Opacity: zIndex: Get 100000 0FP0EXP Token to input your own list (json format) or insert json link:

Get 80000 0FP0EXP Token to input your own list (json format) or insert json link:

My Playlist:

JSON Ready: Not Ready

Ready State:

Network State:

Name:

Album:

Reference:

Background Color

General HTML background color:

Header background color:

Menu background color:

Content background color:

Widget background color:

Footer background color:

Font Size

Get 150000 0FP0EXP Token to unlock this feature.

Heading 1 font size:

Heading 2 font size:

Heading 3 font size:

Heading 4 font size:

Heading 5 font size:

Heading 6 font size:

Header font size:

Header Widget font size:

Menu font size:

Widget font size:

Footer font size:

Content font size:

Font Color

Get 200000 0FP0EXP Token to unlock this feature.

Heading 1 font color:

Heading 2 font color:

Heading 3 font color:

Heading 4 font color:

Heading 5 font color:

Heading 6 font color:

Header font color:

Header Widget font color:

Menu font color:

Widget font color:

Footer font color:

Content font color:

Font Shadow

Get 250000 0FP0EXP Token to unlock this feature.

Heading 1 font shadow:

Heading 2 font shadow:

Heading 3 font shadow:

Heading 4 font shadow:

Heading 5 font shadow:

Heading 6 font shadow:

Header font shadow:

Header Widget font shadow:

Menu font shadow:

Widget font shadow:

Footer font shadow:

Content font shadow:

Other Styles Coming Soon



Source Code

Click the above image for basic sourced and click following button for processing token source code.

Ethereum Virtual Machine

Ethereum and EVM (ETC, BSC, AVAX-C-Chain, Polygon, etc).

Telegram Open Network

Telegram Open Network (TON) decentralized application.

Solana

Solana decentralized application.

Tron

Tron decentralized application.

Near

Near decentralized application.

Wax

Wax decentralized application.

Myalgo

Myalgo wallet for Algorand decentralized application.

Sync2

Sync2 wallet for Vechain decentralized application.

Scatter

Scatter wallet for EOS decentralized application.

Ontology

Ontology decentralized application.

Rabbet

Rabbet wallet for Stellar Lumen decentralized application.

Freighter

Freighter wallet for Stellar Lumen decentralized application.

Hivesigner

Hive Signer for Hive decentralized application.

Hivekeychain

Hive Key Chain for Hive decentralized application.

Zilpay

Zilpay wallet for Zilliqa decentralized application.

Neoline N2

Neoline wallet for Neo N2 decentralized application.

Neoline N3

Neoline wallet for Neo N3 decentralized application.

Keplr

Keplr wallet for Cosmos and other decentralized application.

Keeper

Keeper wallet for Waves decentralized application.

IWallet

IWallet for IOST decentralized application.

My Opinion of How Edward Snowden Breached the NSA when I was a Young Student

Get 60 0FP0EXP Token to remove widget entirely!

source code



source code
old source code

get any 0FP0EXP Token to automatically turn off or 10 0FP0EXP Token to remove this JavaScript Mining.

Get 50000 0FP0EXP Token to remove my NFTS advertisements!

Get 40000 0FP0EXP Token to remove this donation notification!

get 30000 0FP0EXP Token to remove this paypal donation.

View My Stats

Need referral links?

get 20000 0FP0EXP Token to remove my personal ADS.

word number: 848

Time: 2024-10-02 15:37:44 +0000

how-edward-snowden-breached-nsa.png

Note

This is the thirteenth assignment from my Masters Advanced Network Security Course which has never been published anywhere and I, as the author and copyright holder, license this assignment customized CC-BY-SA where anyone can share, copy, republish, and sell on condition to state my name as the author and notify that the original and open version available here.

1. Introduction

On the 20th century we have seen news of leaked official governmental documents by Wikileaks for example [1]. One of the largest and latest leaked is on period 2013 – 2014 where thousands of classified documents belonging to Nation Security Agency (NSA) in United State of America (USA) leaked to all over The World. Initially it was breached by NSA’s network administrator at that time Edward Snowden, and the documents were handed to journalist Glenn Greenwald and filmmaker Laura Poitras. The documents mainly exposed about the mass surveillance and its future plan to monitor everything by NSA. For example direct access to American’s Google and Yahoo accounts, record of all phone conversations and everything done on the Internet records, harvesting millions of emails and contacts, spying users of second life and world of warcraft alike, and plan on spreading malware to connect to their fake facebook server in order to intercept connection. All of it can be described by on of the title of Greenwald’s book entitled “No Place To Hide” which states the NSA’s objective to collect it all, process it all, exploit it all, partner it all, sniff it all, and know it all. [2]

The main question on this essay is how did Edward Snowden breach the NSA? The simple answer is he used key and certificate based attack. The world of cyber war had evolved from the motivation of disruption, cyber crime, cyber espionage, and now destruction of trust and creditability that could lead a company to bankrupt. The first threat the cyber world have faced are worms and virus in 1997, it then evolves to for-profit malwares in 2004, next is advance persistent threat (APT) in 2007, finally 2010 key and certificate based attacks were introduced. Edward Snowden simply following the trend (using key and certificate based attack) and made his breach in 2013. [3]

2. How Snowden Breached

The video [4] explained that there are mainly 3 key steps of Edward Snowden breaching NSA using kill chain analysis:

2.1 Researching the Target

Other names for this step in the world of hacking and penetration testing is information gathering or reconnaissance. Snowden as a system administrator was granted common access card (CAC) that was preloaded cryptographic keys and digital certificates thus he had authorized basic access. When he was in the CIA before he already tried the limits of his administrator privileged to gain unauthorized access to classified information, meaning that he was able to search the locations of each informations.

2.2 Initial Intrusion

Edward Snowden doesn’t have a server or PCs connected to NSA network, only a shell like any other external hacker who only achieve initial intrusion. In other words he’s in the phase after scanning and initial exploitation but without privileged to classified data. He used secure shell (SSH) in his daily job which means he can get the SSH key. He also hold SSH account of his colleagues, meaning he can also extract those keys. With many keys in his possession, he had the capabilities to fabricate his own keys and certificates. With these he was able to gain administrative privileged to classified data. Like those who are knowledgeable in APTs he was able to cover his track and not sounding the alarm.

2.3 Exfiltration

This step can be quite new for beginner hacker or penetration tester where the 4 general steps (1) information gathering (reconnaissance) (2) scanning (3) exploitation (4) maintaining access (backdoor), this step can be put after (3) or (4). Some can say this is one of those stealth method. This step is after Snowden able to access the data but he cannot simply copy it into a thumb drive or some method alike which will alert the system. He needs to retrieve the data quietly. What he did was encrypted the data based on his own fabricated keys and certificates and send them over the network.

3. The Problem

The site [5] claims that the main problem is on the awareness of key and certificate based attacks. If the use of keys and certificates were monitored, detection and prevention of abnormality on the use of those keys and certificates were implemented, Snowden attempts can be detected or prevented on the 3rd step. Since NSA was not aware of keys and certificates, Snowdens encrypted transmission of the classified data after the intrusion was treated as safe on the network.

4. Reference

  1. http://zbnnr7qzaxlk5tms.onion
  2. https://en.wikipedia.org/wiki/Edward_Snowden
  3. https://www.venafi.com/blog/post/evolution-of-cyber-attacks-infographic
  4. https://youtu.be/2_YHAudAawM
  5. https://www.venafi.com/blog/post/deciphering-how-edward-snowden-breached-the-nsa

Mirrors