The following bulletin was posted on the document sharing website Scribd by Politico Cybersecurity Editor Shaun Waterman. The bulletin refers to Korean malware used by “unknown computer network exploitation (CNE) operators” that is believed to have been used in the recent attack on Sony Pictures Entertainment. These actions ressemble to the “GoMoPa” cyber-attacks. The bulletin was first reported by Reuters on December 1, 2014.
FBI Liaison Alert System #A-000044-mw
- 5 pages
- TLP: GREEN
- December 1, 2014
The FBI is providing the following information with HIGH confidence:
Destructive malware used by unknown computer network exploitation (CNE) operators has been identified. This malware has the capability to overwrite a victim host’s master boot record (MBR) and all data files. The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods. Analysis of this malware is presented to provide the computer network defense (CND) community with indicators of this malware.
The FBI is providing the following information with HIGH confidence:
This group uses some custom tools that should be immediately flagged if detected, reported to FBI CYWATCH, and given highest priority for enhanced mitigation.
The aforementioned actors have used identified domains names and IP addresses as both source and/or destination IPs. The FBI is distributing the indicators associated with this attack to enable network defense activities and reduce the risk of similar attacks in the future. The FBI has high confidence that these indicators are being used by CNE operators for further network exploitation. The FBI recommends that your organization help victims identify and remove the malicious code.
Below are descriptions of malware and associated malware signatures:
The malware has the following characteristics:
Size: 268579 bytes (262.3 KB)
PE Compile Time: 2014-11-22 00:06:54
Language pack of resource section: Korean
The original filename of this file is unknown, but it was likely “diskpartmg16.exe”. This file serves as a dropper. It drops destructive malware, “igfxtrayex.exe”. When the dropper file was executed, it started a second instance of itself with “-i” as an argument, then terminated.
The second instance of the dropper file installed itself as the “WinsSchMgmt” service with “-k” as a command line argument, started the service, then terminated.
The “WinsSchMgmt” service executed the file with “-k” as an argument, which started another instance of the file using “-s” as an argument.
The “-s” instance dropped and executed “igfxtrayex.exe”, created “net_ver.dat”, and began generating network traffic over TCP ports 445 and 139 to victim IP addresses.
The following files were added:
C:\Documents and Settings\User\Desktop\igfxtrayex.exe
The following strings of interest were in this dropper file:
– – – BEGIN STRINGS – – –
cmd.exe /q /c net share shared$ /delete
cmd.exe /q /c net share shared$=%SystemRoot%
cmd.exe /q /c net share shared$=%SystemRoot% /GRANT:everyone, FULL
cmd.exe /c wmic.exe /node: ”%s” /password: “%s” PROCESS CALL CREATE “%s” >
Windows Schedule Management Service
– – -END STRINGS – – –
Size: 4572 bytes (4.5 KB)
This is a configuration file containing what appear to be hostnames, IP addresses, and the number 2. Entries in the file have the structure “HOSTNAME | IP Address | 2”. The victim IP addresses in this file correspond with the victim IP addresses listed under the file with MD5 hash D1C27EE7CE18675974EDF42D4EEA25C6 (noted above).
Size: 249856 bytes (244.0 KB)
PE Compile Time: 2014-11-24 04:11:08
Language pack of resource section: Korean
This file is destructive malware: a disk wiper with network beacon capabilities. If “igfxtrayex.exe” is run with no parameters, it creates and starts a copy of itself with the “–i” argument. After 10 minutes, the “igfxtrayex.exe” makes three copies of itself and places them in the same directory it was executed from. These copies are named according to the format “taskhostXX.exe” (where X is a randomly generated ASCII character). These copies are then executed, each with a different argument (one being “-m”, one being “-d” and the other “-w”). Network connection attempts are made to one of three hard-coded IP addresses in a random order to either port 8080 or 8000. If a connection to the IP address cannot be made, it attempts to connect to another of the three IP addresses, until connections to all three IP addresses have been attempted. The following command-line string is then executed: “cmd.exe /c net stop MSExchangeIS /y”. A 120 minute (2 hour) sleep command is issued after which the computer is shutdown and rebooted.
Size: 114688 bytes (112.0 KB)
PE Compile Time: 2014-11-13 02:05:35
Language pack of resource section: Korean
This file when executed starts a listener on localhost port 80. It has 3 files contained in the resource section, all xor’d with 0x63.
Size: 24280 bytes (23.7 KB)
PE Compile Time: 2009-08-21 06:05:32
This SYS file is a commercially available tool that allows read/write access to files and raw disk sectors for user mode applications in Windows 2000, XP, 2003, Vista, 2008 (32-bit). It is dropped from resource ID 0x81 of “igfxtrayex.exe”.
Size: 28120 bytes (27.5 KB)
PE Compile Time: 2009-08-21 06:05:35
This SYS file is a also a commercially available tool that allows read/write access to files and raw disk sectors for user mode applications in Windows 2000, XP, 2003, Vista, 2008 (64-bit). It is dropped from resource ID 0x83 of “igfxtrayex.exe”.
RECOMMENDED STEPS FOR INITIAL MITIGATION
The following Snort signature can be used to detect the beacon traffic, though by the time the beacons occur, the destructive process of wiping the files has begun:
Alert tcp any any – > [220.127.116.11, 18.104.22.168, 22.214.171.124] [8080, 8000] (msg: “wiper_callout”; dsize:42; content: “|ff ff ff ff|”; offset: 26; depth: 4; sid: 314;)
The following YARA signatures will detect this malware on the host:
meta: unique string in wiper malware
$STR1 = “#99E2428CCA4309C68AAF8C616EF3306582A64513E55C786A864BC83DAFE0C78585B692047273B0E55275102C66” fullword nocase
$MZ = “MZ”
$MZ at 0 and $STR1
meta: unique IPs in wiper malware
$IP1 = “126.96.36.199” fullword nocase
$IP2 = “188.8.131.52” fullword nocase
$IP3 = “184.108.40.206” fullword nocase
$MZ = “MZ”
$MZ at 0 and all of them
meta: unique custom error debug strings discovered in the wiper malware
$ERR1 = “$MFT Record read failed.” fullword nocase
$ERR2 = “Drive Boot Sector read failed.” fullword nocase
$ERR3 = “SetFilePointer failed.” fullword nocase
$MZ = “MZ”
$MZ at 0 and all of them
The FBI encourages recipients who identify the use of tool(s) or techniques discussed in this document to report information to their local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch). Field office contacts can be identified at http://www.fbi.gov/contact-us/field. CyWatch can be contacted by phone at 855-292-3937 or by e-mail at CyWatch@ic.fbi.gov. When available, each report submitted should include the date, time, location, type of activity, number of people, and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.
|IPN BU 644/992||COCHOŃ KAZIMIERZ|
|IPN BU 01013/318||COCHOWSKA MARIA|
|IPN BU 00283/446||COHOMIRSKI ANDRZEJ|
|IPN 00 1043/1668||COLIN ELŻBIETA|
|IPN BU 002086/814||COLLINS-WICHNIEWICZ ELŻBIETA|
|IPN 00 1043/1841||COŁOSZYŃSKI SŁAWOMIR|
|IPN BU 001102/1737||COMBRZYŃSKI WALDEMAR|
|IPN BU 00244/120||COMPA KAZIMIERZ|
|IPN BU 0891/407||COMRZYŃSKI CZESŁAW|
|IPN 00 1052/1209||COPIJA KRZYSZTOF|
|IPN BU 644/96||CORA MARIAN|
|IPN BU 00191/715||CORBERT ERNST REINHARD|
|IPN BU 00751/170||CORNIK MARIAN|
|IPN BU 001102/1667||CORNIK MARIAN|
|IPN BU 00191/239||COSNA ANDRZEJ|
|IPN BU 00283/417||COTA STANISŁAW|
|IPN BU 00612/605||COTA STANISŁAW|
|IPN 00 1043/2520||COVIC DYLĄG JACHNIK HANNA|
|IPN BU 0193/5302||COZEL STANISŁAW|
|IPN BU 00200/579||CSATO JUSTYNA ANNA|
|IPN 00 1052/1896||CSATO JUSTYNA ANNA|
|IPN BU 00277/1102||CSERNAK MAGDALENA|
|IPN BU 001121/3279||CSERNAK MAGDALENA|
|IPN BU 0854/933||CUBALA JÓZEF|
|IPN BU 0772/2428||CUBAŁA SABINA|
|IPN BU 0901/1407||CUBER DARIUSZ|
|IPN BU 0901/562||CUBER MURAWSKA MARIA ELŻBIETA|
|IPN BU 00277/469||CUBER ROMAN|
|IPN BU 001121/2684||CUBER ROMAN TADEUSZ|
|IPN BU 698/499||CUBER WACŁAWA|
|IPN BU 636/1787||CUBER WANDA|
|IPN BU 636/1787||CUBER WANDA|
|IPN BU 00415/400||CUBERA DARIUSZ|
|IPN BU 0958/992||CUBRZYŃSKI ANTONI|
|IPN BU 0988/842||CUBRZYŃSKI ANTONI|
|IPN BU 0242/834||CUCH DANUTA|
|IPN BU 0193/8432||CUCH IRENEUSZ|
|IPN BU 0988/1278||CUCH KAZIMIERZ|
|IPN BU 0242/858||CUCH WALDEMAR|
|IPN BU 0242/3269||CUCH ZENON|
|IPN BU 0912/1923||CUCHEWICZ WŁADYSŁAW|
|IPN BU 01256/32||CUDAK LECH|
|IPN BU 001040/272||CUDAK MAREK|
|IPN BU 00611/1444||CUDAK TADEUSZ|
|IPN BU 001198/2631||CUDAK TADEUSZ|
|IPN BU 0902/128||CUDNA (PISKORSKA) URSZULA|
|IPN BU 698/500||CUDNA APOLANIA|
|IPN BU 01000/859||CUDNA DANUTA|
|IPN BU 0772/73||CUDNA JADWIGA|
|IPN BU 0806/3008||CUDNA MARIA|
|IPN BU 645/133||CUDNA URSZULA|
|IPN BU 0951/286||CUDNIK CHMIELAK JANINA|
|IPN BU 0951/228||CUDNIK BRONISŁAW|
|IPN BU PF||125/17 CUDNIK KAZIMIERZ|
|IPN BU PF||2/81 CUDNIK ZOFIA|
|IPN BU 00249/423||CUDNY KAZIMIERZ|
|IPN BU 001121/1049||CUDNY KAZIMIERZ|
|IPN BU 01000/2137||CUDNY LUCJAN|
|IPN BU 0193/7988||CUDNY MARIAN|
|IPN BU 0902/122||CUDNY STANISŁAW|
|IPN BU 644/1013||CUDNY STANISŁAW|
|IPN BU 00200/1234||CUDNY STANISŁAW|
|IPN BU 001102/836||CUDNY STANISŁAW|
|IPN BU 0193/6353||CUDNY SZCZEPAN|
|IPN BU 0607/7||CUDNY ZBIGNIEW|
|IPN BU 01013/310||CUDYN KAZIMIERZ|
|IPN BU 00334/165||CUDZEWICZ MARIANNA|
|IPN BU 001134/2893||CUDZEWICZ MARIANNA JOANNA|
|IPN BU 001198/92||CUDZIK HENRYK|
|IPN BU 00612/2572||CUDZIK JÓZEF|
|IPN BU 0772/963||CUDZIŁO KAROLINA|
|IPN BU 00277/659||CUDZIŃSKI KAROL|
|IPN 00 1052/460||CUGLEWSKA-MUSZAK IWONA|
|IPN BU 0193/5461||CUGLEWSKI ZDZISŁAW|
|IPN BU 0772/964||CUKERMAN MORDACH (MORDUCH)|
|IPN BU 00750/131||CUKIER DAWID|
|IPN BU 001164/398||Cukier Dawid|
|IPN BU 01434/153||CUKIERKANDEL PIOTR|
|IPN BU 0993/1519||CUKIERMAN TEOFILA|
|IPN BU 644/1014||CUKIERSKI CZESLAW|
|IPN BU 00464/126/46||CUKIERSKI K.|
|IPN BU 0314/9||CUKIERSKI KAZIMIERZ|
|IPN BU 00945/2737||CUKIERSKI KAZIMIERZ|
|IPN BU 01013/4||CUKIERSKI WIKTOR|
|IPN BU 00612/1196||CUKIERZ HAINA|
|IPN BU 01000/2236||CUKROWSKI ALFRED|
|IPN BU 00612/2718||CUKROWSKI ANDRZEJ|
|IPN BU 0604/1296||CUKROWSKI BOGUSŁAW|
|IPN BU 0193/6945||CUKROWSKI CZESŁAW|
|IPN BU 00232/226||CUMIELEWSKI BOLESŁAW|
|IPN BU 01434/238||CUNG-SOBIESKI JERZY|
|IPN BU 644/1015||CUPAŁ WŁADYSŁAW|
|IPN BU 0772/2429||CUPCZYŃSKI HENRYK|
|IPN BU 0290/107||CUPER BALBINA|
|IPN BU 00612/2926||CUPER GRZEGORZ|
|IPN BU 0988/1099||CUPER RAJMUND|
|IPN BU 644/1016||CUPIAK KAZIMIERZ|
|IPN BU 0901/2463||CUPIAŁ JAN|
|IPN BU 0902/129||CUPIAŁ JAN|
|IPN BU 01000/1188||CUPIAŁ JAN|
|IPN BU 0218/2003||CUPIAŁ KAZIMIERZ|
|IPN BU 001121/182||CUPIAŁ ZBIGNIEW|
|IPN BU 0218/2914||CUPIAŁ ZDZISŁAW|
|IPN BU 0901/822||CUPISZ (KACZMARCZYK) MARIA JOLANTA|
|IPN BU PF||71/36 CUPRIAK ARKADIUSZ|
|IPN BU 0855/2321||CUPRYJAK (CUPRJAK) ZYGMUNT|
|IPN BU 0193/1592||CUPRYJAK HALINA HENRYKA|
|IPN BU 0958/546||CUPRYJAK HELENA|
|IPN BU 0872/214||CUPRYJAK JAN|
|IPN BU 0218/3515||CUPRYJAK JERZY BOGUSŁAW|
|IPN BU 0901/963||CUPRYJAK KAZIMIERA ŁASKA|
|IPN BU 00275/381||CUPRYN ELŻBIETA|
|IPN BU 001134/231||CUPRYN ELŻBIETA JANINA|
|IPN BU 00275/433||CUPRY TOMASZ|
|IPN BU 001134/336||CUPRY TOMASZ MIKOŁAJ|
|IPN BU 00557/XII/14||CUR ELŻBIETA|
|IPN 00 1043/407||CURLANIS BOHDAN RYSZARD BOGDAN|
|IPN BU 0866/97||CURLEJ ANTONI|
|IPN BU 0958/547||CURUŁ STANISŁAWA|
|IPN BU 00612/204||CURYŁŁO LIDIA|
|IPN BU 0772/965||CURYŁO BRONISŁAWA|
|IPN BU 00328/1195||CURYŁO EDWARD|
|IPN BU 001134/2083||CURYŁO EDWARD|
|IPN BU 709/877||CURYŁO HENRYK|
|IPN 00 1043/1740||CURYŁO HENRYK|
|IPN BU 0772/2430||CURYŁO JANINA|
|IPN BU 0218/155||CURYŁO MARIANNA|
|IPN BU 00612/1279||CURYŁO SŁAWOMIR|
|IPN BU 001198/4566||CURYŁO SŁAWOMIR|
Als Christian Thanner war der Schauspieler Eberhard Feik einer der beliebtesten „Tatort“-Ermittler überhaupt. Jahrelang arbeitete an der Seite von Kommissar Schimanski, gespielt von Götz George. Nun wurde bekannt, dass er über Jahre bei der Stasi als Inoffizieller Mitarbeiter geführt wurde.
Über zehn Jahre hinweg stand Eberhard Feik als Christian Thanner im Ruhrpott-„Tatort“ dem legendären Kommissar Horst Schimanski zur Seite. Die von Götz George gespielte Figur Schimanski wurde sogar für das Kino verfilmt und erhielt 1997 eine eigene gleichnamige Krimireihe.
Die eigene Krimi-Serie erlebte Eberhard Feik nicht mehr. Er starb im Jahr 1994 im Alter von 50 Jahren an einem Herzinfarkt. Nun wurde bekannt, dass er während seiner Zeit als TV-Kommissar als Inoffizieller Mitarbeiter (IM) der Staatsicherheit der DDR geführt wurde.
Decknamen „Lear“ und „Queen“
Von 1977 bis 1984 waren Feik und seine Frau in der Auslandsabteilung der Stasi registriert. Ihre Decknamen: „Lear“ und „Queen“. Feiks Witwe gab Kontakte zur Staatssicherheit gegenüber dem „Zeit Magazin“ zu, erklärte jedoch, dass beide nie aktiv für den Geheimdienst gearbeitet hätten.
Laut „Zeit Magazin“ können tatsächlich keine konkreten Aktivitäten der beiden aus den Unterlagen herausgelesen werden, beispielsweise also das Weitergeben von Spitzel-Informationen. Der schiere Umfang der Akte zeigt jedoch, dass durchaus intensiver Kontakt zwischen Stasi und dem Ehepaar bestanden haben muss.
Offenbar keine Spitzel-Aktionen
Beide waren offenbar Ende der Siebziger Jahre in West-Berlin in Berührung mit der Stasi gekommen. Laut Unterlagen aus der Stasi-Unterlagenbehörde in Berlin sollte Eberhard Feik zur Weitergabe von Informationen zwischen IMs dienen, die Ehefrau sollte als “IM mit besonderen Aufgaben” beispielsweise über Medien in der Bundesrepublik gezielt Informationen verbreiten.
|8 December 2014
4 December 2014. Add 63 pages to The Intercept. Tally now *2,627 pages of The Guardian first reported 58,000 files; caveat: Janine Gibson, The Guardian NY, said on 30 January 2014 “much more than 58,000 files in first part, two more parts” (no numbers) (tally now less than ~4.3%). DoD claims 1,700,000 files (~.015% of that released). ACLU lists 525 pages released by the press. However, if as The Washington Post reported, a minimum of 250,000 pages are in the Snowden files, then less than 1% have been released. Note Greenwald claim on 13 September 2014 of having “hundreds of thousands” of documents.
25 November 2014. Add 72 pages to Süddeutsche Zeitung.
17 November 2014, charts by Cryptome:
6 November 2014. At current rate of release it will take 31 to 908 years for full disclosure.
10 October 2014. Add 69 pages to The Intercept.
17 September 2014. Add 2 pages to The Intercept.
14 September 2014. Add 68 pages to Der Spiegel.
13 September 2014. In video Glenn Greenwald claims to have “hundreds of thousands” of documents (at 9:06 min)
Audio excerpt: http://youtu.be/xnfIp38AAhM
5 September 2014. Add 32 pages to The Intercept. Tally now *2,293 pages of The Guardian first reported 58,000 files; caveat: Janine Gibson, The Guardian NY, said on 30 January 2014 “much more than 58,000 files in first part, two more parts” (no numbers) (tally now less than ~3.5%). DoD claims 1,700,000 files (~.012% of that released). ACLU lists 525 pages released by the press. However, if as The Washington Post reported, a minimum of 250,000 pages are in the Snowden files, then less than 1% have been released.
31 August 2014. Add 34 pages to Der Spiegel.
25 August 2014. Add 55 pages to The Intercept.
16 August 2014. Add 26 pages to Heise.
12 August 2014. Add 6 pages to The Intercept.
5 August 2014. Add 12 pages to The Intercept.
4 August 2014. Add 23 pages to The Intercept.
25 July 2014. Add 4 pages to The Intercept.
14 July 2014. Add 8 pages to The Intercept.
14 July 2014. “I’m as mad as hell and I’m not going to take this anymore!”
Cryptome has sent a demand for accounting and public release specifics to holders of the Snowden documents: New York Times, Washington Post, The Guardian, Barton Gellman, Laura Poitrias, Glenn Greenwald, ACLU, EFF and John and Jane Does, US Citizens:
11 July 2014. See related essay, Open the Snowden Files, Krystian Woznicki, 11July 2014:
If a minimum of 250,000 pages are in the Snowden files, then less than 1% have been released.
9 July 2014. Add 8 pages to The Intercept.
9 July 2014. Add 1 page to Washington Post.
23 June 2014. Add 9 pages to Der Spiegel.
22 June 2014. Add 41 pages to Information-The Intercept.
Revised. This is included in entry above. 18 June 2014. Add 20 pages to The Intercept.
18 June 2014. Add 200 pages to Der Spiegel.
16 June 2014. Add 4 pages to Der Spiegel.
1 June 2014. Add 4 pages to New York Times.
23 May 2014. Cryptome placed online No Place to Hide, 310 pages, to compensate for failure to release Snowden documents:
19 May 2014. The Intercept released 12 pages.
13 May 2014. Glenn Greenwald released 107 pages, some new, some previously published, some full pages, some page fragments.
5 May 2014. Related tally of redactions of Snowden releases:
30 April 2014. Add 19 pages to The Intercept.
30 April 2014. Add 2 pages to Dagbladet belatedly.
5 April 2014. Add 21 pages to The Intercept.
4 April 2014. ACLU offers NSA documents search: https://www.aclu.org/nsa-documents-search
If more lists please send: cryptome[at]earthlink.net
2 April 2014.
29 March 2014. Add 1 page to Der Spiegel.
22 March 2014. Add 3 pages to Der Spiegel.
22 March 2014. Add 2 pages to New York Times.
21 March 2014. Add 7 pages to Le Monde.
20 March 2014. Add 6 pages to The Intercept.
18 March 2014. Add 4 pages to Washington Post.
13 March 2014. Add 1 page to The Intercept.
12 March 2014. Add 35 pages to The Intercept.
12 March 2014. Add 62 pages to New York Times. Add 2 pages to NRC Handelsblad.
7 March 2014. Add 8 pages to The Intercept.
27 February 2014. Add 3 pages to Guardian.
25 February 2014. Add 11 pages to NBC News.
24 February 2014. Add 4 pages to The Intercept.
24 February 2014. Add *50 pages to The Intercept (7 pages are duplicates of GCHQ Psychology).
18 February 2014. Add *45 pages to The Intercept (37 pages are duplicates of release by NBC News).
Note: Between 10-17 February 2014, The Intercept disclosed fragments of Snowden pages and the New York Times referenced some but as far as known did not release them in full. If available please send link.
10 February 2014. Add 1 page to NRC Handelsblad (via Electrospaces.blogspot.com).
7 February 2014. Add 15 pages NBC News.
5 February 2014. Add 14 pages NBC News.
31 January 2014. Add 27 pages to CBC News.
27 January 2014. Add 47 pages to NBC News.
27 January 2014. Add 18 pages to Anonymous via New York Times.
16 January 2014. Add 8 pages to The Guardian.
* 14 January 2014. Add 21 pages to Information.dk (duplicate).
* 13 January 2014. Add 4 pages to Information.dk (duplicate).
Related Snowden Document and Page Count Assessment:
* 5 January 2014. Add 16 pages to Der Spiegel (30 December 2013. No source given for NSA docs). Tally now *962 pages (~1.7%) of reported 58,000. NSA head claims 200,000 (~.50% of that released).
4 January 2014. The source was not identified for *133 pages published by Der Spiegel and Jacob Appelbaum in late December 2013. They are included here but have not been confirmed as provided by Edward Snowden. Thanks to post by Techdirt.
Glenn Greenwald tweeted:
Matt Blaze tweeted, 11:24 AM – 2 Jan 14
3 January 2014. Add 13 pages to Washington Post.
3 January 2014. See also EFF, ACLU and LeakSource accounts:
2 January 2014. Add 1 page to Washington Post published 10 July 2013.
* 31 December 2013. Add 16 pages to Der Spiegel.
* 30 December 2013. Add 50 pages of NSA ANT Catalog by Jacob Appelbaum (no source given for NSA docs).
* 30 December 2013. Add 21 pages from 30C3 video by Jacob Appelbaum (no source given for NSA docs).
* 30 December 2013. Add 42 pages (8 duplicates) to Der Spiegel (no source given for NSA docs).
* 29 December 2013. Add 4 pages to Der Spiegel (no source given for NSA docs).
24 December 2013. Add 2 pages to Washington Post.
23 December 2013
We’ve yet to see the full impact of former National Security Agency contractor Edward Snowden’s unauthorized downloading of highly classified intelligence documents.
Among the roughly 1.7 million documents he walked away with — the vast majority of which have not been made public — are highly sensitive, specific intelligence reports, as well as current and historic requirements the White House has given the agency to guide its collection activities, according to a senior government official with knowledge of the situation.
The latter category involves about 2,000 unique taskings that can run to 20 pages each and give reasons for selective targeting to NSA collectors and analysts. These orders alone may run 31,500 pages.
13 December 2013. Add 26 pages to Trojkan (SVT). Tally now 797 pages (~1.4%) of reported 58,000. NSA head claims 200,000 (~.40% of that released). Australia press reports “up to 20,000 Aussie files.”
Rate of release over 6 months, 132.8 pages per month, equals 436 months to release 58,000, or 36.3 years. Thus the period of release has decreased in the past month from 42 years.
12 December 2013. Belatedly add 27 pages to Guardian and 18 pages to Washington Post.
21 November 2013. See also EFF and ACLU accounts:
3 November 2013
47 42 Years to Release Snowden Documents
Out of reported 50,000 pages (or files, not clear which), about 446 514 pages (>1% 1%) have been released over 5 months beginning June 5, 2012. At this rate, 89 100 pages per month, it will take 47 42 years for full release. Snowden will be 77 72 years old, his reporters hoarding secrets all dead.
NY Times, 3 November 2013:
Whatever reforms may come, Bobby R. Inman, who weathered his own turbulent period as N.S.A. director from 1977 to 1981, offers his hyper-secret former agency a radical suggestion for right now. “My advice would be to take everything you think Snowden has and get it out yourself,” he said. “It would certainly be a shock to the agency. But bad news doesn’t get better with age. The sooner they get it out and put it behind them, the faster they can begin to rebuild.”
Timeline of releases:
[See tabulation below for full timeline.]
5 October 2013
26 Years to Release Snowden Docs by The Guardian
Out of reported 15,000 pages, The Guardian has published 192 pages in fourteen releases over four months, an average of 48 pages per month, or 1.28% of the total. At this rate it will take 26 years for full release.
Edward Snowden will be 56 years old.
The following report was released December 9, 2014 by the Senate Select Committee on Intelligence. A collection of additional views as well as minority views and additional minority views (13.8 MB) from the committee are also available.
Senate Select Committee on Intelligence Committee Study of the Central Intelligence Agency’s Detention and Interrogation Program
- 525 pages
- April 3, 2014
- 62.7 MB