You may not know much about The Shadow Brokers – a secretive and mysterious…no-one is quite sure but let’s say…group of hackers with alleged NSA data but you probably will over the coming days. While some believe the group to be a disgruntled intelligence agent, others say Russia and others say a collection of hackers. We may never know but that’s looking increasingly unlikely per Edward Snowden who said via Twitter: “NSA should be able to instantly identify where this set came from and how they lost it. If they can’t, it’s a scandal.”
The leak dump is an intriguing story with some big ramifications, mainly because this isn’t the full list of NSA tools per Snowden. In brief, the group released a large collection of files on Saturday that gives further insight into the NSA’s hacking methods. This wasn’t an altruistic dump, the group had previously put the data up for auction but nobody bought it for the requested $7,070,300 in bitcoin. Instead, the group revealed a password that unlocks an encrypted cache of documents in a short Medium post that reads a lot like a poorly translated open letter to President Donald Trump (see later).
In the post, the group say they voted for President Donald Trump before launching into a laundry list of errors it believes President Donald Trump and his administration is accountable for, specifically calling out recent Syrian activity.
#1 — Goldman Sach (TheGlobalists) and Military Industrial Intelligence Complex (MIIC) cabinet
#2 — Backtracked on Obamacare
#3 — Attacked the Freedom Causcus (TheMovement)
#4 — Removed Bannon from the NSC
#5 — Increased U.S. involvement in a foreign war (Syria Strike)”
Security researchers and hackers are already analysing the contents of the leak and have revealed [per IBT]; a list of servers that NSA allegedly hacked into and even may have launched malware attacks on, a new set of tools used to hack into servers like PITCHIMPAIR, the password for an encrypted file containing many of the Equation Group surveillance tools dumped in 2016, and a framework called TOAST that is used to clean server logs and clear the NSA’s tracks.
Edward Snowden has publically said that this leak is “nowhere near the full library [of Top NSA Tools].”
As with most hacking and leak stories – the identity of the perpetrator or perpetrators is highly contested and scrutinised. Much of the chatter surrounding the latest data breach pertains to the language used again (Motherboard suggested in 2016 that the group may be English speaking after linguistic analysis). The Reuters op-ed by cybersecurity expert and Foreign Policy Magazine columnist James Bamford, agrees with Motherboard, the group is most likely not a group but a disgruntled employee much like Edward Snowdon was. If so, that’s a ticking bomb waiting to go off for the NSA.
Bamford – also the author of ‘The Shadow Factory: The Ultra-Secret NSA From 9/11 to the Eavesdropping on America’ believes; “But we now have entered a period many have warned about, when NSA’s cyber weapons could be stolen like loose nukes and used against us. It opens the door to criminal hackers, cyber-anarchists and hostile foreign governments that can use the tools to gain access to thousands of computers in order to steal data, plant malware and cause chaos.” A little alarmist possibly but one thing is for sure this leak is unlikely to end well for either party.