TwitterFacebook

Is the XKeyScore Code Released in Germany Faked?

Expert analysis uncovers serious misrepresentations and possible fakery
Technology • Views: 25,853

Following up on our post about the wildly exaggerated claims made about the purported XKeyScore source code released in Germany this week by hacker Jacob Applebaum, here’s a very interesting post by cybersecurity expert Robert Graham with evidence that the code may have been at least partly faked: Errata Security: Validating XKeyScore Code.

The burning questions about the XKeyScore “source code” is whether it’s real, and whether it come from Snowden. The Grugq (@thegrugq) has some smart insight into this, and I have my own expertise with deep-packet-inspection code. I thought I’d write up our expert analysis to the questions.

TL;DR: we believe the code partly fake and that it came from the Snowden treasure trove.

A slightly longer summary is:

  1. The signatures are old (2011 to 2012), so it fits within the Snowden timeframe, and is unlikely to be a recent leak.
  2. The code is weird, as if they are snippets combined from training manuals rather than operational code. That would mean it is "fake".
  3. The story makes claims about the source that are verifiably false, leading us to believe that they may have falsified the origin of this source code.
  4. The code is so domain specific that it probably is, in some fashion, related to real XKeyScore code - if fake, it's not completely so.

Here’s a point that jumped out at me immediately upon looking at the code: all over the Internet, people are claiming that the code identifies linuxjournal.com as an “exremist forum” — but that’s simply false. As I tweeted two days ago:

Graham’s post agrees with this evaluation:

Another misrepresentation in the story is that the source calls the Linux Journal an extremist forum. That’s not true.

A comment does say that TAILS is “a comsec mechanism advocated by extremists on extremist forums”. This is true, as the picture (from the Grugq) demonstrates on the right: it’s a picture from an ISIS/jihad forum advocating the use of TAILS. But nowhere does it claim that the Linux Journal is one of those extremists — that’s something willfully made up by the authors of the story.

That the story already misrepresents the meaning of this source code hints that it may already be misrepresenting the provenance.

Exactly. Something smells very fishy here. Read the whole thing. And for those interested in the highly technical details, here’s Graham’s post going through the code line by line.

^ back to top ^

TwitterFacebook

Turn off all ads for a full year by subscribing!
For about 33 cents a day (per month) or 22 cents a day (per year), our subscription option turns off all advertisements at LGF!
Read more...

► LGF Headlines

  • Loading...

► Tweeted Articles

  • Loading...

► Tweeted Pages

  • Loading...

► Top 10 Comments

  • Loading...

► Bottom Comments

  • Loading...

► Recent Comments

  • Loading...

► Tools/Info

► Tag Cloud

► Contact

You must have Javascript enabled to use the contact form.
Your email:

Subject:

Message:


Messages may be published unless you request otherwise.
Tech Note:
Using the Contact Form
LGF Pages

This button leads to the main index of LGF Pages, our user-submitted articles. You can post your own LGF Pages simply by registering a free account with us.

Create a Page

This is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.

Or... you can just click this button to open the Pages posting window right away.

Last updated: 2014-03-07 2:19 pm PST

LGF User's Guide
Recent Pages
nines09
Rick Perry Response To Federal Response To Ebola Is Missing Something
Chalk up one for the "but, Rick, I thought that was your departments dirty diaper." No. It's the Fed. Yeah that Fed. The one who attempts to level the field across the board. So the Rick, I must be on ...

1 hour, 4 minutes ago
Views: 62 • Comments: 0
Tweets: 0 • Rating: 0
Randall Gross
How to Turn an Archaeologist Into an Underwater Iron Man - IEEE Spectrum
It used to be that all an archaeologist needed was a fedora hat and a bullwhip. Today's professionals, however, have much more sophisticated gear. This month, marine archaeologists exploring an ancient Greek shipwreck tried out a high-tech "exosuit" for ...

3 hours, 37 minutes ago
Views: 82 • Comments: 0
Tweets: 0 • Rating: 0
EiMitch
Cracked: 6 Halloween Pranks for Sociopaths With Unlimited Budgets
cracked.com America's No. 1 holiday celebrating violence and candy is just around the corner, and this year it looks to be better than ever, as the glorious union of art and technology has given us several exciting new ways to ...

1 day ago
Views: 233 • Comments: 0
Tweets: 0 • Rating: 1
FemNaziBitch
Princeton Study: U.S. No Longer an Actual Democracy
A new study from Princeton spells bad news for American democracy--namely, that it no longer exists. Asking "[w]ho really rules?" researchers Martin Gilens and Benjamin I. Page argue that over the past few decades America's political system has slowly ...

1 day, 8 hours ago
Views: 389 • Comments: 3
Tweets: 1 • Rating: 3
Skip Intro
‘Pro-Life’ Group: No Ebola Vaccine if Stem Cells Are Used
A "pro-life" group called Children of God for Life is throwing a fit because Ebola vaccines currently being developed use cells derived from embryonic stem cells. Because it's totally "pro-life" to let living people die of Ebola when it ...

1 day, 10 hours ago
Views: 384 • Comments: 6
Tweets: 0 • Rating: 5
Lumberhead
Moulton Underplays Military Service - Metro - the Boston Globe
This really is remarkable. I came across it over at Charlie Pierce's blog at Esquire. Imagine, a politician downplaying his heroic war record. The American political graveyard has more than a few monuments to politicians and public officials who embellished ...

2 days, 11 hours ago
Views: 284 • Comments: 1
Tweets: 0 • Rating: 0
Souliren
Natalie MacMaster Fiddle school
This is a short (under two minute) video of Natalie teaching a technique for "Athole Brose," in Cape Breton style.

3 days, 5 hours ago
Views: 276 • Comments: 0
Tweets: 0 • Rating: 2
MichaelJ
Amazing RED Camera Footage Kelly Slater’s 540 Air
More: Amazing RED Camera Footage Kelly Slater's 540 Air There's a reason why people refer to 11-time world champ Kelly Slater as "the king". This clip/maneuver is yet another ground-breaking moment in the history of surfing.

5 days, 2 hours ago
Views: 527 • Comments: 3
Tweets: 6 • Rating: 5
Rightwingconspirator
1934 Had Worst Drought of Last Thousand Years-We Made It Worse
"It was the worst by a large margin, falling pretty far outside the normal range of variability that we see in the record," said climate scientist Ben Cook at NASA's Goddard Institute for Space Studies in New York. Cook ...

5 days, 11 hours ago
Views: 600 • Comments: 0
Tweets: 0 • Rating: 5
blah blah ad hominem mumbo jumbo.
Daniel Johnston-True Love Will Find You In The End.
A simple, imperfect, brilliant song, by a fascinating man. Link

1 week, 2 days ago
Views: 620 • Comments: 0
Tweets: 0 • Rating: 2
 Frank says:

Meanwhile at the Fornebu duty free shop -- Phrase used between songs during the march 1988 concert in Skedsmohallen, near Oslo, Norway. Fornebu is the Oslo airport.