Is the XKeyScore Code Released in Germany Faked?

Expert analysis uncovers serious misrepresentations and possible fakery

Following up on our post about the wildly exaggerated claims made about the purported XKeyScore source code released in Germany this week by hacker Jacob Applebaum, here’s a very interesting post by cybersecurity expert Robert Graham with evidence that the code may have been at least partly faked: Errata Security: Validating XKeyScore Code.

The burning questions about the XKeyScore “source code” is whether it’s real, and whether it come from Snowden. The Grugq (@thegrugq) has some smart insight into this, and I have my own expertise with deep-packet-inspection code. I thought I’d write up our expert analysis to the questions.

TL;DR: we believe the code partly fake and that it came from the Snowden treasure trove.

A slightly longer summary is:

  1. The signatures are old (2011 to 2012), so it fits within the Snowden timeframe, and is unlikely to be a recent leak.
  2. The code is weird, as if they are snippets combined from training manuals rather than operational code. That would mean it is "fake".
  3. The story makes claims about the source that are verifiably false, leading us to believe that they may have falsified the origin of this source code.
  4. The code is so domain specific that it probably is, in some fashion, related to real XKeyScore code - if fake, it's not completely so.

Here’s a point that jumped out at me immediately upon looking at the code: all over the Internet, people are claiming that the code identifies linuxjournal.com as an “exremist forum” — but that’s simply false. As I tweeted two days ago:

Graham’s post agrees with this evaluation:

Another misrepresentation in the story is that the source calls the Linux Journal an extremist forum. That’s not true.

A comment does say that TAILS is “a comsec mechanism advocated by extremists on extremist forums”. This is true, as the picture (from the Grugq) demonstrates on the right: it’s a picture from an ISIS/jihad forum advocating the use of TAILS. But nowhere does it claim that the Linux Journal is one of those extremists — that’s something willfully made up by the authors of the story.

That the story already misrepresents the meaning of this source code hints that it may already be misrepresenting the provenance.

Exactly. Something smells very fishy here. Read the whole thing. And for those interested in the highly technical details, here’s Graham’s post going through the code line by line.

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2016-01-01 10:29 am PST
LGF User's Guide RSS Feeds

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Recent PagesClick to refresh
The Federal Government Must Stop Catholic Hospitals From Harming More Women Unfortunately, it’s increasingly a common story. A woman who is expecting a baby rushes to the hospital knowing that something is going horribly awry. Her heart rate is elevated, and she is bleeding. Sadly, the pregnancy is doomed. Crying ...
Birth Control Works
14 hours, 31 minutes ago
Views: 790 • Comments: 0 • Rating: 3
Tweets: 280 • Share to Facebook
Shares: 3
Likes: 4
Comments: 2
: 9
We Need to Meet Young Women’s Contraceptive Needs in Developing Regions—And We Can Make It Happen Today, of the 38 million adolescent women aged 15 to 19 in developing regions who are sexually active and want to avoid pregnancy, 23 million have an unmet need for modern contraceptives—meaning they are not using a contraceptive method ...
Birth Control Works
15 hours, 42 minutes ago
Views: 192 • Comments: 0 • Rating: 2
Tweets: 3 • Share to Facebook
Shares: 1
Likes: 0
Comments: 0
: 1
Right on Brotha Provided to YouTube by Sony Music Entertainment Right On Brotha · Miles Davis / Miles Davis / Miles Davis / 邁爾士戴維斯 · Robert Glasper · Stevie Wonder / Stevie Wonder / スティーヴィーワンダー Everything's Beautiful ℗ 2016 Sony Music Entertainment ...
Thanos
16 hours, 25 minutes ago
Views: 165 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Likes: 0
Comments: 0
: 0
RFID BlockerAs many people who read this particular weblog know I recently got a chip card from my credit union. After reading articles from wiki and every other popular weblog, I found some reliable information from some of my fellow LGF ...
PhillyPretzel
20 hours, 30 minutes ago
Views: 226 • Comments: 0 • Rating: 2
Tweets: 0 • Share to Facebook
Shares: 0
Likes: 0
Comments: 0
: 0
Donald Trump Uber Alles I am the Super Classy Donald TrumpMy lies smile and never stumpSoon I will be President Obama power will soon go awayI will be fuhrer one dayI will command all of youYour kids will pledge to me in schoolYour ...
gocart mozart
1 day, 12 hours ago
Views: 582 • Comments: 2 • Rating: 2
Tweets: 25 • Share to Facebook
Shares: 0
Likes: 0
Comments: 0
: 0
Should It Be Legal to Resell E-Books, Software, and Other Digital Goods? "If you're going to start reselling digital goods, who would be the fool who buys the original book?" asks Martijn David, the secretary general of the Dutch Publishers' Association. "A second-hand car is not new. A second-hand book is ...
Thanos
1 day, 18 hours ago
Views: 489 • Comments: 3 • Rating: 0
Tweets: 2 • Share to Facebook
Shares: 0
Likes: 0
Comments: 0
: 0
Swiss Mark Opening of World’s Longest and Deepest Rail Tunnel Switzerland will celebrate an engineering marvel 20 years in the works on Wednesday: the debut of the world's longest and deepest railroad tunnel. The new tunnel through the Alps is 35.5 miles long, exceeding by 2 miles the current ...
Thanos
1 day, 22 hours ago
Views: 500 • Comments: 0 • Rating: 0
Tweets: 2 • Share to Facebook
Shares: 0
Likes: 0
Comments: 0
: 0
Dr Heimlich Saves Choking Woman With Manoeuvre He Invented The 96-year-old American inventor of the Heimlich manoeuvre has used the technique himself to save a choking woman at his retirement home. Dr Henry Heimlich said he had demonstrated the technique many times but never used it in an ...
Thanos
2 days, 14 hours ago
Views: 554 • Comments: 0 • Rating: 1
Tweets: 4 • Share to Facebook
Shares: 0
Likes: 0
Comments: 0
: 0
Push for Encryption Is Losing Steam in Congress, Despite Apple ShowdownI've never been in favor of a back door, however if there's an appropriately issued warrant and the phone manufacturer retrieves the data and unencrypts it without handing the tools to the police, I do not have heartburn with that. ...
Thanos
2 days, 18 hours ago
Views: 612 • Comments: 0 • Rating: 1
Tweets: 2 • Share to Facebook
Shares: 0
Likes: 0
Comments: 0
: 0
Especially for the Indy Minded, Welcome to the Election From Hell The following author really captured what I sense, what I feel, what makes me despair of this election this year. My dear friends online, I confess I am far too independent for the comfort of many around me. This ...
Great White Snark
3 days, 10 hours ago
Views: 1,003 • Comments: 2 • Rating: 2
Tweets: 2 • Share to Facebook
Shares: 1
Likes: 2
Comments: 7
: 10