The NSA and its allies have raided the pockets of independent and nation-state hackers and monitored some of the security industry's foremost researchers in its bid to hoover information on targets and find better ways to break systems, Snowden documents reveal.
Spooks would monitor the work of 'freelance' and rival state hackers, notably those plundering email accounts owned by targets of interest to the NSA and friends, and pilfer the stolen contents, according to a report by The Intercept.
That stolen data, referred to as 'take', was then pinched from hacker targets such as journalists, activists and military sources including the Indian Navy. Those hacks were likely the handiwork of other nation-state hackers given the sophistication of the breaches.
The documents revealed the hackers' email-plundering infrastructure was referred to under the moniker INTOLERANT and that Canada and the UK had hands in hacker pockets.
Here's a choice bit from one of the alleged NSA documents:
"Recently, Communications Security Establishment Canada (CSEC) and Menwith Hill Station (MHS) discovered and began exploiting a target-rich data set being stolen by hackers. The hackers’ sophisticated email-stealing intrusion set is known as INTOLERANT. Of the traffic observed, nearly half contains category hits because the attackers are targeting email accounts of interest to the Intelligence Community. Although a relatively new data source, [Target Offices of Primary Interest] have already written multiple reports based on INTOLERANT collect."
The NSA would tip-off allies such as the UK and Australia when it found data in hackers' take.
Snowden's trickle-feed cache also revealed the NSA had run an open source intelligence gathering service known as Lovely Horse which monitored the Twitter feeds of security bods including Mark Dowd, Tavis Ormandy and HD Moore. The Intercept listed 36 other Twitter sources who could be flattered by the agency's interest.
The agency also scraped security blogs for data in its bid to keep abreast of emerging exploits and vulnerabilities.
It need not have go to the length to build in-house systems however. Plenty of RSS feed platforms and page-monitoring browser extensions exist, while Aussie hacker Matt Jones (@volvent) had in 2012 created the TalkBack portal to analyse Twitter chatter and pry out new vulnerability information using known good security sources. ®