8/16/2016

ShadowBrokersLeakRaisesAlarmingQuestion:WastheN.S.A.Hacked?TheNewYorkTimes

http://nyti.ms/2blOYD8

U.S.

ShadowBrokersLeakRaisesAlarming
Question:WastheN.S.A.Hacked?
ByDAVIDE.SANGER AUG.16,2016

Thereleaseonwebsitesthisweekofwhatappearstobetopsecretcomputercode
thattheNationalSecurityAgencyhasusedtobreakintothenetworksofforeign
governmentsandotherespionagetargetshascauseddeepconcerninsideAmerican
intelligenceagencies,raisingthequestionofwhetherAmericasowneliteoperatives
havebeenhackedandtheirmethodsrevealed.
Mostoutsideexpertswhoexaminedtheposts,byagroupcallingitselfthe
ShadowBrokers,saidtheycontainedwhatappearedtobegenuinesamplesofthe
codethoughsomewhatoutdatedusedintheproductionoftheN.S.A.scustom
builtmalware.
Mostofthecodewasdesignedtobreakthroughnetworkfirewallsandgetinside
thecomputersystemsofcompetitorslikeRussia,ChinaandIran.That,inturn,
allowstheN.S.A.toplaceimplantsinthesystem,whichcanlurkunseenforyears
andbeusedtomonitornetworktrafficorenableadebilitatingcomputerattack.
Accordingtotheseexperts,thecodingresembledaseriesofproducts
developedinsidetheN.S.A.shighlyclassifiedTailoredAccessOperationsunit,some
ofwhichweredescribedingeneraltermsindocumentsstolenthreeyearsagoby
EdwardJ.Snowden,theformerN.S.A.contractornowlivinginRussia.

http://www.nytimes.com/2016/08/17/us/shadowbrokersleakraisesalarmingquestionwasthensahacked.html?rref=collection%2Fsectioncollection%2Fus&

1/4

8/16/2016

ShadowBrokersLeakRaisesAlarmingQuestion:WastheN.S.A.Hacked?TheNewYorkTimes

ButthecodedoesnotappeartohavecomefromMr.Snowdensarchive,which
wasmostlycomposedofPowerPointfilesandotherdocumentsthatdescribedN.S.A.
programs.ThedocumentsreleasedbyMr.Snowdenandhisassociatescontainedno
actualsourcecodeusedtobreakintothenetworksofforeignpowers.
Whoeverobtainedthesourcecodeapparentlybrokeintoeitherthetopsecret,
highlycompartmentalizedcomputerserversoftheN.S.A.orotherserversaround
theworldthattheagencywouldhaveusedtostorethefiles.Thecodethatwas
publishedonMondaydatestomid2013,when,afterMr.Snowdensdisclosures,the
agencyshutteredmanyofitsexistingserversandmovedcodetonewonesasa
securitymeasure.
BymiddayTuesdayMr.Snowdenhimself,inaTwittermessagefromhisexilein
Moscow,declaredthatcircumstantialevidenceandconventionalwisdomindicates
Russianresponsibilityforpublication,whichheinterpretedasawarningshottothe
AmericangovernmentincaseitwasthinkingofimposingsanctionsagainstRussia
inthecybertheftofdocumentsfromtheDemocraticNationalCommittee.
Whydidtheydoit?Mr.Snowdenasked.Nooneknows,butIsuspectthisis
morediplomacythanintelligence,relatedtotheescalationaroundtheDNChack.
Aroundthesametime,WikiLeaksdeclaredthatithadafullsetofthefilesit
didnotsayhowithadobtainedthemandwouldreleasethemallinthefuture.
TheShadowBrokershadsaidtheywouldauctionthemofftothehighestbidder.
IthinkitsSnowdenerastuff,repackagedforresalenow,saidJamesA.Lewis,
acomputerexpertattheCenterforStrategicandInternationalStudies,a
Washingtonthinktank.ThisisprobablysomeRussianmindgame,downtothe
bogusaccentofsomeofthemessagessenttomediaorganizationsbytheShadow
Brokersgroup,deliveredinbrokenEnglishthatseemedrightoutofabadspymovie.
TheN.S.A.wouldsaynothingonTuesdayaboutwhetherthecodingreleased
wasrealorwhereitcamefrom.Itspublicaffairsofficedidnotrespondtoinquiries.
Itcertainlyfeelsallreal,saidBruceSchneier,aleadingauthorityonstate
sponsoredbreaches.Thequestioniswhywouldsomeonestealitin2013and

http://www.nytimes.com/2016/08/17/us/shadowbrokersleakraisesalarmingquestionwasthensahacked.html?rref=collection%2Fsectioncollection%2Fus&

2/4

8/16/2016

ShadowBrokersLeakRaisesAlarmingQuestion:WastheN.S.A.Hacked?TheNewYorkTimes

releaseitthisweek?Thatswhatismakingpeoplethinkthisislikelytheworkof
Russianintelligence.
Thereareothertheories,includingonethatsomeunknowngroupwastryingto
impersonatehackersworkingforRussianorotherintelligenceagencies.
Impersonationisrelativelyeasyontheinternet,anditcouldtakeconsiderabletime
todeterminewhoisbehindthereleaseofthecode.
TheShadowBrokersfirstemergedonlineonSaturday,creatingaccountson
siteslikeTwitterandTumblrandannouncingplansforanauction.Thegroupsaid
thatwegiveyousomeEquationGroupfilesfreeandthatitwouldauctionthebest
ones.TheEquationGroupisacodenamethatKasperskyLabs,aRussian
cybersecurityfirm,hasgiventotheN.S.A.
Whilestillwidelyconsideredthemosttalentedgroupofstatesponsored
hackersintheworld,theN.S.A.isstillrecoveringfromMr.Snowdensdisclosuresit
hasspenthundredsofmillionsofdollarsreconfiguringandlockingdownits
systems.
Mr.Snowdenrevealedplans,codenamesandsomeoperations,including
againsttargetslikeChina.TheShadowBrokersdisclosuresaremuchmoredetailed,
theactualcodeandinstructionsforbreakingintoforeignsystemsasofthree
summersago.
Fromanoperationalstandpoint,thisisnotacatastrophicleak,Nicholas
Weaver,aresearcherattheInternationalComputerScienceInstituteinBerkeley,
Calif.,wroteontheLawfareblogonTuesday.
Butheaddedthatthebigpictureisafarscarierone.IntheweeksafterMr.
SnowdenfledHawaii,landinginHongKongbeforeultimatelygoingtoRussia,it
appearsthatsomeoneobtainedthosecodes.That,hesuggested,wouldbeaneven
biggersecuritybreachfortheN.S.A.thanMr.Snowdensdeparturewithhistroveof
files.
However,thefactthatthecodeisdatedfrom2013suggeststhatthehackers
accesswascutoffaroundthen,perhapsbecausetheagencyimposednewsecurity

http://www.nytimes.com/2016/08/17/us/shadowbrokersleakraisesalarmingquestionwasthensahacked.html?rref=collection%2Fsectioncollection%2Fus&

3/4

8/16/2016

ShadowBrokersLeakRaisesAlarmingQuestion:WastheN.S.A.Hacked?TheNewYorkTimes

measures.
TheattackontheDemocraticNationalCommitteehasraisedquestionsabout
whethertheRussiangovernmentistryingtoinfluencetheAmericanelection.Ifso,it
isunclearhoworwhetherPresidentObamawillrespond.Aresponsecouldbe
publicorprivate,anditcouldinvolvesanctions,diplomaticwarningsorevena
counterattack.
TherealproblemforusisthattheRussiansseemtohavetakentheglovesoff
inthecyberdomain,saidMr.Lewis,oftheCenterforStrategicandInternational
Studies,andwedontknowhowtorespond.
FollowTheNewYorkTimesspoliticsandWashingtoncoverageonFacebookand
Twitter,andsignupfortheFirstDraftpoliticsnewsletter.
AversionofthisarticleappearsinprintonAugust17,2016,onpageA1oftheNewYorkeditionwiththe
headline:TopSecretCodeReleasedbyHackersPointstoBreachatN.S.A.

2016TheNewYorkTimesCompany

http://www.nytimes.com/2016/08/17/us/shadowbrokersleakraisesalarmingquestionwasthensahacked.html?rref=collection%2Fsectioncollection%2Fus&

4/4