Category Archives: Cyber War

U.S. Govt Cyber Attacks in 2015 Spike

Posted on by

In his annual budget request, President Barack Obama asked for $19bn for cyber security funding, $5bn more than last year.

Last year, a study from Juniper Research, ‘The Future of Cybercrime & Security: Financial and Corporate Threats and Mitigation’, estimated that by 2019 the cost of data breaches will reach $2.1 trillion – four times the total expected for 2015. The average cost of a data breach is expected to exceed $150 million by 2020 as more business infrastructure is connected.

Number of U.S. government ‘cyber incidents’ jumps in 2015

Reuters: The U.S. government was hit by more than 77,000 “cyber incidents” like data thefts or other security breaches in fiscal year 2015, a 10 percent increase over the previous year, according to a White House audit.

Part of the uptick stems from federal agencies improving their ability to identify and detect incidents, the annual performance review from the Office and Management and Budget said.

The report, released on Friday, defines cyber incidents broadly as “a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices.” Only a small number of the incidents would be considered as significant data breaches.

National security and intelligence officials have long warned that cyber attacks are among the most serious threats facing the United States. President Barack Obama asked Congress last month for $19 billion for cyber security funding across the government in his annual budget request, an increase of $5 billion over the previous year.

The government’s Office of Personnel Management was victim of a massive hack that began in 2014 and was detected last year. Some 22 million current and former federal employees and contractors in addition to family members had their Social Security numbers, birthdays, addresses and other personal data pilfered in the breach.

That event prompted the government to launch a 30-day “cyber security sprint” to boost cyber security within each federal agency by encouraging adoption of multiple-factor authentication and addressing other vulnerabilities.

“Despite unprecedented improvements in securing federal information resources … malicious actors continue to gain unauthorized access to, and compromise, federal networks, information systems, and data,” the report said.

***** Depth of hacking illustration:

U.S. Charges 3 As It Chases Syrian Electronic Army — $100,000 Bounties On Hackers’ Heads

Firas Dardar Syrian Electronic Army FBI Most Wanted

Firas Dardar, now on the FBI’s Cyber Most Wanted list for his part in the Syrian Electronic Army. He is also accused of extorting targets.

Forbes: Syrian Electronic Army has caused all sorts of trouble since its emergence at the turn of this decade (including an attack on FORBES, amongst many other major publications). Having largely operated under the radar, the U.S. today filed official charges against three individuals it believes were key in perpetrating SEA’s attacks. Two of the three men – Ahmad Umar Agha (commonly known as Th3 Pr0) and Firas Dardar (also known as The Shadow) – have also been placed on the FBI’s Cyber Most Wanted list with $100,000 rewards on offer for anyone who helps catch them. The third suspect is German-based Peter Romar.

The three have been charged with a range of offences, from hacking, to engaging in a hoax regarding a terrorist attack, to attempting to cause a mutiny within the U.S. armed forces. Throughout the last five years, the SEA were proficient in tricking organization – often media bodies such as the BBC, the Guardian, CNN and FORBES – into handing over login details to Facebook FB +0.38% and Twitter TWTR -0.18% accounts. They would then use that access to send out messages in support of Bashar al-Assad, who remains the Syrian president, despite the chaos of civil war that has engulfed the country.

Its most effective attack came after a compromise of the Associated Press Twitter account. After a tweet that claimed a bomb had exploded at the White House and injured President Obama, $90 billion was wiped off the U.S. stock market. In other successful campaign, the hackers defaced a recruiting website for the U.S. Marine Corps, using the site to urge marines to “refuse [their] orders.”

Ahmed Al charged Syrian Electronic Army hacker

Accused Syrian Electronic Army hacker Ahmad Umar Agha.

According to one of two complaints released today, other victims included Harvard University, the Washington Post, the White House, Reuters, Human Rights Watch, NPR, CNN, The Onion, NBC Universal, USA Today, the New York Post, NASA (which assisted on the investigation), and Microsoft. FORBES was not named as one of the victims of the trio’s attacks.

All three alleged SEA operatives were using Google Gmail and Facebook to coordinate and pass around stolen data. U.S. law enforcement were able to track their activity after acquiring court orders to search their online accounts.

Nation state hackers demanding ransom

According to the Department of Justice, Dardar and Romar (also known as Pierre Romar) have also been accused of typical cybercrime, hacking into target’s machines and demanding a ransom be paid, threatening to delete data or sell personal information. Dardar was thought to be operating out of Homs, Syria, Romar from Waltershausen, Germany. The ransoms would then be handed to SEA members in Syria, a complaint read. Dardar demanded in total more than $500,000 from 14 victims, though the filings did not specify how much they actually received.

“While some of the activity sought to harm the economic and national security of the United States in the name of Syria, these detailed allegations reveal that the members also used extortion to try to line their own pockets at the expense of law-abiding people all over the world,” said Assistant Attorney General John Carlin. “The allegations in the complaint demonstrate that the line between ordinary criminal hackers and potential national security threats is increasingly blurry.”

If the complaints released by the U.S. are accurate, Dardar and Romar are two of a handful of hackers known to be working for their government and carrying out extortion. Suspicions of governments using ransomware – malware that locks users’ files by encrypting them, only decrypting when the victim hands the hackers money – have proven unfounded. But researchers from security firm FireEye told FORBES they have seen a handful of examples where nation states have perpetrated extortion campaigns like the SEA suspects. But, the researchers said, it’s unlikely they ever want funds.

“We don’t believe that their intention was to get a ransom,” said Charles Carmakal, managing director of Mandiant, a FireEye-owned firm, speaking with FORBES last week. “I can say we’ve seen it but our case load isn’t that high.”

The hack of Sony Pictures, which the U.S. accused the North Korean government of sponsoring, included such a ransom demand once hackers had broken in. Sony didn’t pay and the hackers wiped the film studio’s machines before publishing vast tranches of company emails and files for all and sundry to pick through.

 

 

Pentagon: Social Media Charting Maps on Syrian Exodus

Posted on by

Harvesting posts on social media platforms has become necessary to track all kinds of human conditions. There was once a time it was a scandal when Edward Snowden revealed NSA platforms but now it is widely accepted apparently.

When it comes to tracking people movement, medical and humanitarian issues and patterns, the Pentagon is working social media. If there are protests, intermittent battles or hostilities or airstrikes, social media is the go to immediate source.

It is so valuable, the United Nations is now passing out phones and or sim cards to migrants and refugees. Question is who is paying the full connectivity access and to what wireless company?

Pentagon Mapmakers Are Using Social Media to Chart Syrians’ Exodus

Officials admit the National Geospatial-Intelligence Agency’s approach has its limitations

DefenseOne: Streams of Facebook, Instagram, and other social media posts shared by smartphone-toting children and families at border crossings are providing U.S. intelligence analysts with a real-time map of the Syrian exodus. It’s not picture perfect, but it fills in gaps for the nation’s spy cartographers, a top Defense Department official says.

By searching public posts, the National Geospatial-Intelligence Agency fulfills its duty to provide decision-makers with past, present and future insights into locations during a global emergency.

Viewing Defense Department satellite imagery from “space isn’t a great way to sense human activity of that magnitude, but people talking on the ground and people tweeting about lack of food, or pictures about lines at gates at borders is really incredibly useful,” Sue Gordon, the spy map agency’s deputy director, tells Nextgov. “You will have the ability to see what’s going on from an intelligence perspective, but social media will give you that on-the-ground look to help you correlate disparate activities or to get a different view of what is real.”

Photos and vignettes that refugees and relief workers publish depict the kindnesses and bloodshed arising from a civil war that has torn an estimated 14 million people from their homes.

The images are made possible, in part, by governmental organizations. As of August, the Office of the United Nations High Commissioner for Refugees had distributed 33,000 mobile SIM cards to displaced Syrians in Jordan alone.

Geotags on posts — metadata indicating where and when messages were sent — can be searched or plotted on a map.

For example, one government vendor that specializes in the marriage of geographic data and social media pins refugee-related items from Facebook, Twitter, Instagram and other social networks on a map of the Middle East and Europe. (Here is a map of posts filtered by the keywords, “Hamah, Syria.”)

By clicking on a marker, federal analysts can see when and where the messages were sent, as well as their images and words. (Here are a few tweets, containing Instagram links, that depict a blocked Hungary-Serbia border.)

The firm, Canada-based Echosec, uses maps from geospatial software provider Esri. National Geospatial-Intelligence Agency spokeswoman Don Kerr told Nextgov the agency does not currently contract with Echosec but it does use Esri’s technology.

While declining to identify specific federal clients, Echosec marketing executive Kira Kirk said that as the Syrian conflict has escalated, the company’s tools have followed the growing numbers of displaced civilians moving into countries like Turkey, Lebanon, Greece and Hungary.

At the Za’atari Syrian Refugee Camp in Jordan, 86 percent of the young refugees owned mobile handsets and 83 percent owned SIM cards, according to a March 2015 paper presented by Pennsylvania State University scholars Carleen Maitland and Ying Xu for the 43rd Research Conference on Communication, Information and Internet.

Last month, Defense One contributor Gayle Tzemach Lemmon, reporting from the Turkish Border, said: ”Russian air strikes are among the first things you hear when spending any time among Syrians constantly monitoring what is happening to family and friends via What’sApp and Facebook. YouTube videos are played and the carnage people are witnessing is discussed.”

Unlike law enforcement authorities or covert operatives, NGA personnel do not engage social media users they follow online.

We’re not out there interacting with it and trying to influence it,” said Gordon, during an interview at Esri’s FedGIS conference in Washington. Rather, analysts subscribe to various feeds, open accounts and watch YouTube videos,

This passive approach to social media monitoring has its limitations, including spin.

Intelligence analysts can get the wrong impression from trolls, propagandists or other users with selective memories, just as Facebook stalkers sometimes feel down when bombarded with pictures of parties and achievements on their friends’ timelines.

They get depressed because they see all these people having this great life, but I think it makes the point that all this stuff that is produced by humans comes with a perspective and you may perceive it to be true but you still have to think about what it is” indicating, Gordon said. “And then you have other truths that can help out.”

To her point, Jill Walker Rettberg, a University of Bergen digital culture professor, said of a Vocativ Instagram narrative showing one Syrian man’s journey to Germany, ”The absence of women and children is striking.”

Still, localized data points can make life a little easier for an agency dealing with information overload.

It has a real lovely temporal quality to it because it’s always being captured by somebody who cares about that event and that event in time,” Gordon said. ”The Syrian migration is just a really great example, or any humanitarian crisis or migratory crisis, because we have overhead assets but the real intelligence is on the ground.”

Goggle, State Dept and Overthrowing Assad

Posted on by

For reference on how Hillary’s communications were vulnerable and shared.

Clinton email reveals: Google sought overthrow of Syria’s Assad

WashingtonExaminer: Google in 2012 sought to help insurgents overthrow Syrian President Bashar Assad, according to State Department emails receiving fresh scrutiny this week.

Messages between former secretary of state Hillary Clinton’s team and one of the company’s executives detailed the plan for Google to get involved in the region.

“Please keep close hold, but my team is planning to launch a tool … that will publicly track and map the defections in Syria and which parts of the government they are coming from,” Jared Cohen, the head of what was then the company’s “Google Ideas” division, wrote in a July 2012 email to several top Clinton officials.

“Our logic behind this is that while many people are tracking the atrocities, nobody is visually representing and mapping the defections, which we believe are important in encouraging more to defect and giving confidence to the opposition,” Cohen said, adding that the plan was for Google to surreptitiously give the tool to Middle Eastern media.

“Given how hard it is to get information into Syria right now, we are partnering with Al-Jazeera who will take primary ownership over the tool we have built, track the data, verify it, and broadcast it back into Syria,” he said.

“Please keep this very close hold and let me know if there is anything [else] you think we need to account for or think about before we launch. We believe this can have an important impact,” Cohen concluded.

Hillary Emails: Google tried to boost Assad defections More:

The message was addressed to deputy secretary of state Bill Burns; Alec Ross, a senior Clinton advisor; and Clinton’s deputy chief of staff, Jake Sullivan. Sullivan subsequently forwarded Cohen’s proposal to Clinton, describing it as “a pretty cool idea.”

Cohen worked as a low-level staffer at the State Department until 2010, when he was hired to lead Google Ideas, but was tied to the use of social media to incite social uprisings even before he left the department. He once reportedly asked Twitter CEO Jack Dorsey to hold off of conducting system maintenance that officials believed could have impeded a brief 2009 uprising in Iran.

https://wikileaks.org/clinton-emails/emailid/12166#efmAMoAbj

Google Is Not What It Seems, by Julian Assange (must read)

Eric Schmidt, Chairman of Google, at the “Pulse of Today’s Global Economy” panel talk at the Clinton Global Initiative annual meeting, 26 Sept. 2013 in New York. Eric Schmidt first attended the CGI annual meeting at its opening plenary in 2010. (Photo: Mark Lennihan)

The unusual involvement by Google in foreign affairs highlights the difficulty of involvement in the internal politics of foriegn states. While Cohen seemed to consider his company’s effort as helpful to American interests, the effort to overthrow Assad helped spur the rise of the Islamic State, which eventually filled a vaccuum resulting from Assad’s loss of control over of Syria.

The exchange on Syria was highlighted by Wikileaks on Saturday. Earlier in the week, the secret-leaking website posted more than 30,000 emails that Clinton sent or received during her tenure leading the State Department.

He is Missing, Bank Hack of $90 Billion

Posted on by

HackerNews: Tanvir Hassan Zoha, a 34-year-old security researcher, who spoke to media on the $81 Million Bangladesh Bank cyber theft, has gone missing since Wednesday night, just days after accusing Bangladesh’s central bank officials of negligence.

Zoha was investigating a recent cyber attack on Bangladesh’s central bank that let hackers stole $81 Million from the banks’ Federal Reserve bank account.
Though the hackers tried to steal $1 Billion from the bank, a simple typo prevented the full heist.
During his investigation, Zoha believed the Hackers, who are still unknown, had installed Malware on the bank’s computer systems few weeks before the heist that allowed them to obtain credentials needed for payment transfers.
With the help of those credentials, the unknown hackers transferred large sums from Bangladesh’s United States account to fraudulent accounts based in the Philippines and Sri Lanka.
However, at the same time, Zoha accused senior officials at Bangladesh central bank of gross negligence and weak security procedures that eventually facilitated the largest bank heist in the country.
The Central bank’s governor Atiur Rahman, along with two of his deputy governors, had to quit his job over the scandal, hugely embarrassing the government and raising alarm over the security of Bangladesh’s foreign exchange reserves of over US$27 Billion.
However, when the investigation was still going on, Zoha disappeared Wednesday night, while coming home with one of his friends, according to sources close to Zoha’s family.
While speaking to media in the wake of the massive cyber attack, Zoha identified himself as the ICT (Information and Communication Technology) Division’s cyber security expert who had worked with various government agencies in the past.
Soon after Zoha’s disappearance, the government officials put out a statement but did not provide more details besides the fact that they opened an investigation.

Zoha’s family members suspect that the comments Zoha made about the carelessness of bank’s officials on the Bank heist to the press on March 11 are the cause of his disappearance.
***
(Reuters) – The SWIFT messaging system plans to ask banks to make sure they are following recommended security practices following an unprecedented cyber attack on Bangladesh’s central bank that yielded $81 million, a spokeswoman for the group told Reuters on Sunday.

Brussels-based SWIFT, a cooperative owned by some 3,000 global financial institutions, will issue a written warning on Monday asking banks to review internal security, the spokeswoman said.

SWIFT staff will also begin calling banks to highlight the importance of reviewing security measures after the attack in Bangladesh, she added.

“Our priority at this time is to encourage customers to review and, where necessary, to reinforce their local operating environments,” the spokeswoman added.

Unknown hackers breached the computer systems of Bangladesh Bank and in early February attempted to steal $951 million from its account at the Federal Reserve Bank of New York, which it uses for international settlements. Some attempted transfers were blocked, but $81 million was transferred to accounts in the Philippines in one of the largest cyber heists in history.

SWIFT has so far said little about the attack, except that it was related to “an internal operational issue” at Bangladesh Bank and that there was no compromise in its core messaging system.

SWIFT prepared a summary of previously issued recommendations for implementing security measures to thwart hackers, which advises members to pay close attention to best practices, the spokeswoman added.

A confidential interim report on the investigation, which forensics experts submitted to the bank on Wednesday, said that attackers took control of the bank’s network, stole credentials for sending SWIFT messages and used “sophisticated” malicious software to attack the computers it uses to process and authorize transactions.

Investigators said in the report, which was reviewed by Reuters, that they believe the attackers have targeted other financial institutions.

The report was prepared by FireEye Inc and World Informatix, which were hired by Bangladesh’s central bank to investigate the massive theft.

The investigators did not identify other victims or name the hackers, but said that forensic evidence suggests they were also behind other recent cyber attacks on financial institutions.

“FireEye has observed these same suspected FIN threat actors within other customer networks in the financial industry, where these threat actors appear to be financially motivated, and well organized,” said an interim report sent to the bank last week.

Representatives of Bangladesh Bank and FireEye declined to comment on the confidential report and their probe into the Feb. 4 heist.

World Informatix Chief Executive Rakesh Asthana told Reuters via email that he could not discuss the investigation, but that he expected Bangladesh Bank to issue a news release on Monday.

Details from the confidential report were previously reported by Bloomberg News and a Bangladesh publication, The Daily Star.

Did Hillary Give Sid her Sign-in Credentials?

Posted on by

Just askin…..there is an intelligence war with Hillary behind the curtains…..how did Sidney Blumenthal, the leader of Hillary’s personal global spy team get exact text from the NSA? Further, how come he had to give it to Hillary…she could have signed in herself…or could she?

Hundreds of questions and a brewing intersection with the whole intelligence community….

Hillary Has an NSA Problem

The FBI has been investigating Clinton for months—but an even more secretive Federal agency has its own important beef with her

Schindler: For a year now, Hillary Clinton’s misuse of email during her tenure as secretary of state has hung like a dark cloud over her presidential campaign. As I told you months ago, email-gate isn’t going away, despite the best efforts of Team Clinton to make it disappear. Instead, the scandal has gotten worse, with never-ending revelations of apparent misconduct by Ms. Clinton and her staff. At this point, email-gate may be the only thing standing between Ms. Clinton and the White House this November.

Specifically, the Federal Bureau of Investigation examination of email-gate, pursuant to provisions of the Espionage Act, poses a major threat to Ms. Clinton’s presidential aspirations. However, even if the FBI recommends prosecution of her or members of her inner circle for mishandling of classified information—which is something the politically unconnected routinely do face prosecution for—it’s by no means certain that the Department of Justice will follow the FBI’s lead.

What the DoJ decides to do with email-gate is ultimately a question of politics as much as justice. Ms. Clinton’s recent statement on her potential prosecution, “it’s not going to happen,” then refusing to address the question at all in a recent debate, led to speculation about a backroom deal with the White House to shield Ms. Clinton from prosecution as long as Mr. Obama is in the Oval Office. After mid-January, however, all bets would be off. In that case, winning the White House herself could be an urgent matter of avoiding prosecution for Ms. Clinton.

That said, if the DoJ declines to prosecute after the Bureau recommends doing so, a leak-fest of a kind not seen in Washington, D.C., since Watergate should be anticipated. The FBI would be angry that its exhaustive investigation was thwarted by dirty deals between Democrats. In that case, a great deal of Clintonian dirty laundry could wind up in the hands of the press, habitual mainstream media covering for the Clintons notwithstanding, perhaps having a major impact on the presidential race this year.

The FBI isn’t the only powerful federal agency that Hillary Clinton needs to worry about as she plots her path to the White House between scandals and leaks. For years, she has been on the bad side of the National Security Agency, America’s most important intelligence agency, as revealed by just-released State Department documents obtained by Judicial Watch under the Freedom of Information Act.

‘What did she not want put on a government system, where security people might see it? I sure wish I’d asked about it back in 2009.’

The documents, though redacted, detail a bureaucratic showdown between Ms. Clinton and NSA at the outset of her tenure at Foggy Bottom. The new secretary of state, who had gotten “hooked” on her Blackberry during her failed 2008 presidential bid, according to a top State Department security official, wanted to use that Blackberry anywhere she went.

That, however, was impossible, since Secretary Clinton’s main office space at Foggy Bottom was actually a Secure Compartment Information Facility, called a SCIF (pronounced “skiff”) by insiders. A SCIF is required for handling any Top Secret-plus information. In most Washington, D.C., offices with a SCIF, which has to be certified as fully secure from human or technical penetration, that’s where you check Top-Secret email, read intelligence reports and conduct classified meetings that must be held inside such protected spaces.

But personal electronic devices—your cellphone, your Blackberry—can never be brought into a SCIF. They represent a serious technical threat that is actually employed by many intelligence agencies worldwide. Though few Americans realize it, taking remote control over a handheld device, then using it to record conversations, is surprisingly easy for any competent spy service. Your smartphone is a sophisticated surveillance device—on you, the user—that also happens to provide phone service and Internet access.

As a result, your phone and your Blackberry always need to be locked up before you enter any SCIF. Taking such items into one represents a serious security violation. And Ms. Clinton and her staff really hated that. Not even one month into the new administration in early 2009, Ms. Clinton and her inner circle were chafing under these rules. They were accustomed to having their personal Blackberrys with them at all times, checking and sending emails nonstop, and that was simply impossible in a SCIF like their new office.

This resulted in a February 2009 request by Secretary Clinton to the NSA, whose Information Assurance Directorate (IAD for short: see here for an explanation of Agency organization) secures the sensitive communications of many U.S. government entities, from Top-Secret computer networks, to White House communications, to the classified codes that control our nuclear weapons.

The contents of Sid Blumenthal’s June 8, 2011, email to Hillary Clinton—to her personal, unclassified account—were based on highly sensitive NSA information.

IAD had recently created a special, custom-made secure Blackberry for Barack Obama, another technology addict. Now Ms. Clinton wanted one for herself. However, making the new president’s personal Blackberry had been a time-consuming and expensive exercise. The NSA was not inclined to provide Secretary Clinton with one of her own simply for her convenience: there had to be clearly demonstrated need.

And that seemed dubious to IAD since there was no problem with Ms. Clinton checking her personal email inside her office SCIF. Hers, like most, had open (i.e. unclassified) computer terminals connected to the Internet, and the secretary of state could log into her own email anytime she wanted to right from her desk.

But she did not want to. Ms. Clinton only checked her personal email on her Blackberry: she did not want to sit down at a computer terminal. As a result, the NSA informed Secretary Clinton in early 2009 that they could not help her. When Team Clinton kept pressing the point, “We were politely told to shut up and color” by IAD, explained the state security official.

The State Department has not released the full document trail here, so the complete story remains unknown to the public. However, one senior NSA official, now retired, recalled the kerfuffle with Team Clinton in early 2009 about Blackberrys. “It was the usual Clinton prima donna stuff,” he explained, “the whole ‘rules are for other people’ act that I remembered from the ’90s.” Why Ms. Clinton would not simply check her personal email on an office computer, like every other government employee less senior than the president, seems a germane question, given what a major scandal email-gate turned out to be. “What did she not want put on a government system, where security people might see it?” the former NSA official asked, adding, “I wonder now, and I sure wish I’d asked about it back in 2009.”

He’s not the only NSA affiliate with pointed questions about what Hillary Clinton and her staff at Foggy Bottom were really up to—and why they went to such trouble to circumvent federal laws about the use of IT systems and the handling of classified information. This has come to a head thanks to Team Clinton’s gross mishandling of highly classified NSA intelligence.

As I explained in this column in January, one of the most controversial of Ms. Clinton’s emails released by the State Department under judicial order was one sent on June 8, 2011, to the Secretary of State by Sidney Blumenthal, Ms. Clinton’s unsavory friend and confidant who was running a private intelligence service for Ms. Clinton. This email contains an amazingly detailed assessment of events in Sudan, specifically a coup being plotted by top generals in that war-torn country. Mr. Blumenthal’s information came from a top-ranking source with direct access to Sudan’s top military and intelligence officials, and recounted a high-level meeting that had taken place only 24 hours before.

To anybody familiar with intelligence reporting, this unmistakably signals intelligence, termed SIGINT in the trade. In other words, Mr. Blumenthal, a private citizen who had enjoyed no access to U.S. intelligence for over a decade when he sent that email, somehow got hold of SIGINT about the Sudanese leadership and managed to send it, via open, unclassified email, to his friend Ms. Clinton only one day later.

NSA officials were appalled by the State Department’s release of this email, since it bore all the hallmarks of Agency reporting. Back in early January when I reported this, I was confident that Mr. Blumenthal’s information came from highly classified NSA sources, based on my years of reading and writing such reports myself, and one veteran agency official told me it was NSA information with “at least 90 percent confidence.”

Now, over two months later, I can confirm that the contents of Sid Blumenthal’s June 8, 2011, email to Hillary Clinton, sent to her personal, unclassified account, were indeed based on highly sensitive NSA information. The agency investigated this compromise and determined that Mr. Blumenthal’s highly detailed account of Sudanese goings-on, including the retelling of high-level conversations in that country, was indeed derived from NSA intelligence.

Specifically, this information was illegally lifted from four different NSA reports, all of them classified “Top Secret / Special Intelligence.” Worse, at least one of those reports was issued under the GAMMA compartment, which is an NSA handling caveat that is applied to extraordinarily sensitive information (for instance, decrypted conversations between top foreign leadership, as this was). GAMMA is properly viewed as a SIGINT Special Access Program, or SAP, several of which from the CIA Ms. Clinton compromised in another series of her “unclassified” emails.

Currently serving NSA officials have told me they have no doubt that Mr. Blumenthal’s information came from their reports. “It’s word-for-word, verbatim copying,” one of them explained. “In one case, an entire paragraph was lifted from an NSA report” that was classified Top Secret / Special Intelligence.

How Mr. Blumenthal got his hands on this information is the key question, and there’s no firm answer yet. The fact that he was able to take four separate highly classified NSA reports—none of which he was supposed to have any access to—and pass the details of them to Hillary Clinton via email only hours after NSA released them in Top Secret / Special Intelligence channels indicates something highly unusual, as well as illegal, was going on.

Suspicion naturally falls on Tyler Drumheller, the former CIA senior official who was Mr. Blumenthal’s intelligence fixer, his supplier of juicy spy gossip, who conveniently died last August before email-gate became front-page news. However, he, too, had left federal service years before and should not have had any access to current NSA reports.

There are many questions here about what Hillary Clinton and her staff at Foggy Bottom were up to, including Sidney Blumenthal, an integral member of the Clinton organization, despite his lack of any government position. How Mr. Blumenthal got hold of this Top Secret-plus reporting is only the first question. Why he chose to email it to Ms. Clinton in open channels is another question. So is: How did nobody on Secretary Clinton’s staff notice that this highly detailed reporting looked exactly like SIGINT from the NSA? Last, why did the State Department see fit to release this email, unredacted, to the public?

These are the questions being asked by officials at the NSA and the FBI right now. All of them merit serious examination. Their answers may determine the political fate of Hillary Clinton—and who gets elected our next president in November.