begin quote from:
The
release on websites this week of what appears to be top-secret computer
code that the National Security Agency has used to break into the
networks of foreign governments and other espionage targets has caused …
‘Shadow Brokers’ Leak Raises Alarming Question: Was the N.S.A. Hacked?
The release on websites this week of what appears to be top-secret computer code that the National Security Agency
has used to break into the networks of foreign governments and other
espionage targets has caused deep concern inside American intelligence
agencies, raising the question of whether America’s own elite operatives
have been hacked and their methods revealed.
Most
outside experts who examined the posts, by a group calling itself the
Shadow Brokers, said they contained what appeared to be genuine samples
of the code — though somewhat outdated — used in the production of the
N.S.A.’s custom-built malware.
Most
of the code was designed to break through network firewalls and get
inside the computer systems of competitors like Russia, China and Iran.
That, in turn, allows the N.S.A. to place “implants” in the system,
which can lurk unseen for years and be used to monitor network traffic
or enable a debilitating computer attack.
According
to these experts, the coding resembled a series of “products” developed
inside the N.S.A.’s highly classified Tailored Access Operations unit,
some of which were described in general terms in documents stolen three
years ago by Edward J. Snowden, the former N.S.A. contractor now living
in Russia.
But
the code does not appear to have come from Mr. Snowden’s archive, which
was mostly composed of PowerPoint files and other documents that
described N.S.A. programs. The documents released by Mr. Snowden and his
associates contained no actual source code used to break into the
networks of foreign powers.
Whoever
obtained the source code apparently broke into either the top-secret,
highly compartmentalized computer servers of the N.S.A. or other servers
around the world that the agency would have used to store the files.
The code that was published on Monday dates to mid-2013, when, after Mr.
Snowden’s disclosures, the agency shuttered many of its existing
servers and moved code to new ones as a security measure.
By
midday Tuesday Mr. Snowden himself, in a Twitter message from his exile
in Moscow, declared that “circumstantial evidence and conventional
wisdom indicates Russian responsibility” for publication, which he
interpreted as a warning shot to the American government in case it was
thinking of imposing sanctions against Russia in the cybertheft of
documents from the Democratic National Committee.
“Why
did they do it?” Mr. Snowden asked. “No one knows, but I suspect this
is more diplomacy than intelligence, related to the escalation around
the DNC hack.”
Around
the same time, WikiLeaks declared that it had a full set of the files —
it did not say how it had obtained them — and would release them all in
the future. The “Shadow Brokers” had said they would auction them off
to the highest bidder.
“I
think it’s Snowden-era stuff, repackaged for resale now,” said James A.
Lewis, a computer expert at the Center for Strategic and International
Studies, a Washington think tank. “This is probably some Russian mind
game, down to the bogus accent” of some of the messages sent to media
organizations by the Shadow Brokers group, delivered in broken English
that seemed right out of a bad spy movie.
The
N.S.A. would say nothing on Tuesday about whether the coding released
was real or where it came from. Its public affairs office did not
respond to inquiries.
“It
certainly feels all real,” said Bruce Schneier, a leading authority on
state-sponsored breaches. “The question is why would someone steal it in
2013 and release it this week? That’s what is making people think this
is likely the work of Russian intelligence.”
There
are other theories, including one that some unknown group was trying to
impersonate hackers working for Russian or other intelligence agencies.
Impersonation is relatively easy on the internet, and it could take
considerable time to determine who is behind the release of the code.
The
Shadow Brokers first emerged online on Saturday, creating accounts on
sites like Twitter and Tumblr and announcing plans for an auction. The
group said that “we give you some Equation Group files free” and that it
would auction the best ones. The Equation Group is a code name that
Kaspersky Labs, a Russian cybersecurity firm, has given to the N.S.A.
While
still widely considered the most talented group of state-sponsored
hackers in the world, the N.S.A. is still recovering from Mr. Snowden’s
disclosures; it has spent hundreds of millions of dollars reconfiguring
and locking down its systems.
Mr.
Snowden revealed plans, code names and some operations, including
against targets like China. The Shadow Brokers disclosures are much more
detailed, the actual code and instructions for breaking into foreign
systems as of three summers ago.
“From
an operational standpoint, this is not a catastrophic leak,” Nicholas
Weaver, a researcher at the International Computer Science Institute in
Berkeley, Calif., wrote on the Lawfare blog on Tuesday.
But
he added that “the big picture is a far scarier one.” In the weeks
after Mr. Snowden fled Hawaii, landing in Hong Kong before ultimately
going to Russia, it appears that someone obtained those codes. That, he
suggested, would be an even bigger security breach for the N.S.A. than
Mr. Snowden’s departure with his trove of files.
However,
the fact that the code is dated from 2013 suggests that the hackers’
access was cut off around then, perhaps because the agency imposed new
security measures.
The
attack on the Democratic National Committee has raised questions about
whether the Russian government is trying to influence the American
election. If so, it is unclear how — or whether — President Obama will
respond. A response could be public or private, and it could involve
sanctions, diplomatic warnings or even a counterattack.
“The
real problem for us is that the Russians seem to have taken the gloves
off in the cyberdomain,” said Mr. Lewis, of the Center for Strategic and
International Studies, “and we don’t know how to respond.”
No comments:
Post a Comment