An anonymous group of hackers calling itself the Shadow Brokers says it breached the networks of the world's most advanced spying agency, the NSA. The hacker group claimed Monday that it extracted software used by the NSA to hack computers and networks belonging to governments and corporations, including Cisco Systems and Fortinet Inc.
The Shadow Brokers released a bit of the captured data (some 300 MB) on the web to prove their claim. Security experts analyzed the files and agreed that the software is authentic.
The hackers have, curiously, put the rest of the software on an online auction, aiming to collect $1 billion in bitcoins. They claim that the package contains software "weapons better than Stuxnet," a malicious worm that caused significant damage to computer networks serving the Iranian nuclear program. When the online auction raises one million bitcoins (some $568 million), the group says it will release another chunk of software to the public for free.
The group claims it successfully hacked the NSA's Equation Group division. The existence of the Equation Group was first announced by Moscow-based software security group Kaspersky Lab in 2015. Kaspersky Lab called the Equation Group the most sophisticated cyber-attack group in the world, and "the most advanced… we have seen."
Whistleblower Edward Snowden provided documents that allowed the Intercept to confirm that the Equation Group is connected to the NSA.
The malware package is part of the NSA's involvement in violating vulnerabilities in computer systems, which first became publicly known in 2014, when President Barack Obama signed an order that government agencies must disclose discovered vulnerabilities to developers. But this order had a major loophole, in that vulnerabilities that have "a clear national security or law enforcement" significance can be kept secret and exploited, according to Wired. This led to the creation of massive arsenal of attack software, which is now in hands of unknown hackers.
NSA-veteran-turned-whistleblower William Binney told Sputnik's Loud & Clear that the Agency "has a tendency not to fix things," as once they report a vulnerability, "this window is closed for them and they can not see through it."
Binney says this particular attack was likely an inside job. He states that the NSA network is physically separated from the Internet, so someone inside the NSA, "another Snowden-type person," must have compromised the software and handled it over to the Shadow Brokers.
If it is not the case, and the internal network has in fact been breached from the outside, "the implications are much, much greater in terms of compromising information and data than simply [someone] draining their exploitation software."
The whistleblower also underscored the clear and present danger that, should the offensive software fall into hands of foreign specialists, it could be reverse-engineered, updated and used for attacks even after the exposed vulnerabilities are patched. Binney believes Iran is already studying Stuxnet, seeking to reverse engineer and upgrade it and use it to its own interests.
Edward Snowden has suggested that Russia is behind the Shadow Brokers. "Circumstantial evidence and conventional wisdom indicates Russian responsibility," he tweeted. His comments were added to by James A. Lewis, of the Center for Strategic and International Studies, who suggested that the NSA dump is "some Russian mind game."
Snowden has observed that the NSA leak is "likely a warning that someone can prove US responsibility for any attacks that originated from this [NSA] malware server."
"That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies," he added in the next tweet.
Thus a simple hack balloons from being a cyber-security issue to possibly becoming a full-scale foreign policy crisis.