The U.S. National Security Agency and its intelligence partners are reportedly sifting through data stolen by state-sponsored and freelance hackers on a regular basis in search of valuable information.
Despite constantly warning about the threat of hackers and pushing for their prosecution, the intelligence agencies of the U.S., Canada and the U.K. are happy to ride their coattails when it serves their interests, news website The Intercept reported Wednesday.
“Hackers are stealing the emails of some of our targets... by collecting the hackers’ ‘take’ we 1) get access to the emails ourselves and 2) get insights into who’s being hacked,” a page from an internal wiki used by the agencies reads. The page, last modified in 2012, was among the files leaked by former NSA contractor Edward Snowden to journalists and was published by The Intercept.
One such cache of stolen data is known internally to the Five Eyes alliance—the intelligence agencies of the U.S., Canada, the U.K., Australia and New Zealand—under the code name INTOLERANT.
“INTOLERANT traffic is very organized,” the leaked wiki page reads. “Each event is labeled to identify and categorize victims. Cyber attacks commonly apply descriptors to each victim—it helps herd victims and track which attacks succeed and which fail.”
The victims whose data was pilfered by hackers and is part of INTOLERANT includes: Indian diplomatic missions and navy; Central Asian diplomatic missions; Chinese human rights defenders; Tibetan pro-democracy personalities; Uighur activists; the Tibetan government in exile, the European Union Special Representative for Afghanistan and Indian photo-journalists.
Some of these victims coincide with those targeted in state-sponsored malware attacks previously reported by security firms and believed to be of Chinese origin.
Analysis of the INTOLERANT data points toward a likely state sponsor based on the level of the hackers’ sophistication and victim set, the leaked wiki page says.
In addition to gathering information from data stolen by black-hat hackers, the Five Eyes agencies also monitor security researchers on Twitter and blogs as part of what’s known as open-source intelligence or OSINT collection.
A program codenamed LOVELY HORSE that was created by the U.K.’s Government Communications Headquarters monitors a long list of Twitter feeds, including those of high-profile security researchers Tavis Ormandy, Alexander Sotirov, Dave Aitel, Dino Dai Zovi, Halvar Flake, HD Moore, Kevin Mitnick, Mikko Hyppönen, Mark Dowd and the Grugq.
Evidence of the NSA and its partners hijacking botnets and the cyberespionage efforts of foreign intelligence agencies was also revealed in a report by German news magazine Der Spiegel in January that was also based on documents leaked by Snowden.