This morning a partial analysis of the NSA’s XKEYSCORE code was published in Germany. Jacob Applebaum, an evangelist for the The Onion Project (TOR), was one of the authors.
The report details specific rules written for one of the NSA’s data collection tools, XKEYSCORE, which collects the IP addresses of TOR bridges, and users of the TOR network.
TOR is an anonymizing service used by many human rights activists and dissidents around the world to access the Internet and escape persecution from their governments, like China. It is also reportedly highly targeted by the NSA.
One of the amazing offshoots of today’s story is that first Cory Doctorow speculated that the revealed source code came from a second leaker, not Snowden:
“Another expert said that s/he believed that this leak may come from a second source, not Edward Snowden, as s/he had not seen this in the original Snowden docs; and had seen other revelations that also appeared independent of the Snowden materials. If that’s true, it’s big news, as Snowden was the first person to ever leak docs from the NSA. The existence of a potential second source means that Snowden may have inspired some of his former colleagues to take a long, hard look at the agency’s cavalier attitude to the law and decency.”
This was quickly backed up by a statement from Bruce Schneier, who has worked directly with Glenn Greenwald to help analyze the Snowden trove specifically in relation to the subverting of encryption algorithms.
Schneier posted on his site:
“And, since Cory said it, I do not believe that this came from the Snowden documents. I also don’t believe the TAO catalog came from the Snowden documents. I think there’s a second leaker out there.”
In other words Schneier apparently is confirming that he had not seen the TAO ANT Catalog in the Snowden collection, which he keeps on a separate laptop that he has never connected to the Internet.
A second NSA leak spells big trouble for the surveillance state.
A contributor to the cypherpunks mail list, going by the name of Maxim Kammerer, contends that the leaked XKEYSCORE rules indicate that they fit into the time frame of Snowden’s access and suggests that a new leak source would have more up to date information. He does not address Schneier’s comments on the ANT Catalog.