Skip to main content

Black Listed News
Trending Articles:
Trending Articles:

Identities of NSA Developers Exposed on GitHub

Published: July 18, 2017
Share | Print This


Source: sander.tech

 

The National Security Agency has recently published some open-source projects on GitHub. A Cyber Security branch of the Dutch government has done the same in the past, however this backfired a little when it was discovered that personal data had slipped in to a public repository on GitHub.

Something similar has happened now. Although no personal data was committed (that I know of), the authors and NSA employees of some of these repositories did not commit anonymously. In fact, some developers used personal GitHub accounts.

The organization account of the NSA on GitHub.com

On the 19th of June the NSA released, amongst 28 other projects, a QGIS pluginTimely, a WebSocket Apache pluginand a system automation tool. These repositories contain commits from actual GitHub accounts with (seemingly) real names.

This got me thinking. Were these contributors and members of the NSA’s GitHub organisation actual employees of the NSA, or were they simply aliases? I took a better look at some of their GitHub profiles, uploaded images (EXIF data) and code commits. I discovered quite a lot of personal information within less than an hour.

An artist’s impression of the publicly available data an individual could collect (No real PII is used in this image).

Using only online and publicly available resources, I was able to obtain home addressestelephone numbers, email addresses, LinkedIn accounts, full-face pictures and much more of some of these NSA developers. This concerned me, this information could put the safety of these developers at risk, as the NSA isn’t that popular these days.

I sent an email through the NSA’s online contact form (as there is no other form of contacting the NSA that I know of). I haven’t received any form of a reply to this date. This concerned me even more. Why can’t an outsider get in contact with the NSA, when the subject is the safety of their own employees?

Note that I intentionally did not post any personally identifiable information (PII) in this publication. My concern is the privacy and security of the NSA employees. Disclosing the information I found would perhaps help to make my point, but that would unnecessarily expose these employees. People that would really want this information, should be able to find it themselves using the same tools and resources I used.

Hopefully the NSA will take action and anonymize the git contributors of its repositories when this story gets the attention of the public.

Jun 19 — Discovery
Jun 20 — Contacted NSA using webform
Jul 14 —Contacted NSA Inspector General using webform
Jul 17 — Published disclosure

Share This Article...



Image result for patreon

Emigrate While You Still Can!

Loading...


Image result for patreon


PLEASE DISABLE AD BLOCKER TO VIEW DISQUS COMMENTS

Ad Blocking software disables some of the functionality of our website, including our comments section for some browsers.





Login with patreon to gain access to perks!

SIGN UP TO GET BLACKLISTED NEWS DELIVERED RIGHT TO YOUR INBOX

Enter your email address:




More Blacklisted News...

Blacklisted Radio
Blacklisted Nation
On Patreon
On Gab
On Twitter
On Reddit
On Facebook
Blacklisted Radio:
Republic Broadcasting
Podcasts on Youtube
Podcasts on Demand
On Iheart Radio
On Spreaker
On Stitcher
On iTunes
On Tunein

Our IP Address:
198.245.55.242

Sponsors:
Garden office

good
longboard
brands


Advertise Here...






BlackListed News 2006-2019
Privacy Policy
D.M.C.A. - Fair Use