WikiLeaks is getting headlines with its CIA documents, but leaks from the ShadowBrokers on possible National Security Agency hacking tools may be far more consequential.
Since August, the group has been dropping apparent NSA hacking tools, outing NSA operations and possible endangering the public.
If you haven’t been paying attention to the ShadowBrokers, here are five reasons to start.
The tools leaked by ShadowBrokes can be used by anyone with a computer
Files provided by the ShadowBrokers are complete, un-redacted computer code. In past leaks, including the recent WikiLeaks CIA files, leakers have tried to render the code inoperable before showing it to the public
But the ShadowBrokers files have been released fully operable. Anyone with minimal programming experience could download and use these tools on targets of their choosing.
The tools appear to come from the vaunted “Equation Group,” a vaunted espionage campaign connected to the NSA. And the documents appear to be authentic. The publication The Intercept matched a unique tracking code in one of the ShadowBrokers documents to an unreleased file from the Edward Snowden archive.
Though the code is a few years old, these are very powerful tools from a top international espionage group. Many of them still worked.
The first tranche of documents released by the ShadowBrokers contained unpatched vulnerabilities in cybersecurity security hardware from Cisco, Juniper Networks and other manufacturers. Though companies raced to repair their works, the security flaws were duplicated in malware found in the wild.
The hack very nearly made all desktops and laptops vulnerable to attack
The ShadowBrokers released a trove of Windows hacking tools on Friday that would have made almost all desktops and laptops susceptible to hackers had it come out five weeks earlier.
A March software update released by Microsoft closed several security gaps the NSA software had been using to take over systems. Since the ShadowBrokers had been releasing NSA sourcecode since August, a different choice of release date could have been devastating.
Windows holds around a 90 percent market share for operating systems worldwide.
It may have interrupted intelligence operations
Friday’s archive of ShadowBrokers documents contained evidence the NSA hacked a company that provided Middle Eastern financial institutions access to a bank transfer request network known as SWIFT.
It appears from the documents that hack was used to breach a number of the institution’s clients.
Regardless of who the target or targets were, there is no way that operation can continue as described in the files. The banks targeted would be too suspicious.
At least one past document dump contain lists of the internet addresses used as staging servers in NSA attacks. Anyone who was on the receiving end of those attacks that observed their attacker now knows it was the NSA.
ShadowBrokers might demonstrate a problem with government hacking
The NSA’s hacking tools take advantage of security bugs in computer products.
Rather than use these tools, the government could inform manufacturers that there are problems that need to be fixed. Hacking is a tradeoff – every vulnerability the government uses for intelligence or law enforcement is one other hackers could find and use.
That the ShadowBrokers were able to obtain government hacking tools raises questions about whether or not even the NSA is secure enough to safely store these kinds of tools.
The issue becomes even thornier as the FBI mulls reigniting the debate over encryption, specifically whether or not manufacturers should be required to create systems to allow law enforcement to enter systems without users’ consent. If the NSA struggles to maintain its secrets, it’s hard to imagine local law enforcement doing much better.
We still don’t know how Trump is handling cyber espionage research
Microsoft released its patch for the ShadowBrokers vulnerabilities with perfect timing, just weeks before the brokers released the Windows hacking tools. It is not clear who tipped them to those flaws.
It can take months to get a working patch ready for the public, meaning Microsoft (which has been tightlipped on who notified them) may have been notified about security flaws needing fixing soon after the Brokers released the Cisco and Juniper files.
There has been speculation in the information security community that this might mean the NSA disclosed the relevant bugs once they realized the ShadowBrokers might release them. This is purely speculation — neither Microsoft nor the NSA has admitted to it. But there is no permanent set of rules that would govern when the NSA should notify a company about a security flaw.
The Vulnerabilities Equity Process, created under Obama and continued under Trump, is intended to minimize the number of security flaws the government was hoarding at any time. The VEP requires agencies to notify manufacturers of any vulnerabilities they came across by default, and argue why any specific vulnerability needed to be kept to a third party panel.
While Sens. Brian Schatz, (D-Hawaii) and Ron Johnson, (R-Wis.) have pushed to codify those rules, there is no permanent rule. Trump or a successor can abandon it at any time.
And there is little public information about how well the VEP has worked, how often notifications are made and other nagging questions about the process