What Is Going On with the NSA?
The recent news stories about the cyber weapon leak by a group known as The Shadow Brokers is quite disturbing if true. The story is that this group “hacked” the National Security Agency, appropriated some advanced cyber weapons, and are now auctioning them to the highest bidder online.
The overriding questions are:
Is this real?
How did they do it?
Who are (or is) The Shadow Brokers?
Due to all the secrecy surrounding such agencies, we will probably never know for certain what has happened here, if anything. However, there is a large enough, highly skilled and credible cyber security community today that does not work for the government and their collective opinion should be highly regarded.
The consensus opinion is that yes, these are real weapons, though vintage 2013 or earlier and not the latest. They mention weapon names referred to in the leaked NSA ANT catalog. There is a lot of evidence that this catalog is real and was not leaked by Snowden, but some other NSA insider. I have an earlier post about how security measures I implemented in a product prevented the NSA from gaining access and thus “defeated” the IRATEMONK product in the ANT catalog.
The authenticity of the weapons was supported by evidence from The Guardian, who has access to all of Edward Snowden’s leaked NSA data. The Guardian has not publicly released all the Snowden files and it was confirmed that some information not released to the public was mentioned in the Shadow Broker’s data. There were other more subtle clues as well that pointed to these as being real NSA hacking tools.
How was the NSA hacked? No one knows for sure but most think the actual NSA wasn’t hacked, per se, but the tools were found, or taken from, a proxy server. This could have happened if the NSA was doing training “in the wild” and got sloppy and left their tools on a server instead of cleaning them up. Someone then found them. This is Snowden’s theory.
So who are (or is) The Shadow Brokers? A good theory is that the NSA has yet another insider taking information a la Snowden. It probably had nothing to do with Snowden, by the way, since the tools are dated about 6 months post-Snowden revelations. Another good theory is that a nation-state is taunting the US. Could be Russia. Could be China. Really, it could be Pakistan for all anyone knows about that. It’s very difficult to attribute such attacks in cyber space.
It really doesn’t matter who the hackers are if the NSA is getting this sloppy. How many spy agency leaks have you heard about from Russia? From Israel? From China or North Korea? Probably none. They all have spy agencies on par with the NSA, as do many countries.
Consider the danger of cyber weapons. They are probably as dangerous as physical weapons like missiles and nuclear bombs, especially to advanced, internet driven societies such as the USA, Europe and Japan. Yet cyber weapons are very much unlike physical weapons in that you cannot contain or control them. The NSA relies on secrecy and whether their employees follow good security practices and are loyal, and you see where that got them.