Hacker group claims to have stolen NSA ‘cyberweapons’

A mysterious group that calls itself the Shadow Brokers claims to have hacked into the National Security Agency, stolen powerful cyberweapons and surveillance tools, and put them up for auction.

By Tim Johnson McClatchy News Service • August 17, 2016 1:30 am

WASHINGTON, D.C. — A mysterious group that calls itself the Shadow Brokers claims to have hacked into the National Security Agency, stolen powerful cyberweapons and surveillance tools, and put them up for auction.

If true, the claim would indicate that one of the U.S. government’s key agencies for cyberwarfare is itself vulnerable and has fallen into a pitched and escalating battle with a powerful unknown cyber foe, perhaps Russia.

News of the apparent breach came over the weekend when the Shadow Brokers released a limited number of files, claiming they were part of an arsenal “made by creators of stuxnet,” and other notorious NSA malware that helped cripple Iran’s nuclear program in 2009 and 2010 by shattering many of its centrifuges.

Neither the NSA nor the Office of the Director of National Intelligence responded to queries about whether the NSA had been penetrated. But several cybersecurity experts took the claims seriously and suggested that the penetration of the NSA marks a watershed moment and is part of rising tensions between the United States and Russia.

Among those backing that view was Edward Snowden, the former CIA employee and NSA subcontractor who in 2013 leaked a trove of secret NSA documents before seeking refuge in Russia.

Snowden tweeted Tuesday that “circumstantial evidence and conventional wisdom indicates Russian responsibility” for the apparent NSA hack, and that the public revelation of the theft is a message that a series of tit-for-tats between Washington and Moscow “could get messy fast.”

Snowden said he believed news of the apparent breach “is more diplomacy than intelligence, related to the escalation around the DNC hack.”

Last month, WikiLeaks published tens of thousands of hacked emails from the Democratic National Committee, days before the Democratic convention in Philadelphia. U.S. intelligence officials later told top members of Congress that two Russian intelligence agencies or their proxies were behind the hack, according to Reuters and other media outlets, though there has been no official determination.

The attempt at public shaming of Russia over election interference preceded this week’s developments, in which both nations appear to be “outing” the other side.

The stolen cybersurveillance tools might help foreign governments do forensics on their own computer systems to determine whether they have been targets of U.S. surveillance efforts, a potentially embarrassing development for Washington.

Someone who posted under the Shadow Brokers Twitter account wrote in imperfect English that the cyberweapons it had obtained were from the Equation Group, a moniker given by Kaspersky Lab, a respected global software security group headquartered in Moscow, to software widely believed to have been created by the NSA.

“We find many many Equation Group cyber weapons,” the message said. “You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions.”