TwitterFacebook

Is the XKeyScore Code Released in Germany Faked?

Expert analysis uncovers serious misrepresentations and possible fakery
Technology • Views: 26,137

Following up on our post about the wildly exaggerated claims made about the purported XKeyScore source code released in Germany this week by hacker Jacob Applebaum, here’s a very interesting post by cybersecurity expert Robert Graham with evidence that the code may have been at least partly faked: Errata Security: Validating XKeyScore Code.

The burning questions about the XKeyScore “source code” is whether it’s real, and whether it come from Snowden. The Grugq (@thegrugq) has some smart insight into this, and I have my own expertise with deep-packet-inspection code. I thought I’d write up our expert analysis to the questions.

TL;DR: we believe the code partly fake and that it came from the Snowden treasure trove.

A slightly longer summary is:

  1. The signatures are old (2011 to 2012), so it fits within the Snowden timeframe, and is unlikely to be a recent leak.
  2. The code is weird, as if they are snippets combined from training manuals rather than operational code. That would mean it is "fake".
  3. The story makes claims about the source that are verifiably false, leading us to believe that they may have falsified the origin of this source code.
  4. The code is so domain specific that it probably is, in some fashion, related to real XKeyScore code - if fake, it's not completely so.

Here’s a point that jumped out at me immediately upon looking at the code: all over the Internet, people are claiming that the code identifies linuxjournal.com as an “exremist forum” — but that’s simply false. As I tweeted two days ago:

Graham’s post agrees with this evaluation:

Another misrepresentation in the story is that the source calls the Linux Journal an extremist forum. That’s not true.

A comment does say that TAILS is “a comsec mechanism advocated by extremists on extremist forums”. This is true, as the picture (from the Grugq) demonstrates on the right: it’s a picture from an ISIS/jihad forum advocating the use of TAILS. But nowhere does it claim that the Linux Journal is one of those extremists — that’s something willfully made up by the authors of the story.

That the story already misrepresents the meaning of this source code hints that it may already be misrepresenting the provenance.

Exactly. Something smells very fishy here. Read the whole thing. And for those interested in the highly technical details, here’s Graham’s post going through the code line by line.

^ back to top ^

TwitterFacebook

Turn off all ads for a full year by subscribing!
Take advantage of our end-of-the-year subscription special, and save 25% off the normal subscription price! For a limited time, one-year ad-free subscriptions are just $59.95. Turn off all ads for a full year by subscribing now and save!
Read more...

► LGF Headlines

  • Loading...

► Tweeted Articles

  • Loading...

► Tweeted Pages

  • Loading...

► Top 10 Comments

  • Loading...

► Bottom Comments

  • Loading...

► Recent Comments

  • Loading...

► Tools/Info

► Tag Cloud

► Contact

You must have Javascript enabled to use the contact form.
Your email:

Subject:

Message:


Messages may be published unless you request otherwise.
Tech Note:
Using the Contact Form
LGF Pages

This button leads to the main index of LGF Pages, our user-submitted articles. You can post your own LGF Pages simply by registering a free account with us.

Create a Page

This is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.

Or... you can just click this button to open the Pages posting window right away.

Last updated: 2014-12-15 2:06 pm PST

LGF User's Guide
Recent Pages
Randall Gross
Hackers Demand Sony Remove All Signs the Interview Existed or More Data Will Be Released
The cyber terrorists move from terror threats to extortion in short order after Sony's CEO caved. By demanding that Sony throw "The Interview" down the memory hole, they've guaranteed that it will become the most sought after digital property of ...

13 minutes ago
Views: 46 • Comments: 0
Tweets: 0 • Rating: 0
wheat-dogghazi-bola-trality
China Tightens Grip on Macau as Dissent Rises in Gambling Hub - Yahoo News
Like Hong Kong, the nearby former Portuguese colony of Macau is a Special Autonomous Region (SAR) within the People's Republic of China. That means, on paper anyway, that Hong Kong and Macau operate autonomously from the national government in ...

2 hours, 6 minutes ago
Views: 110 • Comments: 0
Tweets: 1 • Rating: 0
FemNaziBitch
WHAT RAPE CULTURE? Why Is Rape at the Origin of Most Religion?
The impregnation process may be a "ravishing" or seduction or some kind of titillating but nonsexual procreative penetration. The story may come from an Eastern or Western religious tradition, pagan or Christian. But these encounters between beautiful young women ...

2 hours, 7 minutes ago
Views: 92 • Comments: 0
Tweets: 0 • Rating: 0
Rightwingconspirator
Blackmores Night-Christmas Music Olde And New At The Same Time
Spotify Youtube

2 days, 22 hours ago
Views: 182 • Comments: 0
Tweets: 0 • Rating: 1
Lumberhead
A History of Thugs
Civilization is imperiled. Demonic dark-skinned criminals exult in seizing property and security. Only a vanguard of brave uniformed officers can take them off the streets and restore order. It is 1835, and whites are finally confronting what Mark Twain ...

1 week, 1 day ago
Views: 599 • Comments: 0
Tweets: 1 • Rating: 1
Romantic Heretic
It’s Beginning To Feel A Lot Like Christmas
As always, Fairytale of New York makes me realize what time of the year it is.

1 week, 2 days ago
Views: 389 • Comments: 0
Tweets: 0 • Rating: 1
Dark_Falcon
The College Rape Overcorrection
This is the article I promised to post this morning. The quoted passage is from the second section, "2. An Overcorrection". We are told that one of the most dangerous places for a young woman in America today is a ...

1 week, 2 days ago
Views: 699 • Comments: 11
Tweets: 0 • Rating: 1
cinesimon
Charles Barkley and the Plague of ‘Unintelligent’ Blacks
theatlantic.com

1 week, 2 days ago
Views: 728 • Comments: 0
Tweets: 0 • Rating: 2
 Frank says:

Whoever we are, whereever we're from, we should have noticed by now our behaviour is dumb, and if our chances are expected to improve, it's gonna take a lot more than trying to remove, the other race, or the other whatever, from the face of the planet altogether -- Dumb All Over, You Are What You Is