Hacker claims to be selling stolen NSA spy tools
The NSA develops high-powered hacking tools. Now a hacker claims to be selling a stolen batch of them.
On Saturday, a load of computer code — whose purpose is to break into other computers — was leaked to the public by an anonymous entity called “The Shadow Brokers.”
The same mysterious entity also promised an upcoming “cyber weapons auction” — the digital equivalent to putting stolen military missiles up for sale.
The gang claims the stolen hacking tools were developed by “the Equation Group” — a spying entity widely thought to be the U.S. National Security Agency and spying departments from four international allies: Australia, Canada, New Zealand and the United Kingdom. Together, that group is called the “Five Eyes.”
Computer security experts worldwide now worry that sensitive NSA spying tools are accessible to common criminal hackers.
“It definitely looks like a toolkit used by the NSA,” said Matt Suiche, a French computer researcher who has been reviewing the leaked code.
Of particular importance: These hacking instruments are in the form of a neatly packaged tool, which means they’re ready “to use easily against a target,” said Suiche, who runs the UAE-based cybersecurity firm Comae Technologies.
“This is dangerous,” said New York University computer security professor Justin Cappos. “People who want to launch attacks but were not aware how to do it now have the tools and information available to do this.”
On the popular computer coding website Github, where the group initially made its statement, the hacker post starts with this: “!!!! Attention government sponsors of cyber warfare and those who profit from it !!!!”
Then came the implications of danger: “How much you pay for enemies cyber weapons?” it said in a cheeky style. “We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions.”
Cybersecurity researchers around the world have been intensely and rapidly studying the leaked information.
“This appears to be legitimate, and a framework designed to take control of routers and firewalls,” said Nicholas Weaver, senior researcher at the International Computer Science Institute. “The likely conclusion is that the code was stolen from the NSA itself or a 5EYES ally with access to this particular code.”
After examining the leaked computer code, Weaver believes this batch of tools was stolen from the NSA or its partners in 2013.
Brendan Dolan-Gavitt, a computer science assistant professor at New York University, has experimented with some of the samples the hacker made public. He said one tool matches “pretty well” with a top secret NSA tool that was described in documents leaked by ex-NSA whistleblower Edward Snowden.
“If it’s fake, someone put a huge amount of work into it,” Dolan-Gavitt said about the leak.
The FBI declined to say whether it’s investigating the potential theft of sensitive information. The office of the Director of National Intelligence, which oversees the NSA, did not return requests for comment.
Computer security experts noted that the vulnerabilities exploited by these hacking tools are at least three years old and might be stopped if people, corporations and governments keep their software updated.