The Snowden leaks describe SECONDDATE as a program created to reroute web traffic to NSA servers that have been used against targets in Pakistan and Lebanon.
Advertisement
This is a big deal not necessarily because some NSA hacking tools have been stolen, but because they’ve been dumped online for anyone to see.
Like some others who analyzed the teaser code, Snowden noted that the date references appear to end in 2013, the same year he walked out of the NSA with a huge cache of data on NSA operations so he could expose what he believed were illegal or unconstitutional surveillance programs. “NSA malware staging servers getting hacked by a rival is not new”, he said on Twitter.
It’s still unclear if the tools actually belong to the NSA. A group calling itself the Shadow Brokers released a series of files on Saturday that contained the code behind some powerful hacking tools developed by an NSA-linked group.
According to another expert, Matt Suiche, co-founder of security start-up Comae Technologies, the stolen sample also shows that network security equipment from different manufacturers and brands – including Cisco Systems, Juniper, Fortigate and Chinese industrial giant Topse – are targeted by Equation.
The group “Shadow Brokers” released a sample of the hack on Saturday, which researchers say matches up with the National Security Agency’s software. One experts said that the hackers have put a huge amount of effort in the operation for it to be just a hoax.
Speculation of a Russian “plot” is unsatisfying, and well short of a complete explanation for what happened, given that these tools appear to be “the keys to the kingdom” and perhaps the most advanced hacking tools on the planet. However, the hackers themselves have raised the suggestion that they may not be true to their word.
The exact timescale of the outage remains unclear and officials from both the NSA and the US Department of Defense (DoD) have so far declined to comment on the record.
The advisory said that devices released after August 2012 are not impacted, but an investigation is “continuing” into its other products.
“These files are not fully fake for sure”, said security researcher Bencsáth Boldizsár, who is credited with discovering the state-sponsored Flame malware, in an interview with Ars Technica.
However, a potentially more alarming issue is what else might have been stolen. Several security experts told USA media the code appears genuine, and Snowden said “circumstantial evidence” pointed to Russian involvement.
“Faking this information would be monumentally hard, there is just such a sheer volume of meaningful stuff”, Nicholas Weaver, a computer security researcher at the University of California at Berkeley, said in an interview. And Hypponen contends the auction may be nothing more than a publicity stunt meant to maintain the Shadow Brokers’ time in the spotlight. And that message, he speculated, might be related to the fact that United States policymakers are considering sanctions against Russian Federation for its alleged hack of the Democratic National Committee.
So who are these Shadow Brokers?
The tools were posted online by a group called Shadow Brokers, which is offering to auction them.
Advertisement
Join the CIO New Zealand newsletter!
