US spy agency's hacking tools revealed on Internet

Some of the most powerful espionage tools created by the National Security Agency's (NSA) elite group of hackers have been revealed in recent days.
Some of the most powerful espionage tools created by the National Security Agency's (NSA) elite group of hackers have been revealed in recent days. PHOTO: BLOOMBERG

WASHINGTON • Some of the most powerful espionage tools created by the National Security Agency's (NSA) elite group of hackers have been revealed in recent days, a development that could pose severe consequences for the United States spy agency's operations and the security of government and corporate computers.

A cache of hacking tools with code names such as Epicbanana and Buzzdirection appeared mysteriously online at the weekend, setting the security world abuzz with speculation over whether the material was legitimate.

The file appeared to be real, said former NSA personnel who worked in the agency's hacking division, known as Tailored Access Operations (TAO).

"Without a doubt, they are the keys to the kingdom," said one former TAO employee who spoke on condition of anonymity. "The stuff you are talking about would undermine the security of a lot of major government and corporate networks both here and abroad."

The file contained 300 megabytes of information, including several "exploits", or tools for taking control of firewalls in order to control a network, and a number of implants that might, for instance, exfiltrate or modify information.

The exploits, expensive software used to take over firewalls such as Cisco and Fortinet, are used "in the largest and most critical commercial, educational and government agencies around the world", said Mr Blake Darche, also a former TAO operator and now head of security research at Area 1 Security.

The software apparently dates back to 2013 and appears to have been taken then, experts said, citing such things as file creation dates. "What is clear is that these are highly sophisticated and authentic hacking tools," said Mr Oren Falkowitz, chief executive of Area 1 Security and a former TAO employee.

Several of the exploits were pieces of computer code that took advantage of "zero-day", or previously unknown flaws or vulnerabilities in firewalls, which appear to be unfixed to this day, said one of the former hackers.

The disclosure of the file means that at least one other party - possibly another country's spy agency - has had access to the same hacking tools used by the NSA and could deploy them against organisations that are using vulnerable routers and firewalls.

And now that the tools are public, as long as the flaws remain unpatched, other hackers can take advantage of them, too.

The NSA did not respond to requests for comment.

"Faking this information would be monumentally difficult; there is just such a sheer volume of meaningful stuff," computer security researcher Nicholas Weaver of the University of California at Berkeley said in an interview. "Much of this code should never leave the NSA."

The tools were posted by a group calling itself the Shadow Brokers using file-sharing sites such as BitTorrent and DropBox. Attached to the cache was an "auction" note that purported to be selling a second set of tools to the highest bidder.

Former NSA contractor Edward Snowden, Mr Weaver and some of the former NSA hackers said they suspect Russian involvement in the release of the cache, though no one has offered hard evidence. They said the timing - in the wake of high-profile disclosures of Russian government hacking of the Democratic National Committee and other party organisations - is notable.

Mr Snowden tweeted: "Circumstantial evidence and conventional wisdom indicate Russian responsibility." It looks like "somebody sending a message" that retaliating against Russia for its hacks of the political organisations "could get messy fast", he said.

WASHINGTON POST

A version of this article appeared in the print edition of The Straits Times on August 18, 2016, with the headline 'US spy agency's hacking tools revealed on Internet'. Print Edition | Subscribe