American intelligence agencies have lined up their stories and currently agree that Putin’s Russia is responsible for the DNC hack. President-elect Donald Trump might dispute that, especially when such reports also suggest that Russia’s intentions were to help him win the presidential election. After a security company proved there’s a link between the malware used against the DNC and cyber attacks against the Ukrainian army, a new report reveals the actual reason why the NSA knows whenever Russia hacks the US. And yes, it’s as scary as you’d expect it to be.
Looking at a never-before-seen document leaked by Snowden, The Intercept discovered that the NSA can tell, as far back as 2005, what entity was behind a certain hack thanks to sophisticated signals interception technology.
In 2006, the NSA concluded that it was Russia’s intelligence agencies that hacked the webmail account of Russian journalist Anna Politkovskaya before her assassination. She was a fervent Putin critic, and Russian spy agencies are believed to have ordered the hit on her, though that link has never been proven.
“On 5 December 2005, [Russian Federal Intelligence Services] RFIS initiated an attack against the account annapolitkovskaia@US Provider1 [a Yahoo account according to The Intercept], deploying malicious software which is not available in the public domain. It is not known whether this attack is in any way associated with the death of the journalist,” the NSA wrote in a report.
The section is classified as TS/SI or Top Secret Signals Intelligence, which deals with intercepting signals as they pass from one point to another, whether it’s tapped phones or monitored internet traffic.
The NSA knew that because it was supposedly monitoring vast amounts of internet traffic at the time, and its technology could trace signals through a network. It’s very likely that NSA’s signals intelligence tech has advanced considerably in the last 10 years, to keep up with the times. And it’s probably still collecting even bigger amounts of internet traffic right now.
So when Adm. Mike Rogers, the NSA chief, says publicly about the Democratic hack that “this was a conscious effort by a nation state to attempt to achieve a specific effect,” it means the NSA has solid proof that happened.
As The Intercept notes, Snowden tweeted earlier this year that if Russia was hacking the Democrats, the NSA has the goods. Snowden said that tracing back hackers using SIGINT technology “is the only case in which mass surveillance has actually proven effective.” Snowden said that the NSA has a tool called XKEYSCORE that is similar to a global SIGINT search engine that “makes following exfiltrated data easy. I did this personally against Chinese ops.” XKEYSCORE has come up in the Snowden leaks a bunch of times in the past: here and here. SIGINT came up before as well.
“The bottom line is that the NSA would know where and how any ‘hacked’ emails from the DNC, HRC or any other servers were routed through the network,” William Binney, a different NSA whistleblower, said. “This process can sometimes require a closer look into the routing to sort out intermediate clients, but in the end sender and recipient can be traced across the network.”
Does that mean the NSA can trace all hackers in the world if it wanted to?