Is the XKeyScore Code Released in Germany Faked?

Expert analysis uncovers serious misrepresentations and possible fakery

Following up on our post about the wildly exaggerated claims made about the purported XKeyScore source code released in Germany this week by hacker Jacob Applebaum, here’s a very interesting post by cybersecurity expert Robert Graham with evidence that the code may have been at least partly faked: Errata Security: Validating XKeyScore Code.

The burning questions about the XKeyScore “source code” is whether it’s real, and whether it come from Snowden. The Grugq (@thegrugq) has some smart insight into this, and I have my own expertise with deep-packet-inspection code. I thought I’d write up our expert analysis to the questions.

TL;DR: we believe the code partly fake and that it came from the Snowden treasure trove.

A slightly longer summary is:

  1. The signatures are old (2011 to 2012), so it fits within the Snowden timeframe, and is unlikely to be a recent leak.
  2. The code is weird, as if they are snippets combined from training manuals rather than operational code. That would mean it is "fake".
  3. The story makes claims about the source that are verifiably false, leading us to believe that they may have falsified the origin of this source code.
  4. The code is so domain specific that it probably is, in some fashion, related to real XKeyScore code - if fake, it's not completely so.

Here’s a point that jumped out at me immediately upon looking at the code: all over the Internet, people are claiming that the code identifies as an “exremist forum” — but that’s simply false. As I tweeted two days ago:

Graham’s post agrees with this evaluation:

Another misrepresentation in the story is that the source calls the Linux Journal an extremist forum. That’s not true.

A comment does say that TAILS is “a comsec mechanism advocated by extremists on extremist forums”. This is true, as the picture (from the Grugq) demonstrates on the right: it’s a picture from an ISIS/jihad forum advocating the use of TAILS. But nowhere does it claim that the Linux Journal is one of those extremists — that’s something willfully made up by the authors of the story.

That the story already misrepresents the meaning of this source code hints that it may already be misrepresenting the provenance.

Exactly. Something smells very fishy here. Read the whole thing. And for those interested in the highly technical details, here’s Graham’s post going through the code line by line.

Jump to top

Create a Page

This is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.

Or... you can just click this button to open the Pages posting window right away.

Last updated: 2015-09-11 10:11 am PDT

LGF User's Guide RSS Feeds

Help support Little Green Footballs!

Subscribe now for ad-free access!

Recent Pages
Great White Snark
GOP Probe Into Planned Parenthood Funding Comes Up Empty
"Did we find any wrongdoing? The answer was no," Chaffetz said. WASHINGTON -- Rep. Jason Chaffetz (R-Utah), chairman of the House Oversight and Government Reform Committee, said Thursday that the GOP's investigation into Planned Parenthood's use of federal funds ...

24 minutes ago
Views: 37 • Comments: 0
Tweets: 0 • Rating: 0
Gene Patents Probably Dead Worldwide Following Australian Court Decision
Australia's highest court has ruled unanimously that a version of a gene that is linked to an increased risk for breast cancer cannot be patented. The case was brought by 69-year-old pensioner from Queensland, Yvonne D'Arcy, who had taken ...

13 hours, 21 minutes ago
Views: 218 • Comments: 0
Tweets: 2 • Rating: 4
R.I.P., Mrs. Zappa
I'm a little sad this morning. Yesterday, the Zappa family announced that their matriarch passed away after a long battle with lung cancer. Many "fans" and miscellaneous targets of her fierce defense of the FZ copyrights have had issues with ...

22 hours, 25 minutes ago
Views: 194 • Comments: 1
Tweets: 0 • Rating: 3
I Stand With Planned Parenthood
Gates Foundation Gives New Parents a Year of Paid Leave
The Bill & Melinda Gates Foundation is giving new parents up to a year of paid parental leave. The foundation's new policy, offering both mothers and fathers up to 52 weeks of paid time off during the first year ...

2 days, 1 hour ago
Views: 322 • Comments: 0
Tweets: 0 • Rating: 1
Under the Lake Live Thread
Another Two-Parter this time, it promises to be awesome join me here!

5 days, 14 hours ago
Views: 480 • Comments: 25
Tweets: 2 • Rating: 1
Imagine Donald Trump as a Dystopian Sci-Fi Movie Tyrant ( Video )
Here's a video created by folks at the science and sci fi website io9. Its disturbing because Donald Trump really does sound like he could be Dystopian despot! Watch the video and you'll see what I mean. If you're a ...

1 week ago
Views: 573 • Comments: 3
Tweets: 0 • Rating: 2
Paul Canning
World’s Main Security Issue Today Is Russian Poisoned Public Opinion
I have posted before about how Americans seem to be unaware just how much Russians are being told to hate them. In this article Andreas Umland, a Kyiv based analyst and Senior Research Fellow at the Institute for Euro-Atlantic ...

1 week ago
Views: 687 • Comments: 0
Tweets: 6 • Rating: 1
The Autumn DIY Project
Ok, so September is not exactly New Year, but as the academic term begins and schools go back following the holidays, it does feel like a fresh start. It can be a good time to tackle new projects, so why ...

2 weeks, 1 day ago
Views: 741 • Comments: 0
Tweets: 2 • Rating: 0