If you spend enough time perusing the Internet for helpful information on how to build a botnet or hack an online game, you’ll inevitably end up on a discussion board site filled with posts from various hackers eager to share that knowledge and build up their street cred. But even if you use Tor to explore the “dark Web” for such boards, you’ll never reach the 1337est board of them all—the discussion board hosted on the National Security Agency’s NSAnet.
The latest data dump from the archive of NSA webpages leaked by Edward Snowden contains a sampling of posts from the NSA’s internal hacker board by one author in particular—an NSA employee that The Intercept’s Ryan Gallagher and Peter Mass claim is the person who wrote presentations on attacking the Tor network. In one of his posts, the author outlines approaches to gaining access to networks used by individuals targeted for surveillance.
That post, entitled, “I hunt sysadmins,” provides a primer for NSA cyber-warriors to identify and target system administrators of networks to exploit their access privileges for the purposes of surveilling or attacking a target that is connected to them. The two-part post and others published by The Intercept show the extent of the NSA’s ability to target and exploit networks worldwide using the automated hacking tools at the agency’s disposal. But the new data also shows how similar the approaches of the NSA’s cyber-operators are to those used by “black hat” hackers and criminal hacking rings, and it offers some hints about the NSA’s internal “hacker” culture.