to Snowden.
Both TSB leaks and "second source" leaks originate from the same time period, and the same locations within the NSA. That does not mean that they were leaked by the same person(s), but it is a fairly likely option.
I'm not aware of there being a single lick of evidence to suggest that kookery, but even if he was a Russian agent, he certainly accidentally provided Americans a laudable service.
Curiously, the US Government has never made that allegation. There's significant circumstantial evidence to suggest that the US Government may not believe TSB to be Russian intelligence.
USG had no problem blaming Russian intelligence for many other things that were going on at the same time, but they never tied TSB to that bigger picture.
Given what we know about the likes of Hal Martin, there's little reason to believe that only Russian intelligence could have been behind the shadow brokers leaks. In fact, there were rather suspiciously timed twitter DMs written by Hal Martin within minutes of TSB releasing NSA files.
However Marcy Wheeler does argue rather convincingly that Hal Martin's twitter account may have been hacked by TSB in an effort to frame him.
A curious OSINT detail about Hal Martin is that he was using the email address teamtao999@gmail.com on fling.com while looking for women interested in fetishes and group sex. The email address is a reference to the tailored access operations team within the NSA.
His twitter account (@HAL_999999999) created in 2010, also referenced TAO2 in it's avatar at the time of the TSB leaks. It's unclear for how long that was the case, as it was changed later on and there are no archives. Interestingly, he also used to be fairly active on the infosec twitter between 2011 and early 2016 and is featured in tweet chains with many fairly prominent individuals.
His OPSEC wasn't very good, it's perfectly possible he was compromised by some random person.
Edit #89: Okay, I'll throw in one more detail. Very interestingly, it was allegedly Kaspersky who turned in Hal Martin to the NSA after he tried to approach them over twitter. This might seem like a big deal right now, but at the time it wasn't. Russian cybersecurity companies used to be quite happy to work with their western counterparts and law enforcement shortly after this incident when among others Ruslan Stoyanov from Kaspersky was charged with (and later convicted of) treason for allegedly giving information to an American researcher.
It was deeply embarassing for them either way, not figuring out where the leak originated from is much more embarrassing though.
At the very least blaming Russian intelligence would have tied right in with all the other election related hacking allegations.
Also, I think you may overestimate just how embarrassing this is relatively. USG regularly announces that they got owned, is the NSA getting owned worse than OPR getting owned? Maybe not.
FBI would be the primary agency investigating TSB leaks, so no need for a coordinated messaging campaign.
If the FBI believed that TSB was Russian intelligence, it is perhaps somewhat surprising that it's not mentioned in the Mueller report.
We also still don't know how Hal Martin was related to TSB, the timing of the messages sent from his twitter account to Kaspersky (who apparently reported him to the NSA!) does pretty directly tie him to the TSB.
The FBI would still need to coordinate with the NSA for an investigation and public declaration of findings, neither would be in the interest of the NSA to cooperate for.
And the Mueller report was specifically scoped down to not include anything outside of the 2016 presidential election. I don't know why you keep going back to that.
His life literally depends on Putin's whims - a situation which the USA and EU have forced him into. How could you possibly fault him for not poking the bear that he was forced in a cage with?
Not really, he'd be risking whats left of his life by doing so.
There's also rather little reason for Snowden to bother commenting on the very widely known abuses by Russian government, what could he possibly have to offer on that topic that hasn't already been said?
The existing evidence seems to suggest that Snowden was not actively trying to flee to Russia, but ended up stuck there due to reasons outside of his control.
Well, we know at the very least that he obviously had no control over when his passport was going to be added to the SLTD database.
Also, it's not clear why he would have wanted to stay in Moscow if he had a choice. If he had prior contact with Russian authorities, they presumably wouldn't have made him stay at Sheremetyevo for over a month.
Also it's worth noting that in 2013 Russia had much friendlier relations with the US. This was pre-Crimea. It’s not surprising that it took Russia so long to decide what to do with Snowden. Eventually, they concluded that letting him stay wouldn’t significantly harm their relationship with the US while also gaining goodwill elsewhere.
None of this has to do with his decision to seek protection from the Russian government, which is a formal arrangement with their security services, whether you want to acknowledge it or not.
I don't think you can approach this subject in good faith and arrive at that conclusion.
His options at that point were pretty much limited to prison in the US or seeking protection from the Russian government. If you wouldn't have made the same choice as him in that situation, you can reasonably criticize his choice, you'll just have a hard time convincing anyone that you would've chosen prison in that situation.
There's also no evidence that his arrangement involves any work on behalf of the Russian government.
How relevant is this (and the NSA's general spying capability) in 2025?
We hear a lot about local agencies perusing the services of private companies to collect citizens' data in the US, whether that's traffic information, IoT recordings, buying information from FAANG, etc. What's the NSA's position in the current administration? (e.g. we've heard a lot of noise in the past about the FBI and CIA getting the cold shoulder internally. I wonder how this applies to the NSA.)
1) They don't necessarily need to break all encryption, just knowing who is talking to who and then delivering a tailored payload is their M.O.; The Tailored Access Operations division exists just for this.
2) They didn't build a Yottabyte-scale datacenter for no reason
3) They have the capability to compromise certificate authorities. Pinned certs aren't universal.
4) Speculation, but, Snowden's revelations probably set off an "arms race" of sorts for developing this capability. Lots more people started using Tor, VPNs, and more, so it would almost be dereliction of duty on their part if they didn't dramatically increase their capability, because the threats they are there to stop didn't disappear.
5) ML/LLM/AI has been around for a while, machine learning analysis has been mainstream for over a decade now. All that immense data a human can never wade through can be processed by ML. I would be surprised if they aren't using an LLM to answer questions and query real-time and historical internet data.
6) You know all the concerns regarding Huawei and Tiktok being backdoored by the Chinese government? That's because we're doing it ourselves already.
7) I hope you don't think TAO is less capable than well known notorious spyware companies like the NSO group? dragnet collection is used to find patterns for follow-up tailored access.
I don't understand, all they have to do is tap submarine cables, why is that infeasible now? What specific thing do you think they were collecting before that they can't now?
Metadata is extremely valuable!! lots of things can be inferred from it. In other comments I've decried companies like slack including your password reset or login codes in the email subject for example. They can take any packet and trace it back to a specific individual, even if you're on Tor, chaining VPNs,etc.. without decrypting it. They can see what destinations you're visiting. they can build a pattern of life profile you and mine that. The ad industry does much of this without access to global internet traffic captures already lol.
That's perfectly feasible. It is not feasible to do the same kind of captures as NSA was doing pre-Snowden, when most of that traffic wasn't encrypted.
> In other comments I've decried companies like slack including your password reset or login codes in the email subject for example
That's still just as encrypted as the email body itself.
Active listening is very noisy, we can be very confident they're not doing that at scale.
My whole point is that they're no longer able to do passive listening of unencrypted content and massive scale, but instead are forced to rely on much smaller scale active attacks.
You're making assumptions that are not taking into account all the other capabilities revealed in the Snowden leak and several other prior leaks. The name "Tailored Access Operations" alone should tell you something. They still have presence in all the large tech company's networks (with cooperation from them of course), and they are able to access critical servers like MTA's. The shadowbroker leaks are also another glimpse into their historical capabilities.
You're assuming that despite their budget not having changed meaningfully, no repercussions against anyone from the historical leaks, the continued renewal of the patriot act and unchanged mission of the intelligence community orgs that somehow they've wound down. That they've stopped R&D and tailored access ops.
You're also assuming that tailored access is not used to facilitate, correlate and enrich traffic decryption.
You look at things from your perspective where decrypting traffic alone is all too important. If you can see all the metadata, why would you do that? If you hoard 0 days and sophisticated implants what's the advantage? I mean half the time comms alone aren't enough, you want access to internal networks, documents that will never get transmitted over the network,etc.. smartphone telemetry data from a large group of targets. They're not interested in decrypting traffic to grandma visiting facebook, they want to know who's downloading tails, who's using signal, who's committing to interesting git repos, who the source of some journalist is, what people a politician has been messaging on whatsapp. Once targets are identified they can be implanted, or have their traffic selected for decryption.
But I think i get what you're saying, that most of the traffic they capture is encrypted. That much I agree, that has changed. But whether they can decrypt it on-demand, that is tough to speculate, whether they need to? That's what I'm disagreeing with. If their goal was that one-time traffic decryption, perhaps that has been curtailed with the prevalence of TLS and CT logging. But metadata alone is sufficient to select a target, and all the evidence suggests that even if they can't readily implant targets, they can successfully perform targeted MITM attacks, even with typical non-mTLS/non-pinned TLS setups.
>You're assuming that despite their budget not having changed meaningfully, no repercussions against anyone from the historical leaks, the continued renewal of the patriot act and unchanged mission of the intelligence community orgs that somehow they've wound down. That they've stopped R&D and tailored access ops.
That's not at all what I'm assuming. I'm stating that the environment has become much more hostile to them, reducing their capabilities because all the super low hanging fruit is gone. The part where they're able to hack almost anyone they want hasn't changed.
>You look at things from your perspective where decrypting traffic alone is all too important. If you can see all the metadata, why would you do that?
Metadata lets you select a target sure. Having full content takes as they used to allows you to easily find new targets by simply matching keywords, that particularly cool capability has practically disappeared post-Snowden.
>they want to know who's downloading tails, who's using signal, who's committing to interesting git repos, who the source of some journalist is, what people a politician has been messaging on whatsapp
I don't think this really reflects what the previously leaked files suggest their main interests to be.
>what people a politician has been messaging on whatsapp
Whereas before they'd have been able to get that information off the wire together with the message content (for all messages, in real time!). Now? They actually have to actively compromise Facebook to get that for a single user.
It's also worth noting that the previously leaked NSA documents seem to suggest that the NSA was not particularly busy breaking the law by hacking American companies.
> even if they can't readily implant targets, they can successfully perform targeted MITM attacks, even with typical non-mTLS/non-pinned TLS setups.
Because of CT, such MITM attacks will not work without creating noise that's visible to the whole world.
You've made really good points, I get what you're saying now. They can't do simple keyword searches over unencrypted traffic anymore. But even in 2010 lots of important traffic was over https, and anyone worth their salt used https for important things. I don't think even back then they were hoping for incidental intercept of unencrypted traffic. That was just icing on the cake, the main purpose as I understood was metadata mining, and not just the internet but phone calls and sms as well. As far as tailored access, there is lots of speculation there, and they're well within their rights to hack servers outside of the US. I don't think any information as to what organizations they compromised has ever been revealed, but they certainly had the capability and it is only reasonable to presume they improved upon that capability. But they can have the capability and not choose to wield it, but really doesn't sound like their M.O.
> I don't think this really reflects what the previously leaked files suggest their main interests to be.
I strongly disagree. I wish i had the time to compile evidence to back that up but plenty exists if you look it up. Matter of fact, I recall some of NSA's leadership oppose things like backdooring encryption or apps because they don't need it, and it only hurts the nation's security.
> But even in 2010 lots of important traffic was over https, and anyone worth their salt used https for important things.
In 2010 almost all messaging traffic on the internet was plaintext (or using badly broken encryption). Telephony? Hah.
These days nobody even uses regular phone calls or SMS, except US-based android users.
> That was just icing on the cake, the main purpose as I understood was metadata mining, and not just the internet but phone calls and sms as well
Metadata mining was just the fallback when they absolutely couldn't legally capture the content, or were not able to do so for logistical reasons. If you hack China Mobile and get access to all the call content, you'll still have a hard time sending that to the US. Metadata? Much easier.
These days even metadata collection has been gimped, most of the interesting metadata is encrypted. When I text someone, the NSA can see an encrypted connection from my phone to Apple. They can not feasibly see who that message goes to. They might not even be able to tell that I sent a message at all.
> I don't think any information as to what organizations they compromised has ever been revealed, but they certainly had the capability and it is only reasonable to presume they improved upon that capability
TSB leaks include tons of such information. Snowden leaks include some specific cases too, like Gemalto. Although just for the sake of accuracy I'm not sure which of these are actually TAO and which are other similar teams inside the NSA, but as I recall at least the TSB stuff seems to primarily originate from TAO.
There have also been a bunch of public and non-public incidents attributed to the Equation group (almost certainly NSA TAO) by the private sector.
I think these capabilities were already so good a decade ago that it would be hard to significantly improve upon them, you just slap in new exploits and keep doing what you're doing.
>I strongly disagree. I wish i had the time to compile evidence to back that up but plenty exists if you look it up. Matter of fact, I recall some of NSA's leadership oppose things like backdooring encryption or apps because they don't need it, and it only hurts the nation's security.
I was trying to suggest that the NSA is mostly interested in spying on foreign governments and maybe sometimes catching terrorists, not exactly "they want to know who's downloading tails, who's using signal, who the source of some journalist is".
Alright, well in the interest of a conclusion, I'll say that you made really good points, I've changed my opinion on some but not all of the topics.
> "they want to know who's downloading tails, who's using signal, who the source of some journalist is"
They don't care about random people doing those things, but if someone with a known terrorist cell association is in the US talking over signal. Or if someone is visiting extremist sites using tails, they'd want to know (and they can using metadata available today). They're not interested in home-grown terrorism or law enforcement, but all other matters of national security don't neatly fall into "foreign vs domestic" buckets. Even if it is all happening outside of the US, the servers Signal uses might be in the US for example.
Yeah, the specific capabilities and operations of intelligence agencies like the NSA are a topic I’ve spent far too much of my life obsessing about. Fortunately, mostly because I’ve been paid to do so, but I should really find better things to do with my free time than rehashing work stuff in HN comments.
I think we broadly agree on the details, and whatever differences remain are probably mostly attributable to us looking at the topic from slightly different angles. There's probably not much more we could usefully address on this topic via HN comments, so it is probably a good time to conclude :)
If the story behind the shadow brokers leaks is of interest to you, I dumped some details in a reply to a now-flagged thread. It's quite the rabbit hole if you want to dig into it, especially with the whole Hal Martin situation https://news.ycombinator.com/item?id=46186975
They don't break encryption, they circumvent it. They get into people's computers and access the stored data after it's been decrypted. They stockpile zero day vulnerabilities and use them against their targets in order to install persistent malware. They intercept equipment and literally implant hardware onto the PCBs that let them access the networks. They have access to hordes of government CCTVs. They have real time satellite imaging. They have cellphone tower data.
Yes but I wouldn't say their capabilities have been "greatly" degraded. It's still very much in the "push a button and have someone's entire life history up on the screen" territory.
Degraded would be "it is impossible for them to know anything about people unless they send dozens of human agents to stalk them".
I think going from "lol we can read and store all the emails sent by everybody" to "lol we can hack any specific person and then read their emails" indicates a massive loss of capability.
The first approach enabled them to find targets that were not on their radar based on message contents, they can no longer do that.
They still read emails. No doubt they're inside Google, Microsoft, Apple. They might not be inside Proton Mail, it uses PGP but keys are stored server side so I wouldn't know.
No doubt they still read texts. I think the US is still among the countries that use SMS a lot.
They no doubt have access to the data big tech's mined out of the entire world's population. That capability alone puts them into "bring everything about this guy up on the screen" territory.
>They still read emails. No doubt they're inside Google, Microsoft, Apple. They might not be inside Proton Mail, it uses PGP but keys are stored server side so I wouldn't know.
I don't doubt for a second that they can read specific emails, but to suggest that they have bulk collection capabilities within Google or Microsoft is a stretch. NSA lacks the legal authority to compel that, NSA lacks the money to bribe Google or Microsoft and NSA likely lacks the political backing to put the biggest US companies in such a compromised position.
>I think the US is still among the countries that use SMS a lot.
The NSA lacked legal authority to do this bulk collection prior to the Snowden leaks, and yet that didn't stop them from collecting. Why would I believe that their lack of legal authority today would stop them?
>NSA does not have magic tools to break modern encryption.
They don't. But they have other options.
For example, Cloudflare is an American company that has plaintext access to the traffic of many sites. Cloudflare can be compelled to secretly share anything the NSA want.
Or if they have a deal or double agent working for them, there is a possibility for "full take" just like at AT&T. Seems pretty likely to me. Allegedly there are tens of thousands of undercover employees stationed throughout the economy in the "signature reduction" program. National security programs don't respect laws when there is something considered "important" if they can get away with it.
A double agent would not get you "full take", it'd be impossible to hide the traffic. A double agent could maybe feasibly steal keys from Google, but they'd have to do that all the time because the keys are constantly rotated.
And even then, stealing keys does not give you passive decryption and active decryption would be incredibly noisy.
NSA does not have enough money to spend to be able to incentivize Google to give them full take intercepts either.
I think you are not being creative enough with how one might attempt this. For example, splice the cables leading to the datacenter, put an inconspicuous chip in the servers that intercepts the keys and feeds them via wireless signals to a collection point. Perhaps you could even do something clever like put very short range EMF into a metal co-location rack and collect the signals almost totally invisibly using a mesh network of devices built into the metal.
There's lots of fun tricks you can think of when you have national resources at your disposal.
However, you are forgetting that NSA works for Google. It works to support the promotion of American companies worldwide. They're on the same team, and Google knows that. They even have the same mission: To usefully organize the world's information!
Now that Google is openly a military contractor, it's even easier to make this click. Back in the day, you had to read things like this Julian Assuage piece to understand this: https://wikileaks.org/google-is-not-what-it-seems/
If we were to accept that the NSA works for Google, there's even less reason to believe that Google would grant NSA full take access to plaintext content.
Google has a lot to lose by doing so, and not all that much to gain. Google has also been a leading force in pushing for broader use of encryption on the internet, making the NSAs work significantly more difficult even in a hypothetical scenario where Google is happy to give them anything they want.
>Cloudflare can be compelled to secretly share anything the NSA want.
This is true given some possible interpretations, false given other possible interpretations. Cloudflare can be secretly compelled to share specific things, there's no legal mechanism to compel Cloudflare to share everything.
Were the alternatives any better? I don't recall any telecom companies committing to warrant canaries or the like. And speaking of, whatever happened to those?
> Were the alternatives any better? I don't recall any telecom companies committing to warrant canaries or the like.
Well, no. But Google does significant business in foreign countries and doesn't really want to give an excuse for foreign governments to start aggressively pursuing their own alternatives.
> And speaking of, whatever happened to those?
Cloudflare still has a warrant canary on their transparency report page, Reddit deleted theirs in 2016.
So instead of collecting at AT&T Room 631 you now collect at Google Room Whatever.
The NSA has spent no small amount of time in the last decade obviously interfering with NIST and public encryption standards. The obvious reason is they _want_ to have the magic tools to break some modern encryption.
>So instead of collecting at AT&T Room 631 you now collect at Google Room Whatever.
Even if true, significantly degraded. Probably not true though, NSA has been very leaky and such a story would be kind of devastating for Google. NSA lacks the legal capability to force Google to do so, the money to bribe Google to do so and also almost certainly lacks the political backing to put one of the biggest US companies in such a position.
I don't doubt for a second that NSA could hack Google (or just bribe employees with appropriate access) and break into specific Gmail accounts if they wanted to. Bulk collection would be far more difficult to implement.
>The NSA has spent no small amount of time in the last decade obviously interfering with NIST and public encryption standards. The obvious reason is they _want_ to have the magic tools to break some modern encryption.
They do try, they just haven't been very successful at it.
Google, along with all other major service providers, has a legal portal so law enforcement can process warrant orders. I think all you have to do is hack that portal or process.
Sure, and you could also just submit fake warrants as many criminals have successfully done.
Neither of these approaches would enable bulk collection.
I'm sure the NSA can read essentially any specific emails they're interested in, they just can't do so at anywhere near the scale they used to pre-Snowden.
Not only that, these days almost all chats have moved to E2EE platforms. Reading that traffic in a stealthy manner requires compromising endpoints, bulk collection simply isn't possible.
It’s not Google room whatever, it’s Cloudflare room whatever. That’s why you don’t hear much about undermining encryption standards anymore, who needs that when you have SSL termination for 40% of the internet?
So what? They can't do that at scale without making a ton of noise.
That's a very boring capability compared to what they were able to do pre-Snowden. That's also not a new capability, they were able to do that pre-Snowden too.
You can't decrypt anything with letsencrypt root certs, you can issue your own certificates but it would be impossible to use those at any significant scale.
It's also worth considering that CT makes it extremely noisy to use such certificates to attack web browsers.
I'd bet they could absolutely proxy large parts of people and make use of these certs. I wonder how much are CT logs scrutinized, would these "rogue" certs be found easily because we can't find traces of them being generated by letsencrypt ? Browsers checks CRLs but are they checking CT logs to be ensure the cert they're checking was logged ?
They couldn't do that at scale without being detected, no. There are various people actively looking for this, and the existing tooling makes it easy to detect.
>Browsers checks CRLs but are they checking CT logs to be ensure the cert they're checking was logged ?
Yes, all modern browsers require certificates to be in the CT logs in order for them to be accepted.
This is naive to the point where it is indistinguishable from disinformation.
Aside from a tiny minority of people applying their own encryption (with offline confirmed public keys) at end points with securely stored air gapped private keys, this information is available to the US government, it’s the god damn job of the NSA.
The NSA can hack pretty much anybody, yes. The NSA can no longer collect everything as they were doing pre-Snowden.
The crucial difference is that it is no longer nearly as easy for the NSA to identify new targets as it used to be, because they don't have full take access to the vast amounts of content they used to.
Could you be more specific? It's really hard to have an useful conversation based on a comment like this, but really easy to have one based on a comment which links to specific cases and perhaps even explains how the obvious parallel construction appears.
It's hard to find solid coverage of this because obviously the methods are often hidden and rarely leak out to the press at large. The press also gets confused and thinks that defending our constitutional rights will lead to criminals being acquitted.
If you spend a lot of time watching and studying these cases and how they evolve throughout the courts it becomes obvious that this is likely occurring more than most people realize.
I don't think the Mangione case is a particularly good example, you wouldn't use a 911 call by a random McDonald's manager to disguise parallel construction.
The caller is easy to identify, how could the government ever trust this person to not reveal their parallel construction? If they were planted by the government, that'd be extremely difficult to hide. The government also likely wouldn't be able to compensate them in any meaningful way for telling such a lie.
The Kohlberger case also does not suggest parallel construction, the DOJ policy isn't binding and the DOJ can in fact legally violate that whenever they want.
This is a reminder why all the traffic should be encrypted and obfuscated (i.e. no SNI in clear text). Ideally, the traffic should be encrypted to resemble a random noise. If you are making an app, you can embed public keys and use those to completely encrypt traffic, without relying on CAs.
For example, Telegram does this, using a homemade encryption protocol that has no clear-text SNI like HTTPS. As I remember, WeChat also uses some home-grown form of obfuscation.
As a bonus, this makes it more difficult for telecoms to discriminate against certain sites or apps and helps enforce net neutrality no matter if they like it or not.
Isn't the whole issue with net neutrality that ISPs would be incentivized to prioritize their own traffic (or that of companies they collaborate with)? How does making it harder for them to identify traffic for my app/service/whatever stop them from doing that? As long as they can identify the traffic they do want to prioritize (by companies who haven't done the process you describe), it's not obvious to me why they wouldn't have trouble deprioritizing my stuff based on them at least knowing that it's not their own, effect if they don't know whose it is? "Random noise" isn't likely to look like it's their special favorite traffic.
If everyone including the priority traffic did this, then I guess it would have an effect on net neutrality, then I could see that it would make a difference, but I don't see how that could be construed as "whether they like it or not" given that they could just as easily not implement this if they didn't "like it".
That's not to say this isn't worth doing for the privacy and security benefits, but I'm struggling to see how this would have any real-world influence on net neutrality.
> How does making it harder for them to identify traffic for my app/service/whatever stop them from doing that?
You can masquerade your protocol as HTTPS with SNI of that company, for example. Filtering by IP is very inconvenient (they change all the time), so the telecom would probably look at SNI.
It's also a reminder that no mater how secure you think you are, some third party may have access.
Consider that TAO (or SSF) can probably get through your firewall and router, and maybe into the management engine on the servers with your critical data.
The only thing you've got going for you is that they will (probably) keep your data secure (for themselves).
I mean if I create an offline private key and encrypt my message to be only read with my public key and I’ve learned about math and encryption. I can be assured that my receiver would need to be compromised.
I don’t like these general observation comments. This kind of makes it unappealing to learn about encryption, but it’s worth it and makes you choose either a proper encrypted software or use a key for secret messages.
Being familiar with the USG classification system, I was thrown off by the beginning of this article. It doesn't sound like something that would be classified merely as Secret.
The article begins with:
> XKeyscore (XKEYSCORE or XKS) is a secret computer system used by...
This should be edited to:
> XKeyscore (XKEYSCORE or XKS) is a classified computer system used by...
Because Wikipedia. My edit got immediately auto-bot-reverted[1] by some anti-vandalism crusader. Insert bell-curve meme[1] where "just edit wikipedia" is the middle of the bell-curve.
If you want someone to be actually pedantic about it, then no system is ever classified. Knowledge of the system might be classified, the system may be accredited to handle classified data, at some level. The data this system allegedly collects is obviously unclassified and only becomes classified after landing in some data lake.
Information is classified not anything else. All of that to say, this is one of the many secret computer systems the nsa allegedly has. As the Wikipedia article clearly indicates
Back in they day, it is claimed they could only store 20 TB a day, but technology has improved considerably... but so have data volumes. I wonder if they can store more content for longer now or if the volumes have increased too much.
The most interesting detail about the whole XKeyscore story is that it was apparently not leaked by Snowden
https://www.schneier.com/blog/archives/2014/07/nsa_targets_p...
https://www.reuters.com/article/opinion/commentary-evidence-...
https://www.theguardian.com/us-news/2014/oct/11/second-leake...
It is possible that the "second source" and the shadow brokers are one and the same.
https://www.electrospaces.net/2017/09/are-shadow-brokers-ide...
https://www.emptywheel.net/2017/09/15/shadow-brokers-and-the...
And here's an interesting tidbit about a possible link between TSB and Guccifer 2.0
https://www.emptywheel.net/2020/11/01/show-me-the-metadata-a...
The Guardian sourced information about it to Snowden's leaks in 2013. What makes you think it's from a separate leaker, and that it's the same leaker as the "shadow brokers"? All I see is conjecture in those links.
Multiple people who have seen the entire Snowden dump claim that various files leaked by specific sources were not contained within the Snowden dump.
Yes, the idea that the "second source" and TSB are the one and the same is necessarily based on conjecture. Nobody is presenting it as a fact, but as a rather likely option based on analysis of data released by TSB and NSA leaks which cannot be attributed to Snowden.
Both TSB leaks and "second source" leaks originate from the same time period, and the same locations within the NSA. That does not mean that they were leaked by the same person(s), but it is a fairly likely option.
[flagged]
I'm not aware of there being a single lick of evidence to suggest that kookery, but even if he was a Russian agent, he certainly accidentally provided Americans a laudable service.
The shadow brokers are almost certainly Russian intelligence.
Curiously, the US Government has never made that allegation. There's significant circumstantial evidence to suggest that the US Government may not believe TSB to be Russian intelligence.
USG had no problem blaming Russian intelligence for many other things that were going on at the same time, but they never tied TSB to that bigger picture.
Given what we know about the likes of Hal Martin, there's little reason to believe that only Russian intelligence could have been behind the shadow brokers leaks. In fact, there were rather suspiciously timed twitter DMs written by Hal Martin within minutes of TSB releasing NSA files.
However Marcy Wheeler does argue rather convincingly that Hal Martin's twitter account may have been hacked by TSB in an effort to frame him.
A curious OSINT detail about Hal Martin is that he was using the email address teamtao999@gmail.com on fling.com while looking for women interested in fetishes and group sex. The email address is a reference to the tailored access operations team within the NSA.
His twitter account (@HAL_999999999) created in 2010, also referenced TAO2 in it's avatar at the time of the TSB leaks. It's unclear for how long that was the case, as it was changed later on and there are no archives. Interestingly, he also used to be fairly active on the infosec twitter between 2011 and early 2016 and is featured in tweet chains with many fairly prominent individuals.
His OPSEC wasn't very good, it's perfectly possible he was compromised by some random person.
Edit #89: Okay, I'll throw in one more detail. Very interestingly, it was allegedly Kaspersky who turned in Hal Martin to the NSA after he tried to approach them over twitter. This might seem like a big deal right now, but at the time it wasn't. Russian cybersecurity companies used to be quite happy to work with their western counterparts and law enforcement shortly after this incident when among others Ruslan Stoyanov from Kaspersky was charged with (and later convicted of) treason for allegedly giving information to an American researcher.
> Curiously, the US Government has never made that allegation.
Why would they? It was a deeply embarrassing event for them.
It was deeply embarassing for them either way, not figuring out where the leak originated from is much more embarrassing though.
At the very least blaming Russian intelligence would have tied right in with all the other election related hacking allegations.
Also, I think you may overestimate just how embarrassing this is relatively. USG regularly announces that they got owned, is the NSA getting owned worse than OPR getting owned? Maybe not.
> would have tied right in with all the other election related hacking allegations.
That's not how it works. There is no coordinated messaging campaign across agencies against adversarial nations.
It might seem that way based on media reports, but there isn't.
FBI would be the primary agency investigating TSB leaks, so no need for a coordinated messaging campaign.
If the FBI believed that TSB was Russian intelligence, it is perhaps somewhat surprising that it's not mentioned in the Mueller report.
We also still don't know how Hal Martin was related to TSB, the timing of the messages sent from his twitter account to Kaspersky (who apparently reported him to the NSA!) does pretty directly tie him to the TSB.
The FBI would still need to coordinate with the NSA for an investigation and public declaration of findings, neither would be in the interest of the NSA to cooperate for.
And the Mueller report was specifically scoped down to not include anything outside of the 2016 presidential election. I don't know why you keep going back to that.
[flagged]
His life literally depends on Putin's whims - a situation which the USA and EU have forced him into. How could you possibly fault him for not poking the bear that he was forced in a cage with?
Not really, he'd be risking whats left of his life by doing so.
There's also rather little reason for Snowden to bother commenting on the very widely known abuses by Russian government, what could he possibly have to offer on that topic that hasn't already been said?
[flagged]
Support implies action, silence is inherently passive.
[flagged]
The existing evidence seems to suggest that Snowden was not actively trying to flee to Russia, but ended up stuck there due to reasons outside of his control.
That is his narrative, yes. Meanwhile, there's no evidence he was trying to get to South America as he claimed.
What we know is he went to China, then Russia.
Well, we know at the very least that he obviously had no control over when his passport was going to be added to the SLTD database.
Also, it's not clear why he would have wanted to stay in Moscow if he had a choice. If he had prior contact with Russian authorities, they presumably wouldn't have made him stay at Sheremetyevo for over a month.
Also it's worth noting that in 2013 Russia had much friendlier relations with the US. This was pre-Crimea. It’s not surprising that it took Russia so long to decide what to do with Snowden. Eventually, they concluded that letting him stay wouldn’t significantly harm their relationship with the US while also gaining goodwill elsewhere.
> no control over when his passport
> wanted to stay in Moscow if he had a choice
None of this has to do with his decision to seek protection from the Russian government, which is a formal arrangement with their security services, whether you want to acknowledge it or not.
I don't think you can approach this subject in good faith and arrive at that conclusion.
His options at that point were pretty much limited to prison in the US or seeking protection from the Russian government. If you wouldn't have made the same choice as him in that situation, you can reasonably criticize his choice, you'll just have a hard time convincing anyone that you would've chosen prison in that situation.
There's also no evidence that his arrangement involves any work on behalf of the Russian government.
> His options at that point were pretty much limited to prison in the US or seeking protection from the Russian government
You're just justifying his decision, not refuting that he made it.
You mean a Russian asset like Comrade Krasnov?
The USG does not seem to believe that Snowden was a Russian agent.
I don't think it matters if he was more so that he inarguably has become one.
How so? I'm sure you can make your case better than that.
He sought political asylum in Russia and is currently living under FSB protection, which isn't free. It has a cost.
Honest question, what more needs to be said?
>Honest question, what more needs to be said?
The part where he is actively working to Russia's benefit.
You don't think exposing American intelligence operations and providing fodder for bad faith influence operations is not in Russia's benefit?
With every interview he gives, he's the gift that keeps on giving.
None of that makes him a Russian agent. That doesn't even make him an useful idiot. Just useful.
You're confusing terminology. You can be an agent or an asset of a foreign government without formally working for them.
You could argue Snowden never intended to become an asset of the Russian government but you can't argue that he didn't eventually become one.
Russia feels it has an interest in informing the American public on the depths of illegal behavior of their own government?
Why is this a problem?
How relevant is this (and the NSA's general spying capability) in 2025?
We hear a lot about local agencies perusing the services of private companies to collect citizens' data in the US, whether that's traffic information, IoT recordings, buying information from FAANG, etc. What's the NSA's position in the current administration? (e.g. we've heard a lot of noise in the past about the FBI and CIA getting the cold shoulder internally. I wonder how this applies to the NSA.)
NSAs collection capabilities have been greatly degraded. They can no longer read all internet traffic, basically everything is encrypted now.
NSA does not have magic tools to break modern encryption.
1) They don't necessarily need to break all encryption, just knowing who is talking to who and then delivering a tailored payload is their M.O.; The Tailored Access Operations division exists just for this.
2) They didn't build a Yottabyte-scale datacenter for no reason
3) They have the capability to compromise certificate authorities. Pinned certs aren't universal.
4) Speculation, but, Snowden's revelations probably set off an "arms race" of sorts for developing this capability. Lots more people started using Tor, VPNs, and more, so it would almost be dereliction of duty on their part if they didn't dramatically increase their capability, because the threats they are there to stop didn't disappear.
5) ML/LLM/AI has been around for a while, machine learning analysis has been mainstream for over a decade now. All that immense data a human can never wade through can be processed by ML. I would be surprised if they aren't using an LLM to answer questions and query real-time and historical internet data.
6) You know all the concerns regarding Huawei and Tiktok being backdoored by the Chinese government? That's because we're doing it ourselves already.
7) I hope you don't think TAO is less capable than well known notorious spyware companies like the NSO group? dragnet collection is used to find patterns for follow-up tailored access.
None of your proposed solutions are stealthy enough to enable bulk collection at a pre-Snowden scale.
Yeah, they can still collect lots of useful metadata.
I don't understand, all they have to do is tap submarine cables, why is that infeasible now? What specific thing do you think they were collecting before that they can't now?
Metadata is extremely valuable!! lots of things can be inferred from it. In other comments I've decried companies like slack including your password reset or login codes in the email subject for example. They can take any packet and trace it back to a specific individual, even if you're on Tor, chaining VPNs,etc.. without decrypting it. They can see what destinations you're visiting. they can build a pattern of life profile you and mine that. The ad industry does much of this without access to global internet traffic captures already lol.
That's perfectly feasible. It is not feasible to do the same kind of captures as NSA was doing pre-Snowden, when most of that traffic wasn't encrypted.
> In other comments I've decried companies like slack including your password reset or login codes in the email subject for example
That's still just as encrypted as the email body itself.
I think the disconnect is that you think all they do is passive listening and after the fact decryption.
Active listening is very noisy, we can be very confident they're not doing that at scale.
My whole point is that they're no longer able to do passive listening of unencrypted content and massive scale, but instead are forced to rely on much smaller scale active attacks.
You're making assumptions that are not taking into account all the other capabilities revealed in the Snowden leak and several other prior leaks. The name "Tailored Access Operations" alone should tell you something. They still have presence in all the large tech company's networks (with cooperation from them of course), and they are able to access critical servers like MTA's. The shadowbroker leaks are also another glimpse into their historical capabilities.
You're assuming that despite their budget not having changed meaningfully, no repercussions against anyone from the historical leaks, the continued renewal of the patriot act and unchanged mission of the intelligence community orgs that somehow they've wound down. That they've stopped R&D and tailored access ops.
You're also assuming that tailored access is not used to facilitate, correlate and enrich traffic decryption.
You look at things from your perspective where decrypting traffic alone is all too important. If you can see all the metadata, why would you do that? If you hoard 0 days and sophisticated implants what's the advantage? I mean half the time comms alone aren't enough, you want access to internal networks, documents that will never get transmitted over the network,etc.. smartphone telemetry data from a large group of targets. They're not interested in decrypting traffic to grandma visiting facebook, they want to know who's downloading tails, who's using signal, who's committing to interesting git repos, who the source of some journalist is, what people a politician has been messaging on whatsapp. Once targets are identified they can be implanted, or have their traffic selected for decryption.
But I think i get what you're saying, that most of the traffic they capture is encrypted. That much I agree, that has changed. But whether they can decrypt it on-demand, that is tough to speculate, whether they need to? That's what I'm disagreeing with. If their goal was that one-time traffic decryption, perhaps that has been curtailed with the prevalence of TLS and CT logging. But metadata alone is sufficient to select a target, and all the evidence suggests that even if they can't readily implant targets, they can successfully perform targeted MITM attacks, even with typical non-mTLS/non-pinned TLS setups.
>You're assuming that despite their budget not having changed meaningfully, no repercussions against anyone from the historical leaks, the continued renewal of the patriot act and unchanged mission of the intelligence community orgs that somehow they've wound down. That they've stopped R&D and tailored access ops.
That's not at all what I'm assuming. I'm stating that the environment has become much more hostile to them, reducing their capabilities because all the super low hanging fruit is gone. The part where they're able to hack almost anyone they want hasn't changed.
>You look at things from your perspective where decrypting traffic alone is all too important. If you can see all the metadata, why would you do that?
Metadata lets you select a target sure. Having full content takes as they used to allows you to easily find new targets by simply matching keywords, that particularly cool capability has practically disappeared post-Snowden.
>they want to know who's downloading tails, who's using signal, who's committing to interesting git repos, who the source of some journalist is, what people a politician has been messaging on whatsapp
I don't think this really reflects what the previously leaked files suggest their main interests to be.
>what people a politician has been messaging on whatsapp
Whereas before they'd have been able to get that information off the wire together with the message content (for all messages, in real time!). Now? They actually have to actively compromise Facebook to get that for a single user.
It's also worth noting that the previously leaked NSA documents seem to suggest that the NSA was not particularly busy breaking the law by hacking American companies.
> even if they can't readily implant targets, they can successfully perform targeted MITM attacks, even with typical non-mTLS/non-pinned TLS setups.
Because of CT, such MITM attacks will not work without creating noise that's visible to the whole world.
You've made really good points, I get what you're saying now. They can't do simple keyword searches over unencrypted traffic anymore. But even in 2010 lots of important traffic was over https, and anyone worth their salt used https for important things. I don't think even back then they were hoping for incidental intercept of unencrypted traffic. That was just icing on the cake, the main purpose as I understood was metadata mining, and not just the internet but phone calls and sms as well. As far as tailored access, there is lots of speculation there, and they're well within their rights to hack servers outside of the US. I don't think any information as to what organizations they compromised has ever been revealed, but they certainly had the capability and it is only reasonable to presume they improved upon that capability. But they can have the capability and not choose to wield it, but really doesn't sound like their M.O.
> I don't think this really reflects what the previously leaked files suggest their main interests to be.
I strongly disagree. I wish i had the time to compile evidence to back that up but plenty exists if you look it up. Matter of fact, I recall some of NSA's leadership oppose things like backdooring encryption or apps because they don't need it, and it only hurts the nation's security.
> But even in 2010 lots of important traffic was over https, and anyone worth their salt used https for important things.
In 2010 almost all messaging traffic on the internet was plaintext (or using badly broken encryption). Telephony? Hah.
These days nobody even uses regular phone calls or SMS, except US-based android users.
> That was just icing on the cake, the main purpose as I understood was metadata mining, and not just the internet but phone calls and sms as well
Metadata mining was just the fallback when they absolutely couldn't legally capture the content, or were not able to do so for logistical reasons. If you hack China Mobile and get access to all the call content, you'll still have a hard time sending that to the US. Metadata? Much easier.
These days even metadata collection has been gimped, most of the interesting metadata is encrypted. When I text someone, the NSA can see an encrypted connection from my phone to Apple. They can not feasibly see who that message goes to. They might not even be able to tell that I sent a message at all.
> I don't think any information as to what organizations they compromised has ever been revealed, but they certainly had the capability and it is only reasonable to presume they improved upon that capability
TSB leaks include tons of such information. Snowden leaks include some specific cases too, like Gemalto. Although just for the sake of accuracy I'm not sure which of these are actually TAO and which are other similar teams inside the NSA, but as I recall at least the TSB stuff seems to primarily originate from TAO.
There have also been a bunch of public and non-public incidents attributed to the Equation group (almost certainly NSA TAO) by the private sector.
I think these capabilities were already so good a decade ago that it would be hard to significantly improve upon them, you just slap in new exploits and keep doing what you're doing.
>I strongly disagree. I wish i had the time to compile evidence to back that up but plenty exists if you look it up. Matter of fact, I recall some of NSA's leadership oppose things like backdooring encryption or apps because they don't need it, and it only hurts the nation's security.
I was trying to suggest that the NSA is mostly interested in spying on foreign governments and maybe sometimes catching terrorists, not exactly "they want to know who's downloading tails, who's using signal, who the source of some journalist is".
Alright, well in the interest of a conclusion, I'll say that you made really good points, I've changed my opinion on some but not all of the topics.
> "they want to know who's downloading tails, who's using signal, who the source of some journalist is"
They don't care about random people doing those things, but if someone with a known terrorist cell association is in the US talking over signal. Or if someone is visiting extremist sites using tails, they'd want to know (and they can using metadata available today). They're not interested in home-grown terrorism or law enforcement, but all other matters of national security don't neatly fall into "foreign vs domestic" buckets. Even if it is all happening outside of the US, the servers Signal uses might be in the US for example.
Yeah, the specific capabilities and operations of intelligence agencies like the NSA are a topic I’ve spent far too much of my life obsessing about. Fortunately, mostly because I’ve been paid to do so, but I should really find better things to do with my free time than rehashing work stuff in HN comments.
I think we broadly agree on the details, and whatever differences remain are probably mostly attributable to us looking at the topic from slightly different angles. There's probably not much more we could usefully address on this topic via HN comments, so it is probably a good time to conclude :)
If the story behind the shadow brokers leaks is of interest to you, I dumped some details in a reply to a now-flagged thread. It's quite the rabbit hole if you want to dig into it, especially with the whole Hal Martin situation https://news.ycombinator.com/item?id=46186975
Agreed, enjoyed the discussion either way, and thanks for the OSINT rabbithole.
They don't break encryption, they circumvent it. They get into people's computers and access the stored data after it's been decrypted. They stockpile zero day vulnerabilities and use them against their targets in order to install persistent malware. They intercept equipment and literally implant hardware onto the PCBs that let them access the networks. They have access to hordes of government CCTVs. They have real time satellite imaging. They have cellphone tower data.
They don't break encryption, they circumvent it.
To quote a former Chief Scientist of the NSA, Rule #1 of cryptanalysis is "look for plaintext". Implementation flaws are very common.
This is all in line with significantly degraded collection capabilities.
They can easily go after specific targets, but bulk collection is no longer viable in the same way it was pre-Snowden.
Yes but I wouldn't say their capabilities have been "greatly" degraded. It's still very much in the "push a button and have someone's entire life history up on the screen" territory.
Degraded would be "it is impossible for them to know anything about people unless they send dozens of human agents to stalk them".
I think going from "lol we can read and store all the emails sent by everybody" to "lol we can hack any specific person and then read their emails" indicates a massive loss of capability.
The first approach enabled them to find targets that were not on their radar based on message contents, they can no longer do that.
They still read emails. No doubt they're inside Google, Microsoft, Apple. They might not be inside Proton Mail, it uses PGP but keys are stored server side so I wouldn't know.
No doubt they still read texts. I think the US is still among the countries that use SMS a lot.
They no doubt have access to the data big tech's mined out of the entire world's population. That capability alone puts them into "bring everything about this guy up on the screen" territory.
>They still read emails. No doubt they're inside Google, Microsoft, Apple. They might not be inside Proton Mail, it uses PGP but keys are stored server side so I wouldn't know.
I don't doubt for a second that they can read specific emails, but to suggest that they have bulk collection capabilities within Google or Microsoft is a stretch. NSA lacks the legal authority to compel that, NSA lacks the money to bribe Google or Microsoft and NSA likely lacks the political backing to put the biggest US companies in such a compromised position.
>I think the US is still among the countries that use SMS a lot.
Sure, but that's increasingly iMessage.
The NSA lacked legal authority to do this bulk collection prior to the Snowden leaks, and yet that didn't stop them from collecting. Why would I believe that their lack of legal authority today would stop them?
Because it's not possible for them to get the same easy access anymore?
It was certainly easy in a world where everything wasn't encrypted, that's not the case anymore.
>NSA does not have magic tools to break modern encryption.
They don't. But they have other options.
For example, Cloudflare is an American company that has plaintext access to the traffic of many sites. Cloudflare can be compelled to secretly share anything the NSA want.
Or if they have a deal or double agent working for them, there is a possibility for "full take" just like at AT&T. Seems pretty likely to me. Allegedly there are tens of thousands of undercover employees stationed throughout the economy in the "signature reduction" program. National security programs don't respect laws when there is something considered "important" if they can get away with it.
https://www.newsweek.com/exclusive-inside-militarys-secret-u...
A double agent would not get you "full take", it'd be impossible to hide the traffic. A double agent could maybe feasibly steal keys from Google, but they'd have to do that all the time because the keys are constantly rotated.
And even then, stealing keys does not give you passive decryption and active decryption would be incredibly noisy.
NSA does not have enough money to spend to be able to incentivize Google to give them full take intercepts either.
I think you are not being creative enough with how one might attempt this. For example, splice the cables leading to the datacenter, put an inconspicuous chip in the servers that intercepts the keys and feeds them via wireless signals to a collection point. Perhaps you could even do something clever like put very short range EMF into a metal co-location rack and collect the signals almost totally invisibly using a mesh network of devices built into the metal.
There's lots of fun tricks you can think of when you have national resources at your disposal.
However, you are forgetting that NSA works for Google. It works to support the promotion of American companies worldwide. They're on the same team, and Google knows that. They even have the same mission: To usefully organize the world's information!
Now that Google is openly a military contractor, it's even easier to make this click. Back in the day, you had to read things like this Julian Assuage piece to understand this: https://wikileaks.org/google-is-not-what-it-seems/
If we were to accept that the NSA works for Google, there's even less reason to believe that Google would grant NSA full take access to plaintext content.
Google has a lot to lose by doing so, and not all that much to gain. Google has also been a leading force in pushing for broader use of encryption on the internet, making the NSAs work significantly more difficult even in a hypothetical scenario where Google is happy to give them anything they want.
>Cloudflare can be compelled to secretly share anything the NSA want.
This is true given some possible interpretations, false given other possible interpretations. Cloudflare can be secretly compelled to share specific things, there's no legal mechanism to compel Cloudflare to share everything.
Wasn't the whole thing that the secret courts were too liberal in access they were granting?
Not in the sense that they were ordering companies to facilitate full take collection of content by the NSA, no.
Hence the famous "SSL added and removed here ;-)" slide
Wasn’t room 641A just the NSA strong arming At&T to facilitate full take collection?
Getting AT&T to do that is not the same as getting Google to do that.
AT&T does not have much to lose by doing that, Google does.
How do they not have much to lose? They are the ones that have their users on a subscription basis.
AT&T customers will not (and did not!) leave because of NSA surveillance, and generally don't have that many options anyway.
Were the alternatives any better? I don't recall any telecom companies committing to warrant canaries or the like. And speaking of, whatever happened to those?
> Were the alternatives any better? I don't recall any telecom companies committing to warrant canaries or the like.
Well, no. But Google does significant business in foreign countries and doesn't really want to give an excuse for foreign governments to start aggressively pursuing their own alternatives.
> And speaking of, whatever happened to those?
Cloudflare still has a warrant canary on their transparency report page, Reddit deleted theirs in 2016.
They were never very common.
Even if they aren't compelled, if that unencrypted traffic ever moves over a wire that the NSA could tap into...
So instead of collecting at AT&T Room 631 you now collect at Google Room Whatever.
The NSA has spent no small amount of time in the last decade obviously interfering with NIST and public encryption standards. The obvious reason is they _want_ to have the magic tools to break some modern encryption.
Brief list of NSA backdoors:
https://www.ethanheilman.com/x/12/index.html
>So instead of collecting at AT&T Room 631 you now collect at Google Room Whatever.
Even if true, significantly degraded. Probably not true though, NSA has been very leaky and such a story would be kind of devastating for Google. NSA lacks the legal capability to force Google to do so, the money to bribe Google to do so and also almost certainly lacks the political backing to put one of the biggest US companies in such a position.
I don't doubt for a second that NSA could hack Google (or just bribe employees with appropriate access) and break into specific Gmail accounts if they wanted to. Bulk collection would be far more difficult to implement.
>The NSA has spent no small amount of time in the last decade obviously interfering with NIST and public encryption standards. The obvious reason is they _want_ to have the magic tools to break some modern encryption.
They do try, they just haven't been very successful at it.
Google, along with all other major service providers, has a legal portal so law enforcement can process warrant orders. I think all you have to do is hack that portal or process.
Sure, and you could also just submit fake warrants as many criminals have successfully done.
Neither of these approaches would enable bulk collection.
I'm sure the NSA can read essentially any specific emails they're interested in, they just can't do so at anywhere near the scale they used to pre-Snowden.
Not only that, these days almost all chats have moved to E2EE platforms. Reading that traffic in a stealthy manner requires compromising endpoints, bulk collection simply isn't possible.
It’s not Google room whatever, it’s Cloudflare room whatever. That’s why you don’t hear much about undermining encryption standards anymore, who needs that when you have SSL termination for 40% of the internet?
Dont need to break encryption if you read data from the source -- O/S vendors will do it for you.
Israel produced Pegasus for hacking smartphones and taking them over. You don't think NSA can do that? They control all the endpoints they want.
So what? They can't do that at scale without making a ton of noise.
That's a very boring capability compared to what they were able to do pre-Snowden. That's also not a new capability, they were able to do that pre-Snowden too.
You should read about Project Cloudflare
They surely don't have any kind of access to letsencrypt root certs whatsoever
You can't decrypt anything with letsencrypt root certs, you can issue your own certificates but it would be impossible to use those at any significant scale.
It's also worth considering that CT makes it extremely noisy to use such certificates to attack web browsers.
I'd bet they could absolutely proxy large parts of people and make use of these certs. I wonder how much are CT logs scrutinized, would these "rogue" certs be found easily because we can't find traces of them being generated by letsencrypt ? Browsers checks CRLs but are they checking CT logs to be ensure the cert they're checking was logged ?
They couldn't do that at scale without being detected, no. There are various people actively looking for this, and the existing tooling makes it easy to detect.
>Browsers checks CRLs but are they checking CT logs to be ensure the cert they're checking was logged ?
Yes, all modern browsers require certificates to be in the CT logs in order for them to be accepted.
For example, we can easily pull up logs for gmail.com and see which certificates browsers would accept. https://api.certspotter.com/v1/issuances?domain=gmail.com&ex...
This is naive to the point where it is indistinguishable from disinformation.
Aside from a tiny minority of people applying their own encryption (with offline confirmed public keys) at end points with securely stored air gapped private keys, this information is available to the US government, it’s the god damn job of the NSA.
The NSA can hack pretty much anybody, yes. The NSA can no longer collect everything as they were doing pre-Snowden.
The crucial difference is that it is no longer nearly as easy for the NSA to identify new targets as it used to be, because they don't have full take access to the vast amounts of content they used to.
store now... decrypt later...
Sure, why not. If quantum computers capable of factoring sufficiently large numbers ever arrive, we'll be living in a very different world anyway.
You only need to look at a few headline "true crime" cases to see the obvious parallel construction that is being done.
Could you be more specific? It's really hard to have an useful conversation based on a comment like this, but really easy to have one based on a comment which links to specific cases and perhaps even explains how the obvious parallel construction appears.
It's a common "conspiracy theory" that this happened in the Luigi Mangione case even thought I don't agree he's "probably innocent":
https://www.reddit.com/r/LateStageCapitalism/comments/1hlmq3...
The FBI apparently attempted to use this in the Bryan Kohberger case:
https://www.nytimes.com/2025/02/25/us/idaho-murders-bryan-ko...
It's hard to find solid coverage of this because obviously the methods are often hidden and rarely leak out to the press at large. The press also gets confused and thinks that defending our constitutional rights will lead to criminals being acquitted.
If you spend a lot of time watching and studying these cases and how they evolve throughout the courts it becomes obvious that this is likely occurring more than most people realize.
I don't think the Mangione case is a particularly good example, you wouldn't use a 911 call by a random McDonald's manager to disguise parallel construction.
The caller is easy to identify, how could the government ever trust this person to not reveal their parallel construction? If they were planted by the government, that'd be extremely difficult to hide. The government also likely wouldn't be able to compensate them in any meaningful way for telling such a lie.
The Kohlberger case also does not suggest parallel construction, the DOJ policy isn't binding and the DOJ can in fact legally violate that whenever they want.
NSA is under Pete Hegseth's Department of War [sic] if that is any indication of their position and priorities.
This is a reminder why all the traffic should be encrypted and obfuscated (i.e. no SNI in clear text). Ideally, the traffic should be encrypted to resemble a random noise. If you are making an app, you can embed public keys and use those to completely encrypt traffic, without relying on CAs.
For example, Telegram does this, using a homemade encryption protocol that has no clear-text SNI like HTTPS. As I remember, WeChat also uses some home-grown form of obfuscation.
As a bonus, this makes it more difficult for telecoms to discriminate against certain sites or apps and helps enforce net neutrality no matter if they like it or not.
Isn't the whole issue with net neutrality that ISPs would be incentivized to prioritize their own traffic (or that of companies they collaborate with)? How does making it harder for them to identify traffic for my app/service/whatever stop them from doing that? As long as they can identify the traffic they do want to prioritize (by companies who haven't done the process you describe), it's not obvious to me why they wouldn't have trouble deprioritizing my stuff based on them at least knowing that it's not their own, effect if they don't know whose it is? "Random noise" isn't likely to look like it's their special favorite traffic.
If everyone including the priority traffic did this, then I guess it would have an effect on net neutrality, then I could see that it would make a difference, but I don't see how that could be construed as "whether they like it or not" given that they could just as easily not implement this if they didn't "like it".
That's not to say this isn't worth doing for the privacy and security benefits, but I'm struggling to see how this would have any real-world influence on net neutrality.
> How does making it harder for them to identify traffic for my app/service/whatever stop them from doing that?
You can masquerade your protocol as HTTPS with SNI of that company, for example. Filtering by IP is very inconvenient (they change all the time), so the telecom would probably look at SNI.
It's also a reminder that no mater how secure you think you are, some third party may have access.
Consider that TAO (or SSF) can probably get through your firewall and router, and maybe into the management engine on the servers with your critical data.
The only thing you've got going for you is that they will (probably) keep your data secure (for themselves).
I mean if I create an offline private key and encrypt my message to be only read with my public key and I’ve learned about math and encryption. I can be assured that my receiver would need to be compromised.
I don’t like these general observation comments. This kind of makes it unappealing to learn about encryption, but it’s worth it and makes you choose either a proper encrypted software or use a key for secret messages.
Being familiar with the USG classification system, I was thrown off by the beginning of this article. It doesn't sound like something that would be classified merely as Secret.
The article begins with:
> XKeyscore (XKEYSCORE or XKS) is a secret computer system used by...
This should be edited to:
> XKeyscore (XKEYSCORE or XKS) is a classified computer system used by...
The program is allegedly a Top Secret program.
Saying something is "secret" is not the same as saying it is "classified Secret"
It’s not secret. If it was it wouldn’t be on Wikipedia.
Then edit it, it's Wikipedia!
Because Wikipedia. My edit got immediately auto-bot-reverted[1] by some anti-vandalism crusader. Insert bell-curve meme[1] where "just edit wikipedia" is the middle of the bell-curve.
[0] https://en.wikipedia.org/wiki/User_talk:Discospinster#WTF_ed...?
[1] https://imgflip.com/memegenerator/533936279/Bell-Curve
If you want someone to be actually pedantic about it, then no system is ever classified. Knowledge of the system might be classified, the system may be accredited to handle classified data, at some level. The data this system allegedly collects is obviously unclassified and only becomes classified after landing in some data lake.
Information is classified not anything else. All of that to say, this is one of the many secret computer systems the nsa allegedly has. As the Wikipedia article clearly indicates
Back in they day, it is claimed they could only store 20 TB a day, but technology has improved considerably... but so have data volumes. I wonder if they can store more content for longer now or if the volumes have increased too much.
I'm sure they can store far more than 20 TB now, but it is true that the content pool is much larger. I would guess it's not a favorable ratio.
[flagged]
What do you mean by this?
HN is frequented by green accounts designed solely to glaze American intelligence and denigrate transparency or accountability.
Probably just forgot the /s at the end