As our Cory Doctorow reported previously, a previously unheard of hacker group calling themselves The Shadow Brokers announced this week it had stolen a trove of ready-to-use cyber weapons from The Equation Group (previously), an advanced cyberweapons dealer believed to be operating on behalf of, or within, the NSA.
The Shadow Brokers are auctioning the weaponized malware off to the highest bidder.
From Moscow on Twitter today, NSA whistleblower Edward Snowden laid out his theory for how the exploits were captured, and what relation that has to the revelations he made when he blew the whistle on illegal NSA spying in 2013.
The New York Times reports that the stolen code “does not appear to have come from Mr. Snowden’s archive, which was mostly composed of PowerPoint files and other documents that described N.S.A. programs. The documents released by Mr. Snowden and his associates contained no actual source code used to break into the networks of foreign powers.”
WikiLeaks says that it has a full set of the files, and will release them over time.
The Shadow Brokers story raises a big question: Was the NSA was actually hacked? And does this mean their highly secretive methods have been revealed?
From David E. Sanger's NYT story:
“I think it’s Snowden-era stuff, repackaged for resale now,” said James A. Lewis, a computer expert at the Center for Strategic and International Studies, a Washington think tank. “This is probably some Russian mind game, down to the bogus accent” of some of the messages sent to media organizations by the Shadow Brokers group, delivered in broken English that seemed right out of a bad spy movie.
The N.S.A. would say nothing on Tuesday about whether the coding released was real or where it came from. Its public affairs office did not respond to inquiries.
“It certainly feels all real,” said Bruce Schneier, a leading authority on state-sponsored breaches. “The question is why would someone steal it in 2013 and release it this week? That’s what is making people think this is likely the work of Russian intelligence.”
There are other theories, including one that some unknown group was trying to impersonate hackers working for Russian or other intelligence agencies. Impersonation is relatively easy on the internet, and it could take considerable time to determine who is behind the release of the code.