monerozcash
viccis
The Guardian sourced information about it to Snowden's leaks in 2013. What makes you think it's from a separate leaker, and that it's the same leaker as the "shadow brokers"? All I see is conjecture in those links.
monerozcash
Multiple people who have seen the entire Snowden dump claim that various files leaked by specific sources were not contained within the Snowden dump.
Yes, the idea that the "second source" and TSB are the one and the same is necessarily based on conjecture. Nobody is presenting it as a fact, but as a rather likely option based on analysis of data released by TSB and NSA leaks which cannot be attributed to Snowden.
Both TSB leaks and "second source" leaks originate from the same time period, and the same locations within the NSA. That does not mean that they were leaked by the same person(s), but it is a fairly likely option.
sdigf
[flagged]
i80and
I'm not aware of there being a single lick of evidence to suggest that kookery, but even if he was a Russian agent, he certainly accidentally provided Americans a laudable service.
throwawayq3423
The shadow brokers are almost certainly Russian intelligence.
sdigf
[flagged]
sallveburrpi
You mean a Russian asset like Comrade Krasnov?
monerozcash
The USG does not seem to believe that Snowden was a Russian agent.
throwawayq3423
I don't think it matters if he was more so that he inarguably has become one.
themafia
Russia feels it has an interest in informing the American public on the depths of illegal behavior of their own government?
Why is this a problem?
apt-get
How relevant is this (and the NSA's general spying capability) in 2025?
We hear a lot about local agencies perusing the services of private companies to collect citizens' data in the US, whether that's traffic information, IoT recordings, buying information from FAANG, etc. What's the NSA's position in the current administration? (e.g. we've heard a lot of noise in the past about the FBI and CIA getting the cold shoulder internally. I wonder how this applies to the NSA.)
monerozcash
NSAs collection capabilities have been greatly degraded. They can no longer read all internet traffic, basically everything is encrypted now.
NSA does not have magic tools to break modern encryption.
yupyupyups
>NSA does not have magic tools to break modern encryption.
They don't. But they have other options.
For example, Cloudflare is an American company that has plaintext access to the traffic of many sites. Cloudflare can be compelled to secretly share anything the NSA want.
monerozcash
>Cloudflare can be compelled to secretly share anything the NSA want.
This is true given some possible interpretations, false given other possible interpretations. Cloudflare can be secretly compelled to share specific things, there's no legal mechanism to compel Cloudflare to share everything.
xboxnolifes
Even if they aren't compelled, if that unencrypted traffic ever moves over a wire that the NSA could tap into...
tehjoker
Or if they have a deal or double agent working for them, there is a possibility for "full take" just like at AT&T. Seems pretty likely to me. Allegedly there are tens of thousands of undercover employees stationed throughout the economy in the "signature reduction" program. National security programs don't respect laws when there is something considered "important" if they can get away with it.
https://www.newsweek.com/exclusive-inside-militarys-secret-u...
matheusmoreira
They don't break encryption, they circumvent it. They get into people's computers and access the stored data after it's been decrypted. They stockpile zero day vulnerabilities and use them against their targets in order to install persistent malware. They intercept equipment and literally implant hardware onto the PCBs that let them access the networks. They have access to hordes of government CCTVs. They have real time satellite imaging. They have cellphone tower data.
cperciva
They don't break encryption, they circumvent it.
To quote a former Chief Scientist of the NSA, Rule #1 of cryptanalysis is "look for plaintext". Implementation flaws are very common.
monerozcash
This is all in line with significantly degraded collection capabilities.
They can easily go after specific targets, but bulk collection is no longer viable in the same way it was pre-Snowden.
notepad0x90
1) They don't necessarily need to break all encryption, just knowing who is talking to who and then delivering a tailored payload is their M.O.; The Tailored Access Operations division exists just for this.
2) They didn't build a Yottabyte-scale datacenter for no reason
3) They have the capability to compromise certificate authorities. Pinned certs aren't universal.
4) Speculation, but, Snowden's revelations probably set off an "arms race" of sorts for developing this capability. Lots more people started using Tor, VPNs, and more, so it would almost be dereliction of duty on their part if they didn't dramatically increase their capability, because the threats they are there to stop didn't disappear.
5) ML/LLM/AI has been around for a while, machine learning analysis has been mainstream for over a decade now. All that immense data a human can never wade through can be processed by ML. I would be surprised if they aren't using an LLM to answer questions and query real-time and historical internet data.
6) You know all the concerns regarding Huawei and Tiktok being backdoored by the Chinese government? That's because we're doing it ourselves already.
7) I hope you don't think TAO is less capable than well known notorious spyware companies like the NSO group? dragnet collection is used to find patterns for follow-up tailored access.
monerozcash
None of your proposed solutions are stealthy enough to enable bulk collection at a pre-Snowden scale.
Yeah, they can still collect lots of useful metadata.
themafia
So instead of collecting at AT&T Room 631 you now collect at Google Room Whatever.
The NSA has spent no small amount of time in the last decade obviously interfering with NIST and public encryption standards. The obvious reason is they _want_ to have the magic tools to break some modern encryption.
matheusmoreira
Brief list of NSA backdoors:
monerozcash
>So instead of collecting at AT&T Room 631 you now collect at Google Room Whatever.
Even if true, significantly degraded. Probably not true though, NSA has been very leaky and such a story would be kind of devastating for Google. NSA lacks the legal capability to force Google to do so, the money to bribe Google to do so and also almost certainly lacks the political backing to put one of the biggest US companies in such a position.
I don't doubt for a second that NSA could hack Google (or just bribe employees with appropriate access) and break into specific Gmail accounts if they wanted to. Bulk collection would be far more difficult to implement.
>The NSA has spent no small amount of time in the last decade obviously interfering with NIST and public encryption standards. The obvious reason is they _want_ to have the magic tools to break some modern encryption.
They do try, they just haven't been very successful at it.
ls612
It’s not Google room whatever, it’s Cloudflare room whatever. That’s why you don’t hear much about undermining encryption standards anymore, who needs that when you have SSL termination for 40% of the internet?
hollow-moe
They surely don't have any kind of access to letsencrypt root certs whatsoever
monerozcash
You can't decrypt anything with letsencrypt root certs, you can issue your own certificates but it would be impossible to use those at any significant scale.
It's also worth considering that CT makes it extremely noisy to use such certificates to attack web browsers.
cannabis_sam
This is naive to the point where it is indistinguishable from disinformation.
Aside from a tiny minority of people applying their own encryption (with offline confirmed public keys) at end points with securely stored air gapped private keys, this information is available to the US government, it’s the god damn job of the NSA.
monerozcash
The NSA can hack pretty much anybody, yes. The NSA can no longer collect everything as they were doing pre-Snowden.
The crucial difference is that it is no longer nearly as easy for the NSA to identify new targets as it used to be, because they don't have full take access to the vast amounts of content they used to.
ch2026
You should read about Project Cloudflare
globalnode
Dont need to break encryption if you read data from the source -- O/S vendors will do it for you.
themafia
You only need to look at a few headline "true crime" cases to see the obvious parallel construction that is being done.
monerozcash
Could you be more specific? It's really hard to have an useful conversation based on a comment like this, but really easy to have one based on a comment which links to specific cases and perhaps even explains how the obvious parallel construction appears.
themafia
It's a common "conspiracy theory" that this happened in the Luigi Mangione case even thought I don't agree he's "probably innocent":
https://www.reddit.com/r/LateStageCapitalism/comments/1hlmq3...
The FBI apparently attempted to use this in the Bryan Kohberger case:
https://www.nytimes.com/2025/02/25/us/idaho-murders-bryan-ko...
It's hard to find solid coverage of this because obviously the methods are often hidden and rarely leak out to the press at large. The press also gets confused and thinks that defending our constitutional rights will lead to criminals being acquitted.
If you spend a lot of time watching and studying these cases and how they evolve throughout the courts it becomes obvious that this is likely occurring more than most people realize.
dialup_sounds
NSA is under Pete Hegseth's Department of War [sic] if that is any indication of their position and priorities.
runjake
Being familiar with the USG classification system, I was thrown off by the beginning of this article. It doesn't sound like something that would be classified merely as Secret.
The article begins with:
> XKeyscore (XKEYSCORE or XKS) is a secret computer system used by...
This should be edited to:
> XKeyscore (XKEYSCORE or XKS) is a classified computer system used by...
The program is allegedly a Top Secret program.
halJordan
If you want someone to be actually pedantic about it, then no system is ever classified. Knowledge of the system might be classified, the system may be accredited to handle classified data, at some level. The data this system allegedly collects is obviously unclassified and only becomes classified after landing in some data lake.
Information is classified not anything else. All of that to say, this is one of the many secret computer systems the nsa allegedly has. As the Wikipedia article clearly indicates
viccis
Saying something is "secret" is not the same as saying it is "classified Secret"
47282847
It’s not secret. If it was it wouldn’t be on Wikipedia.
Sniffnoy
Then edit it, it's Wikipedia!
nerdsniper
Because Wikipedia. My edit got immediately auto-bot-reverted[1] by some anti-vandalism crusader. Insert bell-curve meme[1] where "just edit wikipedia" is the middle of the bell-curve.
[0] https://en.wikipedia.org/wiki/User_talk:Discospinster#WTF_ed...?
codedokode
This is a reminder why all the traffic should be encrypted and obfuscated (i.e. no SNI in clear text). Ideally, the traffic should be encrypted to resemble a random noise. If you are making an app, you can embed public keys and use those to completely encrypt traffic, without relying on CAs.
For example, Telegram does this, using a homemade encryption protocol that has no clear-text SNI like HTTPS. As I remember, WeChat also uses some home-grown form of obfuscation.
As a bonus, this makes it more difficult for telecoms to discriminate against certain sites or apps and helps enforce net neutrality no matter if they like it or not.
saghm
Isn't the whole issue with net neutrality that ISPs would be incentivized to prioritize their own traffic (or that of companies they collaborate with)? How does making it harder for them to identify traffic for my app/service/whatever stop them from doing that? As long as they can identify the traffic they do want to prioritize (by companies who haven't done the process you describe), it's not obvious to me why they wouldn't have trouble deprioritizing my stuff based on them at least knowing that it's not their own, effect if they don't know whose it is? "Random noise" isn't likely to look like it's their special favorite traffic.
If everyone including the priority traffic did this, then I guess it would have an effect on net neutrality, then I could see that it would make a difference, but I don't see how that could be construed as "whether they like it or not" given that they could just as easily not implement this if they didn't "like it".
That's not to say this isn't worth doing for the privacy and security benefits, but I'm struggling to see how this would have any real-world influence on net neutrality.
anonymousiam
It's also a reminder that no mater how secure you think you are, some third party may have access.
Consider that TAO (or SSF) can probably get through your firewall and router, and maybe into the management engine on the servers with your critical data.
The only thing you've got going for you is that they will (probably) keep your data secure (for themselves).
jwpapi
I mean if I create an offline private key and encrypt my message to be only read with my public key and I’ve learned about math and encryption. I can be assured that my receiver would need to be compromised.
I don’t like these general observation comments. This kind of makes it unappealing to learn about encryption, but it’s worth it and makes you choose either a proper encrypted software or use a key for secret messages.
null
tehjoker
Back in they day, it is claimed they could only store 20 TB a day, but technology has improved considerably... but so have data volumes. I wonder if they can store more content for longer now or if the volumes have increased too much.
MajesticHobo2
I'm sure they can store far more than 20 TB now, but it is true that the content pool is much larger. I would guess it's not a favorable ratio.
The most interesting detail about the whole XKeyscore story is that it was apparently not leaked by Snowden
https://www.schneier.com/blog/archives/2014/07/nsa_targets_p...
https://www.reuters.com/article/opinion/commentary-evidence-...
https://www.theguardian.com/us-news/2014/oct/11/second-leake...
It is possible that the "second source" and the shadow brokers are one and the same.
https://www.electrospaces.net/2017/09/are-shadow-brokers-ide...
https://www.emptywheel.net/2017/09/15/shadow-brokers-and-the...
And here's an interesting tidbit about a possible link between TSB and Guccifer 2.0
https://www.emptywheel.net/2020/11/01/show-me-the-metadata-a...