Aug 17, 2016
The National Security Administration (NSA) was allegedly hacked by a mysterious group calling itself "The Shadow Brokers," and the "most powerful espionage tools" of the NSA's elite hacker team, as the Washington Post put it, were leaked to the internet this weekend.
The Post reported late Tuesday:
A cache of hacking tools with code names such as Epicbanana, Buzzdirection, and Egregiousblunder appeared mysteriously online over the weekend, setting the security world abuzz with speculation over whether the material was legitimate.
The file appeared to be real, according to former NSA personnel who worked in the agency's hacking division, known as Tailored Access Operations (TAO).
"Without a doubt, they're the keys to the kingdom," said one former TAO employee, who spoke on the condition of anonymity to discuss sensitive internal operations. "The stuff you're talking about would undermine the security of a lot of major government and corporate networks both here and abroad."
Said a second former TAO hacker who saw the file: "From what I saw, there was no doubt in my mind that it was legitimate."
"The exploits are not run-of-the-mill tools to target everyday individuals," the Post added. "They are expensive software used to take over firewalls, such as Cisco and Fortinet, that are used 'in the largest and most critical commercial, educational and government agencies around the world,' said Blake Darche, another former TAO operator and now head of security research at Area 1 Security."
In a series of tweets, noted NSA whistleblower Edward Snowden posited that Russia was behind the breach.
As Forbes observed: "He believes, as do others, that the timing of the leak is interesting. As many of the leaked files were dated mid-2013, the hackers have been sitting on the data for at least three years. It's only now the materials are being released, a matter of months after U.S. intelligence sources and American security companies claimed the Democratic National Committee (DNC) had been hacked by Russia. Snowden believes Russia is sending a warning on the dangers of attributing cyberattacks."
"This leak is likely a warning that someone can prove U.S. responsibility for any attacks that originated from this malware server," Snowden tweeted. "That could have significant foreign policy consequences. Particularly if any of those operations targeted U.S. allies."
Read Snowden's full theory here:
\u201c1) NSA traces and targets malware C2 servers in a practice called Counter Computer Network Exploitation, or CCNE. So do our rivals.\u201d— Edward Snowden (@Edward Snowden) 1471347654
\u201c2) NSA is often lurking undetected for years on the C2 and ORBs (proxy hops) of state hackers. This is how we follow their operations.\u201d— Edward Snowden (@Edward Snowden) 1471347654
\u201c3) This is how we steal their rivals' hacking tools and reverse-engineer them to create "fingerprints" to help us detect them in the future.\u201d— Edward Snowden (@Edward Snowden) 1471347654
\u201c4) Here's where it gets interesting: the NSA is not made of magic. Our rivals do the same thing to us -- and occasionally succeed.\u201d— Edward Snowden (@Edward Snowden) 1471347654
\u201c5) Knowing this, NSA's hackers (TAO) are told not to leave their hack tools ("binaries") on the server after an op. But people get lazy.\u201d— Edward Snowden (@Edward Snowden) 1471347654
\u201c6) What's new? NSA malware staging servers getting hacked by a rival is not new. A rival publicly demonstrating they have done so is.\u201d— Edward Snowden (@Edward Snowden) 1471347654
\u201c7) Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack.\u201d— Edward Snowden (@Edward Snowden) 1471347654
\u201c8) Circumstantial evidence and conventional wisdom indicates Russian responsibility. Here's why that is significant:\u201d— Edward Snowden (@Edward Snowden) 1471347654
\u201c9) This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server.\u201d— Edward Snowden (@Edward Snowden) 1471347654
\u201c10) That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies.\u201d— Edward Snowden (@Edward Snowden) 1471347654
\u201c11) Particularly if any of those operations targeted elections.\u201d— Edward Snowden (@Edward Snowden) 1471347681
\u201c12) Accordingly, this may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks.\u201d— Edward Snowden (@Edward Snowden) 1471347714
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.