on •

DⒶʀKᙡiNɢ ಠ_ರೃ , a Swede associated with Anonymous, has claimed a new, and rather relentless, hack of the US National Security Agency’s email server. Nothing so mundane as username/password combinations, the Pastebin of the hack lists the methodology and blow-by-blow of what worked, what didn’t, and what the hacker thinks of the NSA security (hint: not much). Turns out, the NSA doesn’t even maintain its own email server: they’ve outsourced that to Qwest.

Here’s an excerpt from the Paste:

Lets look at their site; damm they got alot of dns bs Trying zone transfer first… Testing dsdn-gh1-uea06.nsa.gov Request timed out or transfer not allowed. Testing dsdn-gh1-uea05.nsa.gov Request timed out or transfer not allowed. Unsuccessful in zone transfer (it was worth a shot) Okay, trying the good old fashioned way… brute force Checking for wildcard DNS… Nope. Good.

According to DⒶʀKᙡiNɢ ಠ_ರೃ, the hack of the email system exposed some antiquated vulnerabilities which the hacker claims should have been patched eons ago, including outdated SSL and SSH. In other words, the NSA’s emails are using outdated encryption security certificates.

oh hehe they use and old version of ssh (ssh1.5)

the cunts might just put up some bullshit sec on their sub servers and expecting noone to find em

but on their number one server range , im sure they got some gay ass “elite waf” okey what can we found out about this “by the whitehat-book” firm

they got an webadmin named kevin:) hehe like mitnick , “kevin the system security admin” very cjut. #i though nsa should be smart and not pick some fuckers that are can be taken down

#with 22900 bytes of data haha, but i guess they r just script kiddie bitches

The hack itself was dedicated to Vampire666 , a fellow hacker whose Pastebin account has been dormant since 2013. The hack has been popular with other Anons, many of whom have been starved for news of audacious hacks since the arrests that put an end to Sabu’s AntiSec crew and Cabin Cr3w.

If we were back in ancient days…and I had to go to war with battle ax and sword…would want the Swedish Anons with me. @_Anonymous_swe_ — The Real Anonymous (@anon99percenter) May 14, 2015

So much Love! I'm overwhelmed.. Love to my brothers and sisters, you are my motivation! #Anonfamily — DⒶʀKᙡiNɢ ಠ_ರೃ (@_Anonymous_swe_) May 14, 2015

When supporters attempted to share the news on Facebook and LinkedIn, however, they were in for some surprises.

Pirate Party activist and Cryptosphere contributor Raymond Johansen shared the original tweet to Facebook when the Paste had 327 views. The tweet contains a live link to the Pastebin, of course.

Within eight minutes, he reports, the Pastebin had been taken down. “THEN they read me laughing at them for even trying.” Someone posted a link to the Google cache of the missing paste in the comments on Facebook, at which point the paste apparently re-materialized. “Within a minute of that the original paste is back up AGAIN – the NSA realizing I am making them look like class fulz. THAT moment is the single most ROFL inducing PSML unavoidable moment of my life. It is Anonspeak for “we know we fckd lets unfck ourself” – all the while actually doublefcking themselves – royally.”

The paste may have been tampered with in the interim, says Johansen. “The [second] paste we saw, maybe 12 hours old, had strange garbage on the end. IMO it has been tinkered with and I myself will not visit that pastebin – because OpSec.”

“AnonIntelGroup posted ‘Bring the Lulz back!’ a week ago. ‘Mission accompli!’ – I would say.”

Within three hours of that, however, Johansen noticed that the Facebook post itself was missing from his timeline, missing from his Timeline Review, and had been removed from all the groups and pages to which he had shared it. Gone, too, were the comments. He then made a new post, explaining the elision, which was screenshotted and linked above. The Cryptosphere was able to confirm independently via email updates that the original post existed, and was subsequently scrubbed by Facebook.

Cryptosphere editor Kitty Hundal explains:

What happened. 1. Ray posted a story on the pastebin 2. I shared to my wall from his wall 3. I RTd from Twitter and these go to my FB Wall as well. 4. All activities records are eliminated from log of this. 5. My share from Ray’s wall is gone 6. My RT is there on both FB and Twitter. 7. I have email notifications of Rays and Joe’s comments.

An exact duplicate, however, remains live on the wall of Cryptosphere contributor Kitty Hundal.

Comments on Johansen’s re-post confirm the original existed and has vanished. “i also just checked my notification for find it since i commented it..aaannnnd its gone too…crazy..” said Pierre Kossatikoff. “what i find weird is that the “original” pastebin , (here on Twitter screenshot) still up..”

Activist Joe Fionda brought up some interesting technical details; as you can see in the paste, the NSA has outsourced hosting of its email servers to Qwest. “There’s a Section 215 [of the Patriot Act] joke in here somewhere. There’s an even more amazing story about Qwest’s relationship with the NSA done down the barrel of a gun,” Fionda noted. “Qwest CEO Joe Nacchio got put through 15 years of hell by NSA & fed lawyers because he refused to go along with Bush’s pre-9/11 total surveillance program that they would later use 9/11 as the excuse for. Last week’s ruling that Section 215 collection was illegal effectively exonerates him.”

Johansen’s LinkedIn post has likewise mysteriously vanished.

Hundal walked us through the timeline:

This is seriously weird Lorraine.

1. Went to my LinkedIn to find Raymond’s NSA pastebin post. 2. Found it and got a screenshot of it 3. Clicked on it to try to get a link for Raymond 4. The click took me to Raymond’s profile 5. Went back to my page to find the post again 6. Post is now gone.

Back on Facebook, Johansen added, “The lulz is so strong in all of this. I sent someone to get a copy of my Linkedin share too. It was deleted right in front of that persons eyes too. But AFTER screen shotting though. :D / Let’s see if they are moving on to scrubbing Twitter too. smh at the amount of moronium they are drinking over at the NSA. lulz D-lux. Im just lulzing along. And silently nodding at their potency, efficiency, and reach.”

But speaking of reach, the drama on social media has already doubled the views of the original paste. In the past four hours, it’s gained another 300 views. Can somebody tell the NSA about the Streisand Effect, please?

Dear Brothers of the Leaf @_Anonymous_swe_ and friends I thank you for the PSML NSA lulz jesterday. I feelz a bro-mance onset.- greetz anon* — Raymond Johansen (@RayJoha2) May 15, 2015

UPDATE: Facebook is now blocking posting the link to Pastebin.

Categories: Activism, Anonymous, Breaking, Censorship, Cyber, Encryption, Facebook, Hackers, Hacktivism, News, NSA, Security, Social Media, SSH/Brute Force, Surveillance