Did 'Shadow Brokers' steal NSA cyberweapons?

A mysterious group calling itself the 'Shadow Brokers' claims to have stolen – and to be auctioning off – NSA-linked cyberweapons.

Patrick Semansky/AP/File
This June 6, 2013 file photo shows the National Security Agency (NSA) campus in Fort Meade, Md.

Has the US National Security Agency (NSA) been hacked in a an unprecedented manner, or is someone playing an elaborate hoax?

That is the question currently confronting the world’s cybersecurity experts, as they try to unpack the announcement by a previously unknown group calling themselves the Shadow Brokers. The anonymous hackers have posted some files and software tools online, claiming they were pilfered from an elite group of cyberwarriors that many experts have linked to the NSA, saying that the "best files" are being held back for auction.

If the breach is genuine, it could turn into a major embarrassment and headache for the NSA. At this point, the cybersecurity community seems in disagreement as to the veracity of the Shadow Brokers’ claims, leading to the conclusion that if it is a hoax, it is a job well done.

"It is extraordinary that a government based (or at least government supported) group would get comprehensively hacked, but there is evidence indicating that this may have actually happened," cybersecurity expert Steven Murdoch of University College London told the BBC.

The group Dr. Murdoch referred to, and the one the Shadow Brokers are claiming to have stolen from, has been dubbed the Equation Group, and is thought to be tied to the NSA. Having remained in the shadows for well over a decade, the outfit received widespread exposure last year after Russian cybersecurity firm Kaspersky published an exhaustive report on their alleged exploits.

In that document, the authors labelled the Equation Group as "probably one of the most sophisticated cyber attack groups in the world" and the most advanced "threat actor" they have seen. They linked them to both the Stuxnet operation, which targeted Iranian nuclear facilities a decade ago, and Flame, malicious code assaulting Middle Eastern states around the same time.

If the group's claims are legitimate, the Shadow Brokers’ move represents the latest in a series of cybersecurity setbacks that the United States itself has suffered, coming close on the heels of repeated attacks targeting the Democratic Party.

Yet this latest incident differs in that the perpetrators appear to be seeking financial gain, implementing a convoluted auction process which promises to release the remaining files to the highest bidder. But the bidding is done in secret. And no bidder receives a refund.

And if the group reaches its target of 1 million Bitcoins – the digital currency in which it is demanding payment, worth an equivalent of more than $500 million – they promise to publicize all the information.

While some security analysts picking through the files released so far do find cause to connect them to the NSA and the Equation Group, they also point out that it is unlikely the Shadow Brokers managed to infiltrate the Equation Group itself. Rather, they might have targeted some kind of a server used by the NSA hackers.

"These files are not fully fake for sure," Boldizsár Bencsáth, a researcher with Hungary-based CrySyS who is widely credited with discovering Flame, told Ars Technica. "Most likely they are part of the NSA toolset, judging just by the volume and peeps into the samples. At first glance it is sound that these are important attack related files, and yes, the first guess would be Equation Group."

Former NSA contractor Edward Snowden has also weighed in on the Shadow Brokers hack in a series of tweets. Snowden suggests that Russia – unhappy about being blamed for the Democratic National Party document leak – may have leaked the NSA cyberweapons in order to send a warning to the US. 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Did 'Shadow Brokers' steal NSA cyberweapons?
Read this article in
QR Code to Subscription page
Start your subscription today