Last Friday, a mysterious group by the name of “The Shadow Brokers” dumped what appeared to be some of the National Security Agency’s hacking tools online. There was some speculation as to whether the tools were legitimate. According to The Intercept, these tools are mentioned in documents leaked by NSA whistleblower Edward Snowden.
The hacking tools come from a what’s called the “Equation Group,” another hacking group long believed to be an NSA offshoot. The hackers who leaked the NSA’s hacking tools claimed that they were only dumping some of the tools they were able to obtain, and demanded millions of dollars in ransom for the rest.
Here’s the smoking gun from The Intercept:
The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, “ace02468bdf13579.” That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE.
Edward Snowden himself already speculated the hack was legitimate earlier this week, and theorized that this leak by The Shadow Brokers may be part of a larger hacking campaign that included the hack of the Democratic National Committee.
The tool in question here, SECONDDATE, enables what’s called a man in the middle attack, where a victim unknowingly connects to a supposedly safe website, but instead receives a nice payload from the NSA. This helpful top secret document from the Snowden trove explains.
As The Intercept notes, this is the first time that hacking tools from the extremely guarded and mysterious NSA have been leaked to the public. It’s an embarrassing screw up for what is supposed to be the most sophisticated spying and hacking agencies in the world. This hack will certainly be cited in future encryption debates. If the NSA can’t even keep its tools safe, what guarantee is there that the golden encryption key some lawmakers are advocating for will be kept safe?