“The Shadow Brokers” – sounds more like the name of a sci-fi movie! The name, is actually loaned from a character in the video game called Mass Effect. Not too far away from a real sci-fi movie plot, “The Shadow Brokers” is the title of an online published data bank of the NSA’s elite hacking team that was leaked. And of course, like any good sci-fi or thriller flick, the search for the mastermind behind “The Shadow Brokers” is on and there’s much speculation that it may be the work of an insider, while others posit that the author could be a Russian.
The stolen files are apparently highly sophisticated malware that can infect any device’s firmware and cannot be removed even if the system is completely reformatted. The stolen files belong to “the Equation Group, a top cyberespionage team that may be connected with the NSA”. This malware once again proves the height of technical ability of the Equation Group, the cyberspies originally associated with the Stuxnet computer worm that was used to infect Iran’s nuclear facilities. This category of attack targets firewalls and router products, by identifying zero-day vulnerabilities – some defects or security holes in a software that are exploited by hackers. Affected vendors include a who’s who of network security companies like Cisco, Juniper Networks, firewall provider Topsec.
Still, the big question remains; who is the thief of NSA’s hacking toolkit.
An anonymous source says with total conviction that person behind “The Shadow Brokers” is an insider employee. The source, who presented his accreditation as a proof of his authenticity as a former member of the NSA, dismisses completely the involvement of Russia in this leak. He argued that the “naming convention of the file directories, as well as some of the scripts in the dump are only accessible internally,” and that “there is no reason” for those files to be on a server someone could hack” . Apparently these files are “on a physically separated network that doesn’t touch the internet”.
Another former NSA source, also anonymous, asserted the same suggestion that it looks to be the work of an NSA insider. His argument lies in the fact that it is easier to get out of the NSA with a USB drive or burn a CD than hacking one of their servers.
Matt Suiche, the CEO of Dubai-based cybersecurity company Comae, has had a real conversation with the NSA source, as posted in his blog. Here he enumerates a number of possibilities based on his discussion and suggests that the files became accessible due to a mistake. Here he refers to the TAO (Tailored Access Operation), NSA’s elite team that stores files in a repository, which is physically separated from the network. This means that one does not require internet to access the files, and the files’ appearance on a staging server seems to be deliberate, according to Suiche. This facilitates easy and direct copy of files from one source to another.
Despite all the speculation feeding the media, investigators are centering their hunt on the NSA’s current network infrastructure. However, Bruce Schneier, a well-known security expert and blogger on security issues, argues the opposite suggesting that it is quite likely an outsider, a government, and very possibly Russia. Schneier justifies this through his analysis of the dumped data and the chronological development of events from the theft of data from a certain TS/SCI system between 2013 and today.
Still, the majority of observers suggest the arrival of another Edward Snowden brooding inside the National Security Agency. Considering the sophistication of the malware, a team of researchers think that due to the complexity of the hardware and need to understand it the creators would likely have had to resort to reverse-engineering.
“The Shadow Brokers” in the video game Mass Effect always remain in business by maintaining continuity in the trade of information, and do not allow any one customer to gain more advantage than the other. An agent Barla Von, who works for the Broker, believes that “the Shadow Broker is a group of individuals: it does not seem possible for a single individual to monitor all of the available information and have such a wide sphere of influence”. NSA surely will not want to see a whole group of individuals behind the publication of “The Shadow Brokers