Snowden Calls ‘Shadow Brokers’ Hack of NSA Hackers ‘Significant’ Turn in Spy WarsCalling leak of sophisticated spy tools unprecedented, whistleblower says things ‘could get messy fast’
By: Nika Knight
The National Security Administration (NSA) was allegedly hacked by a mysterious group calling itself “The Shadow Brokers,” and the “most powerful espionage tools” of the NSA’s elite hacker team, as the Washington Post put it, were leaked to the internet this weekend.
The Post reported late Tuesday:
A cache of hacking tools with code names such as Epicbanana, Buzzdirection, and Egregiousblunder appeared mysteriously online over the weekend, setting the security world abuzz with speculation over whether the material was legitimate.
The file appeared to be real, according to former NSA personnel who worked in the agency’s hacking division, known as Tailored Access Operations (TAO).
“Without a doubt, they’re the keys to the kingdom,” said one former TAO employee, who spoke on the condition of anonymity to discuss sensitive internal operations. “The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.”
Said a second former TAO hacker who saw the file: “From what I saw, there was no doubt in my mind that it was legitimate.”
“The exploits are not run-of-the-mill tools to target everyday individuals,” the Post added. “They are expensive software used to take over firewalls, such as Cisco and Fortinet, that are used ‘in the largest and most critical commercial, educational and government agencies around the world,’ said Blake Darche, another former TAO operator and now head of security research at Area 1 Security.”
In a series of tweets, noted NSA whistleblower Edward Snowden posited that Russia was behind the breach.
As Forbes observed: “He believes, as do others, that the timing of the leak is interesting. As many of the leaked files were dated mid-2013, the hackers have been sitting on the data for at least three years. It’s only now the materials are being released, a matter of months after U.S. intelligence sources and American security companies claimed the Democratic National Committee (DNC) had been hacked by Russia. Snowden believes Russia is sending a warning on the dangers of attributing cyberattacks.”
“This leak is likely a warning that someone can prove U.S. responsibility for any attacks that originated from this malware server,” Snowden tweeted. “That could have significant foreign policy consequences. Particularly if any of those operations targeted U.S. allies.”
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 License