NSA Hack Screen Shot 2015-05-14 at 8.12.27 PM

DⒶʀKᙡiNɢ ಠ_ರೃ , a Swede associated with Anonymous, has claimed a new, and rather relentless, hack of the US National Security Agency’s email server. Nothing so mundane as username/password combinations, the Pastebin of the hack lists the methodology and blow-by-blow of what worked, what didn’t, and what the hacker thinks of the NSA security (hint: not much). Turns out, the NSA doesn’t even maintain its own email server: they’ve outsourced that to Qwest.

Here’s an excerpt from the Paste:

Lets look at their site; damm they got alot of dns bs

Trying zone transfer first…

Testing dsdn-gh1-uea06.nsa.gov

Request timed out or transfer not allowed.

Testing dsdn-gh1-uea05.nsa.gov

Request timed out or transfer not allowed.

Unsuccessful in zone transfer (it was worth a shot)

Okay, trying the good old fashioned way… brute force

Checking for wildcard DNS…

Nope. Good.

According to DⒶʀKᙡiNɢ ಠ_ರೃ, the hack of the email system exposed some antiquated vulnerabilities which the hacker claims should have been patched eons ago, including outdated SSL and SSH. In other words, the NSA’s emails are using outdated encryption security certificates.

oh hehe they use and old version of ssh (ssh1.5)
the cunts might just put up some bullshit sec on their sub servers and expecting noone to find em
but on their number one server range , im sure they got some gay ass “elite waf”

okey what can we found out about this “by the whitehat-book” firm
they got an webadmin named kevin:) hehe like mitnick , “kevin the system security admin” very cjut.

#i though nsa should be smart and not pick some fuckers that are can be taken down
#with 22900 bytes of data haha, but i guess they r just script kiddie bitches

When supporters attempted to share the news on Facebook and LinkedIn, however, they were in for some surprises.

Raymond Johansen Facebook Screen Shot 2015-05-14 at 7.40.41 PM

Pirate Party activist and Cryptosphere contributor Raymond Johansen shared the original tweet to Facebook when the Paste had 327 views. The tweet contains a live link to the Pastebin, of course.

Within eight minutes, he reports, the Pastebin had been taken down. “THEN they read me laughing at them for even trying.” Someone posted a link to the Google cache of the missing paste in the comments on Facebook, at which point the paste apparently re-materialized. “Within a minute of that the original paste is back up AGAIN – the NSA realizing I am making them look like class fulz. THAT moment is the single most ROFL inducing PSML unavoidable moment of my life. It is Anonspeak for “we know we fckd lets unfck ourself” – all the while actually doublefcking themselves – royally.”

The paste may have been tampered with in the interim, says Johansen. “The [second] paste we saw, maybe 12 hours old, had strange garbage on the end. IMO it has been tinkered with and I myself will not visit that pastebin – because OpSec.”

“AnonIntelGroup posted ‘Bring the Lulz back!’ a week ago. ‘Mission accompli!’ – I would say.”

Within three hours of that, however, Johansen noticed that the Facebook post itself was missing from his timeline, missing from his Timeline Review, and had been removed from all the groups and pages to which he had shared it. Gone, too, were the comments. He then made a new post, explaining the elision, which was screenshotted and linked above. The Cryptosphere was able to confirm independently via email updates that the original post existed, and was subsequently scrubbed by Facebook.

Cryptosphere editor Kitty Hundal explains:

What happened.

1. Ray posted a story on the pastebin 2. I shared to my wall from his wall 3. I RTd from Twitter and these go to my FB Wall as well. 4. All activities records are eliminated from log of this. 5. My share from Ray’s wall is gone 6. My RT is there on both FB and Twitter. 7. I have email notifications of Rays and Joe’s comments.

Kitty Hundal Facebook Screen Shot 2015-05-14 at 7.38.08 PM

An exact duplicate, however, remains live on the wall of Cryptosphere contributor Kitty Hundal.

Comments on Johansen’s re-post confirm the original existed and has vanished. “i also just checked my notification for find it since i commented it..aaannnnd its gone too…crazy..” said Pierre Kossatikoff. “what i find weird is that the “original” pastebin , (here on Twitter screenshot) still up..”

Activist Joe Fionda brought up some interesting technical details; as you can see in the paste, the NSA has outsourced hosting of its email servers to Qwest. “There’s a Section 215 [of the Patriot Act] joke in here somewhere. There’s an even more amazing story about Qwest’s relationship with the NSA done down the barrel of a gun,” Fionda noted. “Qwest CEO Joe Nacchio got put through 15 years of hell by NSA & fed lawyers because he refused to go along with Bush’s pre-9/11 total surveillance program that they would later use 9/11 as the excuse for. Last week’s ruling that Section 215 collection was illegal effectively exonerates him.”

Johansen’s LinkedIn post has likewise mysteriously vanished.

Raymond Johansen LinkedIn NSA post

Hundal walked us through the timeline:

This is seriously weird Lorraine.
1. Went to my LinkedIn to find Raymond’s NSA pastebin post. 2. Found it and got a screenshot of it 3. Clicked on it to try to get a link for Raymond 4. The click took me to Raymond’s profile 5. Went back to my page to find the post again 6. Post is now gone.

Back on Facebook, Johansen added, “The lulz is so strong in all of this. I sent someone to get a copy of my Linkedin share too. It was deleted right in front of that persons eyes too. But AFTER screen shotting though. :D / Let’s see if they are moving on to scrubbing Twitter too. smh at the amount of moronium they are drinking over at the NSA. lulz D-lux. Im just lulzing along. And silently nodding at their potency, efficiency, and reach.”

But speaking of reach, the drama on social media has already doubled the views of the original paste. In the past four hours, it’s gained another 300 views. Can somebody tell the NSA about the Streisand Effect, please?

UPDATE: Facebook is now blocking posting the link to Pastebin.

NSA and Facebook block link to Pastebin Screen Shot 2015-05-15 at 8.22.40 AM

Categories: Activism, Anonymous, Breaking, Censorship, Cyber, Encryption, Facebook, Hackers, Hacktivism, News, NSA, Security, Social Media, SSH/Brute Force, Surveillance