Latest in Gear

Image credit:

New Snowden docs suggest Shadow Broker leak was real

Looks like those actually are the NSA's hacking tools up for auction.
Andrew Tarantola, @terrortola
August 19, 2016
Share
Tweet
Share

Sponsored Links

On Monday, a group of hackers calling themselves the Shadow Broker put up a number of cyber-espionage tools reportedly stolen from NSA-associated hacking outfit, the Equation Group. Edward Snowden has already publicly speculated that the intrusion and theft was actually just another salvo in the ongoing Digital Cold War happening between the US and Russia. However, nobody was 100 percent certain that the tools for sale really were NSA property. Now, Snowden has released documentation to The Intercept that suggests the tools really are what the Shadow Brokers say they are.

Specifically, Snowden has released a classified Top Secret agency manual for implanting malware. That manual instructs agents to track their malware deployments using the character string "ace02468bdf13579", which it so happens appears in 14 places throughout the code of SECONDDATE, a program that the Shadow Broker leaked. SECONDDATE is a tool used to infiltrate and monitor network activity using an exploit on vulnerable network routers, allowing the NSA to run "man in the middle attacks" against targeted computers. It reportedly even works against encrypted wireless signals.

The danger here isn't just that the monitoring tool is publicly available, which puts any user with a vulnerable router at risk, there's also the issue that Shadow Broker was successful in the first place. The fact that they were able to covertly breach a supposedly secure NSA staging server and abscond with dozens of the agency's prized hacking tools -- without being immediately caught -- must mean that the group (and whoever is bankrolling them) possesses exploits that the US cannot currently defend against.

There are serious political and diplomatic implications as well. As Snowden argued earlier this week, the entire hack reeked of state-sponsorship. It could very well be interpreted as a warning shot from Russia. Should the US dig too deep or rattle its saber too loudly over the DNC leak, the Russians would be able to show that America is just as guilty of cyber-spying -- perhaps even against its own allies. While nobody has been able to conclusively prove that Russia is behind the attack, both it's timing and target, remain highly suspect.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Moog app brings the classic Model 15 modular synth to the Mac

Moog app brings the classic Model 15 modular synth to the Mac

View
'Hitman 3' players run into launch day server problems

'Hitman 3' players run into launch day server problems

View
New White House website includes a hidden recruitment message for coders

New White House website includes a hidden recruitment message for coders

View
Mercedes-Benz' EQA crossover is its first sub-$50,000 EV

Mercedes-Benz' EQA crossover is its first sub-$50,000 EV

View
Amazon offers to help the incoming Biden admin with COVID response

Amazon offers to help the incoming Biden admin with COVID response

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr