TwitterFacebook

Is the XKeyScore Code Released in Germany Faked?

Expert analysis uncovers serious misrepresentations and possible fakery
Technology • Views: 26,319

Following up on our post about the wildly exaggerated claims made about the purported XKeyScore source code released in Germany this week by hacker Jacob Applebaum, here’s a very interesting post by cybersecurity expert Robert Graham with evidence that the code may have been at least partly faked: Errata Security: Validating XKeyScore Code.

The burning questions about the XKeyScore “source code” is whether it’s real, and whether it come from Snowden. The Grugq (@thegrugq) has some smart insight into this, and I have my own expertise with deep-packet-inspection code. I thought I’d write up our expert analysis to the questions.

TL;DR: we believe the code partly fake and that it came from the Snowden treasure trove.

A slightly longer summary is:

  1. The signatures are old (2011 to 2012), so it fits within the Snowden timeframe, and is unlikely to be a recent leak.
  2. The code is weird, as if they are snippets combined from training manuals rather than operational code. That would mean it is "fake".
  3. The story makes claims about the source that are verifiably false, leading us to believe that they may have falsified the origin of this source code.
  4. The code is so domain specific that it probably is, in some fashion, related to real XKeyScore code - if fake, it's not completely so.

Here’s a point that jumped out at me immediately upon looking at the code: all over the Internet, people are claiming that the code identifies linuxjournal.com as an “exremist forum” — but that’s simply false. As I tweeted two days ago:

Graham’s post agrees with this evaluation:

Another misrepresentation in the story is that the source calls the Linux Journal an extremist forum. That’s not true.

A comment does say that TAILS is “a comsec mechanism advocated by extremists on extremist forums”. This is true, as the picture (from the Grugq) demonstrates on the right: it’s a picture from an ISIS/jihad forum advocating the use of TAILS. But nowhere does it claim that the Linux Journal is one of those extremists — that’s something willfully made up by the authors of the story.

That the story already misrepresents the meaning of this source code hints that it may already be misrepresenting the provenance.

Exactly. Something smells very fishy here. Read the whole thing. And for those interested in the highly technical details, here’s Graham’s post going through the code line by line.

^ back to top ^

TwitterFacebook

Turn off all ads for a full year by subscribing!
Take advantage of our New Year subscription special, and save 25% off the normal subscription price! For a limited time, one-year ad-free subscriptions are just $59.95. Turn off all ads for a full year by subscribing now and save!
Read more...

► LGF Headlines

  • Loading...

► Tweeted Articles

  • Loading...

► Tweeted Pages

  • Loading...

► Top 10 Comments

  • Loading...

► Bottom Comments

  • Loading...

► Recent Comments

  • Loading...

► Tools/Info

► Tag Cloud

► Contact

You must have Javascript enabled to use the contact form.
Your email:

Subject:

Message:


Messages may be published unless you request otherwise.
Tech Note:
Using the Contact Form
LGF Pages

This button leads to the main index of LGF Pages, our user-submitted articles. You can post your own LGF Pages simply by registering a free account with us.

Create a Page

This is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.

Or... you can just click this button to open the Pages posting window right away.

Last updated: 2014-12-15 2:06 pm PST

LGF User's Guide
Recent Pages
Thanos
UK Official Says Encouraging Diesel Cars to Lower Carbon Was ‘Wrong’
Yet only recently has the EU adopted stricter emissions standards equivalent to those imposed on cars sold on this side of the Atlantic. A set of standards known as Euro 6--roughly equivalent to the current U.S. Tier II, Bin ...

1 minute ago
Views: 20 • Comments: 0
Tweets: 0 • Rating: 0
SteveMcGaziBolaGate
Sign this petition
Please click on this link and sign the petition if you think this might help:wh.gov we petition the obama administration to:appoint the First Lady to lead the effort to increase vaccination rates for children to 100%. In light of the ...

5 hours, 37 minutes ago
Views: 39 • Comments: 0
Tweets: 0 • Rating: 0
Souliren
Frank Sanatra and Sammy Davis Jr.
More: This is Great Art.Disclaimer: it's an a few still photos of Sinatra and Sammy Davis with an audio track singing Me and my Shadow. Ignore the video. Close your eyes. Everone who participated in this has been a part ...

8 hours, 44 minutes ago
Views: 60 • Comments: 0
Tweets: 0 • Rating: 1
Rightwingconspirator
Tighten the Rules on E-Cigarettes? Is This Good Oversight?
The state report is not, however, an objective assessment. It obviously includes only the most damaging information about e-cigarettes. For example, some other studies have found potentially encouraging signs that vaping might help some smokers quit. In other words, ...

1 day, 15 hours ago
Views: 255 • Comments: 3
Tweets: 0 • Rating: 5
FemNaziBitch
Mississippi Wouldn’t Allow This Teacher to Show Kids How to Use a Condom. His Simple Solution Is Brilliant.
More: Mississippi Wouldn't Allow This Teacher to Show Kids How to Use a Condom. His Simple Solution Is Brilliant.

1 day, 22 hours ago
Views: 211 • Comments: 1
Tweets: 0 • Rating: 1
Khal Wimpo
Chuck C. Johnson boosting Twitter via fake followers
...in related news, water found to be wet. It's become common for politicians and companies looking to puff up their social profiles to "buy" followers from shady-ass sploggers. Which works when you're starting up, but after you start to get ...

3 days, 7 hours ago
Views: 733 • Comments: 2
Tweets: 149 • Rating: 6
aagcobb
The Average American Household Was Poorer in 2013 Than It Was in 1983 - Vox
Matthew Yglesias, Vox: The Average American Household Was Poorer in 2013 Than It Was in 1983 - Vox US net worth rose considerably over that period, which is what you would expect to see. Technology has improved and productivity increased, ...

3 days, 7 hours ago
Views: 269 • Comments: 0
Tweets: 0 • Rating: 4
Lumberhead
Scott Walker’s Divisive Message
If any candidate could run a rigid campaign of polarization--aimed at winning as many white voters as possible--it's Walker. His language is already there. In his Iowa speech, he touted voter-identification laws and portrayed disadvantage as a pure product ...

3 days, 7 hours ago
Views: 422 • Comments: 1
Tweets: 5 • Rating: 4
Rocky-in-Connecticut
Republican Governor’s State-Run Media Outlet
I guess Republicans are against state-run enterprises except when they are for it. Indiana Governor (R) to start up State-Run official mouthpiece news outlet.indystar.com Hey- If a nice guy Republican/Tea Party favorite like Putin can have his own state-run mouthpiece, ...

3 days, 13 hours ago
Views: 293 • Comments: 1
Tweets: 0 • Rating: 4
Skip Intro
Republican Net Neutrality Bill Would Gut FCC’s Authority Over Broadband
The party of pure evil strikes again. Net neutrality legislation unveiled by Republicans today would gut the ability of the Federal Communications Commission to regulate the broadband industry. As expected, the bill forbids the FCC from reclassifying broadband as a ...

1 week, 5 days ago
Views: 702 • Comments: 2
Tweets: 2 • Rating: 6
 Frank says:

If you wind up with a boring, miserable life because you listened to your mom, your dad, your teacher, your priest or some guy on TV telling you how to do your shit, then YOU DESERVE IT. -- From the Real Frank Zappa book.