TwitterFacebook

Is the XKeyScore Code Released in Germany Faked?

Expert analysis uncovers serious misrepresentations and possible fakery
Technology • Views: 27,085

Following up on our post about the wildly exaggerated claims made about the purported XKeyScore source code released in Germany this week by hacker Jacob Applebaum, here’s a very interesting post by cybersecurity expert Robert Graham with evidence that the code may have been at least partly faked: Errata Security: Validating XKeyScore Code.

The burning questions about the XKeyScore “source code” is whether it’s real, and whether it come from Snowden. The Grugq (@thegrugq) has some smart insight into this, and I have my own expertise with deep-packet-inspection code. I thought I’d write up our expert analysis to the questions.

TL;DR: we believe the code partly fake and that it came from the Snowden treasure trove.

A slightly longer summary is:

  1. The signatures are old (2011 to 2012), so it fits within the Snowden timeframe, and is unlikely to be a recent leak.
  2. The code is weird, as if they are snippets combined from training manuals rather than operational code. That would mean it is "fake".
  3. The story makes claims about the source that are verifiably false, leading us to believe that they may have falsified the origin of this source code.
  4. The code is so domain specific that it probably is, in some fashion, related to real XKeyScore code - if fake, it's not completely so.

Here’s a point that jumped out at me immediately upon looking at the code: all over the Internet, people are claiming that the code identifies linuxjournal.com as an “exremist forum” — but that’s simply false. As I tweeted two days ago:

Graham’s post agrees with this evaluation:

Another misrepresentation in the story is that the source calls the Linux Journal an extremist forum. That’s not true.

A comment does say that TAILS is “a comsec mechanism advocated by extremists on extremist forums”. This is true, as the picture (from the Grugq) demonstrates on the right: it’s a picture from an ISIS/jihad forum advocating the use of TAILS. But nowhere does it claim that the Linux Journal is one of those extremists — that’s something willfully made up by the authors of the story.

That the story already misrepresents the meaning of this source code hints that it may already be misrepresenting the provenance.

Exactly. Something smells very fishy here. Read the whole thing. And for those interested in the highly technical details, here’s Graham’s post going through the code line by line.

Jump to top

Help support Little Green Footballs!

Subscribe now for ad-free access!

Contact Us LGF Pages

This button leads to the main index of LGF Pages, our user-submitted articles. You can post your own LGF Pages simply by registering a free account with us.

Create a Page

This is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.

Or... you can just click this button to open the Pages posting window right away.

Last updated: 2015-06-25 5:21 pm PDT

LGF User's Guide RSS Feeds
Recent Pages
KiTA
Gawker CEO Ominously Hinted at Hogan Racist Rant Before Video Was Leaked
So on July 10th, Nick Denton, the owner of Gawker media, suggested there was a "third act" to the Hogan story. There will be a third act which we believe will center on the real story: the additional recordings held ...

39 minutes ago
Views: 41 • Comments: 0
Tweets: 0 • Rating: 0
teleskiguy
Key & Peele - TeachingCenter
As the son of a life-long educator I find this video is quite special. I'm going to miss Key & Peele when they're done with the TV show. The teaching profession, as imagined in a SportsCenter universe. Boyd Maxwell and ...

5 hours, 13 minutes ago
Views: 98 • Comments: 0
Tweets: 2 • Rating: 0
Skip Intro
Windows 10 is out. Help a guy out, please.
So I downloaded the Win 10 ISO image today, and started the install. The first thing I come across is a screen asking what I want to keep, my apps, data, and program settings, my data and program settings, or ...

16 hours, 51 minutes ago
Views: 256 • Comments: 5
Tweets: 0 • Rating: 0
FemNaziBitch
Donald Trump’s Lawyer Threatens Reporter Over Ex-Wife’s Allegations: ‘You Cannot Rape Your Spouse’
A lawyer and spokesman for current Republican presidential frontrunner Donald Trump issued a series of vulgar threats to a reporter on Monday, while falsely claiming that it was legal for a husband to rape his wife in New York. ...

19 hours, 52 minutes ago
Views: 194 • Comments: 0
Tweets: 1 • Rating: 0
Thanos
Mainline Presbyterian Members Win Lawsuit Over Control of Overland Park Church
The rest of this story is that the fundamentalist groups forming these schisms and trying to take whole churches are sometimes backed by legal groups and funding from foundations that trace back to the reclusive reconstructionist billionaire, Howard Ahmanson. In ...

1 day, 9 hours ago
Views: 331 • Comments: 0
Tweets: 2 • Rating: 2
Great White Snark
Huffington Post Arabic-Smart Outreach, Sure To Infuriate Bigots
Dirct Link: Huffington Post Arabic - Kudos! Good to see this. The link takes you right there, but for us non arabic readers, a helpful translate panel comes right up. You who do read arabic can judge the content, ...

2 days, 16 hours ago
Views: 619 • Comments: 0
Tweets: 18 • Rating: 1
Iwouldprefernotto
More Edited PP Videos
NYT -- More Edited PP Videos in the Pipeline The activist behind the videos, David Daleiden, has said he has enough covertly recorded footage for perhaps a dozen videos that he could release, one a week, for the next few ...

2 days, 19 hours ago
Views: 345 • Comments: 0
Tweets: 0 • Rating: 2
Predaka
Swedish Right Plans Gay Pride March Through Muslim Areas Of Stockholm
haaretz.com From the article: Swedish nationalists are planning a gay 'pride' march through Muslim-majority districts in the country's capital, according to media reports and a dedicated Facebook page. The march, called 'Pride Järva,' is scheduled to take place on July ...

3 days, 8 hours ago
Views: 637 • Comments: 10
Tweets: 0 • Rating: 1
EiMitch
Cracked: 5 Things I Learned Committing A Campus Sexual Assault
cracked.com This is a story of sexual assault told primarily from the perpetrator's perspective, using the pseudonyms "Tim" and "Vicky" for him and his victim respectively. But this isn't the story of a predator on the prowl. No, this is ...

5 days, 8 hours ago
Views: 587 • Comments: 2
Tweets: 4 • Rating: 3
Lumberhead
#BlackLivesMatter Shows There Are Problems in American Life That Can’t Be Blamed on the Rich
Democratic presidential candidates should take heed. They need to come up with a way to speak to this issue. Otherwise, in an Obama-less election, part of the Obama coalition may not be motivated to show up. Obviously, you can be ...

1 week ago
Views: 442 • Comments: 2
Tweets: 0 • Rating: 2

► LGF Headlines

  • Loading...

► Tweeted Articles

  • Loading...

► Tweeted Pages

  • Loading...

► Top 10 Comments

  • Loading...

► Bottom Comments

  • Loading...

► Recent Comments

  • Loading...

► Tools/Info

► Tag Cloud

 Frank says:

I never took a shit on stage, and the closest I ever came to eating shit anywhere was at a Holiday Inn buffet in Fayetteville, North Carolina, in 1973. -- From The Real Frank Zappa book.