Snowden Documents Confirm That NSA Hacking Tool Was Compromised by Shadow Brokers Hacking Group
A mysterious group by the name of “The Shadow Brokers” had dumped what appeared to be some of the National Security Agency’s (NSA) hacking tools online last Friday. Since then, experts have been trying to find out if some of the U.S. spy agency’s powerful hacking tools were actually compromised.
According to The Intercept, these tools are stated in documents leaked by NSA whistleblower Edward Snowden. Yesterday, The Intercept reported that the newly released documents from the cache of documents leaked by Snowden now seem to confirm that the 301MB archive of NSA hacking tools, exploits and data are indeed true.
The hacking tools come from what’s called the “Equation Group,” another hacking group long believed to be an NSA offshoot. The hackers who leaked the NSA’s hacking tools asserted that they were only dumping some of the tools they were able to obtain, and demanded millions of dollars in ransom for the rest.
Here’s the smoking gun from The Intercept:
“The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, “ace02468bdf13579.” That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE.”
In other words, the string also appeared in 14 different files leaked as part of the ShadowBrokers data dump, including one file labelled SecondDate-3021.exe.
The tool allows the NSA to carry out “man-in-the-middle” attacks against targeted computers to interrupt traffic on a network and redirect web requests to the NSA, according to an internal NSA presentation from the Snowden trove.
While the NSA has not commented on the ShadowBrokers’ claims, software manufacturers like Cisco Systems Inc. and Fortinet Inc. in separate announcements earlier this week, said that some of the ShadowBrokers’ leaked codes are a threat to their products, lending credibility to the notion that the NSA exploits stolen by the hackers are legitimate.
It is still not clear how the data was leaked, and who exactly leaked it. However, many experts believe that Russia could be behind the high-profile breach. Snowden earlier this week had speculated that the leak could be a warning from Russia, saying “the hack of an NSA malware staging server is not unprecedented, but the publication of the take is.”
“Circumstantial evidence and conventional wisdom indicate Russian responsibility,” Snowden wrote in a series of tweets on August 16. “This leak is likely a warning that someone can provide US responsibility for any attacks that originated from the malware server. That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies. Particularly if any of those operations targeted elections.”